TopRock

Privacy Notice

Last updated: June 23, 2026

This Privacy Notice explains how Daniel Khalil ("we", "us", "our"), the operator of TopRock (the "Service"), collects, uses, shares, and protects your personal data. We act as the data controller for personal data you provide directly to us, and for personal data you upload about your own customers (where you instruct us as your processor, you remain the controller of that data).

1. Personal data we collect

  • Account data: name, business name, email address, password (hashed), authentication identifiers.
  • Configuration data: Google Place URL, message templates, settings.
  • Customer list data you upload: names, contact details, and review-request status for your customers.
  • Support communications: messages and feedback you submit through the Service.
  • Usage and device data: IP address, browser type, pages visited, timestamps, and similar telemetry.
  • Billing data: handled by Paddle as Merchant of Record; we receive only limited information such as the email used at checkout, plan, and billing status.

2. Why we use your data

  • To create and operate your account and deliver the Service (legal basis: performance of a contract).
  • To send service-related communications, including review-request emails to your customers as instructed by you (legal basis: performance of a contract).
  • To provide customer support (legal basis: performance of a contract / legitimate interests).
  • To protect the Service, prevent fraud, and ensure security (legal basis: legitimate interests).
  • To improve and analyse the Service (legal basis: legitimate interests).
  • To comply with legal obligations (legal basis: legal obligation).

3. Who we share data with

  • Service providers / subprocessors that help us run the Service, including hosting and database providers, email-sending providers, and analytics tooling.
  • Paddle, our Merchant of Record, for the sale of subscriptions, payment processing, tax compliance, invoicing, and subscription management.
  • Professional advisers such as legal and accounting professionals where reasonably necessary.
  • Authorities where required by applicable law or to protect our rights.

We do not sell your personal data.

4. Data retention

We retain personal data for as long as your account is active and for a reasonable period afterwards to meet legal, tax, and accounting obligations, to resolve disputes, and to enforce our agreements. When data is no longer needed it is deleted or anonymised.

5. Your rights

Depending on where you live, you may have rights including: access to your data, rectification, erasure, restriction of processing, data portability, objection to processing, withdrawal of consent, and the right to lodge a complaint with your local data protection authority. To exercise any right, contact us via the in-app support page and we will respond within 30 days.

6. International transfers

Your data may be transferred to and processed in countries outside your own. Where required, we use appropriate safeguards such as Standard Contractual Clauses or rely on adequacy decisions.

7. Security

We use appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, and authenticated administration. No system is perfectly secure, but we work continuously to maintain a high standard.

8. Cookies

We use a small number of strictly necessary cookies to keep you signed in and to operate the Service. We do not use third-party advertising cookies. If we introduce analytics cookies in the future, we will update this notice and request consent where required.

9. Children

The Service is not directed to children under 16. We do not knowingly collect personal data from children.

10. Changes to this notice

We may update this Privacy Notice from time to time. Material changes will be communicated through the Service or by email.

11. Contact

Questions about this notice or your data? Contact us via the in-app support page.