Privacy & Cookie Policy
Effective Date: July 2025
1. Introduction
Topaz Media ("we", "us", "our") is committed to protecting your privacy. Data is managed in accordance with the UK Data Protection Act 2018 and the EU General Data Protection Regulation (GDPR). This policy explains how we collect, use, and protect your personal data.
Topaz Media is operated by the founding team and is in the process of international registration. For now, data is processed by the service operators under the laws of England and Wales.
2. Data Controller
For the purposes of UK and EU data protection law, the data controller is:
Topaz Media
Contact: contact@topaz.media
3. Information We Collect
- Account data: Email address, name, and authentication credentials (e.g., Google ID or hashed password).
- Usage data: Analytics about how you interact with the platform, content preferences, device type, browser, and operating system.
- Payment data: If you subscribe to a paid plan, payment is processed by a third-party payment processor. We do not store full payment card details.
4. Legal Basis for Processing (GDPR)
If you are in the European Economic Area (EEA) or the UK, we process your data under the following legal bases:
- Contract performance (Article 6(1)(b)): To provide the Service, manage your account, and process payments.
- Legitimate interests (Article 6(1)(f)): To analyze usage, improve the Service, and ensure security.
- Consent (Article 6(1)(a)): For non-essential cookies and marketing communications, where required.
5. Cookies and Tracking
We use cookies and similar technologies for essential functionality and analytics:
- Essential cookies: Required for the Service to function (session management, authentication).
- Analytics cookies: We use Google Analytics to understand how visitors use the site. These services may set cookies. Data collected is anonymized or aggregated where possible.
You can disable cookies through your browser settings. Blocking essential cookies may affect Service functionality.
Cookie list:
| Cookie | Purpose | Type | Duration |
|---|---|---|---|
| PHPSESSID / session | Session management | Essential | Session |
| _ga, _gid | Google Analytics | Analytics | Up to 2 years |
6. Third-Party Services
We use the following third-party services that may process your data:
- Google Analytics — usage analytics (privacy policy: policies.google.com/privacy)
- Segment — analytics and data routing (privacy policy: segment.com/legal/privacy)
- Chatbase — AI chatbot (conversation data)
- Google Sign-In / OAuth — authentication
- Stripe or other payment processors — payment processing
We do not sell, rent, or share personal data with third parties for their own marketing purposes.
7. Data Storage and Security
Data is stored on secure servers. We implement reasonable technical and organizational measures to protect your data, including encryption in transit (TLS) and at rest where appropriate.
No method of transmission or storage is 100% secure. We cannot guarantee absolute security.
8. Data Retention
We retain your personal data for as long as your account is active or as needed to provide the Service. After account deletion, we retain minimal data as required by law (e.g., tax records for 6 years).
9. Your Rights
Under UK and EU data protection law, you have the right to:
- Access: Request a copy of the data we hold about you.
- Rectification: Correct inaccurate or incomplete data.
- Erasure: Request deletion of your data ("right to be forgotten").
- Restriction: Limit how we process your data.
- Portability: Receive your data in a structured, machine-readable format.
- Objection: Object to processing based on legitimate interests or direct marketing.
To exercise these rights, contact us at contact@topaz.media. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority (e.g., the UK ICO or your national DPA).
10. International Transfers
Your data may be processed on servers located in the United Kingdom and the European Economic Area. If data is transferred to third countries, we ensure appropriate safeguards (e.g., UK International Data Transfer Agreement or EU Standard Contractual Clauses).
11. Children's Privacy
The Service is not intended for children under 18. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us to have it removed.
12. Changes to This Policy
We may update this policy at any time. Material changes will be notified to registered users via email or platform notice. Continued use after changes constitutes acceptance.