1. Introduction
This Privacy Policy explains how SYNAPSEUS TECHNOLOGIES (PRIVATE) LIMITED, a company incorporated in Sri Lanka under registration number PV00276933, collects, uses, stores, discloses and protects personal data when users access or use TapID, thetapid.com, TapID mobile or web applications, NFC/QR profiles, digital business card services, connection CRM features, event registration and networking features, analytics, integrations and related current or future TapID services.
In this Privacy Policy, “TapID”, “we”, “us” and “our” refer to SYNAPSEUS TECHNOLOGIES (PRIVATE) LIMITED. “User”, “you” and “your” refer to any person, company, employee, event organizer, attendee, website visitor, sponsor, exhibitor or other person who uses or interacts with TapID.
By using TapID, creating an account, publishing a TapID profile, scanning or tapping a TapID NFC/QR code, submitting contact information, registering for an event, or otherwise using our services, you acknowledge that you have read and understood this Privacy Policy.
2. Scope of this Privacy Policy
This Privacy Policy applies to the TapID website, web application, mobile application, digital profiles, NFC and QR routing links, contact exchange forms, lead capture features, business card scan/OCR features, company and corporate workspaces, event registration, ticketing, check-in, attendee networking, analytics, notifications, integrations and any related current or future TapID services.
This Privacy Policy does not apply to third-party websites, payment gateways, event platforms, social media platforms, CRM systems, analytics providers, hosting providers or other services that are not owned or controlled by us. Those third-party services may have their own privacy policies and terms.
3. Who Uses TapID
TapID is designed for multiple user groups, including individual users, professionals, entrepreneurs, company and corporate users, employees using company-issued cards, event organizers, event attendees, sponsors, exhibitors, website visitors and other users who interact with TapID services.
Where TapID is used by a company, event organizer or other organization, that organization may have its own rules, permissions and responsibilities regarding the personal data it collects, views, exports or manages through TapID.
4. Information We Collect
| Category | Examples of Information Collected |
|---|---|
| Account and identity information | Name, email address, phone number, WhatsApp number, login details, account status, user role, profile settings and account preferences. |
| Professional profile information | Job title, company name, professional bio, profile photo, industry, role, website links, social media links, public TapID profile URL and information you choose to display publicly. |
| NFC/QR and card information | Card type, card name, tag ID or token ID, active/inactive status, active destination, QR code, NFC/QR taps, scan logs, routing history and related analytics. |
| Connection and lead information | Contact exchange submissions, business card scan/OCR data, leads, notes, tags, status, source, follow-up tasks, timelines and relationship history. |
| Company and corporate workspace data | Company profile, company members, employee roles, company-issued cards, company-owned leads, lead assignments, team activity and corporate analytics. |
| Event information | Event registration details, ticket details, attendee status, check-in records, event networking opt-in status, attendee directory details, feedback, no-show records and event analytics. |
| Payment-related information | Payment references, payment status, ticket/order amounts, invoice/payment readiness records, bank transfer references and related reconciliation information. We do not intend to store full payment card details. |
| Device, technical and usage data | IP address, device type, operating system, browser type, app version, log data, error logs, cookie identifiers, approximate location information where available, usage activity and analytics. |
| Support and communication data | Messages, support requests, emails, feedback, complaints, screenshots or attachments you submit to us. |
| Future feature data | Information required for future TapID features, integrations, CRM tools, Contact Vault, verified contact-related services, automation features or other services we may introduce, subject to applicable notice and consent where required. |
5. Information You Choose to Make Public
TapID profiles are designed to help users share professional identity and contact information. Information you add to your public TapID profile may be visible to anyone who accesses your profile link, scans your QR code, taps your NFC card or receives your shared profile.
You are responsible for the accuracy, legality and suitability of the information you choose to publish or share through TapID. You should not publish information that you do not want others to see, save, copy, share or contact you through.
To the fullest extent permitted by applicable law, Synapseus Technologies is not responsible for consequences arising from information you voluntarily publish, disclose, share or make visible through your TapID profile, event networking opt-in, contact exchange or other TapID features, or from third-party use or misuse of such information outside our reasonable control.
6. How We Collect Information
We collect information directly from you when you create an account, edit your profile, activate a card, submit a form, scan or upload a business card, register for an event, opt into event networking, contact support or use TapID features.
We may collect information from other TapID users, companies, event organizers or attendees when they submit leads, invite you to an event, assign you to a company workspace, issue you a company TapID card, register you for an event or interact with you through TapID.
We may collect technical and usage information automatically when you access the website, app, NFC/QR links, public profiles, event pages or other TapID services.
We may receive payment, ticketing, analytics, infrastructure or integration-related data from third-party service providers such as OnePay, OneTicket, bank transfer/payment processors, DigitalOcean, Cloudflare, Google Analytics or other service providers we choose to use.
7. How We Use Information
We use personal data to provide, operate, maintain, secure and improve TapID and related services. This includes creating and managing accounts, publishing and routing TapID profiles, enabling vCard saving, managing NFC/QR cards, processing contact exchange submissions, maintaining connection CRM records, generating follow-up reminders, enabling business card scan/OCR, supporting company workspaces, managing events, issuing QR tickets, enabling check-in, supporting event networking, providing analytics, processing payments and handling customer support.
We may also use information to communicate with you, send service notifications, send event-related messages, provide support, prevent fraud and misuse, enforce our terms, comply with legal obligations, improve our services, develop current and future TapID features and generate aggregated or de-identified analytics.
8. Legal Basis for Processing
Where applicable, we process personal data based on one or more lawful grounds, including your consent, performance of a contract or requested service, our legitimate business interests, compliance with legal obligations, protection of our rights and interests, and other lawful bases recognized under applicable privacy and data protection laws.
For users in jurisdictions with GDPR-style privacy rights, our processing may rely on consent, contract necessity, legitimate interests, legal obligations or other applicable lawful bases depending on the feature and context.
9. Company-Issued Cards and Company-Owned Leads
Where a TapID card, profile, account or lead is created under a company or corporate workspace, the relevant company or organization may own or control certain data connected to that workspace, including company-issued card data, company-owned leads, employee activity within the workspace and business relationship records created through company-owned cards or company-hosted events.
If an employee leaves a company, the company may retain company-owned leads and may reassign those leads, cards or relationship records to another authorized company user. The employee may retain access to their personal TapID account and personal data, subject to the account structure and applicable legal requirements.
Company users should understand that work-related TapID activity inside a company workspace may be visible to authorized company administrators.
10. Event Networking and Attendee Visibility
TapID may offer event networking features that allow attendees to opt in to an attendee directory or networking experience. If you opt in, certain information such as your name, company, job title, role, profile photo, public TapID profile and other permitted details may be visible to event organizers, attendees, sponsors or exhibitors depending on the event settings.
You are responsible for deciding whether to opt in to event networking and for the information you choose to make visible. Synapseus Technologies is not responsible for third-party interactions, communications, business dealings, misuse of information or consequences arising outside our reasonable control after you voluntarily opt in or share information through event networking features.
Event organizers may have access to attendee registration information, check-in records and event analytics. Sponsor or exhibitor reports should be provided in aggregated or consent-based form where appropriate.
11. Business Card Scan / OCR Data
TapID may allow users to scan or upload physical business cards or similar contact materials. OCR or manual entry features may extract names, job titles, company names, phone numbers, email addresses, websites, addresses or other details visible on the card.
Users are responsible for ensuring they have a lawful and appropriate reason to store, use, contact or share information obtained from scanned business cards or other third-party contact materials. TapID provides tools to organize such information, but users remain responsible for their own communications and compliance obligations.
12. Payments, Ticketing and Third-Party Payment Providers
TapID may support paid services, subscriptions, card purchases, event tickets, event setup fees, networking add-ons or other payments. Payments may be processed through OnePay, OneTicket, bank transfer and/or other payment service providers we may use in the future.
We may receive payment status, transaction references, order details, ticket status, bank transfer reference information or reconciliation data. We do not intend to collect or store full payment card numbers or complete payment credentials on TapID servers.
Payment providers, banks and ticketing partners may process your information under their own privacy policies, terms and security standards. We are not responsible for payment provider systems, bank processing delays, gateway downtime or third-party payment handling outside our reasonable control.
15. Hosting, Infrastructure and International Transfers
TapID may be hosted on DigitalOcean / AWS and/or other cloud infrastructure providers, and may use Cloudflare or similar services for DNS, security, performance, analytics and traffic management. These providers may process, store or transmit data in countries outside Sri Lanka depending on server location, infrastructure configuration and provider operations.
By using TapID, you understand that your information may be processed or stored in Sri Lanka or other countries where our service providers, hosting providers, analytics providers, payment partners or integration providers operate. We take reasonable steps to use service providers that maintain appropriate security and operational standards.
To the fullest extent permitted by law, Synapseus Technologies is not responsible for outages, incidents, interruptions, security failures, data processing practices or service limitations of third-party infrastructure providers, payment providers, analytics providers, hosting providers or other third-party services outside our reasonable control.
16. Data Security
We take reasonable technical, administrative and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, disclosure or destruction. These measures may include access controls, encryption where appropriate, secure hosting practices, audit logs, restricted administrative access, backups, monitoring and other security controls.
No website, app, network, server, payment gateway, email system or cloud service can be guaranteed to be completely secure. You are responsible for keeping your account credentials secure, using strong passwords, protecting your devices and notifying us promptly if you suspect unauthorized access to your account.
17. Data Retention
We retain personal data for as long as necessary to provide TapID services, maintain accounts, comply with legal obligations, resolve disputes, enforce agreements, prevent fraud, maintain security, support legitimate business purposes and operate current or future TapID services.
Users may request deletion of their account or personal data, subject to legal, accounting, security, backup, fraud-prevention, dispute-resolution and operational retention requirements. Some data may remain in backups, audit logs, transaction records, payment records, legal records or de-identified/aggregated analytics for a limited or legally required period.
18. Your Rights and Choices
Depending on applicable law and your relationship with TapID, you may request access to your personal data, correction of inaccurate data, deletion of your account or public profile, export of your data, withdrawal of consent, restriction or objection to certain processing and opt-out from marketing communications.
To make a request, contact us at hello@synapseus.com. We may need to verify your identity before processing certain requests. We may decline or limit requests where permitted by law, including where we must retain information for legal, security, accounting, dispute-resolution or legitimate operational purposes.
Where your data is controlled by a company, event organizer or other organization using TapID, we may direct you to that organization or coordinate with them where appropriate.
19. Marketing and Service Communications
We may send you service-related communications such as account notices, security alerts, profile activity, card notifications, event registrations, ticket confirmations, payment status updates, reminders and important product updates. These communications are necessary for the service and may not always be optional.
We may also send marketing or promotional communications where permitted by law or where you have opted in. You may opt out of marketing emails by using the unsubscribe link or contacting us. Opting out of marketing does not prevent us from sending service-related communications.
20. Children and Minors
TapID is primarily designed for professional, business, corporate and event networking use. Minors may use TapID only with appropriate parent, guardian, school, institution, event organizer, company or lawful consent where required.
If we become aware that we have collected personal data from a minor without required consent, we may delete or restrict the relevant account or data. Parents or guardians may contact us at hello@synapseus.com regarding a minor’s data.
21. Third-Party Links, Social Platforms and External Services
TapID profiles and event pages may include links to websites, social media profiles, maps, payment pages, event pages, CRM tools or other third-party services. We are not responsible for the content, privacy practices, terms, security or data handling of third-party websites or services.
Users should review the privacy policies and terms of any third-party service they access through TapID.
22. Automated Processing and Analytics
TapID may use automated processing to route NFC/QR links, generate analytics, detect duplicates, support follow-up reminders, manage event attendance, process integration logs, display dashboards or improve platform performance.
We do not intend to make legally significant decisions about users solely by automated processing without appropriate human review or lawful basis where required.
23. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, technology, integrations, business operations or privacy practices. Updated versions may be published on thetapid.com and/or communicated through the app, website or email where appropriate.
Your continued use of TapID after an updated Privacy Policy becomes effective indicates that you acknowledge the updated policy, subject to any additional consent requirements under applicable law.
24. Governing Law
This Privacy Policy is governed by the laws of Sri Lanka, subject to any mandatory data protection rights that may apply to users in other jurisdictions. TapID is intended to be globally friendly and may include privacy rights and notices inspired by international privacy standards where applicable.
25. Contact Us
If you have questions, requests, concerns or complaints about this Privacy Policy or how TapID handles personal data, please contact us using the details below.
| Company | SYNAPSEUS TECHNOLOGIES (PRIVATE) LIMITED |
| Registration Number | PV00276933 |
| Registered Office | 191, Kesbewa Road, Werahera, Boralesgamuwa, 10290, Sri Lanka |
| Product / Website | TapID / thetapid.com |
| hello@synapseus.com |
A. Appendix A - TapID Feature Data Mapping
This appendix is included to help the product, development and legal review teams understand how the Privacy Policy maps to the planned TapID platform features.
| TapID Feature | Personal Data Involved | Main Privacy Considerations |
|---|---|---|
| Digital Profile / NFC / QR | Name, job title, company, contact details, profile photo, links, public profile URL, taps/scans. | Users choose what appears publicly. Public links may be accessed by anyone with the URL, QR or NFC card. |
| Connection CRM / 24-7-30 | Lead details, notes, tags, follow-up status, source, timeline. | Personal vs company ownership must be respected. Private notes should not be exposed without permission. |
| Business Card Scan / OCR | Images of cards and extracted contact data. | User must have appropriate reason to store and contact people. OCR errors should be correctable. |
| Business / Corporate | Company workspace, employees, company-issued cards, company-owned leads, reassignment logs. | Company leads remain with company when employees leave. Admin access must be role-based. |
| Events / Ticketing / Check-In | Attendee registration, tickets, QR codes, payment reference/status, check-in records. | Event organizers may access attendee data for event operations. Payment partners process payments. |
| Event Networking | Opt-in attendee profile, name, company, role, public profile and connection requests. | Attendees choose whether to opt in. Visibility depends on event settings and consent. |
| Analytics & Reporting | Taps, scans, views, attendance, no-shows, source, industry/role analytics. | Reports should be aggregated or permission-controlled, especially for sponsors. |
| Integrations / API | Exports, webhooks, CRM payloads and integration logs. | Data sharing depends on user/company/event organizer choices and integration permissions. |
Legal review reminder: Before publication, confirm final effective date, cookie consent implementation, actual hosting region, payment provider terms, event organizer data roles, retention schedule and any requirements under Sri Lanka’s Personal Data Protection Act and other applicable laws.