← Back to sign in
Legal

Privacy Policy

Last updated: 18 July 2026

TAPP is an app for people who run short-term rentals in the Philippines. It is operated by Junel Dhave Talirongan, based in Cebu, Philippines.

This page says what TAPP holds, why, and what you can ask us to do about it. It is written under the Data Privacy Act of 2012 (RA 10173).

Questions about anything here: privacy@tapp.com.ph


1. Two kinds of data, two different jobs

TAPP holds two kinds of personal data. Our responsibility is different for each.

Whose dataWho decides how it's usedWhat TAPP is
Operator dataYou — the person with the accountTAPPPersonal Information Controller
Guest dataYour guests, whose bookings you type inYouPersonal Information Processor

For guest data, TAPP only stores what you put in and shows it back to you. We do not decide what to collect. We do not contact your guests. We do not use their data for anything of our own.

Telling your guests how their data is handled is your job, not ours. What we promise you about it is in the Terms of Service.


2. What we hold about you

DataWhy we have it
Email addressLogging in, getting back in, reaching you
Full nameShown in the app to you and your staff
PasswordLogging in. Held hashed by our login provider. TAPP never sees it.
Role — admin, manager, or cleanerDecides what you can see and do
Active or inactiveLets you switch a staff member's access off
Sign-up dateWorking out your trial
Plan and trial end dateDeciding what your account can open
Your settingsDefault check-in times, quote template, calendar sync

We do not hold: your phone number, your address, your birthday, any government ID, any card details, or your location.


3. What you put in about your guests

DataWhere it sits
Guest nameBookings
Guest contact — phone, email, or Messenger, whatever you typeBookings
How many adults and childrenBookings
Check-in and check-out dates and timesBookings
Rate, total, balance, refunds, extra feesBookings, payments, ledger
Notes, special requests, reasons for a change or cancellationBookings, payments
A full before-and-after record of every change to a bookingBooking history

We record the number of children on a booking. We do not hold their names or anything else about them.

Free-text boxes hold whatever you type. If you put something private in a note, TAPP stores it exactly as typed. Keep notes to what you need.


4. Cleaning photos

Your cleaners take photos in the app to show a unit was cleaned.

  • Photos sit in a private store. They are not on the open internet.
  • They open only through links that die after one hour.
  • Photos are kept exactly as the camera made them. Phone cameras hide extra data inside a photo file — often the GPS spot where it was taken, and the time. TAPP does not remove this. If your cleaner's phone has location switched on, the file holds the unit's location.
  • Tell your cleaners. If it matters, have them turn off location in their camera app.

5. Security logs

TAPP keeps two logs. Only TAPP can read them.

LogWhat's in itWhy
Activity logYour email, your IP address, your browser, and what changedWorking out who did what when something goes wrong
Failed login logThe email that was typed, IP address, browserStopping password guessing

The failed login log saves the email someone typed, even when it's a typo and belongs to nobody.

The activity log can hold booking details, so it can hold guest data — including after a booking is deleted (see section 9).


6. Cookies

TAPP sets one cookie.

CookieWhat it doesCan you say no
sb-oafcewwzrjbsdtfvbueu-auth-tokenKeeps you logged in. Set by our login provider. May be split into numbered parts.No — without it you can't log in

That's the whole list. No ad cookies. No tracking cookies. No analytics cookies.

That's why there's no cookie pop-up. There's nothing optional to agree to.


7. Who else can see it

CompanyWhat they doWhat they can see
SupabaseOur database, our login system, our photo storeEverything in TAPP
VercelHosts the websiteTraffic — IP addresses, which pages were asked for

That is the complete list.

TAPP has no analytics, no ad pixels, no Facebook pixel, no Google Analytics, no crash reporting, no session recording, no tracking of any kind. Nothing in TAPP watches what you do.


8. Where it's kept

TAPP's database and photo store are held by Supabase in Tokyo, Japan.

So your data — and your guests' data — leaves the Philippines. RA 10173 allows this. It also means TAPP stays responsible for that data wherever it sits, and we do.

The website itself is served by Vercel's global network, so a request from you may pass through servers in other countries.


9. How long we keep it

DataHow long
Your account and settingsUntil you ask us to delete it
Bookings and guest dataUntil you delete them, or close your account
A booking you deletedThe booking record is removed 30 days after you delete it
Cleaning photosKept with the cleaning record they belong to
Security logsWe don't delete these at present

One honest point about deleted bookings. When the 30-day removal runs, TAPP writes a small record into its activity log noting the guest's name and stay dates. That record stays. So while the booking itself is gone, a trace of the guest name and dates remains in the security log. We keep this to track what the system did. If you need a booking fully wiped, including that trace, email privacy@tapp.com.ph.


10. What you can ask for

Under RA 10173 you can ask us to:

  • Show you what we hold about you
  • Fix anything wrong
  • Delete your account and your data
  • Give you a copy in a form you can use
  • Stop using your data
  • Complain to the National Privacy Commission if we get it wrong

How: email privacy@tapp.com.ph. There's no button for this in the app yet — we do it by hand. We'll answer within 30 days, usually much sooner.

Delete your account and we remove your account, your settings, your units, your bookings, and your photos. Your guests' data goes with it. Security logs may hold your email, and traces of deleted bookings, a while longer.


11. Keeping it safe

  • Passwords are hashed by our login provider. TAPP never sees yours.
  • New passwords are checked against known leaked-password lists and refused if they're on one.
  • TAPP is built so that each account is meant to reach only its own data.
  • Cleaning photos sit in a private store behind links that expire.
  • The app runs over HTTPS only.

No system is perfectly safe, and we won't pretend otherwise.


12. Under 18s

TAPP is for running a business. It isn't for anyone under 18, and we don't knowingly hold data about children.


13. When this page changes

If we add a new company that can see your data, start holding something new, or change what we use it for, we'll update this page and change the date at the top. If the change is a big one we'll tell you in the app.


14. Reaching us

privacy@tapp.com.ph

Cebu, Philippines

If our answer doesn't satisfy you, you can complain to the National Privacy Commission — privacy.gov.ph