Privacy Policy

Last updated: February 11, 2026

The short version: Tagalong collects minimal data. Kids can use the app with zero data collection. If a parent chooses to create an account, we store their email and stuffie data in the cloud so it syncs across devices. We use privacy-friendly analytics with no cookies or personal tracking. There are no ads and no social features.

1. Who We Are

Tagalong ("we", "us") is a web-based experience where children can track their stuffed animals on a real world map. It is designed to be safe, private, and fun.

2. Information We Collect

Without an account (default):

No personal information is collected
No location data or GPS coordinates
No cookies or tracking pixels
All stuffie data stays on your device in browser localStorage

With an optional parent account:

Email address — used for sign-in and optional email digests
Stuffie data — names, species, streaks, badges, and reading history are synced to the cloud so they persist across devices
Subscription status — whether you have an active Explorer subscription

Account creation is entirely optional and is intended for parents, not children. We never ask a child for any personal information.

3. Data Stored on Your Device

Tagalong uses your browser's localStorage to remember:

Custom Tagalongs your child has created (name, species, personality traits)
Token-to-Tagalong mappings (which tag is linked to which stuffie)
Which Field Notes have been read
Streak counts, badges, and notification preferences

If you have an account, this data is also synced to our cloud database (Supabase) so it can be restored on other devices. You can clear local data at any time by clearing your browser data or signing out.

4. Children's Privacy (COPPA)

Tagalong is designed with the Children's Online Privacy Protection Act (COPPA) in mind:

We do not collect personal information from children under 13
Account creation is optional and designed for parents
There are no social features, chat, messaging, or user-to-user interaction
There is no advertising
All content is pre-written and reviewed for child safety

5. Analytics

We use Plausible Analytics, a privacy-friendly, cookie-free analytics service. Plausible:

Does not use cookies
Does not collect personal data
Does not track users across sites
Is fully GDPR, CCPA, and PECR compliant
Is hosted in the EU

We use Plausible to understand aggregate usage (e.g., how many people visit the landing page, which features are used most). No individual user is identified or tracked.

6. NFC Tag Taps

When a Tagalong tag is tapped, the NFC chip opens a URL in the browser (e.g., tagalong.club/t/TGL-XXXXX). This URL contains only a random token ID — no personal data. The token is resolved locally on the device.

7. Third-Party Services

Tagalong uses the following external services:

OpenStreetMap — for map tiles (privacy policy)
Google Fonts — for typography (privacy FAQ)
Plausible Analytics — cookie-free analytics (data policy)
Supabase — cloud database for account sync (privacy policy)
Resend — for transactional emails (privacy policy)
Stripe — for payment processing (privacy policy)

We do not use Google Analytics, Facebook Pixel, or any advertising services.

8. Email Communications

If you create an account, you may receive:

A one-time welcome email when you create your account
An optional weekly digest email (opt-in only, can be turned off in Settings)

We will never sell your email address or send spam. You can unsubscribe from all emails at any time.

9. Push Notifications

You may opt in to daily push notifications to remind your child about new field notes. Push notification subscriptions are stored on our server and can be disabled at any time in Settings. No personal information beyond the browser's push endpoint URL is stored.

10. Payments

Explorer subscriptions are processed by Stripe. We do not store or see your credit card number. Stripe handles all payment data securely under their privacy policy.

11. Data Sharing

We never sell your data. We share data only with the third-party services listed above, and only as necessary to provide the Tagalong experience (e.g., sending emails via Resend, processing payments via Stripe).

12. Data Security

All data in transit is encrypted via HTTPS. Cloud data is stored in Supabase with row-level security, meaning each user can only access their own data. Push notification endpoints are validated against known browser push services.

13. Your Rights

You can:

Delete local data — clear your browser data at any time
Delete your account — email us at hello@tagalong.club and we will delete all cloud data associated with your account
Export your data — use the Export feature in Settings to download your stuffie data
Opt out of emails — toggle email digest off in Settings or click unsubscribe in any email

14. Changes to This Policy

If we update this policy, we will post the revised version here with a new "Last updated" date. Material changes will be communicated via the app or email.

15. Contact

If you have questions about this privacy policy, please contact us at: hello@tagalong.club

Built for parents, by a parent. Tagalong was designed with one rule above all: keep kids safe. Minimal data collection. No social features. No ads. No tracking of children. Just stuffies on a map.