This policy explains how we collect, use, share, store, and protect your personal information when you use our website, apps, interfaces, and social or interactive services (collectively, the "Service").
1) Scope & Who We Are
This policy applies to all current and future Tapylapy products and services that reference it. You can contact the Data Controller at [email protected] for privacy-related requests, or at [email protected] for formal legal correspondence.
By using the Service, you acknowledge that you have read and understood this policy and agree that your information may be collected and processed as described here and as permitted by applicable law.
2) What We Collect
- Account data: name, email, username, language, country, and date of birth (used to verify the 18+ minimum age requirement).
- Content and interactions: posts, images, videos, messages, comments, likes, saves, follows, reports, and interaction history.
- Technical data: IP address, device type, operating system, browser, logs, session identifiers, and crash/performance data.
- Location data: approximate location from IP, and precise location only if you expressly allow it.
- Payment and identity-verification data: when you use top-up, gift, or reward-withdrawal features, we may collect data needed to complete the transaction, verify your identity, or prevent fraud and money laundering, as described in our AML/KYC Policy, typically through approved payment providers.
- Partner or integration data: when you connect your account to other services within lawful limits.
3) Public, Private Content & Message Confidentiality
Some information on Tapylapy may be public by nature, such as public posts, display name, profile photo, follower counts, and certain interactions depending on your settings.
You are responsible for choosing appropriate privacy settings and understanding that public content may be viewed, shared, or archived by others.
Confidentiality of Private Messages & Chats
We treat your private messages in chats and conversations as confidential. Your messages are protected and encrypted in transit and at rest, we do not sell or share them with any external party, we do not use their content for advertising or marketing, and we do not proactively monitor the content of your conversations.
The only exception to this confidentiality is when a report is submitted: if one party to a conversation reports messages or violating behavior, only the reported portion of the conversation may be made available to our safety team for review, or to competent authorities where there is a valid legal obligation or a serious safety risk — limited to the minimum necessary to handle the report, and no more. This approach is similar to that used by major social platforms.
For more on how reports work and are handled, see our Safety Policy.
4) Why We Use It
- To operate the Service, create accounts, authenticate logins, and provide core features, including verifying the 18+ minimum age requirement.
- To personalize feeds, recommendations, search, and relevant content.
- To run social features such as follows, messaging, notifications, engagement tools, and suggestions.
- To improve security and prevent fraud, impersonation, abuse, intrusions, and unlawful defamation.
- To verify identity and combat money laundering when gift or reward-withdrawal features are used, as described in our AML/KYC Policy.
- To analyze performance, improve quality, build features, and understand how the Service is used.
- To manage user-created self-promotional ads, measure their performance, and reduce misleading or unlawful ads.
- To comply with legal obligations and protect users, rights, the platform, and the public.
5) No Trading in Personal Data
SULTAN X LTD commits not to trade in users' personal information in a manner that violates the law or exceeds what is lawfully necessary to operate, protect, and improve the Service.
We commit not to sell, buy, rent, barter, take, or give personal information about any individual outside the law or outside what is legitimately necessary for platform operation, service delivery, safety, or legal compliance.
6) Legal Bases (EEA/UK/CH)
Note: Under the Geographic Restrictions in our Terms of Service, Tapylapy is not currently available to anyone located in the EU/EEA or Switzerland; this section applies to the United Kingdom as current users, and to users from those other regions only as former users for as long as we hold data about them — see Annex (B) below for detail.
We process data based on: Legitimate interests (to operate, secure, and improve), Contract performance (to provide features you use), Legal obligation (to comply with law, including anti-money-laundering obligations), and Consent (where legally required).
Where we rely on consent, you may withdraw it at any time through available settings or by contacting us.
7) Cookies
We use cookies and similar technologies to run the Service, maintain sessions, remember preferences, improve performance, and measure usage. You can manage cookies through your browser, although disabling some essential cookies may affect functionality.
8) Who We Share Data With
- Service providers: hosting, security, support, email, analytics, and fraud prevention vendors under appropriate agreements.
- Payment and identity-verification providers: where top-up, gift, or reward-withdrawal features are enabled.
- Affiliates or lawful successors: in connection with mergers, acquisitions, or restructuring.
- Competent authorities: when legally required or necessary to protect rights, safety, public order, or for anti-money-laundering purposes.
9) Legal Requests & Authorities
Our default position is to protect user privacy and not disclose personal information without a valid legal basis.
However, if we receive a valid and binding legal request from a competent court or authority, and the request is specific, legitimate, and related to alleged unlawful conduct, we may review and respond to that request as required by law.
For users who are not subject to valid legal demands, we do not have the right to disclose their personal information arbitrarily or outside the law.
10) International Transfers
SULTAN X LTD is a company registered in the United Kingdom, and some data may be stored or processed in the United Kingdom or outside your country of residence, subject to appropriate safeguards where required by law, such as Standard Contractual Clauses or comparable legal mechanisms.
Under the Geographic Restrictions in our Terms of Service, the Service is not offered or directed to anyone in the European Union, the European Economic Area, or Switzerland, and we do not target these markets in any way (no dedicated language, currency, or marketing directed at them). For this reason, Article 27 of the GDPR does not require us to appoint an EU representative. That said, as a matter of good faith toward any former user whose data was collected before this restriction took effect, we will continue to respond to rights requests and privacy-related correspondence in accordance with applicable law via [email protected].
11) Security & Deletion
We apply reasonable technical and organizational measures to protect data against unauthorized access, alteration, disclosure, destruction, or misuse.
We retain your data only for as long as your account actually exists on the platform. When you fully delete your account under our Account Deletion Policy, we permanently delete your data and content from our operating systems — including your account, photos, videos, posts, messages, comments, and any other data directly linked to your account — except:
- Limited technical backups, which may persist for a short period not exceeding 30 days before permanent deletion.
- Identity-verification and financial transaction records (if any) related to coin top-ups, gifts, or withdrawal requests, retained for the period required by applicable anti-money-laundering law (see our AML/KYC Policy) even after account deletion.
12) Social Platform Features
As a social platform, Tapylapy may offer features such as user profiles, follows, notifications, suggested content, messaging, public posting, engagement features, reporting tools, blocking, muting, verification, and tags or labels.
We may use technical and behavioral indicators to detect fake, abusive, or deceptive accounts and to protect the digital safety of the platform and its users.
13) Your Rights
Depending on applicable law, your rights may include: access, correction, deletion, restriction, objection to certain processing, withdrawal of consent, opt-out from certain ads or tracking, and data portability. We honor Global Privacy Control (GPC) where required by law.
You can exercise these rights through settings or by contacting: [email protected].
14) Data of Persons Under 18
Tapylapy does not permit use of the Service by anyone under 18 years old. If we learn that an account belongs to a person under this age, we immediately suspend or delete the account, including deleting that person's data under our Account Deletion Policy.
If you are a parent or guardian and believe a person under 18 has created a Tapylapy account, please contact us immediately at [email protected] and we will review and delete the account without delay.
15) Ads & Reputation-Sensitive Content
Any user may create self-made promotional or advertising content directly from their regular personal account (no separate business account is required), and we attempt to label it appropriately. We also provide ways to report impersonation, trademark misuse, unlawful defamation, misleading advertising, and other content that may unlawfully harm reputation or rights.
16) Abuse, Reporting & Enforcement
We may monitor certain technical and behavioral signals for security, anti-fraud, anti-spam, and anti-abuse purposes. We provide reporting tools for unlawful or policy-violating content and reserve the right to take action such as restricting content, removing material, or suspending accounts where legally appropriate.
17) Indemnification
You are fully responsible for claims, damages, or disputes arising from your content, actions, or use of the platform. You agree to indemnify, defend, and hold harmless Tapylapy and SULTAN X LTD from claims, losses, liabilities, and costs (including reasonable attorneys' fees) arising from your use, violations of law, terms, or others' rights.
18) Changes to This Policy
We may update this policy from time to time. The latest version will be posted on the website or app and becomes effective upon posting unless stated otherwise. For material changes, we may provide clearer notice where appropriate or legally required.
19) Contact
For privacy questions, data requests, or rights-related inquiries: [email protected].
For formal legal correspondence addressed to the Data Controller: [email protected].
Owner & Operator: SULTAN X LTD — a company registered in England, United Kingdom, company number 17198402, London, United Kingdom.
If there is any conflict between the Arabic and English versions of this policy, the Arabic version shall govern.
Regional Annexes (Short)
(A) U.S. State Privacy Notice
If you are a resident of a U.S. state with applicable privacy laws, you may have additional rights such as access, correction, deletion, portability, and opt-out rights relating to certain forms of sale, sharing, or targeted advertising as defined by local law. We honor GPC where required by law.
(B) GDPR Notice — EEA/UK/Switzerland
Note: Under the Geographic Restrictions in our Terms of Service, Tapylapy is not currently available to anyone located in the EU, EEA, Switzerland, Norway, or Iceland. This annex remains in force for any user from these regions for as long as we hold data about them, and for the United Kingdom, which is not among the restricted territories.
If you are subject to GDPR or similar rules, you may have enhanced rights such as restriction, objection, withdrawal of consent, portability, and the right to complain to your local supervisory authority. As noted in Section 10, because the Service is not offered or directed to the EU/EEA/Switzerland, Article 27 GDPR does not require SULTAN X LTD to appoint a representative there — but we respond to legitimate requests as required by law.