TERMINAL92 LLC (“we,” “us,” “our,” or “Company”) operates the Taptale platform, including the web application at taptale.app, the Taptale Chrome browser extension, and related services (collectively, the “Service”). This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our Service.
By using Taptale, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Email address (required for registration and communication)
- Name (if provided or obtained via OAuth)
- Profile photo (if provided via OAuth or uploaded)
- Authentication credentials (managed securely by our authentication provider)
- Organization/workspace name (if provided)
1.2 Payment Information
When you subscribe to a paid plan, our payment processor (Stripe) collects:
- Credit/debit card details
- Billing address
- Transaction history
We do not store your full credit card number on our servers. Payment data is handled entirely by Stripe in accordance with PCI-DSS standards.
1.3 Content You Create and Upload
When you use Taptale, you may upload or create:
- Video recordings (screen recordings, camera recordings, uploaded video files)
- Interactive demos (screen captures, DOM snapshots, step-by-step recordings)
- Screenshots and thumbnails generated during recording
- Audio recordings (narration, microphone capture)
- Transcripts generated from your video/audio content
- Edits and annotations (hotspots, text overlays, effects, HTML modifications)
1.4 Data Collected by the Chrome Extension
The Taptale Chrome extension collects data only during active recording sessions initiated by you. When recording, the extension captures:
- DOM snapshots of the current web page (the page structure and visible content)
- Screenshots of the current browser tab
- Tab URL of the page being recorded
- User interaction events (clicks, navigation, scrolling) via the rrweb library
- Page content visible in the browser viewport
The extension does NOT:
- Collect data when not actively recording
- Run in the background when not in use
- Access browsing history, bookmarks, or other browser data
- Access data from other tabs or windows not being recorded
- Collect passwords, form inputs, or autofill data
- Access or transmit cookies or stored credentials from recorded pages
- Track your browsing activity across websites
The extension communicates only with Taptale servers (*.taptale.app) for authentication and content upload. No data is sent to any other third party.
1.5 Viewer Analytics Data
When someone views content shared via Taptale, we collect:
- IP address (used for approximate geographic location; not stored long-term in identifiable form)
- Device type, browser, and operating system
- Approximate geographic location (country/region level, derived from IP)
- Watch duration and engagement metrics (how long viewed, percentage watched, chapters visited)
- Interaction events (play, pause, seek, CTA clicks, chapter navigation)
- Referrer URL and UTM parameters (how the viewer found the link)
- Email address (only if the share link requires email submission)
- Session timing (when the view started and ended)
1.6 Automatically Collected Technical Data
We automatically collect:
- Log data (IP address, browser type, operating system, referring URL, pages visited, timestamps)
- Device information (screen resolution, device type)
- Performance data (page load times, errors)
- Cookies and similar technologies (see Section 6)
1.7 AI-Processed Data
When you use our Knowledge Search feature:
- Text embeddings are generated from your video transcripts using OpenAI's embedding models and stored in our database for future searches
- Search queries you submit are processed by AI to generate relevant answers
- AI-generated responses (answers, citations, smart intros) are stored in our database for your reference
- Your content is not used to train third-party AI models (see Section 3.5)
AI data caching: Transcript excerpts sent to AI providers (OpenAI, Anthropic) are processed in real-time via their APIs and are not cached by TERMINAL92 beyond the API request. AI providers do not retain your data after delivering the response, per their data processing agreements. Text embeddings (numerical vector representations of your transcripts) are stored in our database to enable future searches.
Regulated data: The AI features are not designed to process data subject to specific regulatory frameworks such as HIPAA, PCI-DSS, ITAR, EAR, SOX, or GLBA. Do not submit regulated or sensitive data through AI-powered features.
2. How We Use Your Information
2.1 Providing and Improving the Service
- Create and manage your account and workspaces
- Process and store your video recordings and interactive demos
- Generate transcripts from audio/video content
- Provide AI-powered search and knowledge features
- Display viewer analytics and engagement metrics
- Process payments and manage subscriptions
- Send transactional emails (invitations, notifications, receipts)
2.2 Security and Abuse Prevention
- Authenticate users and validate sessions
- Enforce rate limits to prevent abuse
- Detect and prevent fraudulent activity
- Monitor for security threats and unauthorized access
2.3 Communication
- Respond to your support requests
- Send service-related notices (maintenance, security alerts, policy changes)
- Send product updates (you can opt out at any time)
2.4 Legal Compliance
- Comply with applicable laws, regulations, and legal processes
- Enforce our Terms of Service
- Protect the rights, safety, and property of our users and the public
3. How We Share Your Information
We do not sell your personal information. We share information only in the following circumstances:
3.1 With Your Workspace Members
Content you upload is accessible to members of your workspace based on their assigned role (Admin, Editor, Viewer).
3.2 With Viewers You Choose to Share With
When you create a share link, the associated content becomes accessible to anyone with that link (subject to any password or email gate you configure).
3.3 With Service Providers (Sub-Processors)
We use the following third-party services to operate Taptale. Each processes data only as necessary to provide their service:
| Provider | Purpose | Data Processed |
|---|---|---|
| Vercel | Web application hosting | All application data in transit |
| Clerk | Authentication and user management | Email, name, profile photo, session data |
| Stripe | Payment processing | Payment details, billing address, transaction history |
| Cloudflare (R2) | File storage | Uploaded videos, recordings, screenshots, thumbnails |
| OpenAI | Text embeddings for knowledge search | Transcript text (for embedding generation only) |
| Anthropic (Claude) | AI-powered search answers | Transcript excerpts relevant to search queries |
| Upstash | Rate limiting | IP addresses, request counts (ephemeral) |
| Resend | Transactional email delivery | Email addresses, notification content |
| Sentry | Error monitoring and diagnostics | Error logs and stack traces, which may incidentally contain limited technical identifiers. We configure Sentry to minimize personal data collection |
3.4 For Legal Reasons
We may disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of TERMINAL92 LLC, our users, or the public.
3.5 AI Provider Data Usage
- OpenAI: We use their API with data processing terms that prohibit using your data for model training. Your transcripts are processed for embedding generation only and are not retained by OpenAI beyond the API request.
- Anthropic: We use their API with terms that prohibit using your data for model training. Your transcript excerpts are processed to generate search answers only and are not retained beyond the API request.
3.6 Business Transfers
If TERMINAL92 LLC is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.
4. Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Until you delete your account |
| Uploaded content (videos, recordings) | Until you delete the content or your account |
| Viewer analytics | 24 months from collection, then anonymized |
| Payment records | As required by tax and financial regulations (typically 7 years) |
| Server logs | 90 days |
| AI search query logs | 12 months |
| Extension recording data (local) | Until uploaded or recording is discarded |
When you delete your account, we delete or anonymize your personal information within 30 days, except where retention is required by law.
Note: Retention periods listed above are targets and may vary based on operational and legal requirements.
5. Data Security
We implement industry-standard security measures to protect your information:
- Encryption in transit: All data transmitted between your browser/extension and our servers uses TLS 1.2+ (HTTPS)
- Encryption at rest: Stored files are encrypted at rest in Cloudflare R2
- Authentication: Secure session management via Clerk with JWT-based extension authentication
- Access control: Role-based workspace permissions (Admin, Editor, Viewer)
- Password protection: Share link passwords are hashed using PBKDF2 with SHA-256 (100,000 iterations, 256-bit key)
- Rate limiting: API rate limiting to prevent brute-force attacks and abuse
- SSRF protection: Image proxy blocks private IP ranges, localhost, and internal domains
- Content Security Policy: Strict CSP headers to prevent cross-site scripting
- Webhook verification: Stripe webhooks verified via cryptographic signatures with idempotency protection
In the event of a data breach, we will notify affected users and relevant authorities as required by applicable law.
No system is 100% secure. If you discover a security vulnerability, please report it to security@taptale.app.
6. Cookies and Tracking Technologies
6.1 Cookies We Use
| Cookie | Purpose | Type | Duration |
|---|---|---|---|
| Session cookies | Authentication state | Essential | Session |
| Workspace preference | Remember selected workspace | Functional | Persistent |
| Clerk authentication | User session management | Essential | Per Clerk policy |
6.2 What We Do NOT Use
- We do not use third-party advertising cookies
- We do not use cross-site tracking pixels
- We do not sell data to advertisers
- We do not participate in ad networks
All cookies currently used by the Service are essential for functionality and do not require consent under applicable cookie laws.
6.3 Viewer Page Analytics
When someone views shared content, we collect analytics data (as described in Section 1.5) to provide engagement metrics to content creators. This data is collected via first-party JavaScript (not third-party trackers).
7. Your Rights
7.1 All Users
- Access: Request a copy of the personal information we hold about you
- Correction: Request correction of inaccurate information
- Deletion: Request deletion of your personal information
- Data portability: Request your data in a machine-readable format
- Withdraw consent: Withdraw consent for optional data processing at any time
- Opt out of communications: Unsubscribe from non-essential emails
7.2 European Economic Area, UK, and Swiss Residents (GDPR / UK GDPR)
In addition to the rights above:
- Legal basis: We process your data based on: (a) contract performance (providing the Service), (b) legitimate interests (security, analytics, service improvement), (c) consent (optional features, marketing), or (d) legal obligation
- Right to restrict processing: Request restriction of certain processing activities
- Right to object: Object to processing based on legitimate interests
- Right to lodge a complaint: File a complaint with your local data protection authority
- Data transfers: Data may be transferred outside the EEA. We rely on Standard Contractual Clauses (SCCs) and adequacy decisions where applicable
- Privacy inquiries: For privacy inquiries from EEA/UK residents, contact privacy@taptale.app
- Balancing tests: We have conducted balancing tests to ensure our legitimate interests do not override your fundamental rights
7.3 California Residents (CCPA/CPRA)
- Right to know: You have the right to know what personal information we collect, use, and disclose
- Right to delete: You have the right to request deletion of your personal information
- Right to correct: You have the right to correct inaccurate personal information
- Right to opt out of sale: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising
- Non-discrimination: We will not discriminate against you for exercising your privacy rights
- Categories of information collected: Identifiers, commercial information, internet activity, geolocation data, professional information, audio/visual information
- Authorized agents: You may designate an authorized agent to make requests on your behalf
7.4 Canadian Residents (PIPEDA)
- You have the right to access, correct, and challenge the accuracy of your personal information
- We obtain meaningful consent for the collection, use, and disclosure of personal information
- You may withdraw consent at any time, subject to legal or contractual restrictions
7.5 Australian Residents (Privacy Act 1988)
- You have the right to access and correct your personal information
- You may make a complaint to the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the Australian Privacy Principles
7.6 Exercising Your Rights
To exercise any of these rights, contact us at:
- Email: privacy@taptale.app
- Mail: TERMINAL92 LLC, 522 W Riverside Ave, Ste N, Spokane, WA 99201, United States
We will respond to verified requests within 30 days (or as required by applicable law).
8. Children's Privacy
Taptale is a business-to-business platform intended for users aged 18 and older. We do not knowingly collect personal information from anyone under the age of 18. If we learn that we have collected personal information from a person under 18, we will promptly delete that information. If you believe someone under 18 has provided us with personal information, please contact us at privacy@taptale.app.
9. International Data Transfers
TERMINAL92 LLC is based in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.
We ensure appropriate safeguards for international transfers through:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
- Contractual obligations with sub-processors requiring equivalent data protection
- Technical measures including encryption in transit and at rest to ensure adequate protection of transferred data
10. Chrome Extension Specific Disclosures
This section provides additional disclosures required for the Taptale Chrome browser extension, in accordance with the Chrome Web Store Developer Program Policies.
10.1 Single Purpose
The Taptale Chrome extension has a single purpose: to record interactive screen demos and video recordings for upload to the Taptale platform.
10.2 Permissions Justification
| Permission | Why It's Needed |
|---|---|
activeTab | To capture the current tab's content during recording |
tabCapture | To capture video/audio from the current tab |
desktopCapture | To capture screen content for video recording |
storage | To persist recording state and authentication tokens across sessions |
offscreen | To process media encoding in the background |
10.3 Data Handling
- Collection: Data is collected only during active recording sessions explicitly started by the user
- Transmission: Recorded data is transmitted only to Taptale servers at
*.taptale.appvia HTTPS - Local storage: Recording data is temporarily stored in IndexedDB until upload completes, then deleted
- No remote code: The extension does not execute remotely hosted code
- No data sale: Data collected by the extension is never sold to third parties
- No use for unrelated purposes: Extension data is used solely for creating and uploading recordings to Taptale
10.4 Host Permissions
The extension requests host permissions to inject content scripts for DOM recording on the active tab. Content scripts are only injected when the user initiates a recording. The extension does not inject scripts on:
- Chrome internal pages (
chrome://,chrome-extension://) - Browser system pages (
about:,edge://) - Local files (
file://) - Data or blob URLs (
data:,blob:)
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated policy on our website with a new “Last Updated” date
- Sending an email notification for significant changes
- Displaying an in-app notice
Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.
12. Contact Us
If you have questions about this Privacy Policy or our data practices:
TERMINAL92 LLC
522 W Riverside Ave, Ste N
Spokane, WA 99201, United States
Email: privacy@taptale.app
Website: https://taptale.app