Terms of Service
Effective Date: April 10, 2026
1. Acceptance of Terms
By using the tagIt website, hardware, or services, you agree to be bound by these Terms of Service. If you are under 18, you represent that you have the consent of a parent or guardian to use this service.
2. Description of Service
tagIt provides an NFC management system that allows users to map physical tags to digital behaviors, including URL redirects, VCards, and custom Link Pages.
3. User Accounts & Tag Activation
- Ownership: A tag is considered "claimed" once a registered user scans an unactivated tag and assigns it to their account.
- Limits: Users are limited to 5 Link Pages, with a maximum of 50 links per page.
- Admin Rights: tagIt administrators reserve the right to wipe, deactivate, or reassess hardware IDs if they are found to be used for malicious purposes or phishing.
4. Prohibited Conduct
You agree not to use tagIt to:
- Redirect to malware, spyware, or phishing sites.
- Distribute "spam" contact information via the VCard system.
- Attempt to bypass the system's security features, including JWT authentication and rate limiting.
5. Limitation of Liability
tagIt is provided "as-is." We do not guarantee that NFC tags will be compatible with all mobile devices. We are not liable for any data loss, hardware failure, or broken redirects resulting from server downtime or incorrect user configuration.
Privacy Policy
Effective Date: April 10, 2026
1. Information We Collect
We collect information to provide a seamless NFC experience:
- Account Data: Name, email address, and hashed passwords (via bcrypt).
- Tag Data:
tagId,UUID, and the specific content (URLs, phone numbers, VCard details) you assign to your tags. - Usage Data: We track "tap counts" and timestamps to provide analytics for your dashboard.
2. How We Use Your Data
- To Facilitate Redirects: Our server processes the
tagIdandUUIDto execute the behavior you have set (e.g., serving a VCard file or a 302 redirect). - Authentication: We use JWT (JSON Web Tokens) stored in HttpOnly cookies to keep you logged into your dashboard securely.
- Notifications: Your email may be used via Nodemailer for system alerts or account recovery.
3. Data Storage & Security
- Databases: All data is stored in a secured MongoDB instance.
- Security Measures: We implement CSRF and XSS protection to ensure your Link Page configurations remain intact.
- Retention: We retain your data as long as your account is active. Wiping a card removes the association between your email and the hardware ID, but the hardware ID remains in our system for re-use.
4. Offline Functionality
We utilize Service Workers to cache your Link Pages and VCards locally on devices that have previously interacted with your tags. This ensures your information is accessible even without an active internet connection.
5. Third-Party Sharing
We do not sell your personal data. We only share information when required by law or to provide the core service (e.g., sending emails via our mail provider).