Privacy Policy for tagsurfer.com

Last updated: 11/2025

Operator: Keyconex Inc., Delaware, USA

Your privacy is important to us. This Privacy Policy explains how we collect, use, and protect your personal data when you visit tagsurfer.com or use our services. We comply with the EU General Data Protection Regulation (GDPR) and all other applicable privacy laws.

1. Data Controller

Keyconex Inc., Delaware, USA

Email: privacy[at]tagsurfer.com

For EU users, Keyconex Inc. may appoint an EU Representative in accordance with Art. 27 GDPR.

2. Types of Personal Data We Collect

2. Types of Personal Data We Collect

We may collect the following categories of personal data:
a) Data you provide directly

  • Account information (name, email, username, password hash)

  • Support inquiries

  • Voluntary uploads (photos, text, content)

  • Consent preferences

b) Device & technical data (automatically collected)

  • IP address (short-term for security)

  • Browser type and version

  • Operating system

  • Device identifiers (non-personal where possible)

  • Referrer URLs

  • Activity & log data

c) Camera data

  • Photos or scans taken to use specific features (Scan QR code of Beacons, Images in User Profile – Private/Business)

  • No camera access occurs without explicit permission

  • No background recording

  • Images are processed only for the stated purpose

d) Bluetooth data

  • Bluetooth Low Energy (BLE) proximity identifiers

  • We do not collect location, movement profiles, or precise positioning

  • All identifiers are anonymized or pseudonymized To use the service, the tagsurfer.com Beacons uniquely allocated to the service, will send BLE

    signals in distances of about 150m to the location of the Beacon. This is necessary to the services tagsurfer.com provides to the community. As a user of the service, you confirm acceptance.

e) Cookies and tracking technologies

  • Essential cookies (necessary for website and app function

  • Analytics cookies

  • Preference cookies

3. Legal Basis for Processing (Art. 6 GDPR)

3. Legal Basis for Processing (Art. 6 GDPR)

We process personal data on the following grounds:

  • Purpose // Legal Basis

  • Operating the website // Art. 6(1)(f) – Legitimate interest

  • User account creation // Art. 6(1)(b) – Contract necessity

  • Camera features // Art. 6(1)(a) – Explicit consent

  • Bluetooth features // Art. 6(1)(a) – Explicit consent

  • Analytics // Art. 6(1)(a) – Consent

  • Security & fraud prevention // Art. 6(1)(f) – Legitimate interest

  • Legal compliance // Art. 6(1)(c) – Legal obligation

4. Purpose of Data Processing

4. Purpose of Data Processing

We process data to:

  • Provide and maintain our services

  • Enable camera and Bluetooth-based features

  • Improve performance and user experience

  • Analyze website and app usage

  • Prevent security breaches and fraud

  • Communicate with you about updates

  • Fulfill legal and regulatory obligations

5. Data Storage & Retention

5. Data Storage & Retention

We store personal data only as long as necessary for:

  • Providing the service

  • Our legitimate business needs

  • Legal retention obligations

Retention examples:

  • Account data: stored until account deletion

  • Device logs: 30–90 days (for security)

  • Camera images: only stored if the user saves or uploads them

  • Bluetooth identifiers: anonymized and short-lived

After retention expires, data is deleted or anonymized.

6. Data Sharing & International Transfers

6. Data Sharing & International Transfers

We may share data with:

  • Hosting providers

  • Analytics providers (only with consent)

  • Customer support tools

  • Contracted service providers who act as GDPR-compliant data processors

  • International transfers (including USA)

As a U.S. company, Keyconex Inc., may transfer data to the United States or other third countries.
Transfers are protected using:

  • Standard Contractual Clauses (SCCs)

  • Additional technical and organizational safeguards

  • Data minimization principles

We do not sell personal data.

7. Cookies & Tracking (GDPR & ePrivacy)

7. Cookies & Tracking (GDPR & ePrivacy)

We use a cookie consent tool that allows users to:

  • Accept all cookies

  • Reject all cookies

  • Customize choices

Important:

  • Essential cookies are active regardless of consent (Art. 6(1)(f))

  • Analytics and marketing cookies require opt-in consent (Art. 6(1)(a))

8. User Rights Under GDPR

8. User Rights Under GDPR

You have the following rights:

  • Right to access your data (Art. 15)

  • Right to rectification (Art. 16)

  • Right to erasure (“right to be forgotten”) (Art. 17)

  • Right to restriction of processing (Art. 18)

  • Right to data portability (Art. 20)

  • Right to object (Art. 21)

  • Right to withdraw consent at any time (Art. 7)

  • Right to lodge a complaint with an EU supervisory authority

To exercise these rights:

Contact us at privacy[at]tagsurfer.com

9. Security Measures

9. Security Measures

We implement technical and organizational measures including:

  • HTTPS encryption

  • Encrypted password hashing

  • Data minimization

  • Access control for authorized staff only

  • Regular security audits

  • Logging and monitoring for suspicious activity

  • Secure data transfer mechanisms

We follow relevant security practices for camera and Bluetooth features.

10. Children’s Privacy

10. Children’s Privacy

  • Services are not intended for children under 16 in the EU.

  • We do not knowingly collect data from children without parental consent.

11. Changes to This Privacy Policy

11. Changes to This Privacy Policy

We may update this policy to reflect:

  • Legal requirements

  • Changes in our services

  • Technological updates

The latest version will always be available on this page.

12. Contact Information

12. Contact Information

If you have questions or data protection concerns, please contact: privacy[at]tagsurfer.com