Privacy notice
Last updated: 7/13/2026
1. Who we are
The TopAI directory (the "Service") is operated by Lim Han Kiat, who acts as the data controller for personal data processed through the Service.
2. What we collect and why
- Account data (email, hashed password, display name) — to create and secure your account, sign you in, and let you submit and manage tools.
- Submission content (tool name, URL, tagline, description, logo, category) — to display it in the public directory.
- Voting activity (which tools you upvote) — to compute rankings and prevent duplicate votes.
- Purchase records (which tool was featured, plan, period, subscription and customer IDs returned by Paddle) — to grant featured status and support you.
- Technical data (IP address, device / browser info, minimal usage telemetry) — to secure the Service and prevent abuse.
3. Legal basis
We rely on performance of a contract to provide the Service, legitimate interests to keep it secure and improve it, consent where required (e.g. non-essential cookies), and legal obligation for tax and accounting.
4. Who we share data with
- Paddle — our Merchant of Record for payments, subscription management, invoicing, and tax compliance. Paddle receives the personal and payment data you provide at checkout.
- Infrastructure providers — hosting, database, and email delivery vendors bound by data processing agreements.
- Professional advisers — legal and accounting, where necessary.
- Authorities — where required by law.
5. International transfers
Some processors are located outside your country. Where required by law we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.
6. Retention
We keep account and submission data while your account is active. Purchase records are retained for the period required by tax and accounting law (typically 6–7 years). Data is deleted or anonymised when no longer needed.
7. Your rights
Depending on your jurisdiction you have rights to access, correct, delete, restrict, port, and object to our processing of your personal data, and to withdraw consent. To exercise these, contact us. If you're in the UK/EEA you also have the right to complain to your local supervisory authority. We respond within one month.
8. Security
We use appropriate technical and organisational measures — encryption in transit, access controls, and isolated infrastructure — to protect your data.
9. Cookies
We use essential cookies for authentication and preferences. We do not use marketing or advertising cookies. Any analytics we add in future will be described here.
10. Contact
Questions about privacy or your rights? Contact us via the details published on this site.