Tap Links — Cookie Notice
Operator: Mace Design LLC (a New York limited liability company) d/b/a “Tap Links”
Effective date: 2026-05-18 · Version: 1.1
Summary
- Tapping a Tap Links device sets no cookies; our marketing website sets no tracking or analytics cookies (only an optional opt-out cookie, and only if you ask for it).
- Our dashboard sets one strictly-necessary session cookie that keeps you signed in after using a magic link.
- We do not use cookies for analytics, advertising, or cross-site tracking.
This summary is informational and subject to change. In a conflict between this summary and the formal text below, the formal text controls.
This Cookie Notice explains what cookies and similar technologies Tap Links uses, why we use them, and what choices you have. It complements our Privacy Policy and Tap Privacy Notice.
What is a cookie?
A cookie is a small text file that a website saves on your device when you visit. Cookies allow the website to remember your actions, your preferences, or your sign-in status across multiple visits. “Similar technologies” include localStorage, sessionStorage, IndexedDB, and other browser-side storage mechanisms, these don’t strictly fall under “cookies” but serve similar purposes.
What we set, where, and why
On the marketing site (taplinks.com)
| Name | Type | Purpose | Set by | Duration |
|---|---|---|---|---|
tl_notrack |
Strictly necessary / opt-out preference | Set only if you visit taplinks.com/__notrack. Tells our first-party page-view analytics to skip logging your visits. Holds no identifier, just an opt-out flag. |
Tap Links Worker | ~10 years, or until you visit /__track to clear it |
| Cloudflare Web Analytics beacon | Cookieless analytics | Counts page views and basic traffic patterns. No cookies are set. No cross-site tracking. | Cloudflare | n/a (cookieless) |
| Tally contact form cookies | Form provider | If you interact with the Tally-embedded contact form, Tally may set its own cookies to manage the form session. See Tally’s privacy documentation. | Tally.so | Per Tally’s policy |
The marketing site sets no tracking or analytics cookies. The only cookie it can set is the optional tl_notrack opt-out above, and only if you explicitly request it by visiting /__notrack. Our own first-party page-view analytics (described in Privacy Policy § 3.2) does not use cookies. Cloudflare Web Analytics uses a JavaScript beacon and counts page views without identifying individual visitors or storing cookies.
On the dashboard (dashboard.taplinks.com)
| Name | Type | Purpose | Set by | Duration |
|---|---|---|---|---|
session_token |
Strictly necessary | Keeps you signed in after you click a magic link. Used by our Worker to authenticate every API request you make. HttpOnly (not readable by JavaScript), Secure (HTTPS only), SameSite=Strict (not sent in cross-site requests). | Tap Links Worker | 7 days, or until you sign out |
This cookie is strictly necessary for the dashboard to function. Without it, you cannot stay signed in.
On the device redirect path (*.taplinks.com/<UID>)
| Name | Type | Purpose | Set by | Duration |
|---|---|---|---|---|
| (none) | , | , | , | , |
We do not set cookies when someone taps a Tap Links device. The interstitial and holding pages we render are cookieless. See Tap Privacy Notice for details on what data we collect from tap requests (IP, timestamp, User-Agent): none of it is stored in a cookie on your device.
Other browser-side storage
The dashboard uses browser localStorage (not cookies) to remember some per-account UI preferences:
| Storage key pattern | Purpose | Cleared when |
|---|---|---|
programmed_<client_id>_<uid> |
Tracks which devices a dashboard administrator has already copied URLs for in the Manual NFC Programming view. UI state only, never sent to our servers. | You clear browser storage; or you sign out and clear it manually. |
The programmed_* localStorage entries are scoped per client_id so that switching between clients (for users with access to multiple) doesn’t bleed state.
Categories of cookies
Industry custom (and some state privacy laws) classify cookies into categories. We use only strictly necessary cookies plus one optional opt-out preference cookie (tl_notrack, above), and our analytics is cookieless. We do not use:
- Functional cookies for non-essential preferences (we don’t have any).
- Analytics cookies (Cloudflare Web Analytics is cookieless).
- Advertising / targeting cookies: none. We do not run advertising, and we do not let advertisers track you across other websites through our site.
- Social media cookies: none. We do not embed Facebook Pixel, Twitter scripts, LinkedIn Insights tag, or similar.
Do Not Track and Global Privacy Control
Tap Links does not engage in cross-context behavioral advertising, so a Do Not Track header has no practical effect on our practices.
If you set a Global Privacy Control (GPC) signal in your browser, we treat it as an opt-out request under the CCPA/CPRA. Because we do not “sell” or “share” personal information as those terms are defined under CCPA/CPRA, there is nothing operational to opt out of, but we will note your preference if you contact us.
Your choices
You can:
- Delete or block cookies through your browser settings. Doing so will prevent you from staying signed in to the dashboard.
- Clear localStorage through your browser settings. Doing so will reset the per-device “copied” state in the Manual NFC Programming view.
- Sign out by clicking “Sign Out” in the dashboard, which expires your session token immediately.
- Opt out of first-party page-view analytics by visiting
taplinks.com/__notrack(reverse with/__track). We also honor a Global Privacy Control signal as described above.
Changes
If we change the cookies or similar technologies we use in a material way, we will update this Cookie Notice and the “Effective date” above. Material changes are also reflected in the corresponding section of our Privacy Policy.
Contact
Questions: hello@taplinks.com.