TapCash ("we", "our", or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, store, process, share, and protect your personal data when you visit and use the TapCash platform, applications, and web services.

By accessing or using TapCash, you agree to the collection and use of information in accordance with this policy. For the purposes of the General Data Protection Regulation (GDPR) and other applicable international privacy laws, TapCash acts as both a Data Controller (for your registration credentials and platform analytics) and a Data Processor (when translating your offer completions from third-party networks into virtual reward points).

To provide our rewards platform and maintain operational integrity, we collect several categories of information:

• Account Credentials: When you register, we collect your email address, referral association, and secure password hashes managed securely through Firebase Authentication.
• Telemetry & Connectivity Data: To safeguard our systems, we automatically collect your IP address, browser user-agent, operating system details, screen resolution, and approximate location (country/region).
• Fraud Prevention Logs: We collect and store device identifiers, local storage sessions, and cryptographic browser fingerprints to prevent Sybil attacks and automated bot behavior.
• Ledgers & Transaction Details: We log every single coin credit, daily spin participation, payout request, and reward withdrawal address to ensure account audits are verifiable.

We process your personal data under the following legal foundations as outlined in the General Data Protection Regulation (GDPR Article 6):

• Performance of a Contract: We require your email and account history to track task eligibility, calculate coin balances (10 coins = $0.01 USD), and issue rewards.
• Legitimate Interests: We utilize real-time automated fraud detection via ProxyCheck.io to examine IP safety profiles. Client IPs that are identified as VPNs, TOR nodes, or malicious proxies are flagged, blocked, and saved securely inside /fraud_logs. This is vital to protect our advertisers and maintain financial solvency.
• Legal Obligations: To prevent money laundering, verify the absolute legitimacy of withdrawals, and coordinate with taxation rules.

TapCash never sells your personal data. However, to operate our service, we share anonymized or specific operational indicators with third parties:

• Offerwall Partners (Lootably, HangMyAd, Wyzia): When you click on an external offer, we transmit a randomized unique session identifier (e.g., your Firebase User ID) so our partners can report successful conversions via server postbacks. No real-world emails or billing information are shared with offerwalls.
• Anti-Fraud Databases: Your IP address is queried securely through proxy-checking endpoints (such as ProxyCheck.io) to analyze proxy signatures.
• Infrastructure Providers: Our database and back-end logic are fully hosted inside Google Firebase and Cloud Functions, operating under strict corporate data processing terms.

We use persistent local storage, browser session states, and tracking cookies to keep you securely signed in and prevent system exploitation.

These cookies let us record user-specific device settings and keep track of security validation sessions. If you choose to completely block all cookie tracking via browser utilities, certain parts of the TapCash earning mechanism, such as postback links and active sessions, may fail to function correctly.

Depending on your physical residency (including the European Economic Area, United Kingdom, and the State of California), you possess specific, legally binding rights regarding your personal information:

• Right of Access & Portability: You can request a copy of the specific account details and ledger statements we hold.
• Right to Erasure ("Right to be Forgotten"): You may request the permanent deletion of your account and all associated transaction records.
• Right to Opt-Out: If you reside in California (under CCPA/CPRA), you have the right to request that we do not share or distribute information to external parties.

To invoke any of these statutory rights, please send an explicit inquiry from your registered email address to HELLO@TAPCASH.ONLINE. We will process and confirm your request within 30 days.