Privacy policy — Topadvisors.ai

This document is a draft and has not been reviewed by legal counsel. Consult an attorney before relying on it.

This policy explains what we collect, how we use it, and your rights. We've tried to keep it readable. Each section opens with a plain-English summary, followed by the formal language.

1. What we collect

In plain English We collect the basics — your name, email, payment info, and the business information you share during your assessment. Plus some standard website analytics.

We collect the following categories of information:

Account and contact information. Name, business name, email address, phone number, role, and any other information you provide when you register, book a call, or contact us through [WEBSITE_URL].
Payment information. Billing address and the last four digits of your payment card. Full payment card numbers are processed by our payment processor and are not stored by [COMPANY_LEGAL_NAME].
Business data shared during assessments. Information you provide about your business operations, workflows, financials, employees, tools, vendors, customers, and any other details disclosed during discovery calls, voice-agent interviews, written submissions, or documents shared with us.
Communications. The contents of emails, support messages, recorded calls (with notice), and other correspondence between you and [COMPANY_LEGAL_NAME].
Website usage data. IP address, browser type, device identifiers, referring URLs, pages viewed, and other standard analytics data collected automatically when you visit [WEBSITE_URL].
Cookies and similar technologies. As described in Section 9.

2. How we use information

In plain English We use what we collect to deliver the assessment, send you the report, bill you, communicate with you, improve our service, and meet legal obligations.

We use the information described in Section 1 for the following purposes:

To deliver the AI assessment, draft the report, and provide related advisory services
To process payments and manage billing
To respond to inquiries and provide customer support
To send service-related communications (booking confirmations, report delivery, follow-up scheduling)
To send marketing communications, including our newsletter, with your consent (you may opt out at any time — see Section 10)
To improve our methodology, templates, and service quality
To enforce our Terms of Service and protect our legal interests
To comply with applicable laws and respond to lawful requests from public authorities

We do not use your business data to train general-purpose AI models, and we do not share your business data with other clients.

3. Third-party AI processors

In plain English We use AI tools from companies like OpenAI and Anthropic to help analyze your business. Those companies have agreed in writing not to train their models on your data.

[COMPANY_LEGAL_NAME] uses third-party artificial intelligence services to process client data as part of delivering our assessments, including but not limited to OpenAI, Anthropic, and similar providers (each an "AI Processor").

We require AI Processors to:

Process client data solely on our instructions and only for the purpose of delivering services to you
Not use client data to train, improve, or fine-tune their general-purpose AI models
Maintain reasonable security and confidentiality protections
Comply with applicable data protection laws

A list of our current AI Processors is available on request by contacting [PRIVACY_EMAIL].

4. Sharing and disclosure

In plain English We don't sell your data. We share it only with companies that help us run the business — like our payment processor and AI vendors — and when we're legally required to.

[COMPANY_LEGAL_NAME] does not sell or rent personal information. We share information only in the following circumstances:

Service providers. With third parties who provide services on our behalf, including AI Processors (Section 3), payment processors, hosting providers, email and communications platforms, analytics providers, and other operational vendors. These parties are contractually required to safeguard your information and use it only for the purposes we authorize.
Legal requirements. When required to comply with a subpoena, court order, or other legal process, or when we believe disclosure is necessary to protect the rights, property, or safety of [COMPANY_LEGAL_NAME], our users, or others.
Business transfers. In connection with a merger, acquisition, financing, sale of assets, or similar transaction. We will provide notice before personal information is transferred and becomes subject to a different privacy policy.
With your consent. For any other purpose disclosed at the time of collection or with your express consent.

We do not sell personal information for monetary or other valuable consideration as those terms are defined under applicable law.

5. Data retention

In plain English We keep your information as long as we need it to deliver service and meet legal obligations — then we delete it.

We retain personal information for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods vary by data type:

Account information. For the duration of your relationship with us, plus a reasonable period afterward.
Assessment data and reports. Up to seven (7) years, unless you request earlier deletion (subject to legal retention obligations).
Payment records. Seven (7) years for tax and audit purposes.
Marketing communications data. Until you opt out, plus a reasonable transition period.

You may request earlier deletion of your information as described in Section 7.

6. Security

In plain English We use reasonable security practices to protect your data. No system is perfectly secure, but we take it seriously.

We maintain reasonable administrative, technical, and physical safeguards designed to protect the security, confidentiality, and integrity of personal information. These include encryption in transit, access controls, vendor due diligence, and periodic review of our security practices.

No method of transmission over the internet or method of electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for safeguarding your account credentials.

7. Your rights

In plain English You can ask us what we have on you, fix it, delete it, or get a copy. Email [PRIVACY_EMAIL] to start.

Subject to applicable law, you have the following rights regarding your personal information:

Access. Request a copy of the personal information we hold about you.
Correction. Ask us to correct inaccurate or incomplete information.
Deletion. Request that we delete your personal information, subject to certain legal and operational retention requirements.
Portability. Receive a copy of your information in a structured, commonly used, machine-readable format.
Objection and restriction. Object to or restrict certain processing activities.
Withdrawal of consent. Withdraw any previously given consent, without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, email [PRIVACY_EMAIL]. We will respond within the timeframes required by applicable law. We may need to verify your identity before processing your request.

8. California residents (CCPA/CPRA)

In plain English If you live in California, you have extra rights under state law. Same email — [PRIVACY_EMAIL] — to use them.

This section applies to California residents and supplements the rest of this policy.

Categories of personal information collected

Identifiers (name, email, IP address), commercial information (transaction history), internet activity (browsing data), professional or employment-related information, and inferences drawn from the foregoing. We collect this information for the business purposes described in Section 2.

Sources of personal information

Directly from you, automatically from your device, and from our service providers.

Disclosures for business purposes

We disclose the categories listed above to service providers as described in Section 4.

Sale or sharing of personal information

We do not sell personal information and we do not share personal information for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act ("CCPA"), as amended by the California Privacy Rights Act ("CPRA").

Your California rights

Right to know what personal information we collect, use, and disclose
Right to delete personal information we have collected
Right to correct inaccurate personal information
Right to opt-out of the sale or sharing of personal information (we do not sell or share)
Right to limit use and disclosure of sensitive personal information
Right to non-discrimination for exercising your rights

Do Not Sell or Share My Personal Information

We do not sell or share your personal information. If you would like a written confirmation of this, contact [PRIVACY_EMAIL].

Authorized agents

You may designate an authorized agent to exercise these rights on your behalf. We will require verification of the agent's authority.

Notice of financial incentives

We do not offer financial incentives in exchange for personal information.

To exercise California rights, contact [PRIVACY_EMAIL].

9. Cookies and tracking

In plain English We use cookies for analytics — to see which pages get visited and how the site performs. You can turn them off in your browser.

[COMPANY_LEGAL_NAME] and our service providers use cookies, web beacons, pixels, and similar technologies to operate [WEBSITE_URL] and understand how visitors use it. These technologies may collect information such as your IP address, browser type, pages visited, time spent on pages, and referring URLs.

Types of cookies we use

Strictly necessary cookies. Required for the website to function (load balancing, security).
Analytics cookies. Help us understand how visitors interact with the website. We use providers such as Vercel Analytics or similar.
Functional cookies. Remember preferences and improve your experience.

We do not currently use cookies for cross-context behavioral advertising.

You can manage cookies through your browser settings. Disabling cookies may affect the functionality of certain parts of the website.

10. Marketing emails and CAN-SPAM

In plain English If you don't want our emails, click unsubscribe at the bottom. We'll stop sending.

We may send you marketing communications, including newsletters and product updates, based on your consent or our legitimate interests as permitted by applicable law.

Every marketing email we send includes an unsubscribe link. You may opt out at any time by clicking the unsubscribe link or by emailing [PRIVACY_EMAIL]. We will process opt-out requests within ten (10) business days, as required by the U.S. CAN-SPAM Act of 2003.

Opting out of marketing emails will not affect service-related communications (booking confirmations, report deliveries, billing notices).

11. Children's privacy

In plain English Our service is for adults running businesses. We don't knowingly collect data from anyone under 18.

[COMPANY_LEGAL_NAME] does not knowingly collect personal information from individuals under the age of eighteen (18). Our services are intended for business owners and operators acting in a commercial capacity.

If you believe we have collected information from a minor, please contact [PRIVACY_EMAIL] and we will promptly delete it.

12. International users

In plain English We're a US company. If you're outside the US, your data will be transferred here for processing.

[COMPANY_LEGAL_NAME] is based in the United States. If you access our services from outside the United States, your information will be transferred to, stored, and processed in the United States or other jurisdictions where our service providers operate.

By using our services, you consent to the transfer of your information to the United States. Where required, we implement appropriate safeguards for cross-border transfers consistent with applicable law.

We do not currently market our services in the European Economic Area, United Kingdom, or other jurisdictions with comprehensive cross-border transfer requirements. If you are located in one of these jurisdictions, contact [PRIVACY_EMAIL] before using our services.

13. Changes to this policy

In plain English If we change this policy, we'll update the date at the top. If the changes are big, we'll email you.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Last updated" date at the top of this policy.

Material changes will be communicated to active clients via email or a prominent notice on [WEBSITE_URL]. Your continued use of our services after a change takes effect constitutes acceptance of the updated policy.

14. Contact

In plain English Questions about anything in this policy? Email [PRIVACY_EMAIL].

If you have questions about this Privacy Policy or our privacy practices, contact us at:

[COMPANY_LEGAL_NAME]
[BUSINESS_ADDRESS]
Email: [PRIVACY_EMAIL]

↑ Back to top