Skip to main content
Skip to content
TAPTry TAP free
§ Legal

Data processing addendum.

Last updated: 27 April 2026

1. Scope

This addendum governs Total Audio Promo Ltd’s (“TAP”) processing of personal data on your behalf when you use TAP to draft, approve, send, and track outreach. It supplements the Privacy Policy and forms part of the terms of service. Where conflicts arise, this addendum prevails for processing activities described below.

2. Roles

You are the data controller for the contact records you import or enrich, the pitches you draft, and the outreach you send through TAP. TAP is the data processor when it stores those records, drafts pitches on your instruction, and dispatches messages you have approved.

For your own account data (email, billing, authentication), TAP is the controller and the Privacy Policy applies.

3. Send-on-Behalf-Of

When you signed up, you authorised TAP to send email on your behalf. The timestamp of that authorisation is recorded on your workspace as send_consent_at. Without it, the sending settings page is gated and the send endpoint refuses any proposed send.

Per-message approval. Every send, on every channel, requires a named human in your workspace to approve the specific message before TAP dispatches it. The pitch state machine is draft → pending_approval → approved → sent. Approval captures who approved and when. There is no batch send without per-message review, no agent-only send without a human approver, and no scheduled send that skips the approval queue. Approval is the safeguard, not the channel.

Sender identity. TAP sends using credentials you connect to your workspace. Recipients see your real address in the From and Reply-To headers. TAP does not append branding to user-sent mail and does not silently fall back to a TAP-branded address. If the sending domain publishes a DMARC policy of reject and the message would fail alignment, TAP refuses to send and surfaces the failure to you.

Revocation. You may revoke send permission at any time from Settings > Sending. Revocation takes effect immediately and cancels any pending approvals. The send_consent_at timestamp is cleared on revocation.

4. Sub-Processors

TAP engages the following sub-processors. Each is bound by data protection terms equivalent to those in this addendum.

  • Supabase— Authentication and database hosting (AWS, EU region)
  • Vercel— Application hosting (EU edge)
  • Stripe— Payment processing (subscription billing only)
  • Anthropic— AI drafting and enrichment. Prompts are not retained beyond the request lifecycle.
  • Cloudflare— Turnstile abuse protection and edge security

We notify you of material changes to this list at least thirty days before they take effect.

5. Data Subject Rights

When a contact in your workspace exercises rights under UK GDPR (access, rectification, erasure, restriction, portability, objection), you are responsible for responding as the controller. TAP supports you with:

  • CSV export of all contact data on every plan tier, including Free
  • Workspace-scoped deletion of contacts and pitch history
  • Audit logs of who approved and sent each message
  • Suppression list honoured across all future sends from the workspace

6. Security

Workspace data is isolated by row-level security policies. OAuth and IMAP credentials are encrypted at rest. We follow the principle of least privilege and review access quarterly. Incident response procedures and breach notification timelines align with UK GDPR Article 33.

7. Contact

Data protection enquiries: [email protected]. For send-related governance specifically, see Settings > Sending inside your workspace.