Privacy Policy

Last updated: April 2026

The Tapflow App

This section covers the macOS app Tapflow.

Overview

Tapflow is a macOS utility that displays your keystrokes, mouse actions, and camera overlay on screen. Privacy is a core design principle: your keystrokes, mouse events, and camera feed are processed locally in memory and are never recorded, stored, or transmitted. Tapflow sends anonymous usage analytics (no input content, no screen content) to help us improve the app — details below.

Local-only processing

The following inputs never leave your Mac:

  • Keystrokes and mouse events — captured only to render the on-screen overlay in real time. They exist in memory for the brief moment they are displayed and are never recorded, stored, or transmitted.
  • Camera feed — when the camera overlay is enabled, the video is rendered locally. The stream is never saved or sent anywhere.
  • Screen content — Tapflow does not capture, read, or transmit screen content.

Analytics

Tapflow includes anonymous usage analytics powered by Mixpanel, provided by Mixpanel Inc. (US). Analytics data is sent to Mixpanel's EU servers (api-eu.mixpanel.com). The following events are collected:

  • App launches and quits
  • Settings window opened
  • Feature activations and deactivations (keyboard, mouse, camera, annotations)
  • Paywall views and upgrade-flow events (viewed, started, and which screen triggered it)
  • Sign-in and sign-out events
  • Preset applied (preset name only)

The following anonymous technical properties are attached to each user profile:

  • App version, macOS version, platform, build type (standalone), and Pro status

Each installation is identified by a persistent anonymous UUID stored locally in UserDefaults. When you sign in to a Pro account, your Supabase user ID is used instead — it cannot be linked to your real name or to Apple-relayed email by Mixpanel alone.

No keystrokes, no mouse coordinates, no screen content, no camera frames, no payment data, no real name, and no email are ever sent to Mixpanel.

Authentication

Creating a Pro account is optional. If you choose to sign in, Tapflow uses Sign in with Apple through an OAuth web flow. The authentication backend is hosted by Supabase on EU infrastructure. Supabase stores:

  • Your email (which may be an Apple-relayed anonymous forwarding address if you chose "Hide My Email")
  • A Supabase user ID (UUID)
  • Session tokens required to keep you signed in

No profile data beyond the above is collected.

Payments

Pro subscriptions are processed by Paddle (Paddle.com Market Ltd.), which acts as the Merchant of Record. Card details, billing address, and tax data are handled entirely by Paddle — Tapflow never sees or stores payment information. Paddle sends Tapflow a signed webhook (verified via the Paddle-Signature header) containing subscription status only (active, cancelled, expired) so the app can unlock Pro features for the corresponding account.

App Updates

Tapflow uses Sparkle, the standard macOS update framework, to check for new versions. Sparkle periodically fetches an appcast XML file over HTTPS from the public GitHub repository UseTapflow/Releases. This is a standard GET request and does not transmit any user-identifying information.

Third-Party Services

Tapflow relies on the following third-party services (all invoked from the app downloaded at usetapflow.com):

  • Sign in with Apple — used for authentication via an OAuth web flow.
  • Supabase — authentication backend and account management for Pro subscribers. Hosted on EU infrastructure.
  • Paddle (Paddle.com Market Ltd.) — Merchant of Record for Pro subscriptions. Handles all payment, billing, and tax.
  • Mixpanel (Mixpanel Inc., San Francisco, USA) — anonymous usage analytics. Data is sent to Mixpanel's EU servers. See Mixpanel's privacy policy.
  • Sparkle — update framework. Fetches appcast.xml from GitHub over HTTPS.

This Website (usetapflow.com)

This section covers the website usetapflow.com.

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google LLC. Google Analytics uses cookies to analyze website usage. The information collected includes:

  • Pages viewed and visit duration
  • Traffic source (search engine, direct link, etc.)
  • Device type, browser, and operating system
  • Approximate geographic location (country/city, based on IP address)

This data is collected anonymously and is used solely to improve the website. No personally identifiable information is collected via Google Analytics.

For more information, see Google's privacy policy.

Cookies

This website uses a consent cookie (stored locally in your browser) to remember your choice regarding analytics cookies. Google Analytics is only loaded if you accept cookies via the consent banner.

You can change your choice at any time by clearing site data in your browser settings.

No Other Collection

Apart from Google Analytics (subject to your consent), this website does not collect any other data. There is no sign-up form, no newsletter, no advertising tracking.

GDPR

Tapflow collects anonymous usage analytics via Mixpanel — see the Analytics section above for details. No personal data is collected from the app itself. The website usetapflow.com uses Google Analytics only with your consent. You can refuse analytics cookies via the consent banner, and no data will be collected. For any GDPR-related questions, contact us at support@usetapflow.com.

Children's Privacy

Tapflow does not collect any personal data that could identify a child under 13. The anonymous usage analytics Tapflow sends cannot be linked to any individual.

Changes to This Policy

If this policy is updated, the changes will be reflected on this page with an updated date.

Contact

support@usetapflow.com