TapToll
HomeSupport

TapToll legal

Privacy Policy

TapToll is built as a local-first iPhone app. Most product data stays on your device. This policy explains what the app stores locally, what may leave your device, and how the public website handles analytics, hosting, and support data.

Last updated: July 4, 2026

An overview of data protection

Personal data means information that can identify you directly or indirectly.

We receive some data because you provide it to us, for example when you contact support. Other data is processed when needed to provide the website, protect it, operate billing, or measure public-page and product usage according to your settings.

We use this data to provide TapToll, handle support requests, operate subscriptions and purchases, protect the service, and understand whether key app and website flows work.

Controller

Digitalendeavours - Alex König is the controller for the website and the TapToll app within the meaning of the GDPR.

Digitalendeavours - Alex König
c/o IP-Management #5272
Ludwig-Erhard-Str. 18
20459 Hamburg
Germany
Phone: +49 40 696328495
Email: support@taptoll.app

Data stored locally in the app

TapToll stores the core product state on your device or in the shared app-group container used by the iOS app and its Screen Time extensions. This local state lets the app evaluate your rules, restore protections, and show history without requiring an account.

  • user settings, onboarding state, and recommendation results
  • focus rules, selected rule types, pending rule changes, and spend caps
  • daily-limit usage records, active temporary unlocks, and override purchase history
  • history feed entries, reflection prompts, and enforcement snapshots
  • opaque Family Controls selections needed for Apple Screen Time APIs

Data that may leave your device

TapToll sends limited data off-device when you use App Store purchases, contact support, visit the website, or enable analytics-related services.

Apple processes payment and subscription data when you buy via the App Store. Apple also provides the Family Controls and Screen Time framework used for self-directed restrictions.

RevenueCat is used for subscription offerings, purchase and restore flows, entitlement state, and related subscription status. It may receive an app-specific user identifier, product identifiers, receipt or subscription status, and billing metadata required to operate App Store subscriptions.

PostHog may receive analytics, diagnostics/error reporting, feature flag, and website analytics events.

App analytics may include anonymous or device identifiers, screen and app-flow events, rule type, plan status, purchase-flow status, coarse diagnostic categories, and random internal rule UUIDs.

App analytics does not include selected app names, selected app identifiers, web domains, Focus Set names, free-text notes, raw Screen Time totals, or native app session replay. You can turn off product analytics and diagnostics from TapToll settings.

On the public website, PostHog may process public-page analytics data such as page views, page-leave events, clicks, form interactions, dead or repeated clicks, CTA events, heatmaps, web vitals, and masked website session replay according to your analytics choice.

Hosting and content delivery

This public website is hosted behind Cloudflare. Cloudflare may process technical request data, such as IP address, browser metadata, page access metadata, and security-related signals, to deliver the website, route traffic, and protect it from misuse.

Cloudflare may use cookies or similar technologies when necessary for security, load balancing, availability, or abuse prevention. These technologies are used for technical security and delivery functions, not behavioral advertising.

Cookies and browser storage

Our website and pages use cookies and similar browser technologies. Cookies are small data packages stored by your browser. Similar technologies can include local storage, session storage, or access to information in your browser.

Necessary cookies and similar technologies are used where required for security, availability, fraud prevention, and requested website functions. Cloudflare may set necessary cookies such as bot-management or load-balancing cookies when needed to provide and protect the site.

Optional analytics cookies and similar browser storage are used only after you accept analytics cookies. If you accept, PostHog may use analytics cookies or similar browser storage for the public-page analytics described above, including masked website session replay.

If you reject analytics cookies, TapToll uses cookieless public-page analytics only. In cookieless mode, PostHog uses privacy-preserving cookieless signals, sets no analytics cookies or local storage for TapToll website analytics, and does not record website session replay.

Your browser can also be configured to block or delete cookies. If necessary cookies are disabled, parts of the website or Cloudflare security checks may not work as expected.

You can change your analytics choice later from Privacy settings in the website footer.

What is required and what is optional

Local rule data is needed for TapToll to function. Without rules, selected app/category tokens, usage records, spend caps, and active unlock state, TapToll cannot apply the protections you configure.

Billing data is needed only if you buy a subscription or paid override. Apple handles the App Store billing relationship, and RevenueCat helps TapToll understand subscription entitlement status.

Support data is optional, but we need enough information to answer your request if you contact us.

Analytics and diagnostics are optional or controllable. The iPhone app includes an analytics and diagnostics control, and the website offers an analytics cookie choice.

Purposes and legal bases

We process personal data to provide the website and app, handle support requests, operate subscriptions, protect the service, and understand product usage at an aggregate level.

Depending on the context, the legal basis is Art. 6(1)(b) GDPR for contract performance or pre-contractual support, Art. 6(1)(f) GDPR for legitimate interests such as service security, product reliability, product analytics with opt-out controls, handled diagnostics, and cookieless public-page measurement, and Art. 6(1)(a) GDPR plus § 25(1) TDDDG where consent is required for analytics cookies or similar browser storage.

Retention

Data stored locally in the app remains on your device until you remove it, reset the app, delete the app, or a feature-specific cleanup lifecycle removes it.

Support emails and related communication are retained for as long as needed to resolve the request and meet legal obligations.

Apple, RevenueCat, PostHog, and Cloudflare retain data under their own policies and our configuration settings. We use those services only for the limited purposes described in this policy.

International transfers and processors

Some of our processors operate outside the European Union or may transfer data to countries outside the EU. Where required, we rely on appropriate safeguards offered by the provider, such as Standard Contractual Clauses or an adequacy mechanism like the EU-US Data Privacy Framework where applicable.

The processors relevant to TapToll, the purpose we use them for, and the transfer basis are:

  • Apple Distribution International Ltd., Ireland (EU) — App Store billing and subscriptions, StoreKit purchases, and the Screen Time / Family Controls platform.
  • RevenueCat, Inc., USA — subscription orchestration, entitlement status, and purchase/restore flows — Standard Contractual Clauses.
  • PostHog Inc., USA, processed in PostHog's EU Cloud region (data stored in the EU) — product and website analytics, diagnostics and error tracking, and feature flags — EU hosting region with Standard Contractual Clauses for any onward transfer.
  • Cloudflare, Inc., USA — website hosting, content delivery, and security — EU-US Data Privacy Framework.

Your rights

Subject to applicable law, you may request access, rectification, deletion, restriction, objection, and data portability. Where processing is based on consent, you may withdraw consent with future effect.

You may lodge a complaint with a supervisory authority, in particular the authority in your country or region of residence or the authority competent for us, Der Hessische Beauftragte für Datenschutz und Informationsfreiheit (HBDI), Wiesbaden, Germany.

We do not carry out automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you within the meaning of Art. 22 GDPR. The onboarding recommendation is generated on your device and is only a non-binding suggestion.

For privacy requests, contact support@taptoll.app.

Children

TapToll is a self-directed tool intended for adults and is not directed to children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, contact us and we will delete it.

Changes to this policy

We may update this policy to reflect product, processor, or legal changes. The current version is always the one published here, and the date at the top of this page shows when it was last revised. For material changes, we aim to make the update reasonably noticeable.

© 2026 TapToll. Put a price on your time.

Privacy PolicyTermsImprintSupport

We use analytics cookies and similar storage only if you accept them. If you reject, TapToll uses cookieless public-page analytics without analytics cookies or local storage.

Privacy Policy