Privacy Policy

Last updated: 11 April 2026

TapFi is designed to be as privacy-respecting as an internet-connected app can be: no user accounts, no analytics, no tracking, no ads, and no data stored on any server we operate. This policy explains the few things that do happen when you use the app, so you can decide whether you're comfortable with them.

Who we are

TapFi is built and operated by John McKay, an independent developer based in the United Kingdom. For the purposes of UK GDPR and the Data Protection Act 2018, John McKay is the data controller responsible for any personal data handled via TapFi.

If you need to reach us about this policy or your data, email privacy@tapfi.uno.

What TapFi collects

When you use TapFi, the app only accesses data you actively hand it — the camera photo you take when you tap the scan button. That's it.

TapFi does not collect any of the following:

• Your name, email, phone number, or any personal identifier
• Your location
• Your device ID or advertising identifier
• Analytics or usage data
• Crash reports
• Contacts, calendar, or data from other apps
• Browsing history or purchase history

How that photo is used

When you tap the scan button in TapFi:

1. The app captures a single photo from your camera.
2. The photo is sent over HTTPS to Anthropic's Claude API (api.anthropic.com) for one purpose: to read the WiFi network name and password visible in the image.
3. Anthropic returns the extracted text. TapFi uses it to configure your device's WiFi connection.
4. The photo is discarded from memory as soon as the response is received. It is not saved to your photo library, to your device, or to any server we operate.

Legal basis for processing

Under UK GDPR, we rely on performance of a contract (Article 6(1)(b)) as the lawful basis for processing the photo you submit. You purchased TapFi to perform a specific task — extracting WiFi credentials from an image — and sending the photo to Anthropic for text extraction is necessary to deliver that task. No other processing takes place.

Third parties

TapFi sends one piece of data — the captured photo — to exactly one third party:

Anthropic, PBC, the company behind the Claude AI models. Anthropic processes the image to extract text from it and returns the result. Per Anthropic's Commercial Terms of Service, inputs submitted via their API are not used to train their models by default, and are not retained beyond the operational purposes of processing the request.

You can read Anthropic's privacy policy at anthropic.com/legal/privacy.

TapFi does not use any other third-party services, SDKs, trackers, analytics providers, or advertising networks.

International transfers

Anthropic is based in the United States. When you scan a card, the photo is transferred from the United Kingdom to the US for processing. This transfer relies on Anthropic's Standard Contractual Clauses (SCCs) — an approved mechanism under UK GDPR Article 46 for safeguarding personal data moved outside the UK. Anthropic's data-handling practices are described in its privacy policy, linked above.

Data retention

Zero. TapFi does not operate any server and does not store any data about you. The photo you capture exists only in memory on your device for the duration of a single API call, then is discarded.

Your rights

Under UK GDPR, you have the right to:

• Request access to any personal data held about you
• Request correction of inaccurate data
• Request erasure ("the right to be forgotten")
• Restrict or object to processing
• Request data portability
• Withdraw consent, where processing is based on consent

In practice: TapFi operates no servers, keeps no logs, and stores no personal data about you — so there is nothing for us to access, correct, delete, or export. To stop using TapFi entirely, uninstall the app from your device. For questions about data processed by Anthropic during a scan, Anthropic's privacy policy (linked above) explains how to exercise your rights against them directly.

Children's privacy

TapFi is not directed at children under 13, and we do not knowingly collect any information from children.

Complaints

If you believe your personal data has been mishandled, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113. We'd appreciate the chance to resolve any concerns directly first — email privacy@tapfi.uno.

Changes to this policy

If our practices ever change, we'll update this page and revise the "last updated" date at the top. Continued use of the app after changes are posted constitutes acceptance of the updated policy.

Contact

Questions about this policy? Email privacy@tapfi.uno.