Privacy Policy

1. Introduction

This Privacy Policy describes how Jootsing Research Inc., a Delaware C-Corporation ("Company," "we," "us," or "our"), collects, uses, discloses, and protects personal information in connection with the TapKit platform, including the TapKit API, macOS application, website (tapkit.ai), and all related services (collectively, the "Service"). TapKit is a product of Jootsing Research Inc. and is not a separate legal entity.

By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this Privacy Policy, you must not use the Service.

This Privacy Policy does not apply to third-party applications, websites, or services that you access or interact with through devices controlled by the Service. Those third parties have their own privacy policies, and we encourage you to review them.

2. Information We Collect

We collect information in the following categories:

2.1 Account Information

When you create an Account, we collect information necessary to set up and manage your account, including:

• Full name
• Email address
• Company or organization name
• Password (stored in hashed form)

2.2 Billing Information

When you subscribe to a paid plan, our payment processor, Stripe, Inc. ("Stripe"), collects and processes your payment information, including credit card numbers, billing addresses, and related financial data. TapKit does not directly store your full credit card number or payment credentials. Please refer to Stripe's privacy policy at https://stripe.com/privacy for information on how Stripe handles your payment data.

We may receive from Stripe limited billing-related information, such as the last four digits of your card number, card type, expiration date, and billing address, for the purposes of displaying billing history and communicating about your subscription.

2.3 Service Usage Data

When you use the Service, we automatically collect certain technical and usage information, including:

• API call logs (timestamps, endpoints called, response codes, and request metadata)
• Session data (connection events, device pairing status, automation execution logs)
• Number of connected devices and active sessions
• Feature usage patterns and frequency
• Error logs and diagnostic data
• macOS application version and system information

2.4 Device Metadata

To provide the Service, we collect metadata about connected devices, including:

• Device name (as configured by the user)
• Unique Device Identifier (UDID)
• Device model and model number
• Device serial number
• Hardware identifier
• iOS version
• Phone number associated with the device
• Wi-Fi MAC address
• Bluetooth MAC address
• Battery level
• Device color code
• Device timezone
• Connection status and session duration
• List of installed applications on the Controlled Device

We may also collect Wi-Fi MAC addresses from Host Machines (macOS computers) used to operate the Service. The specific data points collected may vary depending on the device type, iOS version, and Service features in use.

2.5 Screenshots and Visual Data

In the course of providing the Service, TapKit captures screenshots of Controlled Devices to execute automation commands, deliver API responses, and provide session traces and logs to you. Screenshots may be retained for a limited period to:

• Deliver visual traces and session logs to you through the Service
• Debug issues, diagnose errors, and improve the reliability and performance of the Service
• Develop and improve the Service's capabilities

Screenshots are retained for no longer than the retention period specified in the Data Retention section of this Privacy Policy. You may request deletion of stored screenshots at any time by contacting us at privacy@tapkit.ai.

2.6 AI and Machine Learning Processing

To provide automation capabilities, the Service transmits screenshots and other device interaction data to third-party AI and large language model ("LLM") providers for processing. These transmissions are made solely to execute your automation commands and deliver the Service. See Section 4.1 for a list of our AI/LLM service providers.

2.7 Website Data

When you visit tapkit.ai, we may collect standard web analytics data, including:

• IP address
• Browser type and version
• Operating system
• Pages visited and referring URLs
• Date and time of visit

In addition, our website uses third-party advertising and analytics pixels (such as Meta Pixel, TikTok Pixel, and LinkedIn Insight Tag) that may collect information about your browsing activity on our website, including pages visited, actions taken (such as signing up or clicking a link), IP address, browser and device identifiers, and cookie data. This information is transmitted to the respective advertising platforms and may be used by those platforms to deliver targeted advertisements to you on their networks. See Section 12 for more information on cookies and tracking technologies.

2.8 Automation Trajectories and Telemetry

To improve the Service, we may record and retain automation trajectories — the ordered sequence of actions taken, screenshots captured, device states observed, and results produced during an automation session. Trajectories may be used for:

• Diagnosing failures and debugging automation workflows
• Measuring and improving automation accuracy and reliability
• Internal product analytics and benchmarking
• Training and improving the AI models and algorithms that power the Service

Trajectories are retained in accordance with the retention periods in Section 6. Where trajectories are used for model training or benchmarking, they are de-identified or aggregated where feasible. You may request deletion of stored trajectories at any time by contacting us at privacy@tapkit.ai.

2.9 Communications Data

When you contact us via email, support channels, or forms on our website, we collect the content of your communications along with associated metadata (such as your email address and timestamps) to respond to your inquiries and improve our Service.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Providing and Operating the Service

• Setting up and managing your Account
• Authenticating your access and API calls
• Connecting and managing Controlled Devices
• Processing and executing automation commands
• Generating and delivering API responses, including screenshots when requested
• Processing payments and managing subscriptions

3.2 Improving and Developing the Service

• Analyzing usage patterns to improve Service functionality and performance
• Identifying and fixing bugs, errors, and performance issues
• Reviewing screenshots and session data to diagnose automation failures and improve Service reliability
• Developing new features and capabilities
• Conducting internal research and analytics

3.3 Communication

• Sending transactional communications (account confirmations, billing receipts, service alerts)
• Providing customer support
• Sending product updates and announcements relevant to your use of the Service
• Sending marketing communications (only with your consent, where required by law; you may opt out at any time)

3.4 Advertising and Marketing

• Measuring the effectiveness of our advertising campaigns on third-party platforms (Meta, TikTok, LinkedIn)
• Delivering targeted advertisements to website visitors on third-party advertising networks
• Understanding which marketing channels drive sign-ups and conversions

You may opt out of advertising-related data collection by managing your cookie preferences on our website.

3.5 Security and Compliance

• Detecting, preventing, and addressing fraud, abuse, and security incidents
• Enforcing our Terms of Service and Acceptable Use Policy
• Complying with applicable legal obligations
• Responding to lawful requests from governmental authorities

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We engage trusted third-party companies and individuals to perform functions on our behalf, such as payment processing, analytics, hosting, and customer support. These service providers have access to personal information only to the extent necessary to perform their functions and are contractually obligated to maintain the confidentiality and security of such information.

Our current service providers include:

TapKit may integrate additional AI/LLM providers from time to time to deliver and improve the Service. We will update this list as our providers change. All AI/LLM providers are used solely to process automation commands on your behalf and are contractually bound to maintain the confidentiality of data transmitted to them.

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities, including to comply with a subpoena, court order, or other legal process, or to protect the rights, property, or safety of TapKit, our users, or the public.

4.3 Business Transfers

If TapKit is involved in a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

4.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

4.5 Aggregated and De-Identified Data

We may share aggregated or de-identified data that cannot reasonably be used to identify you for any purpose, including product benchmarking, industry analysis, and research.

5. Data We Do Not Collect

To be clear about the boundaries of our data practices:

• Continuous Screen Monitoring: We do not continuously monitor or record the screen content of your Controlled Devices. Screenshots are captured only in connection with automation commands and API requests, and are retained only as described in Section 2.5 of this Privacy Policy.
• Third-Party App Data: We do not collect or access data from any Third-Party Applications running on your Controlled Devices.
• Credentials for Third-Party Services: We do not collect, store, or have access to any login credentials, passwords, or authentication tokens you may use within Third-Party Applications on your Controlled Devices.
• Personal Data of Third Parties: We do not intentionally collect personal data about individuals who may be contacts, users, or subjects within the Third-Party Applications you interact with through the Service.

6. Data Retention

We retain your personal information for as long as your Account is active or as needed to provide the Service. Specific retention periods include:

• Account Information: Retained for the duration of your Account and for up to thirty (30) days following Account deletion, after which it is permanently deleted.
• Billing Information: Transaction records are retained for up to seven (7) years for tax and accounting compliance purposes.
• Service Usage Data: API logs and session data are retained for up to ninety (90) days for operational and debugging purposes, after which they are automatically deleted or anonymized.
• Screenshots and Visual Data: Screenshots captured during automation sessions are retained for up to ninety (90) days for the purposes of providing session traces, debugging, and Service improvement, after which they are automatically deleted.
• Automation Trajectories: Trajectory data is retained for up to ninety (90) days for debugging and product improvement. De-identified or aggregated trajectory data used for model training and benchmarking may be retained indefinitely.
• Device Metadata: Retained for the duration of the device's connection to the Service and for up to thirty (30) days following disconnection, except for aggregate usage statistics.
• Website Data: Web analytics data is retained in accordance with our analytics provider's retention policies, typically no longer than twenty-four (24) months.
• Communications Data: Retained for as long as reasonably necessary to resolve your inquiry and for our records, typically no longer than twenty-four (24) months.

When your information is no longer needed for the purposes described in this Privacy Policy, we will delete or anonymize it. Where deletion is not immediately possible (for example, because information is stored in backup archives), we will securely isolate the information and apply protective measures until deletion is feasible.

7. Data Security

We implement commercially reasonable administrative, technical, and physical safeguards designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS/SSL
• Encryption of sensitive data at rest
• Secure hashing of passwords
• Access controls limiting employee access to personal information on a need-to-know basis
• Regular security assessments of our systems and practices
• API key authentication and rate limiting

While we strive to protect your personal information, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security.

8. Your Rights and Choices

8.1 Account Information

You may access, update, or correct your Account information at any time through your Account settings. To delete your Account, contact us at privacy@tapkit.ai.

8.2 Marketing Communications

You may opt out of receiving marketing emails from us by clicking the "unsubscribe" link in any marketing email or by contacting us at privacy@tapkit.ai. Even after opting out, you will continue to receive transactional communications related to your Account and the Service.

8.3 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act ("CCPA") and the California Privacy Rights Act ("CPRA"), including:

• Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collecting the information, and the categories of third parties with whom we share it.
• Right to Delete: You may request that we delete the personal information we have collected about you, subject to certain exceptions.
• Right to Correct: You may request that we correct inaccurate personal information.
• Right to Opt Out of Sale or Sharing: We do not sell your personal information. However, our use of third-party advertising pixels (such as Meta Pixel, TikTok Pixel, and LinkedIn Insight Tag) on tapkit.ai may constitute "sharing" of personal information for cross-context behavioral advertising under the CCPA. You may opt out of this sharing by managing your cookie preferences on our website or by contacting us at privacy@tapkit.ai.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, contact us at privacy@tapkit.ai. We will verify your identity before processing your request.

8.4 European Economic Area, United Kingdom, and Switzerland (GDPR)

If you are located in the European Economic Area ("EEA"), United Kingdom ("UK"), or Switzerland, you have additional rights under the General Data Protection Regulation ("GDPR") or equivalent legislation, including:

• Legal Basis for Processing: We process your personal data on the following legal bases: (a) performance of a contract (to provide the Service); (b) legitimate interests (to improve the Service, ensure security, and communicate with you); and (c) consent (for marketing communications, where applicable).
• Right of Access: You may request a copy of the personal data we hold about you.
• Right to Rectification: You may request correction of inaccurate personal data.
• Right to Erasure: You may request deletion of your personal data, subject to certain legal exceptions.
• Right to Restrict Processing: You may request that we restrict processing of your personal data in certain circumstances.
• Right to Data Portability: You may request a copy of your personal data in a structured, commonly used, and machine-readable format.
• Right to Object: You may object to processing of your personal data based on legitimate interests.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time.

To exercise these rights, contact us at privacy@tapkit.ai. You also have the right to lodge a complaint with a supervisory authority in your jurisdiction.

Data Transfers: Your personal data may be transferred to and processed in the United States, where our servers and operations are located. Where such transfers occur, we rely on appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission, to ensure an adequate level of protection for your personal data.

8.5 Other Jurisdictions

If you are located in a jurisdiction with privacy laws that grant you specific rights regarding your personal information, we will comply with those laws to the extent applicable. Contact us at privacy@tapkit.ai to exercise any rights available to you.

9. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe that a child has provided us with personal information, please contact us at privacy@tapkit.ai.

10. Third-Party Links and Services

The Service may contain links to third-party websites, applications, or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access.

11. Data Processing on Behalf of Customers

When you use the Service to automate devices, you may process personal data of third parties (for example, data visible in applications on your Controlled Devices). In such cases, you are the data controller (or equivalent under applicable law) and TapKit acts as a data processor on your behalf. You are responsible for ensuring that your use of the Service complies with all applicable privacy laws, including obtaining any required consents.

If you require a Data Processing Agreement ("DPA"), please contact us at privacy@tapkit.ai, and we will provide one.

12. Cookies and Tracking Technologies

12.1 Website Cookies

Our website uses cookies and similar tracking technologies to enhance your experience, analyze usage, and assist with marketing efforts. The types of cookies we use include:

• Strictly Necessary Cookies: Required for the website to function and cannot be disabled.
• Analytics Cookies: Help us understand how visitors interact with our website by collecting information anonymously.
• Functional Cookies: Enable enhanced functionality and personalization.
• Marketing and Advertising Cookies: Placed by third-party advertising platforms (such as Meta, TikTok, and LinkedIn) to track your browsing activity on our website and deliver targeted advertisements to you on their networks. These cookies may collect your IP address, browser and device identifiers, pages visited, and actions taken on our website. The data collected by these cookies is governed by the respective platforms' privacy policies.

12.2 Managing Cookies

You can manage your cookie preferences through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling cookies may affect the functionality of our website.

12.3 Do Not Track

Our website does not currently respond to "Do Not Track" browser signals. However, you can manage tracking through your cookie and browser settings as described above.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make material changes, we will notify you by posting the updated Privacy Policy on our website and, where appropriate, by sending you an email notification. Your continued use of the Service after the effective date of the updated Privacy Policy constitutes your acceptance of the changes.

We encourage you to review this Privacy Policy periodically for the latest information on our privacy practices.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

• Email: privacy@tapkit.ai
• Website: https://tapkit.ai

Jootsing Research Inc.

For questions about our Terms of Service, please visit https://tapkit.ai/terms or contact legal@tapkit.ai.