Privacy Policy for TapOFF

Effective Date: January 9, 2026

This Privacy Policy explains how TapOFF ("we", "our", or "us") collects, uses, and protects your personal information when you use our mobile application and Telegram Mini App.

---

1. Information We Collect

1.1 Information from Telegram

When you authenticate via Telegram, we collect:

• Telegram user ID

• Username (if set)

• First name and last name

• Language preference

1.2 Device Information

When you pair your Android or iOS device:

• Device ID (unique identifier)

• Device model and operating system version

• App version

• Timezone

• Public key for secure authentication

1.3 Screen Time Data

Android:
Our Android app uses PACKAGE_USAGE_STATS permission to measure:

• Total screen time duration (in seconds)

• Measurement period timestamps

• Sync timestamps

iOS:
Our iOS app uses Family Controls and DeviceActivityReport to measure:

• Total daily screen time duration

• Device activity timestamps

• Background sync data

Important: We only collect total screen time duration. We do NOT track which apps you use, what websites you visit, or what content you view. On iOS, we use Apple's privacy-focused Screen Time API that only provides aggregate usage data.

1.4 Usage and Game Progress

We track:

• Token balance and claims

• Degradation level

• Claim streaks

• Level and achievements

• Purchased skins and features

1.5 Purchase Information

When you make purchases via Telegram Stars:

• Payment ID from Telegram

• Purchase amount (in Stars)

• Items purchased

• Purchase timestamp

Note: We do NOT collect credit card numbers, bank details, or payment methods. All payments are processed securely by Telegram.

1.6 Referral Data

If you use referral features:

• Your unique referral code

• Count of users you referred

• Who referred you (if applicable)

---

2. How We Use Your Information

We use your information for:

• Core App Functionality: Device pairing, screen time tracking, degradation calculation, Golden Hour claiming

• Account Management: User authentication, profile display, leaderboards

• Premium Features: Processing purchases, activating skins and subscriptions

• Notifications: Sending Golden Hour reminders and important alerts

• Analytics: Aggregate statistics to improve the app (total users, average degradation, etc.)

• Customer Support: Resolving technical issues and purchase problems

---

3. Data Sharing and Third Parties

We share your data with:

1. Telegram - For authentication and payment processing (required for Mini App functionality)
2. Firebase Cloud Messaging (FCM) - For push notifications on both Android and iOS (device token only, via APNs on iOS)

We do NOT:

• ❌ Sell your data to third parties

• ❌ Share data with advertisers

• ❌ Use tracking or analytics services (no Google Analytics, Facebook SDK, etc.)

---

4. Data Security

We protect your information through:

• Encryption: All data transmitted over HTTPS with TLS 1.3

• Secure Authentication: JWT tokens and RSA public-key cryptography

• Rate Limiting: Protection against abuse and unauthorized access

• Database Security: Industry-standard PostgreSQL database with access controls

---

5. Data Retention

| Data Type | Retention Period |
|-----------|------------------|
| User profile | While account is active |
| Device information | While paired + historical records |
| Screen time records | 90 days |
| Purchase records | Indefinite (legal requirement) |
| Game progress | While account is active |

---

6. Your Rights

You have the right to:

1. Access your data - Request a copy of all information we have about you
2. Correct inaccurate data
3. Delete your account and associated data (except purchase records required by law)
4. Export your data in a portable format
5. Withdraw consent - Unpair your device to stop screen time collection

To exercise these rights, contact us at: mail@tapoff.xyz

---

7. Data Deletion

How to Delete Your Data:

Option 1: Unpair Device

• Open TapOFF → Settings → Unpair Device

• This stops screen time collection immediately

• Your account remains active for future use

Option 2: Delete Account

• Email us at: mail@tapoff.xyz

• We will permanently delete all your data except purchase records (kept for 7 years as required by law)

---

8. Children's Privacy

TapOFF is intended for users aged 18 and over. We do not knowingly collect information from children under 18. If you believe we have collected data from a minor, please contact us immediately.

---

9. International Data Transfers

Your data is stored on servers located in the United States. If you access TapOFF from outside the US, your information will be transferred internationally. We ensure appropriate safeguards are in place to protect your data in accordance with GDPR and other applicable regulations.

---

10. Mobile App Permissions

Android Permissions:

• INTERNET - Required for syncing data with our servers

• ACCESS_NETWORK_STATE - Check internet connectivity

• PACKAGE_USAGE_STATS - Measure total screen time for degradation calculation

• POST_NOTIFICATIONS - Send push notifications (optional, can be disabled in settings)

You can manage permissions in: Android Settings → Apps → TapOFF → Permissions

iOS Permissions:

• Family Controls - Required to access Screen Time data (total usage only, not individual apps)

• Background App Refresh - Sync screen time data in the background

• Notifications - Send Golden Hour reminders and alerts (optional)

• App Groups - Share data between main app and Screen Time extension

You can manage permissions in: iOS Settings → TapOFF

Why we need Family Controls: This is the only Apple-approved way to access total screen time. The permission is strictly limited to aggregate usage data - we cannot see which apps you use.

---

11. Push Notifications

We send notifications for:

• Golden Hour reminders (23:00-00:00 in your timezone)

• Degradation alerts

• Device pairing confirmations

Android: Settings → Apps → TapOFF → Notifications

iOS: Settings → Notifications → TapOFF

---

12. Cookies and Tracking

The TapOFF Telegram Mini App uses:

• Session cookies for authentication (required)

• Local storage for app preferences

We do NOT use third-party tracking cookies or advertising pixels.

---

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted at:
https://api.tapoff.xyz/privacy

Significant changes will be announced in the app. Your continued use after changes constitutes acceptance of the new policy.

---

14. Legal Basis (GDPR)

For users in the European Union, we process your data based on:

• Contract performance - Necessary to provide app services

• Legitimate interests - Analytics and fraud prevention

• Consent - Optional features like notifications and referrals

• Legal obligation - Retaining purchase records for tax compliance

---

15. Contact Us

Data Controller: TapOFF

Email: mail@tapoff.xyz

Website: https://tapoff.xyz

Privacy Policy: https://api.tapoff.xyz/privacy

Telegram Support: @tapoff_support

For privacy questions, data requests, or GDPR inquiries, please contact us at the email above.

---

16. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected

• Right to delete personal information

• Right to opt-out of sale of personal information (we do NOT sell your data)

• Right to non-discrimination for exercising your rights

Contact us to exercise these rights.

---

Last Updated: January 9, 2026

Version: 1.1.0

---

© 2026 TapOFF. All rights reserved.