How Toporio collects, uses, and protects your personal data.
Toporio ("we", "us", "our") operates the Toporio social prediction game platform (the "Platform"). We are the data controller responsible for your personal data.
If you have any questions about this Privacy Policy or how your data is handled, you can contact us at: privacy@toporio.com
Reminder: Toporio is an entertainment game involving virtual Fame Coins. No real financial transactions take place. We do not collect payment card details or banking information.
We collect only the data that is necessary to provide and improve the Platform. Here is a full breakdown of what we collect and why:
| Data Category | Specific Data | How It Is Collected |
|---|---|---|
| Account Data | Email address, username, hashed password, account creation date | Provided by you during registration |
| Game Activity | Trading history, Fame Coin balances, portfolio holdings, leaderboard position, scores | Generated automatically as you use the game |
| Technical Data | IP address, browser type and version, operating system, device type, time zone | Collected automatically via server logs and cookies |
| Usage Data | Pages visited, features used, session duration, clicks and interactions within the Platform | Collected automatically via analytics cookies |
| Communications | Content of any messages you send to our support team | Provided by you when contacting support |
We do not collect: payment information, government-issued identification, sensitive personal data (as defined under GDPR Article 9), or data from users who have not created an account.
We use your personal data solely for the following purposes:
We do not use your data for advertising, profiling for commercial purposes, or any automated decision-making that produces legal or significant effects.
If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data under the following legal bases as required by GDPR Article 6:
| Purpose | Legal Basis |
|---|---|
| Providing and operating the game | Performance of a contract (Art. 6(1)(b)) — necessary to deliver the service you signed up for |
| Improving the Platform and analytics | Legitimate interests (Art. 6(1)(f)) — we have a legitimate interest in improving our service |
| Security and fraud prevention | Legitimate interests (Art. 6(1)(f)) — protecting users and the Platform |
| Complying with legal obligations | Legal obligation (Art. 6(1)(c)) |
| Marketing communications (if opted in) | Consent (Art. 6(1)(a)) — you may withdraw consent at any time |
We retain your personal data only for as long as is necessary for the purposes described in this Policy, or as required by law. Our standard retention periods are:
| Data Type | Retention Period |
|---|---|
| Account data (email, username) | For the lifetime of your account, plus 30 days after deletion to allow for account recovery |
| Game activity and scores | For the lifetime of your account; deleted upon account deletion request |
| Server and access logs | Up to 90 days for security and debugging purposes |
| Support communications | Up to 2 years from the date of last communication |
| Analytics data (anonymised) | Up to 24 months in aggregated, non-identifiable form |
When data is no longer required, it is securely deleted or anonymised so that it can no longer be associated with you.
If you are located in the EEA or UK, you have the following rights regarding your personal data under the General Data Protection Regulation (GDPR):
Request a copy of all personal data we hold about you.
Request correction of inaccurate or incomplete data.
Request deletion of your personal data. See Section 7 for full details.
Request that we restrict processing of your data in certain circumstances.
Receive your data in a structured, machine-readable format.
Object to processing based on legitimate interests, including analytics.
To exercise any of these rights, contact us at privacy@toporio.com. We will respond within 30 days. We may need to verify your identity before fulfilling your request.
If you believe we have not handled your data lawfully, you have the right to lodge a complaint with your national data protection supervisory authority (e.g. the ICO in the UK, or the relevant DPA in your country).
Under GDPR Article 17 ("Right to Erasure" / "Right to be Forgotten"), you have the right to request that we delete your personal data where:
How to request deletion: Send an email to privacy@toporio.com with the subject line "Right to Erasure Request" and include your registered email address or username. We will confirm receipt within 72 hours and complete the deletion within 30 days.
Upon deletion, your account, username, email, and all game data will be permanently removed from our active systems. Anonymised, aggregated analytics data — which cannot be linked back to you — may be retained as permitted under GDPR.
Note that deletion of your account also means permanent loss of your game history, Fame Coin balance, and leaderboard records. As Fame Coins carry no real monetary value, no compensation is owed.
We do not sell, rent, or trade your personal data to third parties. Your data is not used for advertising networks, data brokers, or third-party marketing of any kind.
We may share data with trusted service providers who help us operate the Platform, under strict contractual data processing agreements:
| Category | Purpose | Data Shared |
|---|---|---|
| Cloud Hosting Provider | Servers and database hosting | All account and game data (stored on our behalf) |
| Email Service Provider | Transactional emails (e.g. password resets) | Email address only |
| Analytics Tool | Understanding usage patterns | Anonymised usage data only |
All service providers are contractually required to process data only according to our instructions, maintain appropriate security standards, and not use your data for their own purposes. Where providers are outside the EEA, transfers are protected by Standard Contractual Clauses or an adequacy decision.
We may also disclose data where required by law, court order, or to protect the rights and safety of our users or the public.
We use cookies and similar technologies to operate the Platform and understand how it is used. A cookie is a small text file placed on your device by your browser.
| Cookie | Type | Purpose | Duration |
|---|---|---|---|
hc_session |
Keeps you logged in during your session | Session (expires on browser close) | |
hc_auth |
Remembers authentication state if "Remember me" is selected | 30 days | |
hc_prefs |
Stores UI preferences (e.g. selected category filters) | 1 year | |
hc_analytics |
Tracks anonymised page views and feature usage to help us improve the game | 90 days |
Necessary cookies are required for the Platform to function and cannot be disabled. Analytics cookies are optional — you may opt out by contacting us or adjusting your browser settings to block cookies. This will not affect your ability to use the game.
We do not use third-party advertising cookies or tracking pixels that share your data with advertisers.
We take the security of your data seriously and implement appropriate technical and organisational measures to protect it, including:
However, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security and encourage you to use a strong, unique password for your account.
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and any relevant supervisory authority as required by GDPR Article 33.
Toporio is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under the age of 18. If you believe a minor has provided us with personal data, please contact us at privacy@toporio.com and we will take immediate steps to delete that information and close the account.
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email. We encourage you to review this Policy periodically.
For any questions about this Privacy Policy, contact us at privacy@toporio.com.