Privacy Policy

Last updated: January 16, 2026

Overview

RatesOnTap ("we," "our," or "us") provides a smart attribution tracking and Google review redirect system. This privacy policy explains how we collect, use, and protect your information when you use our service.

Information We Collect

Attribution Data

When you use our QR codes or redirect links, we automatically collect:

  • Timestamp of the visit
  • Business slug/identifier
  • Host parameter (team member identifier)
  • Source parameter (marketing channel)
  • UTM campaign parameters (utm_source, utm_medium, utm_campaign, utm_content, utm_term)
  • User agent information (browser type, operating system)
  • Device type (mobile, desktop, or tablet)
  • Referrer information
  • IP address (anonymized - see below)
  • Browser metadata (language preferences, client hints)

Wallpaper Download Data

When you download a QR code wallpaper, we collect:

  • IP address
  • User agent information
  • Download timestamp
  • File size

Business Dashboard Data

If you are a business client using our analytics dashboard, we collect:

  • Dashboard password (stored securely using bcrypt hashing)
  • Session tokens for authentication
  • Login timestamps

Email Addresses

If you provide your email address through our contact form, we collect and store it to respond to your inquiry.

Analytics Data

We may use standard web analytics tools to understand how our service is used and to improve user experience.

How We Use Your Information

  • To provide attribution tracking services to business clients
  • To redirect users to appropriate Google review pages
  • To generate analytics and reports for business clients
  • To respond to inquiries and provide customer support
  • To improve our service and user experience
  • To comply with legal obligations

Data Storage and Security

We store data using Supabase, a secure PostgreSQL cloud database service. We also use Upstash Redis for caching to improve performance. We implement appropriate security measures to protect against unauthorized access, alteration, disclosure, or destruction of your personal information.

IP Address Anonymization

To protect your privacy, we anonymize IP addresses before storage. This means we cannot identify individual users from stored IP addresses.

Password Security

Business dashboard passwords are securely hashed using industry-standard methods before storage. We never store passwords in plain text.

Data Sharing

We do not sell, trade, or otherwise transfer your personal information to third parties, except:

  • To business clients who own the QR codes/links you interact with (attribution data only)
  • When required by law or to protect our rights
  • To trusted service providers who assist in operating our service (under confidentiality agreements)

Third-Party Service Providers

We use the following service providers to operate our service:

  • Supabase - Database hosting
  • Upstash - Caching for performance
  • Vercel - Application hosting

These providers have access to data only as necessary to perform their functions and are obligated to maintain confidentiality.

Your Rights

You have the right to:

  • Request access to your personal information
  • Request correction of inaccurate information
  • Request deletion of your information (subject to legal requirements)
  • Opt out of future communications

Cookies and Tracking

We use a minimal number of cookies essential for our service to function. If you are a business client, we use a secure session cookie for dashboard authentication that expires after 24 hours.

We do not use third-party tracking cookies or advertising cookies. Most browsers allow you to control cookie settings in your preferences.

Bot Traffic

We automatically detect and filter out bot traffic (search engine crawlers, social media bots, and automated tools) from our analytics. This traffic is not logged to our attribution database. We maintain a database of bot signatures to identify automated visitors.

Data Retention

We retain your data for the following periods:

  • Attribution event data - 90 days, then automatically deleted
  • Wallpaper download records - 90 days, then automatically deleted
  • Shop configuration data - Retained for the duration of the business relationship
  • Cache data - Expires automatically

Children's Privacy

Our service is not directed to children under 13. We do not knowingly collect personal information from children under 13.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page with an updated date.

Contact Us

If you have any questions about this privacy policy or our data practices, please contact us:

  • Email: hi@dylandubois.dev
  • Website: https://ratesontap.com

From the blog

View all