This Privacy Policy explains how ITEMAP s.r.o. ("ITEMAP", "we") collects, uses and protects personal data when you use the TopUpro platform (the "Service"). ITEMAP is the controller of personal data processed for its own customers and a processor of Customer Data submitted by workspace owners.
1. Data we collect
- Account data: name, email, password hash, profile picture, workspace and role.
- Customer Data: clients, packages, top-ups, tasks, invoices, hour-ledger entries and notes that you create in your workspace.
- Billing data: subscription, plan, invoice metadata and Stripe customer/subscription identifiers. Card details are stored by Stripe; we never see them.
- Usage & technical data: log entries, IP address, browser, device info, error reports.
2. How we use it
- To operate, secure and improve the Service.
- To process subscriptions and issue invoices.
- To enforce tenant isolation and detect abuse.
- To send transactional emails (sign-in, approvals, billing notices).
- To comply with legal obligations.
3. Legal bases (GDPR)
We process personal data on the bases of (a) performance of a contract (providing the Service), (b) legitimate interests (security, fraud prevention, product improvement), (c) compliance with legal obligations (accounting), and (d) consent where required (e.g. non-essential cookies).
4. Sharing & sub-processors
We share data only with sub-processors needed to run the Service, under appropriate data-protection agreements. Current sub-processors include our cloud hosting and database provider, our authentication provider, and Stripe for payments. We do not sell personal data.
5. International transfers
Where personal data is transferred outside the EEA, we rely on Standard Contractual Clauses or other lawful transfer mechanisms.
6. Retention
We retain personal data for as long as your account is active and for the period required by applicable law (for example, accounting records). When a workspace is deleted, Customer Data is removed within 30 days, except for backups and records we are legally required to keep.
7. Your rights
Subject to applicable law (in particular GDPR), you have the right to access, rectify, erase, restrict or port your personal data, to object to processing, and to lodge a complaint with a supervisory authority. To exercise these rights, contact topupro@itemap.com.
8. Security
We use encryption in transit, hashed credentials, row-level security in the database, role-based access control and audit logging. No system is perfectly secure; please report suspected vulnerabilities to topupro@itemap.com.
9. Children
The Service is not directed to children under 16. We do not knowingly collect personal data from children.
10. Changes
We may update this Policy from time to time. The "last updated" date at the top reflects the latest version.
11. Controller & contact
Controller: ITEMAP s.r.o.
Email: topupro@itemap.com