Privacy Policy

Last Updated: March 2026

TopSystems (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use TopSystems.io (the “Service”).

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and password. We store your password in hashed form and never have access to your plain-text password.

Payment Data

Payments are processed securely through Stripe and PayPal. We do not store your credit card numbers, bank account details, or other sensitive payment information on our servers. Our payment processors handle all financial data in accordance with PCI DSS standards.

Usage Data

We automatically collect information about how you interact with the Service, including pages visited, products accessed, browser type, device information, IP address, and referring URLs.

Cookies

We use cookies and similar tracking technologies to maintain your session, remember your preferences, and improve the Service. See Section 5 for more details.

2. How We Use Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Process your subscription payments and manage your account
• Send transactional emails (purchase confirmations, password resets, subscription renewal notices)
• Send occasional product updates, new template announcements, and feature releases (you may opt out at any time)
• Analyze usage patterns to improve our products and Service
• Detect, prevent, and address fraud or technical issues
• Comply with legal obligations

3. Information Sharing

We do not sell, rent, or trade your personal information to third parties. We share your information only in the following limited circumstances:

• Payment Processors: We share necessary transaction details with Stripe and PayPal to process your subscription payments.
• Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

4. Data Security

We implement industry-standard security measures to protect your personal information, including:

• Encrypted data transmission via HTTPS/TLS
• Hashed and salted password storage
• Secure, access-controlled infrastructure
• Regular security reviews and updates

While we take reasonable steps to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

5. Cookies and Tracking

We use the following types of cookies:

• Essential Cookies: Required for the Service to function (authentication, session management). These cannot be disabled.
• Analytics Cookies: Help us understand how visitors interact with the Service so we can improve the experience. You may opt out of analytics cookies through your browser settings.

We do not use advertising or third-party tracking cookies.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request that we correct inaccurate or incomplete data.
• Deletion: Request that we delete your personal data (subject to legal retention requirements).
• Data Portability: Request your data in a structured, commonly used, machine-readable format.
• Opt-Out: Unsubscribe from marketing communications at any time via the unsubscribe link in our emails.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

7. Children's Privacy

The Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at [email protected].

8. International Users

The Service is operated from the United States. If you access the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Service, you consent to the transfer of your information to the United States.

If you are located in the European Economic Area (EEA) or the United Kingdom, we will process your data in compliance with applicable data protection regulations, including the GDPR.

9. Your Rights Under GDPR

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR):

• Right to Access: You have the right to request a copy of all personal data we hold about you. You can do this from your account settings or by contacting us.
• Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
• Right to Erasure (“Right to be Forgotten”): You have the right to request that we delete your personal data. You can initiate account deletion from your account settings.
• Right to Restrict Processing: You have the right to request that we restrict how we process your personal data in certain circumstances.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format (JSON). You can export your data from your account settings.
• Right to Object: You have the right to object to our processing of your personal data for direct marketing or where we rely on legitimate interests.

To exercise any of these rights, use the controls in your account settings or contact us at [email protected]. We will respond within 30 days of receiving your request.

10. Data Controller

The data controller for your personal information is:

TopSystems
Email: [email protected]
Website: topsystems.io

If you are unsatisfied with our response to a data protection request, you have the right to lodge a complaint with a supervisory authority in your country of residence.

11. Cookie Policy

We use cookies and similar technologies to operate our Service. Below is a detailed overview of the cookies we use:

• Essential Cookies:
  • ts_token — Authentication token. Stores your login session. Expires after 30 days.
  • ts_cookie_consent — Records your cookie consent choice. Stored in localStorage.
• Analytics Cookies (optional): When enabled, we may use Google Analytics or similar services to collect anonymized usage data such as pages visited, time on site, and referral sources. You can opt out via the cookie consent banner or your browser settings.

You can manage your cookie preferences at any time by clearing your browser's localStorage and revisiting the site to see the consent banner again.

12. Data Retention

We retain your personal data for the following periods:

• Account data: For as long as your account is active, plus 30 days after account deletion to allow for account recovery.
• Payment records: For 7 years after the transaction date, as required by applicable tax and financial regulations.
• Usage/analytics data: Anonymized and aggregated data may be retained indefinitely for analytical purposes. Individual session data is deleted after 26 months.
• Contact form submissions: Retained for up to 2 years unless deleted earlier.

When you request account deletion, we anonymize your personal information (name, email, phone) immediately. Financial records are retained as required by law but are no longer linked to your identity.

13. International Transfers

Your personal data may be transferred to and processed in the United States, where our servers are located. For transfers from the EEA or UK to the US, we rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Your explicit consent, where applicable, when you create an account and agree to our terms
• The necessity of the transfer for the performance of our contract with you (i.e., providing the Service)

Our payment processors (Stripe and PayPal) independently comply with international data transfer requirements and maintain their own data protection certifications.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered users or through a prominent notice on the Service. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

15. Contact

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at [email protected].