top of page

Terms & Conditions

Terms and Conditions of Use – TapFlo.ai

Effective Date: 1/02/2026

 

1. Definitions

“Platform” means the TapFlo.ai SaaS dashboard, NFC‑enabled tags, analytics,

campaign management tools, API integrations, AI insights modules and related

software.  “Hardware” refers to physical NFC tags or contactless devices

provided by TapFlo.  “Client” means a person or entity who registers for or

uses the Services.  “End User” means an individual whose personal data is

captured via TapFlo.  “Lead Data” means personal information submitted by End

Users through the Platform.  Capitalised terms not defined here have the

meanings set out in applicable data protection legislation.

 

2. Scope of Services

TapFlo provides tools to capture and process lead data through NFC tags,

landing pages, forms and APIs; to route that data to clients’ systems; and to

generate analytics and AI‑powered insights.  The Services are provided on an

“as‑is” basis without warranty of specific business outcomes.  TapFlo may

enhance or modify the Services from time to time.

 

3. Account Registration

Clients must provide accurate registration details and maintain the security of

their credentials.  Clients are responsible for all activity under their

account and must notify TapFlo of any unauthorised use.

 

4. Roles and Responsibilities

For Lead Data, TapFlo acts as a data processor/operator, and the

Client acts as the data controller/responsible party.  The Client

determines the purposes and means of processing and must ensure that processing

has a lawful basis (e.g., consent, contractual necessity).  TapFlo will

process Lead Data only on documented instructions from the Client, except

where required by law.

 

5. Lawful Basis and Consent

Clients must obtain explicit, informed and freely given consent from End

Users before collecting or processing personal data for marketing or other

purposes.  Consent may be obtained via written forms, electronic acceptance,

email, telephone, SMS, WhatsApp or other channels reasonably accessible to the

data subject.  The Client must record and retain proof of consent and make

recordings of telephonic consent available to the End User on request .  Consent cannot be inferred from pre‑ticked boxes,

silence or inactivity .  For processing based on

legitimate interests or contractual necessity, the Client must document its

assessment and inform End Users accordingly.

 

6. Purpose Specification and Further Processing

Clients may collect Lead Data only for specific, explicitly defined and

legitimate purposes (e.g., to provide marketing analytics, to route leads to a

CRM).  Further processing for incompatible purposes is prohibited unless

additional consent is obtained .  Clients must

document processing purposes and disclose them to End Users at the point of

collection .

 

7. Data Subject Rights

End Users have rights to: (a) know whether TapFlo or the Client holds their

personal data; (b) access copies of their data; (c) request correction,

deletion or destruction of personal data free of charge; (d) object to

processing; (e) restrict or withdraw consent; and (f) request portability of

their data in a structured, commonly used format .  Clients must provide mechanisms for

submitting these requests (e.g., email address or web form) and must respond

within statutory time frames (30 days under POPIA ,

30 days under GDPR , 45 days under CCPA ).  TapFlo will assist the Client in fulfilling

requests and will not respond directly unless acting as a controller.

 

8. Data Retention and Destruction

Lead Data will be retained only for as long as necessary for the purposes

specified by the Client or as required by law .  By

default, data collected under a Basic plan is retained for 30 days unless the

Client exports or extends retention through subscription upgrades.  The Client

may delete Lead Data at any time; after deletion, data cannot be restored.

TapFlo will securely destroy data once the retention period ends using

industry‑standard methods and provide certification upon request.

 

9. Information Quality and Updates

Clients are responsible for ensuring that the Lead Data they collect is

complete, accurate and up to date .  Clients

must implement mechanisms to allow End Users to update information or withdraw

consent.  TapFlo provides tools to edit or delete data via the dashboard or

API.

 

10. Security Measures

TapFlo maintains appropriate technical and organisational measures to protect

personal data against accidental or unlawful destruction, loss, alteration,

unauthorised disclosure or access .  These

measures include encryption of data in transit and at rest, role‑based access

controls, penetration testing, vulnerability management and incident response

plans.  TapFlo will promptly notify the Client of any personal data breach and

assist the Client in meeting notification obligations to data subjects and

regulators.  TapFlo requires all sub‑processors to sign data processing

agreements containing equivalent security safeguards .

 

11. Cross‑Border Transfers

Personal data may be processed and stored in countries other than the data

subject’s country of residence.  TapFlo will ensure that any international

transfers are made under a lawful mechanism (e.g., adequacy decision,

Standard Contractual Clauses or other recognised safeguards) and will execute

appropriate agreements with sub‑processors .

Clients may impose additional transfer restrictions in their data processing

agreements.

 

12. Cookies and Tracking Technologies

TapFlo uses cookies and similar technologies to enable site functionality,

analyse usage, and personalise content.  Non‑essential cookies (e.g., for

analytics and marketing) are used only if the End User has provided consent.

TapFlo provides a separate Cookie Policy describing cookie types, purposes,

retention periods and how users can manage preferences .

 

13. Acceptable Use

Clients must not use the Services to collect personal data without lawful

basis, to conduct unlawful surveillance or marketing, to distribute malware,

to misrepresent identity or to process sensitive information (e.g., health

data) without explicit consent.  Clients must comply with POPIA, GDPR,

CCPA and any applicable electronic communications laws.

 

14. Intellectual Property

All intellectual property rights in the Platform, algorithms, NFC workflows

and AI modules remain the property of TapFlo.  Clients may not copy,

reverse engineer or distribute proprietary components without TapFlo’s

permission.

 

15. Limitation of Liability

To the maximum extent permitted by law, TapFlo shall not be liable for lost

profits, indirect or consequential damages, misuse of hardware, inaccurate

analytics or interruptions.  TapFlo’s total liability shall not exceed the

fees paid by the Client in the twelve months preceding the claim.

 

16. Indemnification

Clients shall indemnify and hold harmless TapFlo against claims arising from

the Client’s misuse of the Services, non‑compliance with privacy laws,

failure to obtain consent or failure to honour data subject rights.

 

17. Termination

TapFlo may suspend or terminate accounts for breach of these Terms,

non‑payment or unlawful use.  Upon termination, TapFlo will delete or

anonymise Lead Data as instructed by the Client.

 

18. Amendments

TapFlo may amend these Terms to reflect changes in laws, Services or

business practices.  TapFlo will notify Clients of material changes and

provide at least 30 days’ notice when required by law.  Continued use of

the Services after the effective date constitutes acceptance of the amended

Terms.

 

19. Governing Law

These Terms shall be governed by South African law to the extent permitted.

Nothing in this clause limits the mandatory rights of data subjects or the

applicability of data protection laws in other jurisdictions.

 

20. Contact and Complaints

Clients and End Users may contact TapFlo’s Information Officer at

legal@tapflo.ai for privacy or legal queries.  Data subjects may lodge

complaints with the South African Information Regulator (complaints.IR@justice.gov.za) or

their local supervisory authority in the EU or US.

 

 

Conclusion

 

 

TapFlo.ai’s original Terms and Conditions contained a solid foundation

covering basic definitions, services, liability and acceptable use.  However,

to fully comply with POPIA, GDPR, CCPA and similar regulations, amendments

are necessary.  The recommended enhancements above address explicit consent,

data subject rights, retention, purpose limitation, security measures,

cross‑border transfers, cookies and complaint mechanisms.  The revised T&C

template incorporates these improvements while preserving the original

structure.  TapFlo should seek legal counsel to finalise the document and

ensure ongoing compliance with evolving data protection laws.

bottom of page