Privacy Policy
Last updated: 7 June 2026
TapFi is designed to be as privacy-respecting as an internet-connected app can be: no user accounts, no analytics, no tracking, no ads, and no photos or personal data kept on our server. This policy explains the few things that do happen when you use the app, so you can decide whether you're comfortable with them.
Who we are
TapFi is built and operated by John McKay, an independent developer based in the United Kingdom. For the purposes of UK GDPR and the Data Protection Act 2018, John McKay is the data controller responsible for any personal data handled via TapFi.
If you need to reach us about this policy or your data, email john@codebelfast.com.
What TapFi collects
When you use TapFi, the app accesses the camera photo you take when you tap the scan button. It also uses your device's location permission on-device only, to help it connect (see Location below); that location is never sent anywhere.
TapFi does not collect any of the following:
- Your name, email, phone number, or any personal identifier
- Your device ID or advertising identifier
- Analytics or usage data
- Crash reports
- Contacts, calendar, or data from other apps
- Browsing history or purchase history
How that photo is used
When you tap the scan button in TapFi:
- The app captures a single photo from your camera.
- The photo is sent over HTTPS to a small server we operate (a Google Cloud Function), which forwards it to Anthropic's Claude API for one purpose: to read the WiFi network name and password visible in the image. We route through our own server only so the AI service key is never embedded in the app; the server adds nothing to the photo and does not store it.
- Anthropic returns the extracted text, which is passed back to your device and used to configure your WiFi connection.
- The photo is held only in memory for the duration of that request and is then discarded. It is not saved to your photo library, to your device, or stored on our server or Anthropic's.
Location
TapFi asks for location permission, but only to make connecting work, and your location never leaves your device:
- Android ties the ability to see nearby WiFi networks to location permission. TapFi uses it to check which network on the card is actually in range, so it joins the right one.
- iOS uses it to confirm you actually joined the network after connecting.
TapFi does not store your location, send it to any server, or use it for tracking or advertising. You can decline the permission and the app still works, with slightly less certainty about which network to join.
Legal basis for processing
Under UK GDPR, we rely on performance of a contract (Article 6(1)(b)) as the lawful basis for processing the photo you submit. You purchased TapFi to perform a specific task (extracting WiFi credentials from an image), and sending the photo to Anthropic for text extraction is necessary to deliver that task. No other processing takes place.
Third parties
TapFi sends one piece of data (the captured photo) to two third parties, each only to perform the scan:
Anthropic, PBC, the company behind the Claude AI models. Anthropic processes the image to extract text from it and returns the result. Per Anthropic's Commercial Terms of Service, inputs submitted via their API are not used to train their models by default, and are not retained beyond the operational purposes of processing the request. You can read Anthropic's privacy policy at anthropic.com/legal/privacy.
Google (Firebase / Google Cloud) hosts the small relay server described above, through which the photo passes in transit to Anthropic. Google acts as our hosting provider and does not use the photo for its own purposes. You can read Google's privacy policy at policies.google.com/privacy.
TapFi does not use any other third-party services, SDKs, trackers, analytics providers, or advertising networks.
International transfers
Both Anthropic and our Google Cloud relay server are based in the United States. When you scan a card, the photo is transferred from the United Kingdom to the US for processing. These transfers rely on Standard Contractual Clauses (SCCs), an approved mechanism under UK GDPR Article 46 for safeguarding personal data moved outside the UK. Anthropic's and Google's data-handling practices are described in their privacy policies, linked above.
Data retention
We do not store your photo or any personal data about you. The photo exists only in memory during a single request and is then discarded. As our hosting provider, Google Cloud may keep standard server request logs (such as IP address and timestamp) for a limited period for operational and security purposes; these do not include your photo or its contents.
Your rights
Under UK GDPR, you have the right to:
- Request access to any personal data held about you
- Request correction of inaccurate data
- Request erasure ("the right to be forgotten")
- Restrict or object to processing
- Request data portability
- Withdraw consent, where processing is based on consent
In practice: TapFi keeps no user accounts and stores no personal data about you, so there is little for us to access, correct, delete, or export. The only records are the short-lived operational request logs held by our hosting provider, which are not tied to your identity. To stop using TapFi entirely, uninstall the app from your device. For data processed by Anthropic or Google during a scan, their privacy policies (linked above) explain how to exercise your rights against them directly.
Children's privacy
TapFi is not directed at children under 13, and we do not knowingly collect any information from children.
Complaints
If you believe your personal data has been mishandled, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113. We'd appreciate the chance to resolve any concerns directly first: email john@codebelfast.com.
Changes to this policy
If our practices ever change, we'll update this page and revise the "last updated" date at the top. Continued use of the app after changes are posted constitutes acceptance of the updated policy.
Contact
Questions about this policy? Email john@codebelfast.com.