Privacy Policy

Last Updated: April 17, 2026

1. Introduction

Tap Rain ("we", "our", or "us") respects your privacy and is committed to protecting your personal data. This privacy policy will inform you about how we look after your personal data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.

This privacy policy aims to give you information on how Tap Rain collects and processes your personal data through your use of this website, including any data you may provide through this website when you sign up for our service, use our platform, or participate in our publisher program.

2. The Data We Collect About You

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data includes username, email address, and profile picture if provided.
  • Contact Data includes email address and any other contact information you provide.
  • Financial Data includes payment details and transaction history.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
  • Profile Data includes your username and password, your interests, preferences, feedback and survey responses.
  • Usage Data includes information about how you use our website, products and services.

3. How We Collect Your Personal Data

We use different methods to collect data from and about you including through:

  • Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise.
  • Automated technologies or interactions. As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns.
  • Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:
    • Technical Data from analytics providers such as Google
    • Contact, Financial and Transaction Data from providers of technical, payment and delivery services

4. How We Use Your Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal obligation.

Purposes for which we will use your personal data:

  • To register you as a new customer
  • To process and deliver your service including managing payments, fees and charges
  • To manage our relationship with you including notifying you about changes to our terms or privacy policy
  • To administer and protect our business and this website
  • To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
  • To use data analytics to improve our website, products/services, marketing, customer relationships and experiences
  • To make suggestions and recommendations to you about goods or services that may be of interest to you

5. Disclosures of Your Personal Data

We may share your personal data with the parties set out below for the purposes set out in this privacy policy:

  • Service providers who provide IT and system administration services.
  • Professional advisers including lawyers, bankers, auditors and insurers.
  • Regulators and other authorities who require reporting of processing activities in certain circumstances.
  • Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

6. International Transfers

We may transfer your personal data to countries outside the jurisdiction in which you are located. Whenever we transfer your personal data out of the jurisdiction, we ensure a similar degree of protection is afforded to it by implementing appropriate safeguards.

7. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

8. Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

9. Your Legal Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:

  • Request access to your personal data.
  • Request correction of your personal data.
  • Request erasure of your personal data.
  • Object to processing of your personal data.
  • Request restriction of processing your personal data.
  • Request transfer of your personal data.
  • Right to withdraw consent.

If you wish to exercise any of the rights set out above, please contact us at [email protected].

10. Cookies

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.

11. Third-Party Links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

12. Children's Privacy

Our Service does not address anyone under the age of 18. We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us.

13. Third-Party Service Providers & Data Sharing

We share your personal data with the following third-party service providers as necessary to operate our platform:

  • Tipalti — Payment processing, tax compliance (W-9/W-8BEN), KYC/AML verification. We share your name, email, tax documents, payment details, and earnings data. Tipalti's use of your data is governed by Tipalti's Privacy Policy.
  • Slash — Virtual card provider. We share your user ID and transaction data necessary to issue and manage virtual cards.
  • Hoot Services — Business center provisioning. We share email addresses and account credentials for business center creation.
  • Google — OAuth authentication (if used). We receive your name, email, and profile picture from Google when you sign in with Google. We do not share your TapRain data with Google.
  • Cloudflare — CDN, DDoS protection, and security. Cloudflare processes your IP address and request data as part of its security services.

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

14. Device Fingerprinting & Trusted Devices

When you enable "Trust this device" for two-factor authentication, we create a cryptographic hash (SHA-256) of your IP address combined with your browser's User-Agent string. This hash is stored in our database and used solely to recognize your device for 2FA bypass. We do not store raw device identifiers — only the irreversible hash. Trusted device records expire automatically after seven (7) days.

We also collect device type information (desktop, Android, iOS) from your User-Agent string for conversion attribution and fraud detection purposes.

15. IP Address Collection & Login History

We collect and store your IP address when you:

  • Log in to your account (we retain the most recent 100 login IPs with timestamps)
  • Submit conversions or click-through events
  • Access our API
  • Use real-time chat features

IP addresses are used for fraud detection, geolocation, security (alternate account detection), and legal compliance. IP login history is retained for the lifetime of your account.

16. Chat & Messaging Data

Messages sent through our global chat, team chat, and private messaging features are stored on our servers indefinitely unless deleted by a moderator. All messages are subject to monitoring and moderation by TapRain administrators. You should have no expectation of privacy in any message sent through our platform's communication features. Message data may be used as evidence in disputes, investigations, or legal proceedings.

17. Financial & Credit Data

We collect and retain detailed financial data including:

  • Earnings (lifetime, monthly, weekly, daily, hourly breakdowns)
  • Payment history (amounts, methods, dates, statuses)
  • Credit account data (credit limits, debt owed, repayment history)
  • Virtual card data (card spend, transaction history, merchant information)
  • Ad account data (approved amounts, current spend, withdrawal history)

Financial records are retained for a minimum of seven (7) years after account termination for tax, legal, and regulatory compliance purposes.

18. Conversion & Click Tracking Data

We collect detailed tracking data for each click and conversion including: IP address, country code, device type, offer name, sub-tracking parameters (s1/s2), click IDs, conversion IDs, timestamps, and amounts. This data is used for attribution, fraud detection, quality analysis, and payment calculation. Conversion data is retained for the lifetime of your account plus a minimum of seven (7) years.

19. Session Management

We use secure HTTP-only cookies containing a random session identifier to maintain your login session. Session data (including your user ID, session creation time, and role) is stored in our Redis database with a seven (7) day expiration. Sessions may be invalidated at any time by TapRain for security or compliance reasons.

20. California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information we collect about you
  • Request deletion of your personal information (subject to legal retention requirements)
  • Opt out of the sale of your personal information (we do not sell personal information)
  • Non-discrimination for exercising your privacy rights

To exercise these rights, contact us at [email protected]. We will respond within 45 days as required by the CCPA.

21. European Privacy Rights (GDPR)

If you are located in the European Economic Area, you have the following rights under the GDPR:

  • Right of Access: You may request a copy of your personal data
  • Right to Rectification: You may request correction of inaccurate data
  • Right to Erasure: You may request deletion (subject to legal retention obligations)
  • Right to Restriction: You may request restriction of processing
  • Right to Portability: You may request your data in a machine-readable format
  • Right to Object: You may object to processing based on legitimate interests

Our legal basis for processing your data is: (a) performance of our contract with you (Terms of Service); (b) legitimate business interests (fraud prevention, platform security); (c) your consent (where applicable); and (d) legal obligations.

To exercise any of these rights, contact [email protected]. We will respond within 30 days.

22. Mobile Application

When you use the TapRain mobile application, we may collect and process the following additional data:

  • Authentication Tokens. Session tokens are stored securely on your device using platform-provided encrypted storage (Android Keystore). These tokens are used solely to maintain your logged-in session and are never transmitted to third parties.
  • Device Information. Standard device identifiers transmitted with HTTP requests (device model, operating system version, user agent string, IP address) are collected as part of normal API communication.
  • Push Notifications. If you opt in to push notifications, a device token is generated and stored on our servers to deliver notifications. You may disable push notifications at any time through your device settings.
  • Network Communications. All data transmitted between the App and TapRain servers is encrypted via HTTPS/TLS. The App communicates exclusively with TapRain's servers (dash.taprain.com) and does not send data to any third-party analytics or advertising services.

Permissions. The App requires only internet access (android.permission.INTERNET). No access to camera, contacts, location, microphone, or device storage is requested or used.

Data Deletion. Uninstalling the App removes all locally stored data including session tokens. To delete your account data from our servers, contact [email protected] or use the account deletion feature in your dashboard settings.

23. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

24. Contact Us

If you have any questions about this Privacy Policy, please contact us by email: [email protected]

Or join our Discord community for additional support.