TapTrust

Privacy Policy

Last updated: October 10, 2025

Our Commitment to Privacy

TapTrust is built on the principle of privacy by design. We believe that your conversations with AI should remain private and secure. Unlike traditional AI services, TapTrust implements a non-custodial architecture where your data remains under your control at all times.

This privacy policy explains how we collect, use, and protect your information while maintaining our commitment to privacy-first principles.

Information We Collect

Account Information

When you create an account with TapTrust, we collect basic authentication information through our third-party authentication provider (Privy). This includes:

  • Email address (for account verification and communication)
  • Unique user identifier (for account management)
  • Authentication tokens (managed by Privy)

Conversation Data

Your conversations with AI assistants are encrypted on your device before any transmission. We collect:

  • Encrypted conversation content (stored securely on our servers)
  • Conversation metadata (timestamps, chat IDs, non-sensitive identifiers)
  • AI model usage statistics (for billing and performance monitoring)

Technical Information

We automatically collect certain technical information to provide and improve our service:

  • IP address and geolocation data (for security and compliance)
  • Device and browser information (for compatibility)
  • Usage patterns and performance metrics (for service optimization)

How We Use Your Information

Service Provision

  • To provide AI chat functionality and maintain your account
  • To process and route your encrypted conversations to AI providers
  • To manage billing and subscription services
  • To provide customer support and technical assistance

Security and Compliance

  • To detect and prevent fraud, abuse, and security threats
  • To comply with legal obligations and regulatory requirements
  • To maintain the integrity and security of our platform

Service Improvement

  • To analyze usage patterns and improve service performance
  • To develop new features and enhance user experience
  • To conduct research and development on privacy-preserving technologies

Our Privacy-First Architecture

Client-Side Encryption

TapTrust uses end-to-end encryption where all sensitive data is encrypted on your device before transmission. Your encryption keys are derived from your account credentials and never leave your device.

Zero-Knowledge Design

Our servers cannot access the content of your conversations. We store only encrypted data and can only see non-sensitive metadata necessary for service operation.

Direct AI Communication

Your device communicates directly with AI providers (Tinfoil, OpenAI) using short-lived API keys. TapTrust servers act only as a routing intermediary and cannot intercept conversation content.

TEE Processing

When using Tinfoil, your conversations are processed within Trusted Execution Environments (TEEs) that provide hardware-level security guarantees.

Data Storage and Security

Encrypted Storage

All conversation data is stored in encrypted form using AES-GCM encryption. Encryption keys are derived deterministically from your account credentials, ensuring you can access your data from any device.

Data Retention

We retain your encrypted conversation data until you choose to delete it. You can delete individual conversations or your entire account at any time.

Data Deletion

When you delete data or your account, we permanently remove all associated encrypted data from our systems. Due to the nature of our encryption, deleted data cannot be recovered.

Third-Party Services

Authentication Provider (Privy)

We use Privy for user authentication and account management. Privy handles user login credentials and provides us with authentication tokens. Please refer to Privy's privacy policy for details on their data practices.

AI Providers

Your conversations are sent directly to AI providers (Tinfoil or OpenAI) from your device. TapTrust does not store or have access to your conversations with these providers. Please refer to their respective privacy policies for details.

Billing and Analytics

We use third-party services for billing (Autumn) and analytics. These services receive only non-sensitive usage data necessary for their functions.

Your Rights and Controls

Data Access and Portability

You can export your conversation data in encrypted form. Due to our encryption design, you can decrypt this data using your account credentials on any compatible device.

Data Deletion

You can delete individual conversations, all your data, or your entire account through the TapTrust interface or by contacting our support team.

Account Management

You have full control over your account settings, including encryption preferences, data retention settings, and privacy controls.

Legal Compliance

GDPR Compliance

For users in the European Union, TapTrust complies with GDPR requirements. Our privacy-by-design architecture ensures that we minimize data collection and provide strong privacy protections.

Law Enforcement Requests

Due to our zero-knowledge encryption design, we cannot comply with requests to access the content of user conversations. We can only provide non-sensitive metadata when legally required.

Data Processing Agreements

For enterprise customers, we offer data processing agreements that outline our privacy and security commitments.

Contact Us

If you have questions about this privacy policy or our privacy practices, please contact us at:

  • Email: privacy@taptrust.com
  • Support: support@taptrust.com

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify users of material changes through our platform or via email.

Your continued use of TapTrust after any changes indicates your acceptance of the updated policy.