TapDano Privacy Policy

Effective Date: 09/13/2025

This Privacy Policy explains how TAPDANO, LLC (“we,” “us,” “our”) may collect, use, disclose, and protect information in connection with the TapDano mobile application for Android and iOS (the “App”), including features such as Seed Vault, and any related websites, in-app web views, customer support channels, and communications (together, the “Services”). This Policy is intended to be platform-agnostic and compatible, where appropriate, with major privacy frameworks (e.g., GDPR, CCPA/CPRA, LGPD). It is not jurisdiction-specific and may be updated from time to time.

By using the Services, you acknowledge that your information may be handled as described in this Policy, which may change as we improve or modify the Services.

Who We Are & Scope

• Controller/Provider: TAPDANO, LLC, 7345 W Sand Lake Rd Ste 210, Orlando, FL 32819-5280, United States
• DPO/Privacy Contact: tapdano@tapdano.com

This Policy applies to the App and to any associated sites or communications that link to it. It does not cover third-party websites, services, wallets, exchanges, or NFC hardware/software that we do not control.

Definitions

• “Personal Data” means information that identifies or may reasonably be linked to an individual.
• “Processing” means any operation performed on data (e.g., collecting, storing, using, disclosing).
• “NFC Tag” means a near-field communication tag used to store data readable by compatible devices.
• “Seed Phrase” (or “recovery phrase”) means a sequence of words that can restore a cryptocurrency wallet.
• “SDKs” means software development kits or libraries from third parties that may process data on our behalf.
• “Device Information” means technical details about the device or OS used to access the Services.
• “Usage Data” means interaction information about how the Services are accessed and used.

Information We May Collect

We aim to collect only what we need to operate and improve the Services. Specific data elements and retention periods may vary by platform and configuration.

1) Information You Provide

• Account or profile details (if such features are offered), preferences, and settings.
• Support inquiries and feedback (e.g., email address, message content, attachments).
• Optional survey responses or beta-testing inputs.

2) Device & Technical Information

• Device model, OS version, language, region, app version, mobile network information (where available).
• Mobile identifiers or resettable advertising identifiers (where enabled and permitted by platform policies).
• Security/diagnostic signals (e.g., crash traces, performance metrics).

3) App Usage Data

• In-app events (e.g., feature taps, screens viewed), time stamps, session length, and general interaction patterns.
• Aggregated analytics that help us understand trends and usability, where enabled.

4) Diagnostics & Crash Logs

• Error reports, performance logs, and related metadata to help identify, troubleshoot, and improve issues.
• Limited contextual information at or around the time of a crash, subject to platform capabilities and your device settings.

5) High-Level NFC Interaction Metadata

• Non-content metadata related to NFC interactions, such as tag type/family, operation status (e.g., “write success/failure”), and approximate time stamps.
• This metadata is designed to be high-level and exclude seed phrase content; however, specific behavior may depend on device, OS, user actions, and configuration.

Sensitive Data Note: Seed Phrases & Seed Vault

Seed phrases are highly sensitive. Seed Vault is intended to help users manage seed phrases under their control, by enabling NFC-based storage and retrieval flows designed to improve usability.

• Local Handling: Where supported, seed phrases may be processed locally on the device and/or written to an NFC tag through platform-provided mechanisms.
• No Routine Server Transmission (Design Intent): The App is not intended to collect or transmit seed phrase content to our servers in the ordinary course of operation. Actual behavior may depend on your device settings, OS-level backups, third-party services, debug modes, crash reporting configurations, or user-initiated exports/transfers.
• Your Choices Matter: You may have options to write, read, encrypt, or backup data. The consequences of those choices (including storage on NFC tags, device keychains/secure elements, or inclusion in cloud/OS backups) may vary by platform and are outside our exclusive control.
• Good Practices: We encourage users to follow wallet best practices and to carefully evaluate NFC tag selection, passcodes, device security, and backup configurations. No security method is perfect, and risks may remain.

Purposes of Processing

We may process information for the following purposes:

• Provide and operate the Services: Enable core features (including NFC interactions), account or profile features (if any), and customer support.
• Improve UX and performance: Conduct analytics, diagnostics, usability testing, and feature development.
• Security and fraud prevention: Detect, prevent, and respond to misuse, security incidents, or harmful activity.
• Compliance and legal: Meet legal, regulatory, tax, or audit requirements and respond to lawful requests.
• Communications: Send service-related messages, updates, or administrative notices. Marketing communications may be subject to consent or opt-out, as applicable.

Legal Bases (Where Applicable)

Depending on your location and the activity, we may rely on different legal bases:

• Consent: For certain analytics, optional features, or marketing (where required).
• Contract: To provide features you request and to perform our agreement with you.
• Legitimate Interests: To operate, secure, and improve the Services in a balanced way that respects your rights.
• Legal Obligations: Where processing is necessary to comply with applicable law.

Data Sharing & Third Parties / SDKs

We may share information with:

• Service Providers / SDKs: For analytics, crash reporting, customer support tools, cloud hosting, content delivery, authentication, and similar operational services. These providers may process Device Information, Usage Data, and diagnostics to deliver their services.
• Business Transfers: In connection with a merger, acquisition, financing, reorganization, insolvency, or sale of assets, subject to customary safeguards.
• Legal & Compliance: To comply with law, legal process, or government requests, and to protect rights, property, users, or the public.
• Aggregated/De-identified Data: We may share aggregated statistics that do not reasonably identify individuals.

We do not intend to “sell” Personal Data or “share” it for cross-context behavioral advertising as those terms may be defined in certain laws; if our practices change, we may provide additional notices or opt-out mechanisms, where required.

International Data Transfers

Where information is transferred to countries that may not offer the same level of data protection as your home jurisdiction, we may use appropriate safeguards (e.g., standard contractual clauses or similar mechanisms) or rely on your consent, where applicable. Actual transfer mechanisms may vary based on the services and providers used over time.

Data Retention

We retain information for as long as reasonably necessary to provide the Services and fulfill the purposes described in this Policy, taking into account legal, tax, and operational considerations.

• Crash/diagnostic logs: A period that may range from approximately 30–180 days, unless needed longer for security or debugging.
• Analytics data: A period that may range from approximately 3–24 months in aggregate or de-identified form.
• Support records: For a period reasonably necessary to address your request and maintain business records.
• Account-related data (if any): Generally retained while your account is active and for a reasonable period thereafter.

Device-level caches, OS backups, and NFC tags are under your or your platform provider’s control and may persist according to your settings.

Security

We use reasonable administrative, technical, and organizational measures intended to protect information we process. However, no method of transmission or storage is perfectly secure, and we cannot guarantee absolute security. Users should adopt strong device protections, passcodes, and prudent backup practices, especially for seed phrases.

Children’s Privacy

The Services are not directed to children under 13 (or under 16 in certain regions, as applicable). We do not knowingly seek to collect Personal Data from children. If you believe a child has provided Personal Data, please contact us so we can take appropriate steps, which may include limited collection to comply with legal obligations or to remove the information.

User Rights & Choices

Depending on your location, you may have rights regarding your Personal Data, which may include:

• Access & Portability: Request a copy of certain Personal Data.
• Correction: Request that we update or correct inaccurate information.
• Deletion: Request deletion, subject to legal or operational exceptions.
• Restriction & Objection: Request limits on processing or object to certain processing (e.g., analytics or marketing), where applicable.
• Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.
• Opt-Outs (where applicable): Choices related to targeted advertising or “sale/share” of data under certain laws.

To exercise rights or choices, use in-app settings where available or contact tapdano@tapdano.com. We may take steps to verify your identity and process requests within a reasonable period, subject to legal limits. Some requests may affect your ability to use certain features.

Cookies & Trackers (Web Views and Marketing Site)

If you access a website or in-app web view associated with TapDano, those experiences may use cookies, SDKs, pixels, or similar technologies for functionality, analytics, or (where applicable) marketing. You may manage preferences through browser or OS settings and, where offered, in-product controls. Certain features may not function properly without some cookies or trackers. A separate cookie notice may be provided where appropriate.

Third-Party Links & Wallets

The Services may integrate with or link to third-party sites, wallets, exchanges, NFC tools, or app stores. Your interactions with those parties are governed by their terms and privacy policies. We do not control and are not responsible for their practices.

Changes to This Policy

We may update this Policy from time to time. Changes will be indicated by the “Effective Date” above and may be communicated in-app, on our website, or by other reasonable means. Continued use of the Services after an update indicates your acknowledgment of the revised Policy.

Contact Us

If you have questions or concerns about this Policy or our privacy practices, please contact:

• TAPDANO, LLC
• Address: 7345 W Sand Lake Rd Ste 210, Orlando, FL 32819-5280, United States
• DPO/Privacy Contact: tapdano@tapdano.com

Appendix A: App Permissions

Depending on your platform, device, and chosen features, the App may request the following permissions. Actual prompts and wording are controlled by your OS and may change.

• NFC: To read/write compatible NFC tags for Seed Vault interactions. Used to initiate tag communication and record operation status; content handling aims to be local where supported.
• Network Access (Wi-Fi/Cellular): To deliver updates, sync non-content settings (if offered), fetch remote configuration, and enable analytics/crash reporting where permitted.
• Camera (if enabled): To scan QR codes (e.g., wallet addresses or metadata). The App is not designed to transmit seed phrase content via camera.
• Biometric/Device Authentication (Face/Touch/PIN, where available): To help gate access to sensitive in-app actions. Actual capabilities vary by device/OS.
• Storage/Photos/Media (platform-dependent): For optional exports/imports, logs, or user-initiated backups.
• Notifications (optional): To send service-related alerts or updates.
• Haptic/Vibration & Foreground Service (where applicable): For user feedback during NFC operations and to improve stability during sensitive flows.
• Clipboard Access (on paste action): Only when you actively paste content into a field; behavior depends on OS policies.

Permission use is feature-dependent. Declining a permission may limit related functionality.

Appendix B: Additional Notes on Seed Vault & NFC

• Tag Choice: NFC tag memory, durability, tamper resistance, and retention vary by manufacturer and model. Users should select tags that meet their risk tolerance.
• Backups & Recovery: OS/cloud backups, if enabled, may include certain App data or logs. Review your platform provider’s documentation for details.
• Testing & Debugging: During troubleshooting or beta testing, additional diagnostics may be collected to resolve issues; data handling may differ in such contexts.

Disclaimer

This document is provided for informational purposes only and does not constitute legal advice. Legal requirements may vary by location and may change. You should consult with qualified counsel to tailor this Policy to your specific practices. This Policy and our practices are subject to change periodically.