1. Who We Are

2. What Personal Data We Collect

We collect data from users, pub businesses, and staff users linked to business accounts.

2.1 Data We Collect From Site Users

• Name
• Email address
• Phone number
• Date of birth
• Location (Town or Postcode only)
• Consumer preferences (e.g., drink choices, venue preferences)
• Account login credentials
• IP address, browser details, device identifiers
• Website behaviour & analytics data
• Location data (if enabled through your device)
• User-generated content, including photographs and comments
• Cookie preferences and consent choices (for logged-in users, stored securely in our database)

2.2 Data We Collect From Businesses (Pub Owners & Representatives)

• Business legal name
• Premises licence and associated documentation
• Staff member names, email addresses, phone numbers, dates of birth
• BACS bank details for payouts
• Credit/debit card details (processed only via Stripe — we do not store these)
• Business profile content and uploaded images

2.3 Data From Third Parties

We receive data through:

• Google Analytics (analytics data, device information, browsing behaviour)
• Social media logins (Meta, X, Google, etc.)
• Stripe (payment status, card verification, invoicing metadata)
• SendGrid & Twilio (email delivery status, engagement data such as opens/clicks, and messaging metadata)

3. How We Use Your Personal Data

We process personal data for the following purposes:

3.1 Providing Our Service

• Operating the Tap Tap Pub directory
• Creating and managing user and business accounts
• Allowing users to review pubs and upload content
• Enabling pub owners to manage their listing

Lawful basis:

• Contract (to provide our service)
• Legitimate interests (to operate and improve the platform)

3.2 Marketing and Communications

• Email newsletters and updates
• Offers and promotional communications
• Service announcements

Lawful basis:

• Consent (for email marketing under PECR)
• You may withdraw consent at any time via unsubscribe links.

3.3 Billing, Payments & Subscriptions

• Processing payments via Stripe
• Managing subscriptions for business customers
• Invoicing and financial reporting

Lawful basis:

• Contract
• Legal obligation (financial record keeping)

3.4 Analytics & Site Improvements

• Reviewing site performance
• Analysing user behaviour
• Improving features and usability

Lawful basis:

• Legitimate interests (to improve and develop our services)

3.5 Legal & Compliance

• Fraud detection and prevention
• Compliance with HMRC, Companies House, and legal obligations

Lawful basis:

• Legal obligation
• Legitimate interests

4. How We Share Your Data

We only share your data with trusted service providers and partners essential to operating our platform.

4.1 Hosting & Infrastructure

• Supabase hosted via Hostinger – UK-based server and database
• Hostinger – UK-based server and hosting
• Cloudflare – Web firewall, performance optimisation and cyber/data security
• Base44 (US-based) – Dashboarding & metrics
• Google – Email server, video conferencing and file storage
• Microsoft – Document creation/management, video conferencing
• Canva – Design solution

We store and process personal data using Hostinger servers located in the United Kingdom. All databases and associated backups are held on Hostinger infrastructure within UK data centres. This means your personal data remains within the UK and does not leave the jurisdiction unless stated otherwise in this policy.

We host our application, database, and media assets on servers provided by Hostinger, located within the United Kingdom. All personal data is processed and stored in accordance with applicable UK GDPR and the Data Protection Act 2018.

We ensure that Hostinger maintains industry-standard security measures, including encryption, access controls, and monitoring to protect your personal information.

Some third-party services (such as analytics, authentication providers, and payment processors) may store or process data outside the United Kingdom. Where this occurs, we ensure that appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or equivalent legal mechanisms to protect your data.

Routine backups are stored securely within Hostinger UK data centres. Backups are encrypted and retained only for operational recovery purposes. We do not share or view backup data unless required for support purposes or to meet legal obligations.

4.2 Payment & Finance

• Stripe – payment processing
• Xero – financial records (UK servers where possible)

4.3 Email & Marketing Tools

• SendGrid & Twilio – Email delivery, tracking, transactional messaging, and marketing broadcasts
• Google Analytics – Engagement analytics (open/click rates, page behaviour, device/location analytics)

4.4 Social Media Integrations

• Facebook
• Instagram
• LinkedIn
• X (Twitter)
• TikTok
• SnapChat

These platforms may process personal data independently according to their privacy policies.

4.5 Legal & Regulatory Bodies

We may share data where required by:

• HMRC
• Companies House
• Law enforcement

5. International Data Transfers

Some partners store or process data outside the UK, including:

• Base44 (US-based infrastructure)
• Social media platforms (US-based infrastructure)
• Stripe (may involve US processing)

Where this occurs, Tap Tap Pub ensures compliance through:

• UK GDPR-compliant International Data Transfer Addendums (IDTA)
• Standard Contractual Clauses (SCCs)
• Adequacy decisions where applicable

All transfers are subject to appropriate safeguards.

6. Data Retention

We retain data only as long as necessary:

Note: Cookie consent audit logs are retained for 7 years to demonstrate compliance with UK GDPR and PECR requirements. These logs contain timestamps, consent choices, IP addresses, and user agent information.

7. Cookies & Tracking (See Cookie Policy Below)

Cookie Types We Use

We use four main categories of cookies on Tap Tap Pub:

A cookie banner is used for consent management. You can manage your cookie preferences at any time via our Cookie Preferences page.

8. Your Rights Under UK GDPR

You have the right to:

• Access your data
• Correct inaccurate data
• Delete your data (right to erasure)
• Withdraw marketing consent
• Restrict processing
• Object to processing
• Request data portability
• Complain to the ICO

To exercise any right, contact: privacy@taptap.pub

9. Complaints

If you are unhappy with how we handle your data, please contact us first.

You also have the right to complain to:

10. Changes to This Policy

We may update this policy periodically.

The "Last updated" date will be changed accordingly.

Significant changes will be communicated through the website or email.