Privacy Policy
Last updated: April 7, 2026
Tanaa ("we", "us", or "our") operates the Tanaa mobile application and web platform (the "Service"). This Privacy Policy explains how we collect, use, and protect your information when you use our Service.
1. Information We Collect
Account Information
- Name, phone number, and email address (provided during registration)
- Role and branch assignment (set by your organization administrator)
- Login credentials (securely hashed, never stored in plain text)
Device Information
- Device identifier (used for device registration and security)
- Platform type (iOS or Android)
Location Data
- GPS coordinates (used only for clock-in verification when enabled by your organization)
- Location is collected only when the app is in use and you initiate a clock-in
- We do not track your location in the background
Camera
- Camera access is used solely for selfie-based clock-in verification when enabled
- Photos are processed locally and not stored on our servers unless required for attendance records
Business Data
- Service records, appointments, queue entries, and transaction data
- Customer information entered by staff (name, phone number)
- This data belongs to your organization and is used to operate the Service
2. How We Use Your Information
- To provide and operate the Tanaa platform
- To authenticate staff and verify attendance
- To manage queues, appointments, and payments
- To send service-related notifications
- To improve the Service and fix issues
3. Data Sharing
We do not sell your personal data. We share information only:
- Within your organization (staff, branch admins, and organization owners can access business data)
- With service providers that help us operate the platform (hosting, authentication)
- When required by law or to protect our rights
4. Data Security
We use industry-standard security measures including encrypted connections (TLS/SSL), row-level security policies on our database, and secure authentication via Supabase Auth. Access to data is restricted based on staff roles and organization membership.
5. Data Retention
We retain your data for as long as your organization's account is active. When an organization is cancelled, we retain data for 30 days before permanent deletion. You can request earlier deletion by contacting us.
6. Your Rights
You have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data
- Withdraw consent for location or camera access via your device settings
7. Children's Privacy
Our Service is not directed to children under 16. We do not knowingly collect personal information from children.
8. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.
9. Contact Us
If you have questions about this Privacy Policy, contact us at:
© 2026 Tanaa. All rights reserved.