Privacy Policy
Effective Date: March 27, 2026 · Last Updated: March 27, 2026
Top Performer AI, Inc. ("Company," "we," "us," or "our") is committed to protecting the privacy and security of information collected from users of the Top Performer AI platform ("Platform"). This Privacy Policy describes how we collect, use, disclose, retain, and protect your information when you access or use our Platform at topperformer.ai.
This Privacy Policy applies to all users of the Platform, including individual subscribers, enterprise account holders, and authorized users under enterprise agreements.
1. Information We Collect
1.1 Information You Provide Directly
- Account Information: Name, email address, job title, company name, and department when you register for an account
- Billing Information: Payment card details, billing address, and tax identification numbers, processed and stored by our payment processor Stripe, Inc.
- Communications: Information you provide when contacting our support team, submitting feedback, or participating in surveys
- Chat and Query Data:Questions, search queries, and prompts you submit to the Platform's AI-powered chat and research interfaces
- Custom Configuration: Preferences, alert settings, bank watchlists, and dashboard configurations
1.2 Information Collected Automatically
- Usage Data: Pages viewed, features used, reports accessed, search queries, time spent on pages, and interaction patterns
- Device and Browser Information: IP address, browser type and version, operating system, device type, screen resolution, and language preferences
- Log Data: Server logs including access times, pages viewed, referring URLs, and system activity
- Cookies and Similar Technologies: See Section 7 for details on our cookie practices
1.3 Information from Third Parties
- Authentication Providers: If you sign in via single sign-on (SSO) or social authentication, we receive basic profile information from the identity provider
- Enterprise Administrators: Your employer or enterprise administrator may provide your name and email address when provisioning your account
2. How We Use Your Information
We use the information we collect for the following purposes:
- Service Delivery: To provide, maintain, and improve the Platform, including generating personalized competitive intelligence reports and AI-powered analysis
- Account Management: To create and manage your account, process payments, and communicate with you about your subscription
- Platform Improvement: To analyze usage patterns, diagnose technical issues, and develop new features and functionality
- AI Model Improvement: To improve the quality, accuracy, and relevance of our analytical outputs. Your queries may be used in aggregate, de-identified form to improve our models. Identifiable query data is NOT used for model training without your explicit consent
- Security: To detect, prevent, and respond to fraud, unauthorized access, and other security threats
- Communications: To send service-related notices, updates, security alerts, and support messages
- Legal Compliance: To comply with applicable laws, regulations, legal processes, and governmental requests
3. How We Share Your Information
We do not sell your personal information. We may share your information with the following categories of third parties:
3.1 Service Providers
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase, Inc. | Authentication, database hosting | Account data, usage data, chat history |
| Stripe, Inc. | Payment processing | Billing information, transaction data |
| Vercel, Inc. | Platform hosting and delivery | IP addresses, request data |
| Analytics Providers | Usage analytics and performance monitoring | Anonymized usage data, device information |
| AI Service Providers | AI model inference | De-identified query data for processing |
3.2 Legal Requirements
We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
3.3 Business Transfers
In connection with any merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on the Platform before your information is transferred and becomes subject to a different privacy policy.
4. Data Retention
- Account Data: Retained for the duration of your account and for thirty (30) days following account closure, after which it is deleted or de-identified
- Chat and Query History: Retained for twelve (12) months from the date of submission, after which it is automatically deleted or anonymized
- Usage Analytics: Retained in aggregated, de-identified form indefinitely for product improvement purposes
- Billing Records: Retained for seven (7) years as required by applicable tax and accounting regulations
- Server Logs: Retained for ninety (90) days for security and debugging purposes
5. Data Security
We implement industry-standard technical and organizational measures to protect your information, including:
- Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
- Role-based access controls and the principle of least privilege for internal access
- Regular security assessments and vulnerability testing
- SOC 2 Type II compliant infrastructure providers (Supabase, Vercel, Stripe)
- Incident response procedures and breach notification protocols
While we strive to protect your information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your information.
6. Your Rights and Choices
6.1 California Residents (CCPA/CPRA)
If you are a California resident, you have the right to:
- Know: Request disclosure of the categories and specific pieces of personal information we have collected about you
- Delete: Request deletion of personal information we have collected, subject to certain exceptions
- Correct: Request correction of inaccurate personal information
- Opt-Out of Sale/Sharing: We do not sell or share your personal information as defined under the CCPA/CPRA
- Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights
6.2 European Economic Area and UK Residents (GDPR/UK GDPR)
If you are located in the EEA or UK, you have the following rights under the General Data Protection Regulation:
- Access: Request a copy of the personal data we hold about you
- Rectification: Request correction of inaccurate personal data
- Erasure: Request deletion of your personal data in certain circumstances
- Restriction: Request restriction of processing of your personal data
- Portability: Request a machine-readable copy of your personal data
- Object: Object to processing of your personal data based on legitimate interests
- Withdraw Consent: Where processing is based on consent, withdraw your consent at any time
Our legal bases for processing personal data include: performance of a contract, legitimate interests (improving our Platform and ensuring security), compliance with legal obligations, and consent where applicable.
6.3 Exercising Your Rights
To exercise any of the above rights, contact us at privacy@topperformer.ai. We will respond to verified requests within thirty (30) days (or as required by applicable law). We may need to verify your identity before processing your request.
7. Cookies and Tracking Technologies
We use the following types of cookies and similar technologies:
- Strictly Necessary Cookies: Required for Platform functionality, including authentication, session management, and security. These cannot be disabled.
- Analytics Cookies: Help us understand how users interact with the Platform, which pages are most visited, and how the Platform performs. These can be disabled.
- Preference Cookies: Remember your settings, configurations, and display preferences. These can be disabled.
We do NOT use advertising or marketing cookies. We do NOT engage in cross-site tracking or behavioral advertising.
You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect Platform functionality.
8. International Data Transfers
Your information may be transferred to, stored, and processed in the United States or other countries where our service providers maintain facilities. When we transfer personal data from the EEA, UK, or Switzerland, we rely on appropriate transfer mechanisms including Standard Contractual Clauses approved by the European Commission.
9. Children's Privacy
The Platform is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 18, we will promptly delete that information.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email to the address associated with your account at least thirty (30) days prior to the effective date. Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.
Contact Information
For privacy-related inquiries:
Top Performer AI, Inc.
Email: privacy@topperformer.ai
General: legal@topperformer.ai
Web: topperformer.ai