Privacy Policy
topograph ("we", "us", "our") operates the website topograph.app. This policy explains what data we collect, how we use it, and your rights regarding that data.
We believe in collecting the minimum data necessary to provide the service. We do not run ads, do not sell your data, and do not use third-party analytics or tracking pixels.
What we collect
- Email address — collected at checkout by Stripe, and when you sign in via email verification code. Used to identify your purchase and restore your license.
- Payment information — processed entirely by Stripe. We do not store credit card numbers, bank details, or other financial data on our servers. We receive a confirmation of payment status and your Stripe customer ID.
- Operational server logs — our API runs on Cloudflare Workers, which records short-lived operational logs (timestamps, request metadata, error events) used solely to keep the service running and debug failures. These are automatically deleted after a few days. We do not keep activity logs in our database, and no browsing history or personal content is tracked.
- Browser error diagnostics — when something goes wrong in your browser (a JavaScript error or unhandled promise rejection), we collect a diagnostic report containing the error message, stack trace, the URL path you were on (no query parameters or session IDs), your browser's user agent string (which identifies your browser and operating system version, not you), and a per-session counter. This data is used solely to identify and fix bugs. It contains no names, no email addresses, no cookies, no payment details, and no session tokens.
Cookies and local storage
We do not use authentication cookies. Your license status is stored in browser localStorage as a signed token.
We use browser localStorage to save your theme preference (dark/light mode) and map presets. This data stays on your device and is never sent to our servers.
We do not use advertising cookies, tracking cookies, or any third-party cookie-based analytics.
Third-party services
We use the following services to operate topograph:
- Stripe — payment processing. Stripe Privacy Policy
- Resend — transactional email (verification codes). Resend Privacy Policy
- Cloudflare — hosting, CDN, and DNS. Cloudflare Privacy Policy
- Neon — database hosting (PostgreSQL). Neon Privacy Policy
- OpenStreetMap / Nominatim — geocoding (place name search). Queries are sent directly from your browser when you press Enter to search. OSM Privacy Policy
- jsDelivr — open-source CDN that serves some of the JavaScript libraries the app uses (Three.js, jsPDF, UTIF, JSZip, React on the gallery page, and MediaPipe if you enable gesture control). Like any web request, loading these files transmits your IP address to jsDelivr. jsDelivr Privacy Policy
Fonts are self-hosted on our own domain — no font request ever reaches Google or any other third party.
Each service has its own privacy policy governing how they handle data. We encourage you to review them.
How we use your data
- To verify and restore your license
- To process your payment and activate your license
- To provide customer support if you contact us
- To maintain and improve the service
We do not sell, rent, or share your personal data with third parties for marketing purposes.
Data retention
We keep your purchase record (email, payment status) for as long as your lifetime license exists — it is what lets you restore your license on any device. If you request deletion, we will remove it within 30 days (note that deleting it permanently disables license restore).
Operational server logs and browser error diagnostics are retained for approximately 3 days and then automatically deleted.
Payment records are retained by Stripe according to their data retention policies and applicable financial regulations.
Your rights
Under GDPR and similar data protection laws, you have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — ask us to correct inaccurate data
- Erasure — ask us to delete your data ("right to be forgotten")
- Portability — receive your data in a structured, machine-readable format
- Withdraw consent — withdraw consent for data processing at any time
To exercise any of these rights, email us at [email protected]. We will respond within 30 days.
Children
topograph is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
Changes to this policy
We may update this privacy policy from time to time. Changes will be posted on this page with an updated date. Continued use of topograph after changes constitutes acceptance of the updated policy.
Contact
For privacy-related questions or data requests, email [email protected].