Privacy Policy

Last updated: May 2026 · Effective: May 2026

TapTapQR (“the App”, “we”, “us”) is published by Gizem Acar, an individual developer based in Türkiye, under the brand name “umaysoftware”. This Privacy Policy explains what information the App collects, how it is used, and the choices you have. We designed the App to be private by default — most of what you do never leaves your device.

1. Information processed on your device only

The following are processed locally on your phone and never transmitted to our servers or third parties:

• Camera frames. When you scan a QR code, frames are analysed in real time on your device. No video, image, or scan content is recorded, stored, or sent anywhere.
• QR codes you create. Generated codes and the data inside them (URLs, Wi-Fi credentials, contact details, text, etc.) are kept locally in encrypted on-device storage.
• Scan and creation history. A searchable list of past scans and generations, stored locally and removable at any time from Settings.
• Photos you pick to scan. When you choose an image from your library to scan, only that image is read and analysed. It is not uploaded.

2. Information we collect

To deliver subscriptions, push notifications, and basic operational telemetry, the App processes the following:

• Anonymous device identifier. A randomly-generated UUID stored on your device, used to associate your subscription state and push token with the install. It is not linked to your name, email, or other personal data.
• Subscription information. Purchase receipts and entitlement status, processed via RevenueCat (our subscription provider) and validated against the Apple App Store or Google Play. We never see your payment method.
• Push notification token. If you enable notifications, an opaque token is registered with OneSignal so we can deliver app updates. You can disable notifications in your phone's settings at any time.
• Crash and diagnostics. If a crash occurs, anonymised diagnostic information may be collected to help us fix the bug.
• Safe-link checks. When you scan a URL, the App may query our DNS-over-HTTPS resolver to warn you about known-malicious or suspicious domains. The host portion of the URL is sent for the lookup; full URLs and personal identifiers are never sent.

3. Advertising attribution (optional)

On iOS the App requests App Tracking Transparency (ATT) permission. If you grant it, we share an anonymous advertising identifier (IDFA) with Meta (Facebook) and our subscription provider so we can measure how well our ads perform. If you decline, no advertising identifier is shared and no cross-app tracking takes place. iOS' SKAdNetwork (SKAN) framework continues to provide aggregate, privacy-preserving install attribution either way.

On Android the equivalent identifier is the Google Advertising ID (GAID), which can be reset or limited from your Android settings.

4. We do not sell your data

We do not sell, rent, or trade personal information. The third parties listed above act as service providers under contract — they process data only to deliver the service we ask of them.

5. Service providers

• Apple App Store / Google Play — payment processing and receipt validation.
• RevenueCat — subscription lifecycle management. Privacy policy.
• OneSignal — push notifications. Privacy policy.
• Meta Platforms — advertising attribution (only if you opt in via ATT). Privacy policy.
• Cloudflare — hosting our website and the safe-link DNS resolver. Privacy policy.

6. Children's privacy

The App is not directed at children under 13 and we do not knowingly collect personal information from them. If you believe a child has used the App in a way that requires our attention, please contact us.

7. Your rights

Depending on where you live, you may have the right to:

• Access the information we hold about you
• Request correction or deletion
• Withdraw consent (e.g. revoke ATT permission in iOS Settings)
• Object to processing or request portability
• Lodge a complaint with your local data protection authority

To exercise any of these rights, write to contact@taptapqr.com. We respond within 30 days.

8. Data retention

On-device data (history, generated codes, settings) lives on your phone until you delete it or uninstall the App. Subscription and push records held by service providers follow the providers' own retention rules — typically for the lifetime of the install plus a short reconciliation window for billing disputes.

9. Changes to this policy

We'll update this page when something material changes and update the “Last updated” date above. Significant changes will also be surfaced in-app.

10. Contact

Questions, requests, or compliance correspondence can be sent to contact@taptapqr.com.