Sign in
Topoze Privacy Policy
Effective Date: November 10, 2025Version 1.1

Your Privacy Matters

At Topoze, we are committed to protecting your privacy and being transparent about how we collect, use, and share your information. This Privacy Policy explains our practices and your rights when using our platform.

Table of Contents

1. Information We Collect2. How We Use Your Information3. Information Sharing & Third Parties4. Data Storage & Security5. Data Retention Periods5.5 Transaction File Access Periods6. Your Privacy Rights7. International Data Transfers8. Cookies & Tracking Technologies9. Children's Privacy9.2 Guardian Consent for Minor Sellers10. Privacy Policy Updates11. Contact Information

1. Information We Collect

1.1 Account Information

When you create an account with Topoze, we collect:

  • Personal Details: Name, email address, phone number, preferred language and timezone
  • Business Information: Business name, tax ID, invoice preferences (for sellers)
  • Authentication Data: Password (encrypted), two-factor authentication settings
  • Profile Information: Profile pictures, business addresses, communication preferences

1.2 Transaction Data

We collect information necessary to facilitate service transactions:

  • Service Details: Service descriptions, pricing, delivery timelines, requirements
  • Financial Information: Transaction amounts, currencies, fee calculations, refund records
  • Order Information: Order numbers, transaction status, completion dates
  • Communication Records: Messages, email exchanges, delivery confirmations

1.3 Payment Information

Important: Payment Data Security

Topoze does not collect, process, or store payment card information. All payment card data is handled exclusively by our PCI DSS-compliant payment processor. This includes card numbers, expiration dates, and security codes.

We receive the following from our payment processor:

  • Payment confirmation status and transaction IDs
  • Exact fee amounts and processing costs
  • Dispute and chargeback information
  • Payout and settlement data for sellers

1.4 File Uploads

When you upload files to our platform, we collect:

  • File Content: Documents, images, and other files you upload
  • File Metadata: File names, sizes, types, upload timestamps
  • Purpose Classification: Whether files are for service description, delivery, or invoicing
  • Access Logs: Who accessed files and when

1.5 Email Communications

We process email data through our email service for transaction communications:

  • Email Content: Fee proposals, delivery notifications, status updates
  • Delivery Information: Email delivery status, open rates, bounce notifications

1.6 Technical Data

We automatically collect certain technical information:

  • Device Information: IP addresses, browser type, device identifiers
  • Usage Data: Pages visited, features used, session duration
  • Performance Data: Page load times, error reports, system performance
  • Security Logs: Login attempts, authentication events, security incidents

1.7 Third-Party Data

We receive limited data from our service partners:

  • Stripe Connect Data: KYC verification status, account restrictions, payout information
  • Email Analytics: Email delivery metrics, engagement statistics
  • Authentication Providers: Basic profile information from OAuth sign-ins (Google, etc.)

2. How We Use Your Information

2.1 Service Provision

We use your information to provide and improve our core services:

  • Transaction Facilitation: Processing service exchanges, coordinating payments
  • Account Management: Maintaining user accounts, authentication, profile updates
  • Communication Delivery: Sending fee proposals, delivery notifications, status updates
  • File Management: Storing, organizing, and delivering transaction-related files
  • Invoice Generation: Creating professional invoices and earnings statements

2.2 Compliance and Security

We process personal data to meet legal and security requirements:

  • Identity Verification: KYC compliance through Stripe Connect
  • Fraud Prevention: Monitoring for suspicious activity, protecting user accounts
  • Regulatory Compliance: Meeting financial services regulations, tax reporting
  • Dispute Resolution: Supporting Stripe's dispute management processes
  • Legal Obligations: Responding to court orders, regulatory investigations

2.3 Platform Improvement

We analyze aggregated and anonymized data to enhance our platform:

  • Performance Optimization: Improving page load times, reducing errors
  • Feature Development: Understanding user needs, developing new capabilities
  • User Experience: Streamlining workflows, simplifying interfaces
  • Security Enhancement: Identifying vulnerabilities, strengthening protections

2.4 Communication and Support

We use contact information for essential communications:

  • Transactional Emails: Payment confirmations, delivery notifications (required)
  • Account Notifications: Security alerts, policy updates, service changes
  • Customer Support: Responding to inquiries, troubleshooting issues
  • Legal Notices: Terms updates, compliance notifications

3. Information Sharing & Third Parties

3.1 Payment Processing Partners

We share necessary information with our payment processor for payment processing and compliance:

  • Payment Processing: Transaction amounts and limited buyer/seller information
  • Identity Verification: Information needed for account verification
  • Dispute Management: Transaction details and related communications
  • Tax Compliance: Transaction data for required calculations

Our processor's handling of this information is governed by their applicable privacy policies.

3.2 Email Service Providers

We share email communication data with our email service providers for delivery:

  • Email Content: Fee proposals, delivery notifications, system messages
  • Recipient Information: Email addresses, names for proper delivery
  • Delivery Tracking: Monitoring email delivery status and engagement
  • Template Processing: Rendering professional email templates

Our email service providers are contractually required to protect your data and use it only for email delivery services.

3.3 Service Providers

We work with trusted service providers who help us operate our platform:

  • Cloud Infrastructure: Hosting, database management, backup services
  • Analytics Services: Performance monitoring, error tracking (anonymized data)
  • Security Services: Authentication, fraud detection, security monitoring
  • Support Tools: Customer service platforms, communication tools

All service providers are contractually required to protect your data and use it only for providing services to Topoze.

3.4 Legal Requirements

We may disclose information when required by law or to protect our rights:

  • Legal Process: Court orders, subpoenas, regulatory investigations
  • Law Enforcement: Criminal investigations, fraud prevention requests
  • Safety Protection: Preventing harm to users or the public
  • Rights Defense: Protecting Topoze's legal rights and property

3.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred to the acquiring entity. We will notify you of any such transfer and any changes to data handling practices.

3.6 What We Don't Share

We Never Share:

  • Personal information for marketing purposes
  • Data with advertisers or data brokers
  • Information for profiling or behavioral targeting
  • Confidential business communications between users
  • Files or content beyond what's necessary for service operation

4. Data Storage & Security

4.1 Storage Locations

Your data is stored securely in the following systems:

  • Account & Transaction Data: Secure database with encryption at rest
  • File Storage: Encrypted cloud storage with access controls
  • Email Processing: Secure email infrastructure for reliable delivery
  • Payment Data: Stripe's PCI DSS Level 1 compliant systems (not stored by Topoze)

4.2 Security Measures

We implement multiple layers of security to protect your information:

  • Encryption: Industry-standard encryption for data in transit and at rest
  • Access Controls: Role-based access and authentication measures where appropriate
  • Network Protections: Measures designed to detect and mitigate unauthorized access
  • Security Reviews: Vulnerability management and periodic assessments
  • Employee Training: Security awareness and data handling practices

4.3 File Protection

Uploaded files are protected with specific security measures:

  • Purpose-Based Access: Files accessible only to authorized transaction participants
  • Token Authentication: Secure download links with expiration and usage limits

4.4 Backup and Recovery

Where appropriate, we may maintain backups and recovery procedures to help protect the availability and integrity of the platform. Backup practices and retention may vary over time. We do not guarantee that any particular data will be recoverable.

4.5 Incident Response

In the event of a security incident, we have procedures to assess, contain, and remediate the incident and to notify affected users as required by law.

5. Data Retention Periods

5.1 Retention Principles

We retain personal data for as long as necessary to provide the platform, comply with legal obligations, resolve disputes, and enforce our agreements. Retention periods vary by data category, applicable law, and business needs. When data is no longer needed, we delete it or take steps to de‑identify it in accordance with our policies and applicable law.

5.2 Regulatory Requirements

Our retention periods are determined by various regulatory requirements applicable to financial services platforms:

  • Legal and regulatory requirements for financial records and business documents
  • Consumer protection laws for dispute resolution and compliance

5.3 Active Data Management

We actively manage data throughout its lifecycle, including:

  • Automated or scheduled deletion where feasible
  • Data minimization and regular reviews
  • Measures intended to securely dispose of data when no longer needed
  • Policy and compliance reviews

5.4 Early Deletion Requests

While we generally follow our standard retention schedule, you may request early deletion of certain data types. However, some information must be retained for regulatory compliance, ongoing transaction obligations, or legal requirements.

5.5 Transaction File Access Periods

Files associated with transactions (proposals, deliverables, and related documents) are accessible for limited periods based on user account type:

  • Guest Buyers (No Account): Proposal files accessible until payment; delivery files accessible for 7 days after payment
  • Registered Users: Transaction files accessible for up to 12 months

After these periods, continued access is not guaranteed. Users are responsible for downloading and retaining copies of important files within the applicable access period. File metadata may be retained longer for accounting, compliance, and dispute resolution purposes.

6. Your Privacy Rights

6.1 Access Rights

You can request access to your personal data and information about how we process and share it.

6.2 Correction and Update Rights

You can request that we correct inaccurate personal data. Where account settings are available, you may update certain information directly.

6.3 Deletion Rights

You may request deletion of your personal data. We will delete or de‑identify personal data unless we must retain it to comply with law, resolve disputes, enforce agreements, or complete ongoing transactions. You may also request account closure; we will process such requests subject to these limitations.

6.4 Data Portability

Where required by law and technically feasible, you may request a copy of your personal data in a structured, commonly used, and machine‑readable format.

6.5 Communication Preferences

You can control how we communicate with you:

  • Transactional Emails: Required for platform functionality (cannot opt out)
  • Service Notifications: Account alerts, security notifications (recommended)
  • Policy Updates: Important legal and policy changes (required)
  • Marketing Communications: Currently not sent; opt-in required if introduced

6.6 Exercising Your Rights

To exercise any of these rights, please contact us through the platform's support system or using the contact information provided below. We will respond within a reasonable timeframe and may require identity verification to protect your data security.

7. International Data Transfers

7.1 US-Based Processing

Topoze is based in the United States, and your data may be processed and stored in the US or other countries where our service providers operate.

7.2 Global Service Partners

Some of our service partners operate globally:

  • Stripe: Processes payments globally with appropriate data protection safeguards
  • Email Services: Route emails through global infrastructure for reliable delivery
  • Cloud Providers: May use distributed infrastructure with data protection measures

7.3 Data Protection Safeguards

When data is transferred internationally, we take steps to ensure appropriate protections:

  • Adequacy Decisions: Transfers to countries with adequate data protection laws
  • Standard Contractual Clauses: EU-approved contract terms for data protection
  • Certification Programs: Partners certified under recognized privacy frameworks
  • Technical Safeguards: Encryption and security measures for data in transit

7.4 Regional Privacy Rights

We respect regional privacy rights regardless of where data is processed:

  • GDPR (EU/UK): Full compliance with European data protection rights
  • CCPA (California): California privacy rights honored for all US users
  • Local Laws: Compliance with applicable privacy laws in user jurisdictions

8. Cookies & Tracking Technologies

8.1 Essential Cookies

We use essential cookies that are necessary for platform functionality:

  • Authentication: Session management, login state, security tokens
  • Security: CSRF protection, rate limiting, fraud prevention
  • Functionality: User preferences, language settings, UI state
  • Performance: Load balancing, error tracking, system monitoring

8.2 Analytics Cookies

We use analytics cookies to improve platform performance:

  • Performance Monitoring: Page load times, error rates, system performance
  • Usage Analytics: Feature usage, user flows, platform optimization
  • Error Tracking: Bug detection, crash reporting, quality improvement

Analytics data is aggregated and/or de‑identified to help protect user privacy.

8.3 What We Don't Use

No Advertising or Tracking:

  • No third-party advertising cookies
  • No behavioral tracking for marketing
  • No social media tracking pixels
  • No cross-site tracking or profiling
  • No data sharing with advertisers

8.4 Cookie Control

You can control cookies through your browser settings:

  • Browser Settings: Block or delete cookies through browser preferences
  • Essential Cookies: Cannot be disabled without affecting platform functionality
  • Analytics Cookies: Can be disabled with minimal impact on user experience
  • Cookie Notice: We provide clear notice about cookie usage

9. Children's Privacy

9.1 Age Requirements

Topoze has different age requirements based on user role:

  • Sellers: Individuals aged 13-17 may use the platform with verified legal guardian consent and oversight through our payment processor's verification process.
  • Buyers: Must be at least 18 years old.

9.2 Guardian Consent for Minor Sellers

For sellers aged 13-17, our payment processor requires a legal guardian to:

  • Complete identity verification on behalf of the minor
  • Accept the payment processor's terms of service
  • Provide guardian information and consent
  • Maintain oversight of the minor's account activity

We process personal information of minors aged 13-17 only in connection with their seller accounts and with verified guardian consent obtained through our payment processor.

9.3 COPPA Compliance

We do not knowingly collect personal information from children under 13 years of age without verifiable parental consent. If we become aware that we have collected such information without proper consent, we will take steps to delete it.

9.4 Parental Rights

Parents and legal guardians of minor sellers have the right to review, request deletion of, or refuse further collection of their child's personal information. To exercise these rights, please contact us through the platform's support system.

10. Privacy Policy Updates

10.1 Change Notification

We will notify you of material changes to this Privacy Policy in advance when required. Notification may be provided via:

  • Email Notice: Sent to your registered email address
  • Platform Notice: Prominent notice on the Topoze platform
  • Version Updates: Clear version numbering and effective dates

10.2 Material vs Non-Material Changes

Material changes include new data collection practices, expanded sharing, reduced user rights, or changes to retention periods. Non-material changesinclude clarifications, legal updates, or formatting improvements.

10.3 Continued Use

Continued use of Topoze after the effective date of changes constitutes acceptance of the updated Privacy Policy. If you disagree with changes, you may close your account before the effective date.

10.4 Version History

We maintain version history with clear effective dates. Previous versions may be made available for reference. Specific disputes are governed by the policy in effect when the relevant data processing occurred.

11. Contact Information

11.1 Privacy Officer

For questions about this Privacy Policy, data protection, or privacy rights, please contact our Privacy Officer through the platform's support page at /support.

11.2 Data Protection Requests

To exercise your privacy rights (access, correction, deletion, portability), please submit a request through your account settings or contact our support team. Include your account email and specify which rights you wish to exercise.

11.3 Regulatory Compliance

For regulatory inquiries or compliance matters, please clearly mark your communication as "Privacy - Regulatory".

11.4 Security Incidents

If you believe your account has been compromised or you've discovered a security vulnerability, please contact us immediately through our security reporting process or mark your communication as "Security - Urgent."

Effective Date: November 10, 2025

Version: 1.1

Related Documents:

Terms of Service