GLOBAL DATA PRIVACY POLICY

About Taptic

Taptic (Pty) Ltd is a private South African educational technology company that builds and operates data-driven learning platforms across Africa. Our mission is to provide free, accessible educational resources — including past exam papers, study guides, and model papers — to students across the continent.

Taptic currently operates educational platforms in 7 African countries, each tailored to the local curriculum and governed by the data protection laws of that jurisdiction. All platforms are owned, operated, and governed centrally by Taptic (Pty) Ltd.

For a full overview of Taptic's security posture, infrastructure providers, subprocessors, and compliance practices, visit the Taptic Trust Center.

1. Scope of This Policy

This Global Data Privacy Policy ("GDPP") governs how Taptic (Pty) Ltd ("Taptic", "we", "our", "us") collects, processes, stores, shares, and sells personal and behavioural information across all platforms we own and operate. It applies to every user of every Taptic-operated platform, regardless of country.

Each country-specific platform also maintains its own local privacy policy, which addresses the applicable data protection legislation of that jurisdiction. Where a local policy conflicts with this GDPP, the local policy takes precedence for users in that jurisdiction. The local policies are linked above and in the Country-Specific Policies section below.

2. Information We Collect

Across all Taptic platforms, we collect the following categories of information to operate, improve, and sustain our free educational services.

2.1 Information You Provide Voluntarily

• Name and email address submitted through contact or support forms
• Messages, feedback, and enquiries
• Participation in surveys, promotions, or research activities

2.2 Automatically Collected Information

When you use any Taptic platform, technical and behavioural data is collected automatically through browser requests, cookies, and analytics systems:

• IP address and approximate geolocation (region/city level)
• Device type, operating system, and browser version
• Pages visited, session duration, and timestamps
• Click paths, scroll behaviour, and navigation patterns
• Downloads, resource access patterns, and referral URLs
• Advertising identifiers

2.3 Cookies, Pixels, and Tracking Technologies

All Taptic platforms use standard tracking technologies:

• Essential cookies — maintain sessions, prevent fraud, and ensure core functionality
• Analytics cookies (Google Analytics) — measure site performance and identify popular resources
• Advertising cookies (Google AdSense) — personalise ads, track ad performance, and limit repeated impressions
• Behavioural tracking tools (Wix heatmaps, session analytics) — aggregate user interaction data to improve usability

Disabling cookies may affect website performance and functionality.

3. How We Use Your Information

We process information for the following purposes across all platforms:

• Delivering and maintaining platform functionality
• Improving educational content quality, accuracy, and discoverability
• Personalising user experience, content layout, and ad delivery
• Analysing user behaviour, engagement trends, and resource demand
• Conducting system diagnostics, fraud detection, and security monitoring
• Developing new features and educational tools across the Taptic portfolio
• Supporting internal research, reporting, and operational strategy
• Complying with applicable data protection laws in each jurisdiction

4. Data Selling & Data Licensing

Taptic (Pty) Ltd and all its subsidiary platforms engage in data selling, licensing, and data-driven commercial partnerships. This is a core part of our business model and is conducted under strict internal governance.

4.1 Data That May Be Sold or Licensed

We may sell or license non-sensitive categories of personal and behavioural information, including:

• Device metadata
• Session patterns and usage metrics
• Behavioural data (interaction patterns, clicks, downloads, browsing paths)
• Advertising identifiers
• Demographic approximations (e.g., grade level, region)
• Aggregated or anonymised educational analytics and usage datasets

This data is sold primarily for research, academic insights, ad-tech optimisation, and market analysis.

4.2 Data We Do NOT Sell

We never sell data that directly identifies you:

• Names
• Email addresses
• Direct contact information
• User messages or enquiry content
• Uploaded content or documents
• Sensitive personal data as defined under applicable local law

4.3 Why Data Is Sold

Revenue from data sales and licensing directly funds:

• Free access to educational resources across all 7 countries
• Development and expansion of learning tools
• Growth of exam paper collections and study materials
• Infrastructure, hosting, security, and platform maintenance
• Research partnerships and academic data initiatives

4.4 How Data Is Processed Before Sale

Before any dataset is sold or licensed:

• Direct and sensitive identifiers are removed
• Records are aggregated or anonymised where possible
• Partners must adhere to strict contractual data-use restrictions
• Internal compliance and ethics guidelines are followed

5. Google AdSense & Third-Party Advertising

All Taptic platforms use Google AdSense to display advertisements. Google processes data to deliver personalised or contextual ads, measure ad performance, and prevent fraudulent activity.

Google may collect cross-site browsing behaviour, device identifiers, and ad interaction metrics via cookies and pixels.

Taptic adheres to Google's Publisher Policies and all applicable local consent and privacy standards. Users may adjust their Google ad preferences or opt out of personalised advertising at any time.

6. Data Sharing with Third Parties

6.1 Within the Taptic Group

Data flows freely within Taptic (Pty) Ltd and across all subsidiary platforms for analytics, infrastructure management, research, product development, and operational purposes.

6.2 Service Providers & Integrations

We rely on third-party partners and subprocessors including:

• Wix — website hosting, analytics, cloud infrastructure, and session tools
• Google, AWS, Microsoft — advertising, analytics, and cloud services
• Cloudflare — DNS and security
• Bunny — content delivery network (CDN)
• Resend, Twilio — email and SMS communications
• GitHub — CI/CD and development infrastructure
• DarkNotify — security monitoring
• Apple, Huawei — app distribution
• Approved commercial data partners and licensees

A complete list of all services and subprocessors, including detailed descriptions of what each provider handles, is available at the Taptic Trust Center.

6.3 Legal & Compliance Requirements

We may disclose information to law enforcement agencies, courts, regulatory bodies, legal representatives, or auditors when legally required or when protecting our rights under the applicable jurisdiction.

6.4 Business Transfers

In the event of a sale, merger, restructuring, or acquisition involving any Taptic platform, user data may be transferred as a business asset.

7. Data Security

Taptic applies multi-layered security across all platforms, built on four core pillars: Security, Privacy, Reliability, and Transparency.

• HTTPS encryption on all sites
• Server-side firewalls and intrusion prevention systems
• Secure cloud infrastructure with access-controlled data systems
• Continuous monitoring and automated threat detection
• Enterprise-grade incident response procedures
• Data minimisation with strict access controls
• Distributed infrastructure ensuring high availability
• Built-in Wix cloud security safeguards

While no digital system is entirely risk-free, we implement industry-leading practices to protect user data. Full details on our security posture, infrastructure providers, and compliance standards are published at the Taptic Trust Center.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access your personal information
• Request correction or updates to your data
• Request deletion or erasure where legally applicable
• Object to processing or data-selling practices
• Withdraw consent for non-essential data processing
• Restrict certain types of processing
• Request data portability (where applicable)
• Be notified of data breaches affecting your information
• Lodge complaints with your local data protection authority

To exercise any of these rights, contact the relevant platform directly (see Country-Specific Policies below) or email legal@taptic.org.

9. Data Retention

We retain personal information only as long as necessary for:

• Service delivery and platform operation
• Legal and commercial compliance obligations
• Security, fraud prevention, and audit requirements
• Analytics, research, and platform improvement

When data is no longer required, it is securely deleted or anonymised.

10. Educational Resources & Past Papers

All Taptic platforms provide educational materials including past exam papers, model papers, study guides, and reference materials. These are provided for educational purposes only and may not always be fully accurate or reflect the latest curriculum updates.

Personal information is not required to download educational resources. Cookies help track download popularity, identify important subjects, and improve resource distribution.

11. Copyright & Content Ownership

Taptic does not claim ownership over all materials hosted on its platforms. Content may originate from public domain sources, contributors, educators, user submissions, government archives, or publicly accessible repositories. We follow the copyright laws of each jurisdiction and respond promptly to takedown requests.

12. Branding & Intellectual Property

All platform names, logos, design elements, and interface layouts are trademarks of Taptic (Pty) Ltd and are protected intellectual property. This includes: "SA Papers", "Eswatini Papers", "Mauritius Papers", "Namibia Papers", "Rwanda Papers", "SC Papers" (Seychelles Papers), and "Zambia Papers". Unauthorised reproduction or use of any Taptic branding may result in legal action.

13. Hosting & Third-Party Infrastructure

All Taptic platforms are hosted on Wix, which manages hosting, cloud data processing, analytics, and storage on our behalf.

Wix Privacy Policy: https://www.wix.com/about/privacy

Domain registration is handled through multiple registrars depending on the jurisdiction, including Cloudflare, GoDaddy, Wix, Domains.co.za, cloud.mu, seyhost.com, and aos.rw.

Additional infrastructure includes AWS, Microsoft, and Absolute Hosting for cloud services, Cloudflare for DNS, and Bunny for CDN. These providers maintain their own security and privacy practices.

A full list of all infrastructure providers, subprocessors, and domain registrars is available at the Taptic Trust Center.

14. Internet & Data Usage

Your Internet Service Provider (ISP) may collect browsing behaviour, traffic data, timestamps, and data consumption details. Taptic is not responsible for ISP-level tracking, monitoring, or data charges.

15. Consent

By using any Taptic platform, you consent to:

• Data collection and processing as described in this policy
• Data selling and licensing of non-sensitive data categories
• Use of cookies, analytics, and advertising technologies
• Processing by Taptic (Pty) Ltd and its authorised partners

If you disagree with any part of this policy, please discontinue use of our platforms.

16. Changes to This Policy

We periodically update this policy to reflect changes in law, technology, or platform operations. Significant updates will be reflected with a new effective date. Continued use of any Taptic platform after an update signifies acceptance of the revised terms.

Country-Specific Privacy Policies

Each Taptic platform operates under the data protection framework of its respective country. The local policy addresses jurisdiction-specific rights, regulatory authorities, and compliance requirements. Click any country below to view the full local policy.

17. Contact Taptic

For enquiries related to this Global Data Privacy Policy or any Taptic platform:

For country-specific enquiries, please contact the relevant platform directly using the details in the Country-Specific Policies section above.

We strive to respond to all privacy and data-related enquiries within a reasonable timeframe.

Taptic (Pty) Ltd — proudly supporting education across Africa.