LegalHome

Privacy Policy

Last updated: 2026-07-08 · Operator: Light Nova Design Co., Ltd., trading as topadroi

This policy explains how Light Nova Design Co., Ltd., trading as topadroi ("topadroi") handles data. We act in two distinct roles, and your rights differ by role.

1. Our two roles

As a processor (the Service): when our customers use the topadroi SDK and Service, they decide what end-user data to collect and forward; for that data the customer is the controller and topadroi is the processor. If you are an end user of someone's app, please direct privacy requests to that app's operator; we will assist them as their processor. As a controller (our own operations): for data about our account holders and website visitors, topadroi is the controller, as described below.

2. Data we process as a controller

Account data — name, work email, company, credentials, and billing details of customers who sign up. Account-security & activity logs — for the security and auditability of your control-panel account (app.topadroi.com), we record your sign-ins and account-changing actions (such as creating or revoking API keys, changing site or destination settings, and subscription changes), together with the originating IP address, browser/device (user-agent), approximate location, and timestamp. Website data — limited, privacy-respecting analytics from topadroi.com and any information you submit via contact forms. Support data — communications you send us.

3. Purposes & legal bases (controller data)

Provide and secure accounts and the website (performance of contract / legitimate interests); billing and compliance (legal obligation / contract); product communications and improvement (legitimate interests / consent where required).

4. Data we process as a processor (the Service)

On our customers' instructions we receive event data and identifiers (app-scoped IDs; IDFA/IDFV/GAID where the customer enables them and consent exists; and any identifiers such as email/phone the customer chooses to include), and forward them to the platforms the customer configures. The event data is full-funnel — it can include the complete sequence of interactions the customer chooses to measure (for example page views, content/product views, add-to-cart, checkout, purchases/conversions, and custom events), forwarded server-side — not only the final conversion. Each customer controls, per site, which events are forwarded and to which platforms. Personal identifiers (e.g. email/phone) are minimised by SHA-256 hashing on receipt before forwarding. We provide a server-side consent control so a customer can instruct us to honour end-user consent signals (e.g. Google Consent Mode v2 / IAB TCF / CCPA "Do Not Sell"): where a signal denies a purpose, we skip the relevant platform, strip personal data, and/or apply Limited Data Use accordingly. We process this data only to provide the Service. We do not sell it. We prohibit special-category and children's data (see AUP).

5. Recipients & sub-processors

We share data with cloud infrastructure providers operating the Service and, for customer-directed Service data, the platforms each customer configures. See our Sub-processors page for the categories and current providers involved.

6. International transfers

Data may be processed in countries other than yours. Where required, we rely on appropriate safeguards (e.g. Standard Contractual Clauses).

7. Retention

We keep controller data while your account is active and as required by law. Account-security & activity logs are retained for up to 730 days for audit and security purposes, then automatically deleted. Service (processor) data is retained per the customer's instructions and our retention schedule, then deleted or anonymized.

8. Security

We use encryption in transit, access controls, tenancy isolation, key-scoped authentication, and server-side hashing of personal identifiers. No method is 100% secure, but we maintain reasonable, appropriate safeguards.

9. Your rights

Depending on your location (e.g. GDPR/UK GDPR, CCPA/CPRA), you may have rights to access, correct, delete, port, or object to processing, and to lodge a complaint with a supervisory authority. For controller data, contact us below; for end-user/Service data, contact the app operator (controller), whom we support as processor.

10. Cookies & website analytics

topadroi.com uses only essential cookies and privacy-respecting, cookieless analytics.

11. Changes & contact

We may update this policy; material changes will be posted with a new effective date. Privacy contact: support@topadroi.com