Back to homepage

Privacy Policy

Top of Mind

This Privacy Policy explains how top.of.mind ("Company", "we", "us", or "our") collects, uses, and protects personal data when you use our software application (the "Application"). This policy is intended to comply with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Controller

The data controller responsible for your personal data is:

top.of.mind BV

hi@topofmind.cloud

Personal Data We Collect

We may collect and process the following categories of personal data:

a. Account Information

  • Name
  • Email address
  • Login credentials
  • Organization name (if applicable)

b. Usage and Technical Data

  • IP address
  • Device and browser information
  • Log files and diagnostic data
  • Interaction with features of the Application

c. User-Provided Content

  • Any data, text, files, or other content you enter into the Application

Purposes of Processing

We process personal data for the following purposes:

  • To provide and operate the Application
  • To authenticate users and manage accounts
  • To maintain security and prevent fraud
  • To improve, test, and develop the Application
  • To communicate with users about the service
  • To comply with legal obligations

Legal Bases for Processing

We rely on the following legal bases under the GDPR:

  • Contractual necessity: To provide the Application and its features.
  • Legitimate interests: To improve the Application, ensure security, and analyze usage.
  • Consent: Where required, such as for optional features or communications.
  • Legal obligation: Where processing is required by law.

Data Sharing

We may share personal data with:

  • Service providers and processors (e.g., hosting, analytics, email services)
  • Professional advisors (e.g., legal, accounting)
  • Authorities where required by law

All processors are bound by data protection agreements and only process data on our instructions.

International Data Transfers

If personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards, such as:

  • EU Standard Contractual Clauses
  • Transfers to countries with an adequacy decision

Data Retention

We retain personal data only as long as necessary for the purposes described in this policy, including:

  • While your account is active
  • As needed to comply with legal obligations

Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or misuse.

Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right of access
  • Right to rectification
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent at any time

Cookies and Similar Technologies

We may use cookies or similar technologies for:

  • Authentication
  • Security
  • Analytics and performance

Where required by law, we will request your consent before placing non-essential cookies.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes through the Application or by email.