tap·the·table

Privacy Policy

Last updated: 03 April 2026

1. Introduction

TapTheTable ("we", "us", "our") is operated by ModuCraft. This Privacy Policy explains how we collect, use, and protect personal information in compliance with the Protection of Personal Information Act, 2013 (POPIA) and other applicable data protection laws.

2. Information We Collect

Business Owners (Account Holders): When you register for TapTheTable, we collect your name, email address, phone number, business name, and address. If you subscribe to a paid plan, we collect payment information through our payment processor (PayFast).

Diners (Menu Viewers): We do not collect personal information from diners who scan QR codes and view menus. QR code scanning is anonymous. We log anonymised scan data (hashed IP addresses, timestamps, user agent strings) for analytics purposes only.

Automatically Collected Data: We collect standard server logs, usage analytics, and performance metrics to improve our service. This data is aggregated and does not identify individual users.

3. How We Use Your Information

  • To provide and maintain our service
  • To process payments and manage subscriptions
  • To send service-related communications (account updates, billing notices)
  • To provide customer support
  • To generate aggregated analytics for business owners
  • To improve our platform and develop new features

4. Data Sharing

We do not sell your personal information. We share data only with service providers necessary to operate our platform: payment processor (PayFast), hosting providers, and email service providers. All third parties are bound by data processing agreements.

5. Data Security

We implement industry-standard security measures including encryption in transit (TLS/SSL), hashed passwords, and secure server infrastructure. QR code security tokens rotate daily to prevent misuse.

6. Your Rights Under POPIA

As a data subject under POPIA, you have the right to:

  • Access your personal information
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to processing of your data
  • Request a copy of your data in a portable format
  • Lodge a complaint with the Information Regulator

7. Data Retention

We retain account data for as long as your account is active. After account closure, we retain data for 90 days before permanent deletion. Anonymised analytics data may be retained indefinitely.

8. Cookies

We use essential cookies for session management and authentication. We do not use third-party tracking cookies or advertising cookies on the public menu pages.

9. Contact Us

For any privacy-related enquiries or to exercise your rights, contact us at:

Email: [email protected]