GoTap
Sign In

End User Privacy Notice

Last Updated: February 22, 2023

This Privacy Notice explains how GoTap processes information when you click a GoTap promotional link or scan a QR code shared by a creator and you are redirected to an app store listing or website for a third-party mobile app or game (the "Advertiser App").

This notice is separate from any GoTap creator/member program privacy terms and from the Advertiser's privacy policy.

1) Who is involved (roles)

GoTap operates promotional links and (if used) a redirect/landing page that routes you to an Advertiser App.

The Advertiser (the company behind the Advertiser App) determines how the Advertiser App itself processes data once installed.

Measurement / fraud prevention providers (e.g., MMPs, analytics, anti-fraud vendors) may process certain data to attribute installs and detect abuse.

GoTap's Role

GoTap acts solely as a data processor/service provider on behalf of Advertisers. We do not act as an independent data controller for end-user information.

Our Privacy-First Approach

  • No personally identifiable information (PII): We do not collect names, email addresses, phone numbers, or other direct identifiers from end users clicking promotional links.
  • Process, optimize, delete: Technical signals are processed in real-time for attribution and fraud prevention, then promptly deleted. We do not maintain long-term databases of end-user information.
  • No user profiles: We do not build or store persistent profiles about individual end users.

2) Information we may process

When you interact with a GoTap promotional link, we may temporarily process the following non-PII technical signals for attribution and fraud prevention purposes:

A. Technical redirect data (transient)

  • Promotional link/QR identifier and timestamp
  • Truncated/hashed IP address for approximate geo-location (country/region level only)
  • Basic device signals: browser type, operating system, device category
  • Fraud detection signals (e.g., bot patterns, anomalous behavior)

B. No device advertising identifiers

Because GoTap operates as a web-based redirect service, we technically cannot access mobile device advertising identifiers (IDFA, GAID, or similar device IDs). Attribution is handled by third-party Mobile Measurement Partners (MMPs) integrated directly with the Advertiser's app—not by GoTap.

C. Aggregated performance data

  • Install confirmations and basic event metadata (e.g., first open) received from MMPs
  • This data is aggregated for campaign reporting—individual-level data is not retained

What we do NOT collect

  • Names, email addresses, phone numbers, or any direct personal identifiers
  • Precise location data (GPS coordinates)
  • Financial or payment information from end users
  • Content of communications or browsing history
  • GoTap does not require you to create an account to click promotional links
  • GoTap does not provide end-user rewards for installs (creators may be compensated separately)

3) Why we process it (purposes)

We process the above information to:

  • Operate promotional links and redirects (routing, reliability, troubleshooting)
  • Measure campaign performance (attribution, reporting, deduplication)
  • Prevent fraud and abuse (bot traffic, click spamming, manipulated installs, policy violations)
  • Comply with legal obligations and enforce our terms/policies

4) Legal bases (EEA/UK)

Where GDPR/UK GDPR applies, our processing relies on one or more of the following lawful bases:

  • Legitimate interests (e.g., operating links, measurement, fraud prevention, network security), provided those interests are not overridden by your rights.
  • Consent where required for non-essential cookies or similar technologies on our web/redirect pages (see Section 6).
  • Legal obligation where we must retain or disclose information to comply with law.

5) Who we share data with

We may share relevant data with:

  • Advertisers whose apps are being promoted (for attribution/reporting and campaign optimization)
  • Measurement, analytics, and anti-fraud providers (e.g., MMPs, security vendors) acting as processors/service providers or independent controllers depending on the setup
  • Infrastructure providers (hosting, logging, CDN) that support our systems
  • Authorities if required by law, or to protect rights/safety

We do not sell personal data in the sense of exchanging it for money as a standalone data product.

6) Cookies and similar technologies (redirect pages)

If GoTap uses a web/redirect page that stores or accesses information on your device (e.g., cookies, local storage, SDK-like scripts), then:

  • Strictly necessary technologies may be used to make the page work and keep it secure.
  • Non-essential technologies (e.g., analytics) will be used only where required and after consent via a cookie banner/settings (for EEA/UK).

7) International data transfers

Your information may be processed in countries outside your own (including outside the EEA/UK). Where required, we use appropriate safeguards (such as Standard Contractual Clauses) and other measures to protect data.

8) Data retention

Consistent with our privacy-first approach, we follow a "process and delete" model:

  • Real-time processing: Technical signals are processed immediately for attribution matching and fraud detection
  • Prompt deletion: Individual-level data is deleted shortly after processing is complete—typically within hours to days
  • Aggregated reporting only: Only anonymized, aggregated campaign metrics are retained for reporting purposes

We do not maintain long-term databases containing end-user click or device data. Any limited retention for fraud investigation or legal compliance involves only aggregated or anonymized data where possible.

9) Your rights (EEA/UK)

Where applicable, you may have rights to:

  • access, correct, delete your personal data
  • restrict or object to certain processing (including objection to processing based on legitimate interests)
  • data portability (in certain cases)
  • withdraw consent (where processing is based on consent)
  • lodge a complaint with a supervisory authority

To exercise rights, contact: privacy@gotap.it

10) Additional disclosures for certain regions

California (CPRA)

If you "share" data for cross-context behavioral advertising (CPRA definition), you may request to opt out via our "Do Not Sell or Share My Personal Information" mechanism. Contact us for details on categories disclosed and purposes.

Brazil (LGPD)

LGPD legal bases, rights, and DPO/representative details apply as applicable under Brazilian law.

11) Children

GoTap promotional links are not intended for children under 13 (or 16, depending on region). If you believe a child has provided data through a GoTap promotional link, contact us and we will address it.

12) Changes to this notice

We may update this Privacy Notice by posting a new version with an updated effective date.

Contact

Questions about this Privacy Notice or how we process your data: support@gotap.it