Last updated: 2026-07-08 · Operator: Light Nova Design Co., Ltd., trading as topadroi
This policy explains how Light Nova Design Co., Ltd., trading as topadroi ("topadroi") handles data. We act in two distinct roles, and your rights differ by role.
As a processor (the Service): when our customers use the topadroi SDK and Service, they decide what end-user data to collect and forward; for that data the customer is the controller and topadroi is the processor. If you are an end user of someone's app, please direct privacy requests to that app's operator; we will assist them as their processor. As a controller (our own operations): for data about our account holders and website visitors, topadroi is the controller, as described below.
Account data — name, work email, company, credentials, and billing details of customers who sign up. Account-security & activity logs — for the security and auditability of your control-panel account (app.topadroi.com), we record your sign-ins and account-changing actions (such as creating or revoking API keys, changing site or destination settings, and subscription changes), together with the originating IP address, browser/device (user-agent), approximate location, and timestamp. Website data — limited, privacy-respecting analytics from topadroi.com and any information you submit via contact forms. Support data — communications you send us.
Provide and secure accounts and the website (performance of contract / legitimate interests); billing and compliance (legal obligation / contract); product communications and improvement (legitimate interests / consent where required).
On our customers' instructions we receive event data and identifiers (app-scoped IDs; IDFA/IDFV/GAID where the customer enables them and consent exists; and any identifiers such as email/phone the customer chooses to include), and forward them to the platforms the customer configures. The event data is full-funnel — it can include the complete sequence of interactions the customer chooses to measure (for example page views, content/product views, add-to-cart, checkout, purchases/conversions, and custom events), forwarded server-side — not only the final conversion. Each customer controls, per site, which events are forwarded and to which platforms. Personal identifiers (e.g. email/phone) are minimised by SHA-256 hashing on receipt before forwarding. We provide a server-side consent control so a customer can instruct us to honour end-user consent signals (e.g. Google Consent Mode v2 / IAB TCF / CCPA "Do Not Sell"): where a signal denies a purpose, we skip the relevant platform, strip personal data, and/or apply Limited Data Use accordingly. We process this data only to provide the Service. We do not sell it. We prohibit special-category and children's data (see AUP).
We share data with cloud infrastructure providers operating the Service and, for customer-directed Service data, the platforms each customer configures. See our Sub-processors page for the categories and current providers involved.
Data may be processed in countries other than yours. Where required, we rely on appropriate safeguards (e.g. Standard Contractual Clauses).
We keep controller data while your account is active and as required by law. Account-security & activity logs are retained for up to 730 days for audit and security purposes, then automatically deleted. Service (processor) data is retained per the customer's instructions and our retention schedule, then deleted or anonymized.
We use encryption in transit, access controls, tenancy isolation, key-scoped authentication, and server-side hashing of personal identifiers. No method is 100% secure, but we maintain reasonable, appropriate safeguards.
Depending on your location (e.g. GDPR/UK GDPR, CCPA/CPRA), you may have rights to access, correct, delete, port, or object to processing, and to lodge a complaint with a supervisory authority. For controller data, contact us below; for end-user/Service data, contact the app operator (controller), whom we support as processor.
topadroi.com uses only essential cookies and privacy-respecting, cookieless analytics.
We may update this policy; material changes will be posted with a new effective date. Privacy contact: support@topadroi.com