Privacy Policy
Last updated: 2026-05-06
What this app is
WiFi Tap Connect is an iOS app that programs NFC tags with Wi-Fi credentials and a tiny App Clip that runs when an iPhone taps one of those tags. The iPhone joining the network doesn't need an account, the app, or any sign-in.
What we collect
| Data | Why | Where it lives |
|---|---|---|
| Wi-Fi network name (SSID) | To deliver it back to phones that tap your tag, so they can join. | AWS DynamoDB, US region. Plaintext (not sensitive). |
| Wi-Fi password | Same — to deliver to taps so they can join. | AWS DynamoDB, encrypted at rest with AWS KMS. Plaintext is never logged or stored elsewhere. |
| Tag scan counters | So a tag's owner can tell whether a tag is being used. | Per-tag count and last-scanned timestamp, hour-aggregated. No IP, no user identity, no location, no country. |
| Firebase Analytics events | Crash and usage diagnostics ("user attempted a join", "join failed with iOS error code X"). | Google Firebase. Standard mobile analytics; no personally identifying information beyond the device-scoped IDFV used by Firebase by default. |
What we don't collect
- We don't ask for your name, email, account, or any identity.
- We don't store the IP address of phones scanning your tag.
- We don't store precise location, ever.
- We don't sell or share data with advertisers.
- We don't track you across other apps or websites.
How your Wi-Fi credentials are stored
When you program a tag, the app sends your SSID and password over TLS to our backend. The password is immediately encrypted with AWS KMS — a managed encryption service whose keys we don't control directly. The encrypted bytes are stored in DynamoDB. The plaintext password exists in memory only briefly during the encrypt/decrypt round trip. The tag itself stores only an opaque identifier (a short ID, not the password).
How tag scanning works
When someone taps your programmed tag with an iPhone, the App Clip launches with the tag's opaque ID. It fetches the SSID and (decrypted) password over TLS from our backend, hands them to iOS's network configuration API, and the device joins. We bump a per-tag counter so you can see your tag is being used; we don't log who tapped it.
Revocation
Re-programming a tag rotates its identifier and credentials. To kill a tag entirely, email contact@piduncan.com with the SSID and we'll revoke the record.
In-app purchases
The app has (or will soon have) optional one-time purchases that unlock features such as a saved-network library, custom labels, expiring credentials, and per-tag analytics. Purchases are processed entirely by Apple via StoreKit. We receive a transaction receipt from Apple that lets us validate the purchase. We do not see your Apple ID, payment method, billing address, or any other identifier. Subscription cancellations are handled in iOS Settings.
Third-party services
- Amazon Web Services — backend infrastructure (DynamoDB, KMS, Lambda, CloudFront).
- Google Firebase Analytics — anonymous mobile usage diagnostics.
- Apple StoreKit — handling in-app purchases (when present).
Children
The app isn't directed at children under 13. We don't knowingly collect data from anyone under 13. If you're a parent and believe your child has used the app, contact us and we'll purge any associated tag records.
Your rights
You can request deletion of any data tied to a tag (by SSID or tag ID) by emailing contact@piduncan.com. We'll honor deletion requests within 30 days. Since we don't keep accounts or identities, there's nothing else that's "yours" to retrieve.
Changes
If we materially change what data is collected or how it's used, we'll update this page and bump the "Last updated" date. Continued use after a change constitutes acceptance.
Contact
Questions or requests: contact@piduncan.com.