Privacy Policy

TopLoader (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and what rights you have regarding your data when you use the TopLoader platform.

If you have questions or concerns, contact us at contact@toploader.io.

Account information: When you sign up, we collect your name, email address, and organizational details through Clerk, our authentication provider.

Business data you enter: Deal records, inventory items, customer names/contacts (as entered by you), shop settings, notes, and team member information. You are responsible for ensuring you have the right to collect and use any customer data entered into the Service.

Billing information: When you subscribe, payment processing is handled entirely by Stripe. We do not store your full card number, CVV, or other sensitive payment details on our servers. We do store Stripe customer IDs and subscription IDs to manage your account.

Usage data: Basic interaction data such as pages visited, feature usage patterns, and error logs. We use this to improve the product.

Technical data: Browser type, device type, IP address, and other standard web analytics data collected automatically when you access the Service.

Bug reports: If you submit a bug report, we collect the information you provide along with your browser's user agent string to help diagnose the issue.

We use the information we collect to:

• Provide, operate, and maintain the TopLoader platform
• Authenticate your identity and manage your account
• Process and display your business data (deals, inventory, reports)
• Process subscription payments and manage billing
• Respond to support requests and bug reports
• Send service-related communications (account notices, billing receipts, feature updates)
• Detect and prevent fraud, abuse, or security incidents
• Improve and develop the Service based on usage patterns

We do not use your data for advertising or sell it to third parties.

TopLoader relies on the following third-party services to operate. Each has its own privacy policy:

• Clerk: authentication and user management
• Supabase: database and data storage
• Vercel: hosting and infrastructure
• Stripe: payment processing and subscription billing. Stripe may collect and store your payment card information and billing details directly. Their handling of that data is governed by the Stripe Privacy Policy.
• Resend: transactional email delivery

These providers are contractually bound to use your data only as necessary to provide their services to us. We do not authorize them to sell or use your data for their own purposes.

Your data is stored in Supabase-managed databases with row-level security (RLS) enabled. Access to your shop's data is restricted to authenticated members of your organization. We use industry-standard encryption for data in transit (TLS) and at rest.

While we take security seriously, no system is completely secure. We recommend using strong passwords and notifying us immediately if you suspect unauthorized access to your account.

We retain your data for as long as your account is active or as needed to provide the Service. If your subscription is canceled or terminated, we will make your data available for export for 30 days before deletion. After that period, your data may be permanently deleted. Billing records (invoices, transaction history) may be retained longer as required by law or for financial record-keeping purposes.

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the data we hold about you
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your personal data
• Export: Request an export of your business data
• Objection: Object to certain types of data processing

California residents may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to delete personal information, and the right to opt out of the sale of personal information (we do not sell personal information).

To exercise any of these rights, contact us at contact@toploader.io.

TopLoader uses essential cookies required for authentication and session management. We do not use advertising or tracking cookies. A “demo mode” cookie is set temporarily when you access the live demo and expires after one hour. We do not use any third-party analytics or advertising cookies.

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have collected data from a minor, we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify users of material changes via email or an in-app notice at least 14 days before they take effect. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

Questions, concerns, or requests regarding this Privacy Policy should be directed to contact@toploader.io.