Privacy Policy

This Privacy Policy applies to all products, applications, websites, and services offered by Taggun Limited, a company incorporated in New Zealand (Company number 6268047).

Taggun provides APIs and SaaS services that extract and process data from receipts, invoices, and similar business documents. We take privacy, security, and compliance seriously, and this policy explains how we handle your information.

1. Who We Are

Taggun Limited (“Taggun”, “we”, “us”) is headquartered in Auckland, New Zealand. We design our services with security and privacy built in from day one, complying with the New Zealand Privacy Act 2020, and aligning with international standards including the GDPR (EU/UK).

2. Sharing Data

• We never sell your data.
  
  
• Taggun uses only automated, machine-based processing. No humans extract your receipt or invoice data.
  
  
• We only share information with trusted service providers (e.g. hosting, storage, payments) as necessary to provide the Service, and under strict confidentiality agreements.
  
  
• We may disclose information if required by law or in connection with a business transaction (merger or sale).
  
  

3. Storing Data

Do we store your receipts?

By default, uploaded documents and extracted data may be temporarily stored to ensure reliable processing and to support debugging. They are not used for any other purpose.

How long do we keep data?

• Retention is limited to what is necessary for the Service.
  
  
• Taggun applies a 3-year maximum retention policy. After this period, data is automatically deleted by a scheduled process .
  
  
• You may also request deletion at any time (“right to be forgotten”).
  
  

Opt-out storage option

Customers can opt out of storage by setting the incognito parameter in API calls. In this mode, receipts and extracted data are never stored on Taggun systems .

4. How We Use Your Data

We use your data only to provide and improve the Service. This includes:

• Extracting information from documents you submit via the API;
  
  
• Running analytics to improve accuracy and reliability of extraction;
  
  
• Securing the Service, preventing misuse, and troubleshooting errors;
  
  
• Communicating with you about your account, usage, or updates;
  
  
• Processing billing and payments.
  
  

We do not use your data to build unrelated products or for advertising purposes.

5. Security and Infrastructure

We apply industry-standard technical and organisational safeguards, including:

• Encryption in transit and at rest (TLS/SSL, AES-256) ;
  
  
• Firewall policies limiting inbound and outbound access ;
  
  
• Separation of production and development environments ;
  
  
• Monitoring and patching of servers and dependencies to address vulnerabilities ;
  
  
• Right to be forgotten and verified deletion workflows for customers .

‍

Trust Centre

For detailed information about our security practices, compliance certifications, and infrastructure, you can request access through our Trust Centre at https://trust.taggun.io/.

6. Deleting Data

• Account deletion: You can request permanent deletion of your account and associated data by contacting support@taggun.io.
  
  
• Document deletion: You may delete documents and extracted data via API or request deletion directly.
  
  
• Right to be forgotten: We honour verified deletion requests in line with NZ Privacy Act 2020 and GDPR obligations.
  
  

7. Payment Information

Taggun does not directly process or store payment card details. We use PCI-compliant third-party payment providers (such as Stripe) for all transactions. When you enter payment details, they go directly to the provider; Taggun only receives a secure payment token.

8. Cookies, Analytics and Website Data

• Cookies: We use session and functional cookies, and analytics cookies to understand website usage. You can disable cookies in your browser, but some features may not work.
  
  
• Analytics: We use standard analytics tools (e.g., Google Analytics) to improve our website and services.
  
  
• Contact forms: If you contact us, we collect your name, email, and message to respond.
  
  

9. International Data Transfers

Data may be processed and stored in New Zealand, Australia, France, and the United States. Where information is transferred internationally, we ensure comparable privacy protections, including GDPR-standard safeguards.

10. Your Rights

Depending on your location, you may have rights under the NZ Privacy Act, GDPR, including to:

• Access or correct your personal information;
  
  
• Request deletion (“right to be forgotten”);
  
  
• Restrict or object to processing;
  
  
• Request data portability (GDPR);
  
  
• Opt out of marketing communications.
  
  

To exercise your rights, contact us at hello+privacy@taggun.io.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be posted on our website with a revised “Last Updated” date. Material changes may also be communicated via email or in-product notice.

12. Contact Us

For questions or requests related to privacy, contact:

Email: hello+privacy@taggun.io

Address: Taggun Limited, Level 17/15 Customs Street West, Auckland Central, Auckland 1010

‍