Privacy policy

The following is to explain your rights and give you the information you are entitled to under the General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA 2018).

Cookies

We only use cookies for user session management. These cookies do not store personally identifiable information and are not forwarded to third parties.

Information we collect and why we have it

The landing page

The following information is collected, processed and stored from people visiting this landing page website (https://tapintodata.com):

• Feedback, support requests and expressions of interest, including email addresses. Your emails will go to our Gmail mailbox (see their privacy policy) and will never be forwarded to any third party. Correspondence emails are stored until they are asked to be deleted.
• Visitors’ session information (device, operating system, browser, referrer website and actions taken on this website) excluding any personally identifiable information, such as IP Addresses. These are stored securely in a self-hosted analytics platform and are never forwarded to any third party. This is used to improve the service.

tap application site

The following information is collected, processed and stored from people visiting tap application site (https://app.tapintodata.com):

• We use Auth0 (see their privacy policy) for authentication and authorization. When signing up, the user choses an identity provider from which profile information is obtained. For internal authorization, we map the user internally from their identity provider's `sub` field and store no other information about the user.
• Data files uploaded are stored in an AWS S3 bucket in the London region associated to the logged-in user's tenant. Each tenant is only authorized to access their own files and S3 bucket. This is managed through separated credentials that are stored in an encrypted, self-hosted database. This is part of the core functionality of tap and serves as the source of the generated APIs.
• Tracing information of user action within their tenant (i.e. what operation they executed), but not contents of their requests are collected for usage analytics and fault detection.

Your rights and contacting us

Under data protection law, you have rights including:

• Right of access: You have the right to ask us for copies of your personal information.
• Right to rectification: You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
• Right to erasure: You have the right to ask us to erase your personal information in certain circumstances.
• Right to restriction of processing: You have the right to ask us to restrict the processing of your personal information in certain circumstances.
• Right to object to processing: You have the right to object to the processing of your personal information in certain circumstances.
• Right to data portability: You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at support@digitalsociety.coop if you wish to make a request.

Our postal address is Digital Society Ltd, Flat 2 10 Tinto Place, Edinburgh, EH6 5FL.

Complaints

You can complain to the ICO if you are unhappy with how we have used your data.

Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk