Tapemetric

Platform

Privacy & DPDP

What we collect, what we don't, and how to honour your users' rights under India's DPDP Act and GDPR.

What we collect

Every event you send us. That’s it. The SDK doesn’t fingerprint devices, doesn’t read cookies, and doesn’t access location APIs or contacts.

The canonical event contains:

  • An anonymous id — UUID, generated client-side, stored in localStorage
  • A user id — only if you explicitly call identify()
  • Event type, timestamp, session id, content id, playback state
  • A user-agent string — used server-side for device detection, not stored
  • IP address — used server-side for GeoIP enrichment, never stored

What we never collect

  • Raw IP addresses (we resolve country/region/city and drop the IP)
  • Cookies, advertising ids (IDFA/GAID), or hardware identifiers
  • Browsing history outside your app
  • Payment card numbers or tokens
  • Email addresses, phone numbers — unless you explicitly pass them in properties
If your team calls identify() with an email as the user_id, that email will be stored. Use a stable internal user id instead and pass the email as a trait only if you need it for server-side reporting.

DPDP Act (India)

India’s Digital Personal Data Protection Act requires data fiduciaries to collect only necessary data, honour user rights, and keep data within India where mandated.

  • Data residency: All events for Indian tenants land in ap-south-1 (Mumbai) by default. Never leaves India.
  • Notice and purpose: You must show an in-app notice explaining that analytics data is collected — Tapemetric provides a sample notice in /legal/sample-notice.md.
  • Consent: For non-essential analytics (e.g. recommendation improvement), obtain explicit consent. Tapemetric’s SDK supports a consent config option — see below.
  • User rights: Right to access, correction, erasure, and grievance redressal — see Data Subject Requests below.

GDPR (EU / UK)

Tapemetric supports GDPR for European tenants. Data residency can be set to eu-west-1 (Ireland) on Enterprise plans. Our DPA is available on request.

Consent gating

Pass consent: false during init to queue events locally without sending them. Once the user gives consent, update:

typescript
// Init without consent
const rd = Tapemetric.init({
  apiKey: '...',
  consent: false,
});

// Later, once the user accepts
rd.setConsent(true);
// Queued events flush immediately

Data subject requests

Access

bash
# Returns all events for a given user_id as JSON
curl "https://api.tapemetric.com/v1/dsr/export?user_id=user_12345" \
  -H "Authorization: Bearer ..."

Erasure

bash
curl -X POST "https://api.tapemetric.com/v1/dsr/erase" \
  -H "Authorization: Bearer ..." \
  -H "Content-Type: application/json" \
  -d '{"user_id": "user_12345"}'

Erasure is applied within 72 hours. Rollup tables are recomputed for the affected windows. An audit log records who issued the request and when it completed.

Client-side reset

typescript
// Called on logout or on explicit user request
rd.reset();
// - wipes anonymous_id and session_id from localStorage
// - flushes any pending events
// - a fresh anonymous_id is generated on next SDK use

Retention

DataRetention
Raw events (hot)90 days (Pro), 13 months (Enterprise)
Raw events (cold S3 archive)7 years or custom
Rollups (hourly / daily)25 months
User identifiers after erasureReplaced with hash; original removed within 72h

Sub-processors

  • AWS (hosting, ap-south-1 / eu-west-1 / us-east-1)
  • MaxMind (GeoIP database, local lookup only — no outbound calls)
  • Stripe / Razorpay (billing only — never touches event data)

Full list and updates: tapemetric.com/security.

Security

  • Transport: TLS 1.2+ on every endpoint
  • Storage: AES-256 at rest
  • API keys: SHA-256 hashed, plaintext shown once
  • SOC 2 Type II: in progress, expected Q3 2026
  • Pen tests: annual, by an independent firm