Home

Tagtool Privacy Policy

Here you can find important information regarding your privacy when using Tagtool.

Introduction

Tagtool is a collaborative live-drawing and animation application made by Office for Media and Arts International GmbH ("OMAi", "we", "us"), a company registered in Vienna, Austria. We are the data controller for the personal data processed through Tagtool under the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR").

This document describes what data the Tagtool app processes, why, and what choices you have. It is written to be readable by parents, school IT staff, and procurement teams as well as by lawyers — where the GDPR requires a particular phrase we use it, otherwise we use plain English.

If you have questions about this policy or about how your data is handled, contact us:

  • Email: office@omai.at
  • Postal address: Office for Media and Arts International GmbH, Reindorfgasse 28/1, 1150 Vienna, Austria
  • Phone: +43 699 118 99 120
  • Company register: FN 296342y (Handelsgericht Wien)
  • Court of jurisdiction: Vienna, Austria

Scope

This policy covers the Tagtool app as distributed through the Apple App Store, Apple School Manager / Volume Purchase Program (VPP), Apple's macOS Developer ID distribution, and direct Windows downloads. The same data-handling practices apply to every distribution channel and to the school-edition variant ("Tagtool SE"), which differs from the consumer app only in branding and in which features are unlocked by default.

Data we don't collect

Most importantly: Tagtool doesn't perform background data collection.

Specifically, in normal use the Tagtool apps do not:

  • Collect or transmit advertising identifiers (IDFA, GAID)
  • Collect or transmit the iOS Identifier for Vendors (IDFV) or other device-unique identifiers
  • Collect your device name (e.g. "Sarah's iPad")
  • Run analytics or telemetry of any kind
  • Send crash reports, performance metrics, or diagnostic data
  • Send a "phone-home" or connectivity beacon at launch or any other time
  • Show advertisements
  • Track you across other apps or websites
  • Use cookies, web beacons, or similar tracking technologies — the apps are not web apps and have no embedded browser views
  • Integrate with social-media platforms (no Facebook SDK, no Twitter / X SDK, no TikTok SDK, no Google sign-in)

The Tagtool apps have no user accounts, no login, no registration. You do not provide us with an email address, a name, or any other identifier to use Tagtool.

Information stored locally on your device

Tagtool stores a small amount of data locally on your device, in the standard application data area provided by iOS, macOS, or Windows. This data stays on your device and is not transmitted off-device by default. It includes:

  • Your settings — canvas resolution, brush preferences, UI mode (left-handed / right-handed), language, your display name for multiplayer, and similar preferences. The default display name on first launch is an anonymous handle Tagtool generates locally; you can change it at any time in the app's network settings.
  • Your decks and drawings — the artwork you create with Tagtool, organised into "decks", is stored as ordinary files in the app's documents directory. On iOS this is the app's sandboxed documents container.

On iOS we declare the use of this local-storage mechanism (UserDefaults / PlayerPrefs) in the Apple Privacy Manifest under category NSPrivacyAccessedAPICategoryUserDefaults with reason code CA92.1 ("Access info from same app, per documentation"). This is the standard declaration for an app that stores its own user preferences locally.

If you uninstall the Tagtool app, or use your operating system's "Clear app data" function (on iOS: Settings → Tagtool → option to delete the app), all of this local data is removed.

Network features you can use

The following features cause data to leave your device. None of them runs unless you explicitly invoke it. The app does not depend on always-on network connectivity.

LAN multiplayer

When you start or join a multiplayer session over your local network, Tagtool exchanges drawing commands, layer transforms, and your chosen nickname directly with the other participants on your network. This uses standard local-network protocols (UDP broadcast for discovery, TCP for data) and never traverses the public internet. On iOS, the first time you start LAN multiplayer, iOS will prompt you for permission to access the local network.

Online multiplayer via Photon Cloud

When you start or join a multiplayer session over the internet, Tagtool uses Photon Cloud, a real-time multiplayer service operated by Exit Games GmbH (Germany). Photon relays your drawing commands, layer transforms, and chosen nickname between you and the other session participants. Photon does not see the contents of your drawings as files; it sees the time-ordered stream of commands that produce them. The data is transient: Photon does not store session data after the session ends.

Photon dynamically chooses the relay server closest to each participant for lowest latency.

Photon's processing of personal data on our behalf is governed by the standard Photon Cloud Data Processing Agreement.

Large-payload transfer via Cloudflare R2

Some session data — for example, a full scene snapshot sent when a new participant joins an in-progress session, or an imported image you share with the room — is too large to relay efficiently through Photon. In that case Tagtool uploads the payload (compressed) to a Cloudflare Worker , which stores it in a Cloudflare R2 object-storage bucket. The other session participants then download the same payload from Cloudflare.

Each upload is addressed by the SHA-256 hash of its compressed content, which means identical content uploaded by different users at different times is stored as a single object. Cloudflare R2 automatically deletes every object after 72 hours via a bucket lifecycle rule. This is the maximum retention.

The Cloudflare Worker is operated by Cloudflare, Inc. (United States), with global edge presence.

Importing from your photo library or camera

If you tap the import-image button inside Tagtool, the app will ask your operating system for access to your photo library or camera. iOS, macOS, and Windows each show their native permission dialog the first time. The image you choose is read into the app and becomes part of your drawing — it is never uploaded to OMAi, and is only sent to other multiplayer participants if you are in a multiplayer session and they need a copy of your scene (in which case it travels through Photon and/or Cloudflare R2 as described above).

Microphone (during video recording)

If you choose to record a video of your performance with audio, Tagtool will ask your operating system for microphone access. The audio is recorded into a video file saved locally on your device. We do not transmit microphone audio to any server. iOS and macOS each show their native permission dialog the first time.

In-app purchases

Tagtool offers an optional Pro upgrade as an in-app purchase. The purchase flow is handled entirely by Apple StoreKit (on iOS and macOS). OMAi does not see or store your payment details; we receive only a transaction receipt that StoreKit validates. Apple's privacy policy applies to the purchase flow.

Sub-processors

The following third parties process personal data on our behalf when you use the corresponding feature. We do not currently use any other processors of personal data.

Exit Games GmbH (Germany)

  • Service: Photon Cloud
  • Role: Real-time multiplayer relay
  • Data processed: Nickname; transient drawing-command stream; IP address
  • Location: Photon data centre regions; selected dynamically per session

Cloudflare, Inc. (United States)

  • Service: Cloudflare Workers + R2
  • Role: Large-payload transfer between session participants
  • Data processed: Compressed scene/image blobs (SHA-256 addressed); IP address of uploader/downloader
  • Location: Cloudflare global R2 storage; 72-hour retention

Apple Inc. (United States)

  • Service: App Store, StoreKit, Apple School Manager
  • Role: App distribution and in-app purchases
  • Data processed: Transaction receipts and whatever Apple's distribution services require
  • Location: Apple infrastructure globally

International data transfers

Because Tagtool's sub-processors include entities outside the European Economic Area, some processing involves international transfers of personal data under GDPR Chapter V:

  • Cloudflare, Inc. is a US-incorporated company. Transfers to Cloudflare are governed by the European Commission's Standard Contractual Clauses (Module Two — controller to processor) incorporated into Cloudflare's Data Processing Addendum, together with supplementary technical measures (TLS in transit, encryption at rest in R2).
  • Apple Inc. is a US-incorporated company. Transfers to Apple are governed by Apple's published Data Processing Addendum and rely on the EU–US Data Privacy Framework adequacy decision (Commission Implementing Decision (EU) 2023/1795) where applicable, with Standard Contractual Clauses as a fallback.
  • Exit Games GmbH is established in the EU, but Photon Cloud operates data centres globally. Tagtool routes each session to the data centre geographically closest to the participants, so sessions involving non-EEA participants are processed outside the EEA. Where processing occurs in a third country, Photon's standard Data Processing Agreement and the European Commission's Standard Contractual Clauses (Module Two — controller to processor) govern the transfer.

We do not transfer personal data to any other country outside the EEA in the course of operating the Tagtool apps.

Data retention

  • Local data on your device: stored until you uninstall the app or clear its data. We have no way to access or delete this remotely.
  • Photon Cloud session data: held in memory by the Photon relay only for the duration of the session; not persisted server-side. When the session ends, the data is gone.
  • Cloudflare R2 payloads: automatically deleted by an R2 lifecycle rule 72 hours after upload. Identical payloads (same SHA-256 hash) uploaded again before the 72-hour window expires reset their retention clock from the most recent upload.

OMAi does not maintain a server-side database of Tagtool users. We have no user accounts to delete because there are no user accounts to begin with.

Your rights

If you are in the European Economic Area, the United Kingdom, or another jurisdiction with comparable rights, you have the right to:

  • Access (GDPR Art. 15) the personal data we hold about you
  • Rectify (Art. 16) inaccurate data
  • Erase (Art. 17) your data
  • Restrict (Art. 18) processing
  • Object (Art. 21) to processing
  • Portability (Art. 20) of data you provided to us
  • Withdraw consent (Art. 7(3)) where processing relies on your consent

In practice, the lightweight nature of Tagtool's data handling means most of these rights are exercised directly by you:

  • To delete all data Tagtool holds about you: uninstall the app, or use your operating system's app-data-clearing feature. There is no server-side identity record at OMAi to delete in addition.
  • To stop multiplayer transmission of your data: stop or leave the multiplayer session. Photon and Cloudflare R2 hold session data only transiently (Photon: until the session ends; Cloudflare: at most 72 hours).

For requests we cannot fulfil through the in-app controls — for example, requests relating to data held by our sub-processors during an active session — please contact us at office@omai.at and we will respond within one month, as required by the GDPR. You also have the right to lodge a complaint with your local data-protection supervisory authority; in Austria this is the Datenschutzbehörde (https://www.dsb.gv.at).

Children's privacy

Tagtool is suitable for use by children, including in classroom settings. We take child privacy seriously and have designed Tagtool's data practices accordingly:

  • No first-party data collection. Because OMAi collects no identifying data about any user — child or adult — there is no children-specific data to govern. The default display name is generated anonymously by the app, so children do not need to enter, and the app does not store, a real name.
  • No advertising, no profiling, no behavioural tracking.
  • No social-media integrations.
  • No third-party SDKs that collect data autonomously. The only SDKs in the app are the Apple in-app-purchase SDK (StoreKit, invoked only on user action), the Photon networking SDK (invoked only when starting or joining online multiplayer), and audio/video and image-import plugins that operate locally on the device.

For schools deploying Tagtool via Apple School Manager / VPP (the SE variant is the typical school deployment), the standard MDM/VPP arrangement applies: the school acts as the data controller for the deployment context (which student uses which device, classroom assignments, etc.), and OMAi remains the controller for the in-app data flows described in this policy. This is the same controller arrangement that applies to any commercial app deployed via MDM/VPP.

For consumer use by children at home, the GDPR Art. 8 framework on parental consent for information-society services does not apply in practice here, because the in-app data flows OMAi controls do not depend on consent — they involve no first-party identifying-data collection. Where iOS, macOS, or Windows requires consent for a system-level capability (photo library, camera, microphone, local network), the operating system surfaces its own consent dialog at the point of use; the child or parent answers that dialog. We do not knowingly collect personal information from children under 13 (US COPPA) or under 16 (the GDPR member-state baseline) because we do not knowingly collect personal information from anyone.

If you are a parent or guardian and have concerns about how your child has used Tagtool, please contact us and we will help.

Security

  • All network traffic from Tagtool — to Photon Cloud, to Cloudflare R2, to Apple's services, and to the OMAi-operated worker — uses TLS (HTTPS / encrypted WebSocket / encrypted UDP) for transport encryption.
  • LAN multiplayer traffic on your local network is not encrypted by Tagtool itself; it is your local network's security posture that protects it. (LAN multiplayer is intended for trusted environments such as a classroom.)
  • Cloudflare R2 encrypts objects at rest.
  • We do not store account credentials for Tagtool because the app does not have user accounts.

No system can be made absolutely secure. If you believe you have discovered a vulnerability in Tagtool, please report it to us at office@omai.at.

Changes to this policy

We may update this policy from time to time — for example, to reflect a new sub-processor, a change in our retention practices, or clarifications requested by regulators. The current version is always available at the canonical URL above.

The in-app "Privacy Policy" link in Tagtool's Help menu always points at the canonical URL, so opening it from the app always shows the latest version with its effective date at the top.

Material changes (changes that affect the categories of data processed, or our sub-processors, or your rights) will be highlighted on the canonical URL for at least 30 days after they take effect.

Contact

  • Email: office@omai.at
  • Postal address: Office for Media and Arts International GmbH, Reindorfgasse 28/1, 1150 Vienna, Austria
  • Phone: +43 699 118 99 120
  • Company register: FN 296342y (Handelsgericht Wien)
  • VAT ID: ATU63579309
  • Data-protection supervisory authority: Austrian Datenschutzbehörde, https://www.dsb.gv.at

OMAi has not appointed a Data Protection Officer because the GDPR's mandatory-DPO criteria (Art. 37) do not apply — our processing is not large-scale, not systematic, and does not involve special-category data. You may direct any data-protection enquiry to the email above.

By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
PreferencesDenyAccept