Privacy Policy – Tapwa

Privacy Policy

Effective date: April 7, 2026
Last updated: April 7, 2026
App name: Tapwa – WhatsApp Chat Button
Developer:Mynameiskalam
Contact: privacy@tapwa.app

1. Introduction

This Privacy Policy describes how Tapwa ("we", "us", "our") collects, uses, and shares information when you install and use the Tapwa – WhatsApp Chat Button application ("App") on the Shopify platform. We are committed to protecting the privacy of our merchants and their customers.

By installing the App, you agree to the collection and use of information as described in this policy. If you do not agree, please uninstall the App.

2. Information We Collect

We collect only the minimum data necessary to provide our service. Here is a detailed breakdown:

2.1 Information collected from merchants (via Shopify APIs)

Data Type Purpose Source
Shop domain name Identify and authenticate your store Shopify OAuth
Store name Display in the app dashboard Shopify API
Billing plan information Manage subscription tiers and feature access Shopify Billing API

2.2 Information provided directly by merchants

Data Type Purpose
WhatsApp phone numbers Configure the chat button displayed to customers
Agent names and phone numbers Multi-agent routing and customer-facing agent picker
Greeting messages Pre-fill WhatsApp chat messages for customers
Widget configuration (colors, position, style) Customize the appearance of the storefront widget
Custom CSS Advanced styling of the widget
Page rules and URL patterns Control where the widget appears on the storefront
Webhook URLs Send click event notifications to merchant-specified endpoints

2.3 Information collected automatically (analytics)

Data Type Purpose
Page URL where the button was clicked Click analytics and page-level reporting
Device type (mobile/desktop) Device breakdown in analytics
Timestamp of click events Time-based analytics and trend reporting
Agent selected (if applicable) Per-agent analytics and routing effectiveness

We do NOT collect customer names, email addresses, IP addresses, cookies, or any personally identifiable information (PII) from your store's visitors.

3. How We Use Information

We use the information we collect solely for the following purposes:

  • Provide the service: Display the WhatsApp chat button on your storefront with your configured settings.
  • Analytics: Provide you with click analytics, device breakdowns, and agent performance data in your dashboard.
  • Webhook delivery: Send click event data to webhook endpoints you configure (Advanced plan only).
  • Billing: Manage your subscription plan and feature access through Shopify's billing system.
  • Support: Assist you with technical issues related to the App.

We do not use your data for advertising, profiling, marketing, or any purpose unrelated to the App's functionality.

4. Legal Basis for Processing (GDPR)

For merchants and visitors in the European Economic Area (EEA), we process personal data based on the following legal bases:

  • Contract performance: Processing your shop domain, billing, and configuration data is necessary to provide the App's services as agreed when you install the App.
  • Legitimate interest: Collecting anonymous click analytics to provide you with usage insights about your WhatsApp button.

5. Data Sharing and Third Parties

We do not sell, rent, or trade your data to third parties. Data may be shared only in the following limited circumstances:

  • Shopify: We operate within the Shopify platform and use Shopify's APIs and billing system. Your use of Shopify is governed by Shopify's Privacy Policy.
  • Hosting provider: Our application is hosted on Fly.io. Data is stored on servers in accordance with their security practices.
  • Merchant-configured webhooks: If you enable webhook integrations (Advanced plan), click event data is sent to the URL you specify. You are responsible for the privacy practices of your webhook endpoints.
  • Legal requirements: We may disclose information if required by law, regulation, legal process, or governmental request.

6. Data Storage and Security

  • All merchant configuration data is stored in an encrypted SQLite database on our hosting infrastructure.
  • Communication between your store and our servers is encrypted using HTTPS/TLS.
  • We do not store any customer (end-user) personal data.
  • Access to production databases is restricted to authorized personnel only.

7. Data Retention

  • Active accounts: Your configuration and analytics data is retained for as long as the App is installed on your store.
  • After uninstallation: When you uninstall the App, we receive a webhook from Shopify. We delete all your store data, including settings, agents, analytics, and page rules, within 30 days of uninstallation.
  • Analytics data: Click event data is retained for up to 12 months, after which it is automatically purged.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the data we hold about your store.
  • Correction: Request correction of inaccurate data.
  • Deletion: Request deletion of your data. You can also uninstall the App, which triggers automatic data deletion.
  • Portability: Request your data in a machine-readable format (CSV export is available on Advanced plan).
  • Restriction: Request that we limit processing of your data.
  • Objection: Object to processing based on legitimate interest.

To exercise any of these rights, contact us at privacy@tapwa.app. We will respond within 30 days.

9. Shopify Compliance Webhooks

We comply with Shopify's mandatory privacy webhooks:

  • customers/data_request: We respond to customer data access requests. Since we do not store customer PII, our response confirms no customer personal data is held.
  • customers/redact: We process customer data deletion requests. Since we do not store customer PII, no action is required beyond acknowledgment.
  • shop/redact: When a merchant uninstalls the App and the grace period expires, we delete all associated store data.

10. Children's Privacy

Our App is designed for use by Shopify merchants (businesses) and is not directed at children under 16. We do not knowingly collect information from children.

11. International Data Transfers

Our servers are located in the United States. If you are accessing the App from outside the US, your data may be transferred to and processed in the US. By using the App, you consent to this transfer. We take appropriate safeguards to ensure your data is protected in accordance with this Privacy Policy and applicable data protection laws.

12. Cookies and Tracking

The Tapwa storefront widget does not use cookies or any browser tracking technologies. Widget configuration is temporarily cached in the browser's sessionStorage (cleared when the browser tab is closed) solely to reduce API calls. No tracking pixels, fingerprinting, or cross-site tracking is used.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. For significant changes, we will notify merchants through the App dashboard. Continued use of the App after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: