Privacy Policy

Last updated: 30 April 2026

This Privacy Policy explains how Clover Digital Ltd (“Tapglide”, “we”, “us”) collects, uses, and protects your information when you use tapgli.de and our services. We are the data controller of the personal data we process about you.

Clover Digital Ltd is a company incorporated in the United Kingdom. If you have any questions about this policy or your data, contact us at hello@tapgli.de with the subject line “Privacy/Legal Request”.

1. Information we collect

We collect the following categories of information:

  • Account information - your email address, name, password hash (or OAuth identifier if you sign in with Google), and any preferences you set.
  • Subscription and payment information - plan tier, billing status, and the Stripe customer/subscription identifiers we need to manage your account. We do not see or store your card number, CVV, or full bank details - those are handled directly by Stripe.
  • Link data - the YouTube URLs you submit, any custom slugs you choose, and metadata Tapglide generates (short codes, creation timestamps).
  • Click event data- when someone follows a Tapglide link, we record a timestamp, country (derived from IP at the network edge), referrer URL, user agent, and a broad device-type label (mobile / tablet / desktop). We do not store the visitor’s raw IP address.
  • Partner program data - if you join the partner program, we record referral attributions, commissions earned, payout history, and (via Stripe Connect) the identifier of your connected payout account.
  • Product analytics- pseudonymous events describing how you use the dashboard (pages viewed, buttons clicked, features used). See “Cookies and analytics” below.
  • Session recordings - anonymised replays of your interactions inside the dashboard, captured by PostHog. Form input fields are masked by default and do not appear in recordings.
  • Communications - emails and messages you send us, and operational emails we send you (account, billing, product updates you have opted into).

2. How we use your information

  • To provide and operate the Tapglide service.
  • To process payments, manage subscriptions, and pay partner commissions.
  • To produce the click analytics shown to you in your dashboard.
  • To improve the product - diagnose bugs, understand which features are used, and prioritise work.
  • To detect and prevent fraud, abuse, and security incidents.
  • To send transactional emails (sign-ups, receipts, security alerts).
  • To comply with legal obligations.

Our legal bases under UK GDPR are: performance of our contract with you (delivering the service you signed up for), our legitimate interests (running, securing, and improving the product), compliance with legal obligations (tax, accounting), and your consent where required (for example, optional marketing communications).

3. Cookies and analytics

We use cookies and similar technologies to keep you signed in, remember your preferences, and measure how the product is used.

  • Essential cookies - set by Supabase Auth to maintain your sign-in session. Without these, the app cannot function.
  • PostHog- product analytics, including pageviews, custom events, and session replay. PostHog is hosted on EU infrastructure. We use the “identified only” mode, meaning persistent profiles are created only after you sign in.
  • Vercel Analytics - privacy-friendly, cookie-less aggregate page-view and Core Web Vitals measurement on our marketing pages. No personal data is collected.
  • Stripe - Stripe may set cookies on the checkout and billing-portal pages it serves on our behalf.

We do not use Google Analytics, advertising trackers, or cross-site behavioural advertising cookies.

4. Third-party services

We rely on the following processors to operate Tapglide. Each receives only the data needed to provide its function.

  • Supabase - authentication and database hosting.
  • Stripe - payment processing, subscription billing, lifetime purchases, and partner payouts via Stripe Connect.
  • Vercel - application hosting and cookie-less web analytics.
  • PostHog (EU Cloud) - product analytics and session replay.
  • Resend / Supabase email - transactional email delivery.

5. International transfers

Tapglide is operated from the United Kingdom. Some of our processors are based in the United States. Where personal data is transferred outside the UK or EEA, we rely on the UK International Data Transfer Agreement, the EU Standard Contractual Clauses, or a UK adequacy regulation, as appropriate.

6. Data retention

  • Account data - kept for as long as your account is active, plus a reasonable period afterwards for legal, tax, and dispute-resolution purposes.
  • Click events - retained for the lifetime of the underlying link or until you delete the link.
  • Session recordings - retained for up to 30 days, then automatically deleted by PostHog.
  • Billing records - retained for 6 years to meet UK accounting requirements.

7. Your rights

Under UK GDPR and the Data Protection Act 2018, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Request deletion of your account and personal data.
  • Restrict or object to specific processing.
  • Data portability - receive your data in a structured, machine-readable format.
  • Withdraw consent at any time where processing is based on consent.
  • Lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk.

To exercise any of these rights, email hello@tapgli.de with the subject line “Privacy/Legal Request”. We will respond within 30 days.

8. Security

We use industry-standard practices to protect your data: encrypted connections (HTTPS), encryption at rest in our database, scoped access tokens, row-level security on user-owned tables, hashed passwords (handled by Supabase Auth), and regular review of third-party integrations. No system is perfectly secure; if you believe your account has been compromised, contact us immediately.

9. Children

Tapglide is not directed to children under 13 (or 16 in the UK/EEA). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

10. Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top reflects the most recent revision. For material changes, we will notify you by email or in-app before the change takes effect.

11. Contact

Clover Digital Ltd
Email: hello@tapgli.de (subject: Privacy/Legal Request)