Privacy Policy

Last updated: 2025-10-16

TapRebook (“we”, “us”, “our”) helps organizations standardize operational messaging on WhatsApp. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and the choices available to you.

Scope

  • This Policy applies to our website, platform, and related services we operate.
  • It does not apply to third-party products or services that have their own privacy policies (e.g., Meta/WhatsApp, your BSP, Google, calendars/booking tools).

Controller / Processor roles

For end-customer (e.g., patient/guest/parent) data you onboard, you act as the data controller and TapRebook acts as your data processor, processing personal data only to provide the Service and as described here. See also our Terms of Service.

Personal data we collect

  • Account and business info: name, org name, role, email/phone, billing and support history.
  • Operational data from your workflows: message templates and tags (e.g., confirmed, reminded_d-1, late, rebooked), recipient identifiers (e.g., phone numbers), timestamps, delivery/read signals, click actions, and configuration you provide. We do not need message content except as necessary to template, deliver, and log the conversation.
  • Device/usage data: IP address, device/browser metadata, pages visited, and product events (for security and to improve the Service).
  • Optional integrations: If you connect external systems (e.g., your BSP, Google Sheets, Google Calendar, booking tools, CRM), we process the minimum data required to read/write the fields you authorize (see “Google integrations” below).

How we use personal data

  • Provide, operate, and secure the Service (including template management, delivery, opt-in/opt-out handling, logging, and audit).
  • Configure and support your workflows (reminders, rescheduling, late-triage, reviews, recalls, etc.).
  • Improve the Service (analytics, troubleshooting, quality, fraud/misuse prevention).
  • Communicate with you (onboarding, support, changes to terms/policies, product updates).
  • Comply with law and WhatsApp/BSP policy requirements.

Legal bases

We process personal data based on one or more of the following: performance of a contract with you; legitimate interests (to run, secure, and improve the Service); compliance with legal obligations; and consent where required (e.g., end-customer opt-in for messaging).

Google integrations (Sheets/Calendar) & Limited Use

If you choose to connect Google Sheets or Google Calendar, we will request the minimal OAuth scopes required to perform the actions you enable (e.g., read/write specific Sheets ranges for slot banks/KPIs, create/view calendar events for scheduling). We do not sell or transfer Google-derived data to third parties, and we do not use Google-derived data to build generalized ML/AI models.

TapRebook’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Where data is processed & retention

  • Hosting: We use reputable cloud providers. Primary processing is currently located in India (and/or regions you configure with integrated providers).
  • Retention: We retain data for as long as needed to provide the Service and for legitimate business purposes (security, audit, legal), then delete or de-identify it. You may request deletion as described below.

Sharing of information

  • Service providers / sub-processors: Infrastructure, analytics, support, BSPs, template delivery—only what’s necessary to operate the Service.
  • Legal, safety, and policy compliance: If required by law or to protect rights, safety, and service integrity.
  • Business transfers: In a merger, acquisition, financing, or sale, data may be transferred subject to this Policy or a successor policy with equal or stronger protections.

Security

We use reasonable technical and organizational measures (encryption in transit, access controls, logging, least privilege) to protect personal data. No system is 100% secure; you are responsible for securing your own credentials and connected systems. See Application & Data Security for an overview.

Your rights

Depending on your jurisdiction, you may have rights to access, correct, delete, port, restrict, or object to certain processing. End-customers should contact the organization that controls their data; we will support controller requests to fulfill data-subject rights. You can reach us via the Contact page or at [email protected].

Children

Our Service is not directed to children under the age where consent requires parental authorization under applicable law. If you believe we have collected personal data from a child without proper authorization, contact us and we will take appropriate steps.

Changes to this Policy

We may update this Policy from time to time. Material changes will be posted on this page with a new “Last updated” date. If you continue to use the Service after the effective date, you agree to the updated Policy.

Contact

Questions about this Policy or our data practices? Contact us via the Contact page or email [email protected].