Privacy Policy

Last updated: April 25, 2026

1. Controller

BB Development B.V. (KvK 87675838, "Tapview", "we") is the data controller responsible for the personal data processed through tapview.io. You can reach our privacy team at privacy@tapview.io.

2. What we collect

• Account data: name, email address, chosen handle, password hash, profile picture.
• Identity verification data (KYC): for Creators requesting payouts — date of birth, government-issued ID, address, and selfie. Collected and verified by our payment processor Stripe.
• Transaction data: purchase amount, currency, time, country, masked card details, and dispute status.
• Content metadata: file name, size, MIME type, checksum, upload time. We do not analyse the contents of Creator files except for automated checks against our Acceptable Use Policy.
• Technical data: IP address, device and browser information, language, and referrer.
• Cookies: a strictly necessary session cookie and, with your consent, anonymized analytics cookies.

3. Why we process it (legal bases)

• Performance of contract (Art. 6(1)(b) GDPR) — to provide the Service, process payments, and pay out earnings.
• Legal obligation (Art. 6(1)(c) GDPR) — to comply with anti-money-laundering, tax, and consumer-protection laws.
• Legitimate interests (Art. 6(1)(f) GDPR) — to prevent fraud, secure the Service, and improve our product.
• Consent (Art. 6(1)(a) GDPR) — for non-essential analytics cookies and product marketing emails.

4. Who we share it with

• Stripe Payments Europe — payment processing and KYC.
• Cloud infrastructure providers (e.g. Vercel, Cloudflare R2) — hosting, content delivery, security.
• Email and customer-support tools — transactional email and helpdesk.
• Authorities when required by law (court order, binding regulator request).

We never sell personal data, and we never share it with advertisers.

5. International transfers

Some processors are located outside the EEA. Where they are, transfers rely on the European Commission's Standard Contractual Clauses (SCCs) plus supplementary technical measures.

6. How long we keep it

• Account data: while your account is active, plus 90 days.
• Transaction and KYC records: 7 years after the transaction, as required by EU AML and tax law.
• Server logs: 30 days, then aggregated.

7. Your rights

You have the right to:

• access the personal data we hold about you;
• request correction or deletion of inaccurate data;
• object to or restrict certain processing;
• receive your data in a portable format;
• withdraw any consent you have given;
• lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

To exercise any of these rights, email privacy@tapview.io.

8. Security

We use TLS for all traffic, encryption at rest for stored files, hashed passwords (Argon2id), and least-privilege access controls. No system is fully secure; we will notify affected users and the regulator within 72 hours of becoming aware of any breach that affects personal data.

9. Children

Tapview is not directed to anyone under 18 and we do not knowingly process personal data from minors.

10. Changes

We may update this Privacy Policy. Material changes will be communicated by email or via the Service at least 14 days before they take effect.