Privacy Policy
Last updated: 18 July 2026
TAPP is an app for people who run short-term rentals in the Philippines. It is operated by Junel Dhave Talirongan, based in Cebu, Philippines.
This page says what TAPP holds, why, and what you can ask us to do about it. It is written under the Data Privacy Act of 2012 (RA 10173).
Questions about anything here: privacy@tapp.com.ph
1. Two kinds of data, two different jobs
TAPP holds two kinds of personal data. Our responsibility is different for each.
| Whose data | Who decides how it's used | What TAPP is | |
|---|---|---|---|
| Operator data | You — the person with the account | TAPP | Personal Information Controller |
| Guest data | Your guests, whose bookings you type in | You | Personal Information Processor |
For guest data, TAPP only stores what you put in and shows it back to you. We do not decide what to collect. We do not contact your guests. We do not use their data for anything of our own.
Telling your guests how their data is handled is your job, not ours. What we promise you about it is in the Terms of Service.
2. What we hold about you
| Data | Why we have it |
|---|---|
| Email address | Logging in, getting back in, reaching you |
| Full name | Shown in the app to you and your staff |
| Password | Logging in. Held hashed by our login provider. TAPP never sees it. |
| Role — admin, manager, or cleaner | Decides what you can see and do |
| Active or inactive | Lets you switch a staff member's access off |
| Sign-up date | Working out your trial |
| Plan and trial end date | Deciding what your account can open |
| Your settings | Default check-in times, quote template, calendar sync |
We do not hold: your phone number, your address, your birthday, any government ID, any card details, or your location.
3. What you put in about your guests
| Data | Where it sits |
|---|---|
| Guest name | Bookings |
| Guest contact — phone, email, or Messenger, whatever you type | Bookings |
| How many adults and children | Bookings |
| Check-in and check-out dates and times | Bookings |
| Rate, total, balance, refunds, extra fees | Bookings, payments, ledger |
| Notes, special requests, reasons for a change or cancellation | Bookings, payments |
| A full before-and-after record of every change to a booking | Booking history |
We record the number of children on a booking. We do not hold their names or anything else about them.
Free-text boxes hold whatever you type. If you put something private in a note, TAPP stores it exactly as typed. Keep notes to what you need.
4. Cleaning photos
Your cleaners take photos in the app to show a unit was cleaned.
- Photos sit in a private store. They are not on the open internet.
- They open only through links that die after one hour.
- Photos are kept exactly as the camera made them. Phone cameras hide extra data inside a photo file — often the GPS spot where it was taken, and the time. TAPP does not remove this. If your cleaner's phone has location switched on, the file holds the unit's location.
- Tell your cleaners. If it matters, have them turn off location in their camera app.
5. Security logs
TAPP keeps two logs. Only TAPP can read them.
| Log | What's in it | Why |
|---|---|---|
| Activity log | Your email, your IP address, your browser, and what changed | Working out who did what when something goes wrong |
| Failed login log | The email that was typed, IP address, browser | Stopping password guessing |
The failed login log saves the email someone typed, even when it's a typo and belongs to nobody.
The activity log can hold booking details, so it can hold guest data — including after a booking is deleted (see section 9).
6. Cookies
TAPP sets one cookie.
| Cookie | What it does | Can you say no |
|---|---|---|
sb-oafcewwzrjbsdtfvbueu-auth-token | Keeps you logged in. Set by our login provider. May be split into numbered parts. | No — without it you can't log in |
That's the whole list. No ad cookies. No tracking cookies. No analytics cookies.
That's why there's no cookie pop-up. There's nothing optional to agree to.
7. Who else can see it
| Company | What they do | What they can see |
|---|---|---|
| Supabase | Our database, our login system, our photo store | Everything in TAPP |
| Vercel | Hosts the website | Traffic — IP addresses, which pages were asked for |
That is the complete list.
TAPP has no analytics, no ad pixels, no Facebook pixel, no Google Analytics, no crash reporting, no session recording, no tracking of any kind. Nothing in TAPP watches what you do.
8. Where it's kept
TAPP's database and photo store are held by Supabase in Tokyo, Japan.
So your data — and your guests' data — leaves the Philippines. RA 10173 allows this. It also means TAPP stays responsible for that data wherever it sits, and we do.
The website itself is served by Vercel's global network, so a request from you may pass through servers in other countries.
9. How long we keep it
| Data | How long |
|---|---|
| Your account and settings | Until you ask us to delete it |
| Bookings and guest data | Until you delete them, or close your account |
| A booking you deleted | The booking record is removed 30 days after you delete it |
| Cleaning photos | Kept with the cleaning record they belong to |
| Security logs | We don't delete these at present |
One honest point about deleted bookings. When the 30-day removal runs, TAPP writes a small record into its activity log noting the guest's name and stay dates. That record stays. So while the booking itself is gone, a trace of the guest name and dates remains in the security log. We keep this to track what the system did. If you need a booking fully wiped, including that trace, email privacy@tapp.com.ph.
10. What you can ask for
Under RA 10173 you can ask us to:
- Show you what we hold about you
- Fix anything wrong
- Delete your account and your data
- Give you a copy in a form you can use
- Stop using your data
- Complain to the National Privacy Commission if we get it wrong
How: email privacy@tapp.com.ph. There's no button for this in the app yet — we do it by hand. We'll answer within 30 days, usually much sooner.
Delete your account and we remove your account, your settings, your units, your bookings, and your photos. Your guests' data goes with it. Security logs may hold your email, and traces of deleted bookings, a while longer.
11. Keeping it safe
- Passwords are hashed by our login provider. TAPP never sees yours.
- New passwords are checked against known leaked-password lists and refused if they're on one.
- TAPP is built so that each account is meant to reach only its own data.
- Cleaning photos sit in a private store behind links that expire.
- The app runs over HTTPS only.
No system is perfectly safe, and we won't pretend otherwise.
12. Under 18s
TAPP is for running a business. It isn't for anyone under 18, and we don't knowingly hold data about children.
13. When this page changes
If we add a new company that can see your data, start holding something new, or change what we use it for, we'll update this page and change the date at the top. If the change is a big one we'll tell you in the app.
14. Reaching us
Cebu, Philippines
If our answer doesn't satisfy you, you can complain to the National Privacy Commission — privacy.gov.ph