Privacy Policy

Last updated: January 26, 2025

1. Introduction

TangiCred Limited ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our NFC authentication services and website.

This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

2.1 Personal Information

We may collect the following personal information:

• Contact Information: Name, email address, phone number, postal address
• Account Information: Username, encrypted passwords, account preferences
• Payment Information: Billing address, payment method details (processed by our secure payment providers)
• Business Information: Company name, VAT number, business address (for enterprise customers)

2.2 Technical Information

• Device Information: NFC device identifiers, device type, operating system
• Usage Data: Authentication logs, service usage patterns, performance metrics
• Website Data: IP address, browser type, pages visited, time stamps

2.3 NFC Authentication Data

• Authentication Logs: Time, location, and success/failure of authentication attempts
• Service Access: Records of services accessed through NFC authentication
• Security Data: Fraud prevention and security monitoring information

3. How We Use Your Information

We use your personal information for the following purposes:

3.1 Service Provision

• Providing NFC authentication services
• Managing your account and preferences
• Processing payments and billing
• Providing customer support

3.2 Security and Compliance

• Preventing fraud and unauthorized access
• Maintaining security logs and audit trails
• Complying with legal and regulatory requirements

3.3 Improvement and Development

• Improving our services and user experience
• Developing new features and products
• Analyzing usage patterns and performance

4. Legal Basis for Processing

We process your personal data under the following legal bases:

• Contract Performance: To provide our services and fulfill our contractual obligations
• Legitimate Interest: For security, fraud prevention, and service improvement
• Legal Obligation: To comply with legal and regulatory requirements
• Consent: For marketing communications (where applicable)

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

5.1 Service Providers

• Payment processors (Stripe, PayPal)
• Cloud hosting providers (with data processing agreements)
• Customer support platforms
• Security and fraud prevention services

5.2 Legal Requirements

• Law enforcement agencies (when legally required)
• Regulatory authorities
• Courts and legal proceedings

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the new entity, subject to the same privacy protections.

6. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

• Account Data: Until account deletion plus 30 days
• Authentication Logs: 12 months for security purposes
• Payment Records: 7 years for tax and accounting requirements
• Website Data: 13 months for analytics purposes

7. Your Rights

Under UK GDPR, you have the following rights:

• Access: Request copies of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your personal data
• Restriction: Limit how we process your data
• Portability: Receive your data in a structured format
• Objection: Object to processing based on legitimate interest
• Automated Decision-Making: Not be subject to automated decisions

To exercise these rights, contact us at hello@tangicred.com.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• End-to-end encryption for data transmission
• Secure cloud infrastructure with access controls
• Regular security audits and penetration testing
• Staff training on data protection principles
• Incident response procedures

9. International Transfers

We may transfer your personal data outside the UK to service providers in countries with adequate data protection laws or under appropriate safeguards such as Standard Contractual Clauses.

10. Children's Privacy

Our services are not intended for children under 16. We do not knowingly collect personal data from children under 16 without parental consent.

11. Cookies and Tracking

We use cookies and similar technologies for website functionality and analytics. For detailed information, see our Cookie Policy.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through our website.

13. Contact Information

Data Controller: TangiCred Limited
Address: 63 Acer Apartments, W12 7LT London, England, Great Britain
Company Registration: 16640916
Email: hello@tangicred.com

14. Complaints

If you have concerns about how we handle your personal data, you can contact the Information Commissioner's Office (ICO):

Website: ico.org.uk
Phone: 0303 123 1113