MyTapTour

Last updated: May 17, 2026

1. Introduction

MyTapTour is a service of Next Dimension LLC, a Connecticut limited liability company doing business as ("d/b/a") MyTapTour. References to "MyTapTour", "we", "our", "us", or "the app" in this policy mean Next Dimension LLC operating under that trade name. This Privacy Policy explains how we collect, use, and protect your information when you use the MyTapTour mobile application.

By using MyTapTour, you agree to the collection and use of information as described in this policy. You may use the app in a guest browsing mode without registering — in that mode the only personal information we receive is the standard request metadata your device sends with any web/API request (IP address, user agent, anonymized analytics events). All other categories below are collected only after you sign in.

2. Information We Collect

Account Information

When you create an account, we collect:

• Email address — used for authentication and account recovery
• Display name — shown within the app (optional)
• Leaderboard Name — a separate, optional public name visible on per-tour leaderboards to other MyTapTour users. This is distinct from your Display Name and is used only for the leaderboard feature. Leaving it blank opts you out — you will not appear on any leaderboard. You can change or clear it at any time from Settings > Account.
• Authentication provider — whether you signed in via email, Google, or Apple

If you use Sign in with Apple and choose to hide your email, we receive only a relay address provided by Apple.

Location Data

With your permission, we access your device location to:

• Show nearby tours and tag locations on the map
• Calculate distances to tour stops

When you use features that depend on your location—such as showing nearby tours, gating distance-restricted rewards, or AI-powered tour suggestions—your device transmits your current coordinates to our servers to compute the result. We do not store your real-time location coordinates in our database after the request completes. When you use AI-powered features (such as next-stop suggestions), your location may be sent to our AI service provider as part of the prompt to generate a response.

Tour Activity

When you scan NFC tags or interact with tours, we record:

• Which tags you scanned and when
• Rewards earned and redeemed
• Tour progress and stage completion

Payment Information

For paid tours, payments are processed by Stripe. We do not store credit card numbers or bank account details. We retain a record of your purchase (tour, amount, date) for your purchase history.

Photos You Upload (Tour Selfies)

When you opt in to the selfie feature and capture or choose a photo at a tour stop, we upload the photo to Cloudflare Images and associate it with your account, the tour, and (for per-tag photos) the specific tag. Optional captions are stored alongside.

• Camera & Photo Library access: required only when you tap the “Photo” button or respond to a selfie reminder. Permissions can be revoked in iOS Settings at any time.
• Who sees them in the app: only you. Your uploaded photos are not shown to tour creators, other users, or the public. We do not index them.
• MyTapTour staff access: a small number of authorized MyTapTour site administrators can view uploaded photos through an internal admin tool, for the limited purposes of responding to safety concerns, moderating content that may violate our Terms, investigating abuse or legal requests, and operational support. Access is logged. Tour creators are not site administrators and cannot see your photos.
• Delivery URL: unguessable but not cryptographically signed. Treat any URL you export to another app (e.g. via Share) as effectively public — whoever you send it to can view the photo.
• How to remove them: open the photo in your gallery and tap Delete. On account deletion we also delete every photo you’ve uploaded.

Camera and ARKit (Visual Location Verification)

Some tour stops offer a "Verify Location" affordance that uses the device's back camera plus Apple's ARKit framework (including the Visual Positioning System on supported devices) to confirm physical presence at the saved spot, instead of or in addition to an NFC tag scan.

• Camera access: required only while a verify session is active. Permissions can be revoked in iOS Settings at any time; the visual-verify path is unavailable without it.
• What is processed: the live camera stream is analyzed on your device by ARKit. As part of normal ARKit operation, anonymized scene-feature data is exchanged with Apple's Visual Positioning System; that exchange is governed by Apple's privacy policy, not MyTapTour's.
• What we receive: on a successful verify, our servers receive only the tag identifier, the success/failure result, and a small diagnostic payload (proximity in meters, device model, iOS version). We do not record, store, or upload any camera frames, video, or audio captured during a verify session.
• Photo Library access (creator side): tour creators may attach a reference photo to a tag to help end users locate it. When a creator opts to choose an existing photo from their library (rather than capture a new one), iOS's standard out-of-process photo picker is used; the chosen photo is uploaded to MyTapTour storage and associated with the tag. Creators warrant via the Creator Terms that any reference photo they upload was captured with appropriate consent.

Reviews and Moderation Records

Signed-in users may post 1–5 star ratings and short text reviews on tours they have purchased. We collect:

• The rating and review text;
• Your Firebase Auth user identifier (always retained server-side, even when you choose to display the review anonymously, so we can support moderation and the per-user block feature);
• Your display name (suppressed from public payloads when you select anonymous display);
• Submission timestamps.

If you block another user from a review row, we persist a (your-uid, blocked-uid) record server-side so the block syncs across your devices. We do not expose the blocked user's identifier to your client beyond the management screen for the purpose of unblocking. You can review and remove blocks at any time in Settings > Account > Blocked Users.

If you hide an individual review on this device, we record the review identifier in local app storage only — no server transmission, no cross-device sync.

If you report a review, the report routes to tap@mytaptour.com. We retain reports for moderation and audit.

Display Name Synchronization

When you change your display name from Settings > Account > Display Name, the new value is written to Firebase Auth and, if you also have a creator role on the platform, mirrored into our internal creator records (so your tours' "Created by" line stays in sync). No name history is published; only the current value is stored.

3. How We Use Your Information

• Provide and maintain the app's features (tours, tags, rewards, maps)
• Track your tour progress and award rewards
• Process payments for paid tours
• Send transactional emails (password resets, purchase receipts, invitations, support replies, issue-report confirmations)
• Send marketing and product-update emails (new tours, new features, occasional promotions) only to users who have explicitly opted in. You can opt in or out at any time from Settings > Account, or by clicking the unsubscribe link in any marketing email. We cap marketing sends to no more than two per user per month.
• Publish per-tour leaderboards: if you have set a Leaderboard Name, it appears next to your total points on that tour's public leaderboard. No other identifying information (email, Display Name, user ID) is shared alongside the Leaderboard Name.
• Improve the app and fix issues

4. Acceptable Use — Leaderboard Names

You agree that any Leaderboard Name you choose will not be obscene, hateful, harassing, impersonating, or otherwise offensive. MyTapTour screens submitted Leaderboard Names against a list of prohibited terms and rejects obvious matches, but no automated screen is perfect. We reserve the right to clear or change a Leaderboard Name that violates this rule or is reported as abusive, and to suspend accounts for repeat violations.

5. Data Sharing

We do not sell your personal information. We share data only with:

• Firebase (Google) — authentication and cloud infrastructure
• Neon — serverless Postgres database hosting your account, tour progress, scan history, and reward records
• Stripe — payment processing for paid tours
• Cloudflare — image and video hosting and delivery (including selfies you upload and tour media)
• Anthropic — AI processing for features such as next-stop suggestions; relevant context (which may include your tour progress and approximate location) is sent to Anthropic's API to generate a response
• Resend — transactional email delivery (password resets, purchase receipts, support replies, issue-report confirmations, invitations) and, for users who have opted in, marketing email delivery (newsletters, product updates, occasional promotions). Your email address, display name, and opt-in status pass through Resend. Resend hosts the unsubscribe flow on the marketing channel; opting out via that flow (or via the Settings toggle in the app) takes effect immediately and is honored by both Resend and our internal preference store.
• Tour creators — tour creators can see aggregated scan activity for their tours, but not your personal identity unless you redeem a reward associated with their tour

6. Creator Accounts

If you sign up as a tour creator, additional information is collected and processed:

• Identity and bank details required to receive payouts are collected directly by Stripe through their hosted Connect onboarding flow. Stripe acts as the data controller for that information; we receive only a reference to your connected account, your account status, and the aggregate balance and payout data needed to operate the platform.
• Creator activity records — including tours you publish, earnings, payouts, and actions you take in the creator portal — are stored in our database for as long as your creator account is active and for a reasonable period afterward to satisfy tax and accounting obligations.
• Visual location anchors. When you set up an ARKit-based visual location anchor for a tag, we capture and persist either (a) the device's GPS coordinates at the time of capture (geo-anchor flow) or (b) a small ARKit world-map binary containing abstract 3D feature-point data describing the saved location's surroundings (world-map flow). World-map binaries do not contain raw photographs, video, or audio. Optional reference photos you attach are uploaded to our storage and shown to end users as a "Look for this" hint when enabled.
• Tax reporting (such as IRS Form 1099-K where applicable) is handled by Stripe as the payment processor for transactions routed through your Stripe Connect account.

Creator accounts are also governed by the separate Creator Terms Agreement you accept during onboarding.

7. Data Retention

We retain your account and activity data for as long as your account is active. You can delete your account at any time from Settings > Account > Delete Account, which permanently removes all your data from our systems.

8. Data Security

We use industry-standard security measures including encrypted connections (HTTPS/TLS), secure authentication via Firebase Auth, and encrypted payment processing via Stripe. However, no method of electronic transmission is 100% secure.

9. Children's Privacy

MyTapTour is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us so we can delete it.

10. Your Rights

You have the right to:

• Access your personal data through the app
• Update your name, email, and password in Settings
• Delete your account and all associated data
• Withdraw consent for location access via your device settings
• Opt out of marketing emails at any time via Settings > Account, or by clicking the unsubscribe link in any marketing email. Opting out does not affect transactional emails (password resets, receipts), which are required to operate the service.

11. Third-Party Services

The app uses third-party services that may collect information:

• Firebase Privacy Policy
• Stripe Privacy Policy
• Google Sign-In Privacy Policy
• Cloudflare Privacy Policy — image hosting for selfies and tour artwork
• Anthropic Privacy Policy — AI processing for next-stop suggestions and other AI features
• Neon Privacy Policy — managed Postgres database hosting
• Resend Privacy Policy — transactional and (opt-in) marketing email delivery

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy in the app. Your continued use of the app after changes constitutes acceptance.

13. Contact Us

If you have questions about this Privacy Policy, contact us at:

Next Dimension LLC d/b/a MyTapTour
Email: hello@mytaptour.com