Legal

Privacy Policy

We respect your privacy and are committed to protecting your personal data. This policy explains what we collect, how we use it, the legal basis for it, and the rights you have over it.

Last updated: 3 July 2026

01Introduction

Welcome to Scan2Tap. This privacy policy explains how we collect, use, and safeguard your information when you use our digital business card and link-in-bio platform — on the web, through your profile, and with our NFC cards.

It applies to everyone who uses the service, including visitors who view a public profile without an account.

02Who we are (data controller)

The data controller responsible for your personal data is Scan2Tap Ltd, a company registered in Ghana, at [Accra, Ghana].

For any privacy question or to exercise your rights, email scan2tap@gmail.com or use the contact form.

We process personal data in line with Ghana’s Data Protection Act, 2012 (Act 843) and, where it applies to visitors in the European Economic Area and the United Kingdom, the GDPR and UK GDPR.

03Information we collect

Information you provide

  • Account information — name, email, phone number
  • Profile data — title, bio, social media links
  • Payment information, processed securely through Paystack (we do not store full card numbers)
  • Order information — shipping address and preferences
  • Any content you send us through support or the contact form

Collected automatically

  • Usage data and analytics — profile views, link clicks
  • Approximate location — the country and city associated with your connection, used for currency and localization
  • IP address — processed to detect your location, apply rate limits, and prevent abuse; it is not stored with your profile analytics, though your transaction IP is recorded by our payment provider
  • Device information — browser type, device type, operating system
  • Cookies and similar technologies (see the Cookies section below)

04How we use your information

  • To provide, operate, and improve our services
  • To process payments and fulfil orders
  • To send you important service updates and notifications
  • To analyse usage patterns and improve the experience
  • To respond to your enquiries and provide support
  • To detect, prevent, and address fraud, abuse, and security issues
  • To comply with our legal obligations

06Data sharing and processors

We do not sell your personal data. We share it only with the service providers who help us run the platform, when required by law, or with your consent. Our key processors are:

ProviderPurpose
SupabaseDatabase, authentication, and file storage
VercelWebsite hosting and content delivery
PaystackPayment processing (cards and mobile money)
Google AnalyticsUsage analytics (only with your consent)
Email delivery providerSends transactional and account emails
IP geolocation providerResolves approximate location for currency and localization

Each processor is bound to handle your data only on our instructions and to keep it secure.

07International data transfers

Some of our providers store or process data outside Ghana, including in the United States and Europe. Where personal data of EEA/UK users is transferred internationally, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses. By using the service you understand your data may be processed in these locations.

08How long we keep data

We keep personal data only as long as necessary for the purposes above:

  • Account and profile data — kept while your account is active; when you request deletion, we remove it within 30 days, except records we must keep by law
  • Order and payment records — up to 6 years, to meet tax and accounting obligations
  • Analytics data — stored without your IP address and kept in aggregated or de-identified form
  • Support correspondence — up to 2 years after your last contact

09Data security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including:

  • Encryption of data in transit (HTTPS/TLS)
  • Secure authentication and role-based access controls
  • Reliance on reputable infrastructure providers with data-at-rest encryption
  • Monitoring and prompt response to security issues

No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

10Cookies

Cookies are small files stored on your device. We use essential cookies to run the service and, only with your consent, analytics cookies to understand usage. When you first visit, our cookie banner lets you accept all cookies or choose essentials only; you can change your choice any time by clearing the cookies for this site in your browser.

CookieTypePurposeDuration
sb-* (Supabase)EssentialKeeps you signed inSession / up to 1 year
s2t_vidEssentialFirst-party visitor id used to count profile views accurately and exclude duplicates1 year
_ga, _gid (Google Analytics)AnalyticsMeasures how the site is used — set only after you acceptUp to 2 years

Analytics cookies are blocked until you consent. Essential cookies are required for the service to work and cannot be switched off.

11Your rights

Depending on where you live, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Request deletion of your data
  • Object to or restrict certain processing
  • Data portability
  • Withdraw consent at any time, without affecting prior processing

To exercise any of these, email scan2tap@gmail.com. We will respond within the timeframes required by law.

12Complaints

If you believe we have mishandled your data, please contact us first so we can put it right. You also have the right to lodge a complaint with a supervisory authority — the Data Protection Commission of Ghana, or, if you are in the EEA/UK, your local data protection authority (in the UK, the Information Commissioner’s Office).

13Children's privacy

Our services are not directed to children. We do not knowingly collect personal data from anyone under 16, or under the minimum age of digital consent in their country. If you believe a child has provided us with personal data, contact us and we will delete it.

14Changes to this policy

We may update this privacy policy from time to time. We will post any changes on this page and update the “Last updated” date above. Significant changes will be communicated where appropriate.

15Contact us

To ask about this policy or exercise any of your rights, email scan2tap@gmail.com or reach us through the contact form.

Questions about this policy? Email scan2tap@gmail.com or use the contact form.