Tap Family
Login Join waitlist Join

Privacy

Privacy Policy

Last updated: April 24, 2026

This Privacy Policy describes how AssistedList Inc., doing business as Tap Family ("Tap Family," "we," "us," or "our"), collects, uses, discloses, stores, and protects information through TapFamily.com, the Tap Family mobile applications, web applications, dashboards, communications tools, and related services (collectively, the "Service").

Tap Family is designed for senior care communities, including assisted living, memory care, skilled nursing, home care, adult day care, and similar environments. Because these settings may involve sensitive resident, family, staff, and health-related information, this Privacy Policy should be read together with our Terms of Service and, where applicable, any Business Associate Agreement, Data Processing Addendum, subscription agreement, facility agreement, or other written agreement between Tap Family and a care provider or facility.

This Privacy Policy is intended to explain our practices. It does not create contractual rights beyond those required by applicable law or a written agreement signed by Tap Family.

1. Scope of This Privacy Policy

This Privacy Policy applies to information processed by Tap Family in connection with the Service.

This Privacy Policy does not apply to:

- information collected by a care facility, employer, healthcare provider, or other third party outside the Service; - third-party websites, services, payment processors, app stores, analytics providers, communication carriers, or integrations that are not controlled by Tap Family; - employment records of Tap Family employees, contractors, or job applicants, except where required by law; or - protected health information ("PHI") handled by a covered entity or business associate under HIPAA to the extent a signed Business Associate Agreement or applicable law controls.

If there is a conflict between this Privacy Policy and a Business Associate Agreement or other signed written agreement with Tap Family, the signed written agreement controls to the extent of the conflict.

2. Key Definitions

For purposes of this Privacy Policy:

- "Facility" means a senior care organization, provider, agency, community, operator, employer, or other customer that uses or administers the Service. - "Resident" means an individual who receives care or services from a Facility and whose information may be processed through the Service. - "User" means a person who accesses or uses the Service, including family members, authorized contacts, staff, administrators, owners, managers, and support personnel. - "Personal Information" means information that identifies, relates to, describes, can reasonably be associated with, or could reasonably be linked to an individual. - "PHI" means protected health information as defined by the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations, as amended ("HIPAA"). - "Facility Content" means information, messages, notes, files, media, announcements, tasks, resident updates, comments, logs, and other content submitted to or created within the Service by or on behalf of a Facility, its staff, residents, or invited family contacts.

3. Information We Collect

We collect information depending on your role, account permissions, Facility configuration, device settings, and how you use the Service.

### 3.1 Information You Provide

We may collect information you or your Facility provide directly, including:

- name; - email address; - phone number; - profile photo or avatar; - job title, department, role, employment status, or Facility affiliation; - resident relationship, such as family member, guardian, healthcare proxy, emergency contact, or authorized representative; - login credentials or authentication information; - account preferences; - support requests and communications with us; - billing, subscription, and payment-related information, where applicable; - messages, comments, posts, announcements, files, photos, videos, task updates, resident updates, care-related notes, and other content submitted through the Service.

### 3.2 Facility-Provided Information

A Facility may provide information about Users, Residents, households, rooms, assignments, care teams, staff roles, family contact lists, permissions, resident status, communication preferences, and other operational information needed to configure or use the Service.

The Facility is responsible for ensuring that it has the legal right, consent, authorization, or other lawful basis required to provide this information to Tap Family and to invite Users to access it.

### 3.3 Usage, Device, and Technical Information

We may collect information automatically when you access or use the Service, including:

- log data; - device type, operating system, browser type, app version, language, and time zone; - IP address and approximate location derived from IP address; - authentication events; - pages or screens viewed; - buttons, features, tasks, messages, notifications, and feed items interacted with; - crash reports, diagnostics, latency, error logs, and performance data; - notification delivery status and push notification tokens; - audit trail data, such as created, edited, viewed, sent, received, acknowledged, assigned, completed, or deleted events; - date and time stamps; - user role, permission level, and account status; - session information and security events.

### 3.4 Communications Information

If you communicate with us or through the Service, we may process message metadata and content necessary to deliver, secure, retain, audit, and support those communications. Depending on Facility configuration, communications may include in-app messages, announcements, email notifications, SMS messages, push notifications, comments, support messages, and administrative communications.

### 3.5 Sensitive Information

The Service may process sensitive information, including health-related information, resident care details, staff-related information, family contact information, and content submitted by authorized Users. We process such information only as necessary to provide, secure, support, maintain, improve, and administer the Service, comply with legal obligations, and fulfill written agreements.

4. Protected Health Information and HIPAA

Tap Family may act as a "business associate" to certain Facilities that are "covered entities" or business associates under HIPAA. In those circumstances, our handling of PHI is governed by HIPAA and the applicable Business Associate Agreement.

Where Tap Family processes PHI as a business associate, we use and disclose PHI only as permitted by HIPAA, the applicable Business Associate Agreement, and other applicable law, including for purposes such as:

- providing and supporting the Service; - maintaining audit logs and security records; - transmitting authorized communications; - assisting with Facility operations configured through the Service; - responding to support requests; - performing required administrative, security, and legal functions; - preventing, detecting, containing, and correcting security issues; - complying with legal obligations.

Tap Family does not use PHI for targeted advertising. Tap Family does not sell PHI. Tap Family does not include PHI in push notification preview text unless a Facility configuration, User action, device setting, operating system behavior, or third-party delivery mechanism causes content to appear outside our intended controls.

Users should not include urgent medical instructions, emergency requests, or time-critical clinical information in non-emergency messages through the Service. Tap Family is not an emergency service, call system, nurse call system, medical device, remote patient monitoring system, electronic medical record, or substitute for direct clinical judgment.

Facilities and authorized Users are responsible for determining what information may be lawfully shared through the Service and with whom.

5. How We Use Information

We may use information for the following purposes:

- create, verify, administer, and secure accounts; - authenticate Users and manage permissions; - provide messaging, feeds, announcements, tasks, resident updates, staff workflows, and other Service features; - deliver push notifications, emails, SMS messages, and in-app notifications; - route communications to authorized Users; - maintain audit logs and security records; - help Facilities manage care communication, accountability, assignments, and family engagement; - provide customer support and troubleshoot issues; - detect, prevent, investigate, and respond to fraud, abuse, security incidents, policy violations, and unauthorized access; - monitor, maintain, debug, and improve Service performance, reliability, accessibility, and usability; - develop new features, provided that PHI is used only as permitted by applicable agreements and law; - comply with legal, regulatory, contractual, audit, tax, accounting, and compliance obligations; - enforce our Terms of Service, Facility agreements, and other policies; - protect the rights, safety, privacy, and property of Tap Family, Facilities, Residents, Users, and others; - carry out any other purpose disclosed to you or authorized by law.

6. Legal Bases for Processing

Where privacy laws require a legal basis, we process Personal Information based on one or more of the following:

- performance of a contract; - our legitimate interests in providing, securing, maintaining, and improving the Service; - compliance with legal obligations; - consent, where required; - protection of vital interests; - performance of tasks requested by a Facility or authorized User; - other lawful bases available under applicable law.

For PHI, our processing is governed by HIPAA, applicable Business Associate Agreements, Facility instructions, and applicable law.

7. How We Share Information

We may disclose information as described below.

### 7.1 With Authorized Users and Facilities

We share information within the Service based on account role, permissions, Facility settings, resident assignments, care team access, and communication configuration. For example, staff may see family messages, family contacts may see Facility-approved resident updates, and administrators may see audit logs or account activity.

### 7.2 With Service Providers

We may share information with vendors, contractors, and service providers that help us operate the Service, such as cloud hosting, infrastructure, security, logging, analytics, crash reporting, notification delivery, email delivery, SMS delivery, customer support, payment processing, and professional services. These providers are authorized to use information only as needed to provide services to us and are subject to contractual obligations appropriate to the information processed.

Where a service provider processes PHI on our behalf, we require appropriate HIPAA-related contractual protections where required.

### 7.3 With Integrations and Third Parties Requested by a Facility

If a Facility enables or requests an integration, export, import, reporting workflow, or third-party connection, we may disclose information as necessary to provide that functionality. The Facility is responsible for ensuring that the integration is lawful and properly authorized.

### 7.4 For Legal and Safety Reasons

We may disclose information if we believe in good faith that disclosure is reasonably necessary to:

- comply with applicable law, regulation, subpoena, court order, legal process, or government request; - enforce our agreements and policies; - protect the security, integrity, and availability of the Service; - investigate or prevent fraud, abuse, security incidents, or illegal activity; - protect the rights, safety, privacy, or property of Tap Family, Facilities, Residents, Users, or others; - respond to emergencies or prevent harm.

### 7.5 Business Transfers

If Tap Family is involved in a merger, acquisition, financing, reorganization, bankruptcy, sale of assets, or similar transaction, information may be disclosed or transferred as part of that transaction, subject to applicable law and contractual obligations.

8. We Do Not Sell Personal Information

Tap Family does not sell Personal Information or PHI. Tap Family does not use PHI for targeted advertising. We also do not knowingly share Personal Information for cross-context behavioral advertising unless we provide any legally required notice and choice.

9. Analytics, Cookies, and Tracking Technologies

We may use cookies, local storage, pixels, SDKs, logs, and similar technologies to:

- keep Users signed in; - remember preferences; - maintain security; - detect abuse; - measure Service usage; - diagnose errors; - improve performance; - support crash reporting and operational analytics.

We do not use third-party advertising trackers in the Service. We may use limited analytics and diagnostics tools to understand usage and improve reliability. Analytics are configured to avoid collecting PHI where reasonably feasible, but Users should avoid entering PHI into fields not intended for PHI.

You may be able to limit cookies or tracking technologies through browser settings, device settings, app permissions, or operating system controls. Some Service features may not work properly if certain technologies are disabled.

10. Push Notifications, Email, and SMS

We may send Service-related communications, including account notices, messages, task alerts, announcements, security alerts, and administrative notices. Push notifications and SMS messages may be visible on a locked device, shared device, notification center, carrier system, or third-party messaging interface depending on User settings and device configuration.

We design notification content to minimize sensitive information where feasible, but Users are responsible for configuring device-level privacy settings and limiting access to shared devices. Standard carrier charges may apply for SMS or data usage.

You may adjust notification preferences in the Service or through your device settings. Certain administrative, security, legal, or account-related communications may still be sent even if you opt out of optional communications.

11. Data Security

We use administrative, technical, and physical safeguards designed to protect information from unauthorized access, use, disclosure, alteration, and destruction. These safeguards may include encryption in transit, encryption at rest, access controls, authentication, logging, monitoring, backups, vendor review, security policies, and role-based permissions.

No system can be guaranteed to be 100% secure. We cannot guarantee that unauthorized access, hacking, data loss, malware, misconfiguration, device compromise, credential theft, user error, third-party failure, or other security events will never occur.

Users and Facilities are responsible for maintaining secure credentials, configuring appropriate permissions, removing access for departed staff or unauthorized family contacts, protecting devices, using strong passwords, and promptly reporting suspected security incidents.

12. Data Retention

We retain information for as long as reasonably necessary to provide the Service, comply with legal obligations, maintain audit logs, resolve disputes, enforce agreements, support backups, protect security, and fulfill Facility instructions.

Retention periods may vary based on:

- Facility settings and agreements; - legal, regulatory, accounting, tax, or audit requirements; - HIPAA and healthcare record obligations; - backup and disaster recovery schedules; - litigation holds or investigations; - account status; - User role; - the type of information.

A Facility may control retention, deletion, export, and access to certain Facility Content. Requests from individual Users may need to be directed to the applicable Facility if the Facility controls the information.

13. Account Deletion and Data Requests

You may request access, correction, deletion, export, or restriction of certain Personal Information by contacting us at [email protected].

We may need to verify your identity before responding. We may deny, limit, or redirect a request where permitted or required by law, including when information is controlled by a Facility, subject to HIPAA, required for audit or legal purposes, needed to protect security, contained in backups, or necessary to provide the Service.

If you are a family member, staff member, or other User connected to a Facility, some requests may need to be submitted to the Facility because the Facility may be the data controller, covered entity, employer, or record custodian.

14. Privacy Rights by Location

Depending on where you live, you may have rights to request access, correction, deletion, portability, restriction, objection, withdrawal of consent, or information about certain disclosures. You may also have the right to appeal certain decisions or lodge a complaint with a regulator.

We will respond to legally valid requests as required by applicable law. We do not discriminate against Users for exercising privacy rights.

Because Tap Family serves healthcare and senior care environments, some information may be exempt from certain consumer privacy laws when governed by HIPAA, employment laws, healthcare record laws, or Facility-controlled records.

15. International Users

Tap Family is operated from the United States and is intended primarily for use by Facilities and Users located in the United States. If you access the Service from outside the United States, you understand that information may be processed in the United States and other jurisdictions where privacy laws may differ from those in your location.

Facilities are responsible for determining whether the Service is appropriate for use with Users or Residents located outside the United States and for obtaining any required consents or contractual protections.

16. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly allow individuals under 18 to create accounts or knowingly collect Personal Information directly from minors through the Service.

If we learn that we have collected Personal Information directly from a minor without appropriate authorization, we will take reasonable steps to delete it or handle it as required by law.

Information about minors may appear in Facility Content only if submitted by an authorized Facility or User and only where lawful.

17. User Responsibilities

Users agree to:

- access only information they are authorized to view; - use the Service only for legitimate Facility, resident, care coordination, or family communication purposes; - avoid submitting unnecessary sensitive information; - avoid including emergency or urgent medical requests in non-emergency messages; - keep credentials confidential; - promptly report suspected unauthorized access; - comply with Facility policies and applicable law; - use device-level security controls, such as passcodes and biometric locks; - log out of shared devices.

Tap Family is not responsible for disclosures caused by Users, Facilities, device settings, shared devices, weak credentials, screenshots, copied messages, downloaded files, exports, or communications sent outside the Service.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be posted with a revised "Last updated" date. If we make material changes, we may provide notice through the Service, by email, through an administrator, or by other reasonable means.

Your continued use of the Service after an updated Privacy Policy becomes effective means you acknowledge the updated Privacy Policy to the extent permitted by law.

19. Contact Us

For privacy questions, requests, or concerns, contact:

AssistedList Inc. Doing business as Tap Family Saint Petersburg, FL 33702 Email: [email protected]

For security concerns, suspected unauthorized access, or privacy incidents, contact: [email protected].

20. Important Notice

This Privacy Policy is a general privacy notice for Tap Family. It is not a substitute for a Facility's own HIPAA Notice of Privacy Practices, employment policies, medical record policies, consent forms, authorization forms, or legal obligations.