Skip to content
Tapimo home
Privacy

Privacy Policy

Last updated May 2026

How Tapimo collects, uses, stores and protects personal information, in line with the Australian Privacy Principles (APPs) under the Privacy Act 1988.

Information we collect

From customers (diners):

  • Optional email and name for receipts and order labelling
  • Order history at the venues where you have ordered
  • Optional dietary preferences and allergens you choose to save against your diner profile
  • Payment information processed by Stripe (Tapimo never stores raw card data)

From venues:

  • Account details for venue owners and staff (name, email, role)
  • Business identifiers (ABN, GST registration status, bank details for payouts)
  • Menu, ordering and operational data created in the dashboard

How we use it

  • To operate the ordering platform and process orders
  • To send transactional receipts and order updates
  • To support venue analytics and operations
  • To comply with legal obligations (tax invoices, audit, fraud prevention)
  • To improve the platform (in aggregate, never identifiable without consent)

Sensitive information

Where a diner saves allergens or dietary information against their profile, that data is encrypted at rest. Access to it is gated behind a service layer that scopes reads per venue per scan; staff cannot browse the raw list.

Sharing

Order data is shared with the venue you ordered from so they can fulfil the order. Payment data is processed by Stripe. Email is processed by Postmark for transactional sends. Tapimo does not sell personal information.

Retention

Order records are retained as long as required by Australian tax law (currently five years). Marketing demo data is auto-purged daily. Diner profiles persist until the diner requests deletion via their account or the venue closes.

Your rights

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion where legally permitted (some records must be retained for tax purposes)
  • Complain about a privacy issue, internally first and then to the OAIC if unresolved

Security

Tapimo uses encryption in transit and at rest, server-side audit logs for privileged actions, and tenant-scoped data access. Card data is handled exclusively by Stripe; Tapimo never receives or stores raw PAN data.

Contact

Privacy questions: [email protected]. We respond inside 30 days.