Skip to main content
Skip to content
TAPTry TAP free
§ Legal

Privacy policy.

Last updated: 11 April 2026

1. Introduction

Total Audio Promo Ltd (“TAP”, “we”, “us”, or “our”) operates totalaudiopromo.com and related services. We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018.

Data Controller: Total Audio Promo Ltd
Contact: [email protected]

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, and authentication credentials (managed by our authentication provider, Supabase).

2.2 Workspace Data

Data you create within TAP, including campaigns, artist rosters, contact lists, pitch drafts, and outreach records. This data is stored in your workspace and accessible only to workspace members.

2.3 Usage Data

We collect anonymised usage data to improve the service, including page visits, feature usage, and performance metrics. We use consent-based analytics only.

3. How We Use Your Data

  • Providing and maintaining the TAP service
  • Processing your subscription and payments (via Stripe)
  • Sending essential service communications
  • Improving the service based on anonymised usage patterns
  • Responding to support requests

4. Data Storage and Security

Your data is stored securely using Supabase (hosted on AWS in the EU region). Payment information is processed by Stripe and never stored on our servers. We implement row-level security policies to ensure workspace data isolation.

5. Third-Party Services

  • Supabase— Authentication and database hosting
  • Stripe— Payment processing
  • Vercel— Application hosting
  • Anthropic (Claude)— AI features including contact enrichment, pitch drafting, and Newsjack social drafts. News article titles and descriptions sent for draft generation are processed by Anthropic and not retained beyond the request.
  • Google APIs— Gmail and Google Drive integration (see Section 5.1 below)

5.1 Google API Services Disclosure

TAP’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

What we access and why

  • Gmail read access— We read email metadata (sender, recipient, subject line, timestamp, thread ID) to detect replies to your pitches and track campaign outcomes. We do not read or store the full body of your emails.
  • Gmail send access— When you choose to send a pitch from within TAP, we use the Gmail API to deliver it. Every send requires your explicit confirmation via a review step. There is no automated or bulk sending.
  • Gmail compose access— We create drafts in your Gmail account so you can review and edit them before sending.
  • Google Drive read access— We read file metadata (name, type, size, thumbnail URL) from Google Drive folders you link to your campaigns. We do not download or store file contents.

Data storage and retention

Email metadata and Drive file metadata are stored in your workspace database, protected by row-level security policies. Only members of your workspace can access this data. OAuth tokens are encrypted and stored securely. We do not share, sell, or transfer Google user data to third parties, except as necessary to provide the service.

Revoking access

You can disconnect your Google account at any time from Settings > Integrations. This immediately revokes our access. You can also revoke access directly from your Google Account permissions page.

5.2 Send-on-Behalf-Of

TAP can send pitch emails on your behalf using credentials you connect to your workspace (Gmail via IMAP today, additional providers planned). When you signed up, you authorised TAP to do this. The timestamp of that authorisation is stored on your workspace as send_consent_at. Without that timestamp, the sending settings page is gated and the send endpoint refuses any proposed send.

Per-message approval is required. Every send, on every channel, requires a named human in your workspace to approve the specific message before TAP dispatches it. There is no batch send without per-message review, no agent-only send without a human approver, and no scheduled send that skips the approval queue. Approval is the safeguard, not the channel. See the Data Processing Addendum for the contractual detail. You can review and revoke send permission from Settings > Sending at any time; revocation takes effect immediately and cancels any pending approvals.

TAP refuses to send from a domain that publishes p=reject if the message would fail DMARC alignment. We do not silently fall back to a TAP-branded address. Recipients always see your real address.

6. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request erasure of your data
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time

To exercise these rights, contact [email protected].

7. International Users

We serve users globally and comply with applicable data protection laws in the territories where we operate, including:

  • California (CCPA/CPRA)— California residents have the right to know what personal information is collected, request deletion, and opt out of the sale of personal information. We do not sell personal information.
  • Canada (PIPEDA)— Canadian users have the right to access and correct their personal information. We obtain meaningful consent for the collection, use, and disclosure of personal data.
  • Australia (APPs)— Australian users are protected under the Australian Privacy Principles. We take reasonable steps to protect personal information from misuse, interference, and loss.

We do not sell your personal information to any third party, regardless of your location.

8. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or an in-app notification.