Privacy Policy
Effective: v1 beta.
Summary
TAP helps you optimize the cards you already carry. If you choose to link a bank, we use Plaid to learn your merchants — never your login. You can disconnect and delete anytime.
What we store
- Your email address if you create an account.
- The cards, offers, point-value assumptions, and manually logged purchases you enter.
- If you link a bank via Plaid: the institution name, an access token, and derived merchant-frequency aggregates.
- Basic technical logs (IP, user agent) used for security and debugging.
Plaid data & retention
- We access transactions through Plaid to learn which merchants you use most and to detect the credit cards you already own.
- We never see or store your bank login credentials.
- We never store account or routing numbers.
- Raw Plaid transaction rows are retained for a maximum of 30 days and are used only to derive merchant frequency. Derived aggregates carry no transaction details.
- Disconnecting a bank calls Plaid's
/item/removeand deletes the access token and derived per-item data on our side. Deleting your account does the same for every linked bank.
What we do not do
- No storage of bank credentials.
- No storage of account or routing numbers.
- No sale of personal data to third parties.
- No advertising trackers embedded in the app.
Service providers
TAP uses Plaid to link banks (only if you opt in) and standard cloud infrastructure for hosting, authentication, and database storage. Providers process data only to run the service.
Your choices
You can disconnect any linked bank from Settings — this removes the access token and derived data. You can delete your account and all associated data at any time from Settings. You can email hello@tapthecard.app for a copy of your data or with a privacy question.
Changes
If we materially change this policy, we will update the effective date above and, for account holders, send an email notice.