Privacy Policy for Tenants

Last Updated: February 17, 2026

This Privacy Policy for Tenants ("Tenant Privacy Policy") describes how Tags Clinic ("we," "us," or "our") collects, uses, stores, and protects information when your organization uses the TagsClinic platform (the "Platform") as a tenant. It applies to (1) tenant account and usage data (data about your organization and how you use the Platform) and (2) data we process on your behalf (end-customer data that you submit or that is collected through the Platform when your customers use check-in and related services). If you are a tenant, you are the data controller for your end customers' personal data; we act as a data processor when we host and process that data for you.

1. Information We Collect About Tenants

We collect information necessary to provide the Platform, support you, and comply with law:

  • Account and profile information: Business name, locations, contact details, and the names and contact information of users (e.g., staff) who access the Platform on your behalf.
  • Usage and technical data: How you use the Platform (e.g., features used, check-ins created, configuration choices), log data (e.g., access times, IP addresses), and device or browser information where relevant for security and support.
  • Support and communications: Communications with our support or sales teams, and any information you provide when requesting help or reporting issues.

We use this information to provide and operate the Platform, authenticate users, support you, improve the Platform, ensure security, and comply with legal obligations.

2. Data We Process on Your Behalf (End-Customer Data)

When your end customers use check-in and related features (e.g., ID capture, registration or title uploads, review and consent), the data they provide (e.g., name, address, driver's license number, vehicle information, document uploads, consent records) is your data. You decide what to collect and how to use it for your business. We process this data on your instructions as your processor:

  • We host and store it in our systems (e.g., databases and storage we control or use via subprocessors).
  • We do not use end-customer data for our own marketing or for purposes unrelated to providing the Platform to you.
  • We may use it only as necessary to operate the Platform (e.g., to display check-ins, generate invoices, support you), to comply with law, or as you otherwise instruct in your use of the Platform.

You are responsible for ensuring that your collection and use of end-customer data complies with applicable law (e.g., DPPA, CCPA) and that you have appropriate notices and consents where required. We recommend that you maintain your own customer-facing privacy policy and terms.

3. How We Share Information

  • Subprocessors: We may use third-party service providers to operate the Platform. They process data on our instructions and are contractually required to protect it. Key subprocessors include: Supabase (database and hosting), Stripe (payments, where used), Google (document and file storage, e.g., for registration cards, titles, and audit scans), and Certifix (Live Scan fingerprinting, where used). A full or updated list can be provided on request or published at our Legal Center. You may use your own in-person POS and/or online payment processors for your customers; handling of payment data by those providers is governed by your agreements and their policies, not by us.
  • Legal and safety: We may disclose tenant or end-customer data when required by law, to protect rights or safety, or in connection with a merger, acquisition, or sale of assets (with appropriate confidentiality and use restrictions).
  • With your consent: We may share data as you direct or with your consent.

We do not sell tenant or end-customer personal information.

4. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect data in our systems, including access controls, encryption where appropriate, and secure development practices. We require subprocessors to protect data consistently with our commitments. No system is completely secure; we cannot guarantee absolute security.

5. Data Retention

  • Tenant account and usage data: We retain it for as long as your account is active and as needed for support, security, and legal compliance. After termination, we may retain it for a limited period for backups, legal obligations, or dispute resolution, then delete or anonymize it.
  • End-customer data (processed on your behalf): Retention is determined by you through your use of the Platform and your own policies. Upon termination of your tenant relationship, we will, upon request and where practicable, facilitate export and then delete or anonymize that data in accordance with our data retention and deletion procedures.

6. Your Rights (Tenant)

If you are a tenant, you may request access to, correction of, or deletion of the information we hold about your organization and your users, subject to legal and operational constraints. Contact us at the details below. For end-customer data that we process on your behalf, requests from those individuals should be directed to you as the controller; we will assist you as needed within the scope of our role as processor.

7. Data Processing Agreement (DPA)

Where required by law (e.g., GDPR or CCPA processor terms), we will enter into a data processing agreement that sets out the scope of processing, security measures, subprocessors, and assistance with data subject rights and audits. Contact us to request a DPA.

8. International Transfers

Data may be stored or processed in the United States or other countries where we or our subprocessors operate. If you or your end customers are in the European Economic Area or another jurisdiction that requires safeguards for international transfers, we will implement appropriate measures (e.g., Standard Contractual Clauses) as agreed or as required by law.

9. Changes to This Tenant Privacy Policy

We may update this Tenant Privacy Policy from time to time. We will post the updated policy and update the "Last Updated" date. Material changes may be communicated by email or in-Platform notice. Continued use of the Platform after the effective date constitutes acceptance of the updated policy.

10. Contact

For questions about this Tenant Privacy Policy or to exercise your rights:

For end-customer data that we process on your behalf, we will work with you to fulfill your obligations as controller (e.g., responding to data subject requests) within the scope of our role as processor.