Privacy Policy

This policy explains what data TopSlot collects, why we collect it, what we do with it, and what we will never do with it. We wrote it to be readable, not lawyer-proof. If something here is unclear, email us and we will clarify in plain English.

TopSlot ("we", "us", "our") is the registered legal entity that operates the topslot.ai platform — an AI Visibility Intelligence platform tracking how brands appear across ChatGPT, Gemini, Claude, and Perplexity. By using the service you agree to this policy.

We collect only what we need to run the product:

• Account info: your email address, name, and password (hashed) when you create an account. Optional: company name.
• Brand info: brand names, websites, descriptions, and competitor details you submit for audits.
• Audit results: the outputs generated by AI models during your brand visibility audits — scores, mentions, citations, sentiment. This is your product data.
• Payment info: billing details are processed securely through Stripe. We do not store your full credit card number on our servers — only a customer ID, plan, and billing status.
• Usage logs: pages you visit in the app, features you use, timestamps. Used for product improvement only.

We use your data to:

• Provide and maintain the TopSlot service
• Run AI visibility audits and tracking on your behalf
• Show you the dashboard, reports, and recommendations based on your tracking data
• Process payments and manage subscriptions
• Send service-related notifications and email alerts (transactional only, never marketing unless you opt in)
• Improve the product by looking at aggregate, anonymized usage patterns

We use essential cookies to manage authentication sessions and remember your preferences. We do not use third-party advertising or tracking cookies.

As long as you have an active account, we keep your tracking data so you can see trends over time. If you delete your account, we remove your personal info and account data within 30 days. Anonymized and aggregated data may be retained for analytics purposes, but never tied back to you.

You can export all your data at any time from your account settings. You can delete your account at any time without contacting support — it is a button in settings.

TopSlot is built on third-party infrastructure. Each has its own privacy policy governing how they handle data:

• Supabase — database hosting and user authentication. Data stored encrypted at rest.
• Stripe — payment processing and subscription management. PCI-DSS compliant.
• OpenRouter — routing queries to AI models (ChatGPT, Claude, Gemini, Perplexity) for brand audits. We do not send your personal info, only brand-related prompts.
• Vercel — application hosting.
• Resend — transactional email delivery.

We only share with them what is strictly necessary to deliver the service.

Regardless of where you live, you have the right to:

• Access the personal data we hold about you (available anytime from account settings)
• Request correction of inaccurate data
• Delete your account and all personal data
• Export your data in a machine-readable format
• Withdraw consent for non-essential data processing at any time
• Opt out of any non-transactional email

For GDPR-covered residents: TopSlot is the data controller. Our legal basis for processing is contract performance (running the service you paid for) and legitimate interest (improving the product through aggregate analysis). For CCPA-covered residents: TopSlot does not sell your data. You may exercise the rights above by contacting us.

We implement industry-standard security measures including encryption in transit (TLS), encrypted storage, and role-based access controls to protect your data.

We collect certain technical information when you visit our website, including your IP address, browser type, device type, and approximate geographic location (country and city). This data helps us improve our service and understand our audience. We do not sell this data to third parties. If you provide your email address (for example, when generating a scorecard), we may associate it with your visit data to provide a better experience.

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or an in-app notification.