• The amazingly simple way to delight your customers
    • Sign in

    Privacy Policy

    Who we are: TagXD provides an NFC/QR tag management platform and a website builder used by businesses to create pages that tag-taps or QR scans open. We are incorporated/operate in Canada.

    Short version — TL;DR

    • Customers (businesses) sign up and build pages or map tag UUIDs to URLs.

    • People who tap an NFC tag or scan a QR code and land on a page we host are “end users.”

    • We collect analytics about taps/scans to help customers measure usage, but we do not collect or store unique device identifiers (no IMEIs, advertising IDs, persistent device fingerprints).

    • We may collect limited technical data (see “What we collect” below). We use that data to run and improve the service, prevent abuse, and comply with the law.

    • You can contact us to request more info, correction, or deletion where applicable.

    1. Who controls the data?

    • Our customers (the businesses that create pages and map tags) are generally the data controllers for content and interactions on their pages. They decide what personal information to collect from end users and must follow applicable law.

    • TagXD is the service provider (processor) for customer sites and tag mappings — we host pages, track analytics on behalf of customers, and provide tools. For the personal information we collect about our own customers (account sign-ups, billing), we are the controller.

    2. What information we collect and why

    For our paying customers (account holders)

    • Contact info (name, business name, email, phone).

    • Billing information (we use a third-party payment processor; we do not store full payment card details).

    • Account activity (login times, admin actions) for security and support.
      Why: to provide, bill for, and secure your account.

    For end users (people who tap/scan)

    We collect analytics about taps/scans so customers can see usage. Example types of data we collect and use:

    • Tag/QR identifier (UUID or shortlink) — which tag was tapped or which shortlink used.

    • Timestamp — when the tap/scan happened.

    • Destination URL or page ID — which page the tag directed to.

    • Aggregate location (country/region derived from IP) — coarse location only, used for analytics (we do not keep or use precise GPS).

    • Device type / browser family (aggregated) — e.g., “mobile iOS” or “Android browser” for compatibility analytics. We do not collect persistent advertising or hardware identifiers.

    • Referrer / referring site — sometimes useful to know where traffic came from.

    Important: We do not track unique device identifiers or build permanent device fingerprints. We do not store IMEI, MAC addresses, device advertising IDs, or similar persistent identifiers. We also do not tie analytics to particular customer identities unless a customer explicitly configures user tracking (and if they do, they must disclose it to their users and obtain consent).

    3. How we use analytics

    • Provide dashboards and reports to customers about tag/QR performance.

    • Detect and prevent abuse (phishing, automated scans, fraudulent patterns).

    • Improve platform reliability, performance, and UX.

    • Comply with legal obligations (respond to lawful requests, investigate incidents).

    We only use analytics in aggregated or de-identified forms for product improvement and reporting whenever possible. Guidance on de-identification suggests careful handling because improperly “de-identified” data can still re-identify people, so we follow best practices for aggregation and minimization.

    4. Cookies, pixels, and third-party services

    • Our platform or pages hosted on our platform may use cookies or web beacons for functionality and analytics. Customers can choose to include third-party scripts on their pages (for example, embed a widget). Those third parties may collect data under their own policies.

    • We recommend customers disclose and obtain consent for cookies/third-party trackers on pages they build when required by law.

    5. Sharing & disclosure

    We may share data in the following limited ways:

    • Service providers: hosting, CDN, analytics, email, payments. We require vendors to protect data.

    • To comply with law: respond to court orders, lawful government requests, or to prevent imminent harm.

    • To protect rights: detect or prevent fraud or security incidents.

    • If required by a customer contract: e.g., we may provide aggregated analytics back to the customer who owns the tag data.

    We will not sell your personal information.

    6. Retention

    • Raw logs & ephemeral data (including raw IPs): retain 30 days, then purge.

    • Processed analytics (aggregated, non-identifiable): retain 24 months for historical reporting, then aggregate further or delete.

    • Customer account data: retained while the account is active and for tax/business record requirements (e.g., 7 years for accounting).

    • Note: if a customer requests deletion of their tag data, we will remove or anonymize raw logs associated with that tag subject to legal obligations and our retention schedule.

    7. Security

    We use industry-standard controls (encryption in transit, access controls, logging, and regular security reviews). Access to analytics and tag mapping tools is role-restricted. We require vendors to meet reasonable security standards.

    8. Data breach notification

    If we become aware of a breach that creates a real risk of significant harm to individuals, we will notify affected individuals and the relevant privacy authority as required under Canadian law and provincial rules. We will also notify affected customer accounts so they can inform their end users.

    9. Your rights and choices

    For customers (account holders)

    • Access and correct your account data, export it, and request deletion.

    • Control tag mappings and disable analytics for your tags.

    • Manage billing and payment details.

    For end users (people who tap/scan)

    • If an end user believes we hold personal information about them (beyond aggregated analytics), they can contact us to request access, correction, or deletion. Because most tag analytics are aggregated and do not identify specific devices, some requests may not return personal data beyond what the customer collected on their page; in those cases we will explain what we hold and why

    10. Cross-border transfers

    We host and process data using cloud providers who may store data in other countries. When data is transferred or stored outside Canada, we take contractual and technical steps to protect it (encryption, vendor contracts).

    11. Children

    We do not knowingly collect personal information from children under the applicable age of consent via tags. If we learn that we have collected such information, we will delete it promptly.

    12. Changes to this policy

    We may update this policy. Material changes will be posted with a new “Effective” date and, where appropriate, notified to our customers.

    13. How to contact us or make a complaint

    Contact us using the contact form

    Last updated:

    September 29, 2025

    Cookie Settings
    This website uses cookies

    Cookie Settings

    We use cookies to improve user experience. Choose what cookie categories you allow us to use. You can read more about our Cookie Policy by clicking on Cookie Policy below.

    These cookies enable strictly necessary cookies for security, language support and verification of identity. These cookies can’t be disabled.

    These cookies collect data to remember choices users make to improve and give a better user experience. Disabling can cause some parts of the site to not work properly.

    These cookies help us to understand how visitors interact with our website, help us measure and analyze traffic to improve our service.

    These cookies help us to better deliver marketing content and customized ads.

    View Cookie Policy