Privacy Policy

Effective Date: 2026-01-01
Last Updated: 2026-05-18

This Privacy Policy describes how Kitetags (“Kitetags,” “we,” “us,” or “our”) collects, uses, shares, and protects information in connection with the Kitetags website at www.kitetags.com, the Kitetags NFC tag management platform at app.kitetags.com, and related services (collectively, the “Services”).

By accessing or using the Services, you agree to this Privacy Policy. If you do not agree, please do not use the Services.

1. Who This Policy Applies To

This policy applies to three groups of people:

  • Account Holders (“Kitetag Managers”) — individuals or organizations that register for a Kitetags account to purchase, configure, and manage NFC tags.
  • End Users (“Tappers”) — anyone who taps or scans a Kitetag with an NFC-enabled device and is redirected to a URL, digital business card, webhook trigger, or other configured experience.
  • Visitors — anyone who browses our public website without creating an account.

Different sections below explain how each group’s information is handled.

2. Information We Collect

2.1 Information You Provide Directly

When you create an account or use our Services, you may provide:

  • Account information: name, email address, password (stored in hashed form), company or organization name, and role.
  • Billing information: billing address, payment card details, and transaction history. Payment card numbers are processed and stored by our third-party payment processor (e.g., Stripe) and are not retained on our servers.
  • Tag configuration data: unique identifiers, custom data fields, URL redirects, JSON payloads, webhook endpoint URLs and headers, digital business card content, and any other data you associate with your Kitetags.
  • Bulk import data: any information you upload via CSV import, including data structures and tag groupings.
  • Communications: support requests, feedback, survey responses, and any other content you send to us.

2.2 Information Collected Automatically From Account Holders

When you use the Kitetags platform, we automatically collect:

  • Log and device data: IP address, browser type, operating system, device identifiers, referring URLs, pages visited, and timestamps.
  • Usage data: features used, tags created and modified, login times, API calls, and webhook delivery logs.
  • Cookies and similar technologies: see Section 7 below.

2.3 Information Collected When Someone Taps a Kitetag

When a Tapper interacts with a Kitetag, we (and, where configured, the Account Holder) may receive:

  • The unique identifier of the tag that was tapped.
  • A timestamp of the tap event.
  • The IP address of the device that initiated the redirect or webhook request.
  • General device and browser information (user agent string) made available by the redirect.
  • Approximate location derived from the IP address.

Important: When an Account Holder configures a webhook, the tap data described above is transmitted to the Account Holder’s chosen endpoint along with any custom payload they have defined. Once data leaves our platform via a webhook, it is handled under the receiving party’s privacy practices, not ours.

2.4 Information From Third Parties

We may receive information from integration partners (for example, Zapier, Tarvent, or other services you connect), payment processors, and analytics providers. We use this information consistently with this policy.

3. How We Use Information

We use the information we collect to:

  • Provide, operate, and maintain the Services, including processing taps, executing redirects, delivering webhooks, and supporting integrations.
  • Create and manage your account, authenticate logins, and provide customer support — including, where authorized, allowing our Customer Support Representatives to access your account in “login as” mode to diagnose issues.
  • Process payments and send transactional communications (receipts, account notifications, security alerts).
  • Improve, troubleshoot, and develop new features for the Services.
  • Detect, prevent, and respond to fraud, abuse, security incidents, and violations of our Terms of Service.
  • Send marketing or promotional communications, where permitted by law and subject to your right to opt out.
  • Comply with legal obligations and enforce our agreements.

We process personal data on the legal bases of contract performance, our legitimate interests in operating and securing the Services, your consent (where required), and compliance with legal obligations.

4. How We Share Information

We do not sell personal information. We share information only as described below:

  • With Account Holders. Tap data from a Kitetag is shared with the Account Holder who manages that tag. If you are a Tapper, the Account Holder controls what happens with that data once delivered to their configured destination (such as a webhook endpoint, redirect URL, or integration).
  • With service providers. We share information with vendors who perform services on our behalf (hosting, payment processing, email delivery, analytics, customer support tooling). These providers are contractually obligated to protect the information and use it only for the services they provide to us.
  • With integration partners you authorize. When you connect a third-party service (such as Zapier, Tarvent, or a custom webhook endpoint), we share data with that service at your direction.
  • For legal reasons. We may disclose information if required by law, subpoena, court order, or other legal process, or if we believe disclosure is necessary to protect rights, safety, or property.
  • In a business transaction. If we are involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction. We will notify affected users where required.
  • With your consent. For any other disclosure, we will ask first.

5. Webhooks and Third-Party Endpoints

Kitetags allows Account Holders to configure webhooks that send tap data to any URL endpoint they choose. Account Holders are responsible for:

  • The security of any endpoint they configure.
  • Compliance with applicable privacy laws regarding data sent to or processed by that endpoint.
  • Disclosure to Tappers, where required, about how tap data will be handled at the destination.

We provide delivery and retry monitoring but do not control how third-party endpoints store, use, or share the data they receive.

6. Data Retention

We retain personal information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:

  • Account data is retained while your account is active and for a reasonable period after closure for backup, legal, and audit purposes.
  • Tap event logs are retained for the Account Holder’s reporting and analytics.
  • Billing records are retained as required by tax and accounting laws.
  • Backup copies may persist for a limited additional period before being overwritten in the ordinary course.

When information is no longer needed, we delete or anonymize it.

7. Cookies and Tracking Technologies

We and our service providers use cookies, local storage, and similar technologies to:

  • Keep you signed in and remember your preferences.
  • Measure traffic and understand how the Services are used.
  • Detect and prevent fraud or abuse.

You can control cookies through your browser settings. Disabling certain cookies may limit functionality. If we use analytics or advertising cookies that require consent under your jurisdiction’s laws, we will request consent through our cookie banner.

8. Security

We use commercially reasonable administrative, technical, and physical safeguards to protect personal information, including encryption in transit (HTTPS), encrypted storage of credentials, access controls, and monitoring. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

If we become aware of a security incident affecting your personal information, we will notify you as required by applicable law.

9. Your Rights and Choices

Depending on where you live, you may have the following rights regarding your personal information:

  • Access — request a copy of the personal information we hold about you.
  • Correction — request that we correct inaccurate or incomplete information.
  • Deletion — request that we delete your personal information, subject to certain exceptions.
  • Portability — request a copy of your information in a portable format.
  • Restriction or objection — ask us to limit or stop certain processing.
  • Withdraw consent — where processing is based on consent.
  • Opt out of marketing — unsubscribe from marketing emails at any time using the link in those messages.

To exercise these rights, contact us at the address in Section 14. We will respond within the time required by applicable law. We may need to verify your identity before fulfilling certain requests.

9.1 If You Are a Tapper

If you tapped a Kitetag and want to know how the resulting data is being used, please contact the Account Holder who manages that tag. We act as a service provider/data processor for that data and will direct your request to the Account Holder where appropriate.

9.2 California Residents (CCPA / CPRA)

California residents have additional rights, including the right to know what categories of personal information we collect, the right to delete, the right to correct, and the right to opt out of “sale” or “sharing” of personal information. We do not sell personal information. To exercise California rights, contact us at the email below.

9.3 European Economic Area, United Kingdom, and Switzerland (GDPR / UK GDPR)

If you are located in the EEA, UK, or Switzerland, the legal bases for our processing are described in Section 3. You have the right to lodge a complaint with your local data protection authority. Our representative for GDPR purposes is [insert representative / DPO contact, if applicable].

10. International Data Transfers

We are based in the United States and may process information in countries other than the one in which you live. Where we transfer personal information internationally, we rely on appropriate safeguards such as Standard Contractual Clauses or other lawful transfer mechanisms.

11. Children’s Privacy

The Services are not directed to children under [13 / 16, depending on jurisdiction], and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can delete it.

12. Third-Party Links and Services

The Services may link to third-party websites, including destinations configured by Account Holders for tag redirects. We are not responsible for the privacy practices of those third parties. Review their privacy policies before providing them with personal information.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the Services before the changes take effect. The “Last Updated” date at the top reflects the most recent revision.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, contact us at:

New Pacific County, LLC (dba Kitetags)
7 W 41st Ave Suite 334 San Mateo, CA 94403
Email: privacy@kitetags.com