← Back to TopTenify Last Updated: April 2026

1. Introduction

TopTenify ("the App," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services.

By using the App, you consent to the data practices described in this Privacy Policy. If you do not agree, please do not access or use the App.

We may update this Privacy Policy at any time. Material changes will be communicated through in-app notifications, email, or by posting within the App and updating the "Last Updated" date. Your continued use after changes constitutes acceptance.

2. Information We Collect

2.1 Information You Provide Directly:

• Account Information: Display name, username, email address (if provided), password (hashed), and profile picture
• Profile Data: Avatar selection, bio, display name, and other profile customizations
• User Content: Submissions (including text, images, and external media links), votes, comments, reactions, edit suggestions, poll questions, and other content you create
• Draft Content: Incomplete submissions saved as drafts, stored locally on your device and optionally on our servers
• Chats: Direct chats sent and received through the App
• Arena Game Data: Battle picks, poll votes, trivia answers, tournament bracket selections, Trivia Blitz scores, friend challenge data, and Randomizer interactions
• Community Moderation Data: Your moderation votes, review history, and moderation queue participation
• Sponsored Content Data: Promotion campaign details, business URLs, budget allocations, and click-through analytics (if you use the Sponsor Portal)
• Communications: Information from your communications with us or other users
• Feedback: Surveys, reviews, and other feedback you provide
• Debate Content: Debate topics created, responses posted, and upvotes given and received in the Debates section

2.2 Gamification Data:

• Clout Points: Points earned through submissions, votes, comments, reactions, streaks, check-ins, and Arena games
• Ranking Tier: Your current rank (Starter through Icon) based on accumulated clout
• User Level: Your level (Bronze through Diamond) and associated privileges including voting power
• Achievements: Your earned achievements across 11 categories with 5 rarity levels
• Challenges: Your participation and progress in daily, weekly, and special challenges
• Leaderboard Position: Your ranking and specialty tags relative to other users
• Streak Data: Your daily usage streak and check-in history
• Poll, Tournament, Trivia, Daily Pick, and Debate participation data

2.3 Information Collected Automatically:

• Device Information: Device type, operating system, unique device identifiers, device settings, and hardware specifications
• Usage Data: Screens viewed, features used, actions taken, time spent, and interaction patterns
• Log Data: IP address, access times, app crashes, system activity, and referring URLs
• Location Data: General location based on IP address. If you opt in to the "Location Suggestions" feature, your device sends approximate GPS coordinates to our server to identify your city, state, and country via a third-party geocoding service (OpenStreetMap Nominatim). Coordinates are rounded and used to generate local content suggestions, which may be cached temporarily on our server (up to 10 minutes) for performance. We do NOT permanently store your precise GPS coordinates. You can enable or disable this feature at any time in Settings > Privacy.
• Analytics Data: App performance metrics, error reports, and diagnostic information
• Theme, language, and sound preferences
• Recommendation Data: Algorithmically generated preference profiles based on your activity

2.4 Biometric Information:

• We support biometric authentication (Face ID, Touch ID) for convenient login
• Biometric data is processed and stored EXCLUSIVELY on your device using secure hardware enclaves
• We NEVER collect, transmit, receive, or store your biometric data on our servers
• We only store an encrypted flag indicating whether you have enabled biometric login

2.5 Payment Information:

• Payment processing is handled exclusively by Stripe, Inc. We do not store your full credit card numbers, debit card numbers, or bank account details
• We receive from Stripe: transaction IDs, payment status, amounts, and limited card information (last four digits, card type)
• All payment data handling is subject to Stripe's privacy policy and PCI-DSS compliance standards

2.6 Information from Third Parties:

• Social Login: If you authenticate through Apple Sign-In or Google Sign-In, we receive information those platforms provide
• Analytics Partners: We may receive aggregated analytics data from third-party services
• Other Users: Information about you that other users provide (mentions, tags, chats, reports, moderation votes)

2.7 External Media Data:

• When you submit links from supported platforms (YouTube, TikTok, Instagram, Spotify, Apple Music, SoundCloud, and others), we store the URL and any extracted metadata
• We do not access your accounts on these third-party platforms

3. How We Use Your Information

• Provide and maintain the App: Create accounts, process submissions, calculate rankings, operate Arena games, facilitate moderation, deliver notifications
• Personalize your experience: Customize recommendations, suggest content, remember preferences, display personalized challenges
• Improve and optimize: Analyze usage, fix bugs, monitor trends, improve content moderation and recommendation algorithms
• Safety and security: Detect fraud and abuse, enforce Terms of Service, moderate content, investigate suspicious activities
• Monetization: Display sponsored content, track campaign performance, process affiliate interactions, manage Sponsor Portal
• Notifications: In-app notifications, push notifications (with consent), transactional emails via Resend
• Legal purposes: Comply with laws, respond to legal requests, protect our rights

4. How We Share Your Information

• Public Information: Display name, profile picture, submissions, votes, rankings, achievements, Arena game participation, and debate contributions are visible to other users
• With Your Consent: When you authorize sharing, connect third-party auth, or share content externally
• Service Providers: Trusted vendors for hosting (PostgreSQL on Neon), payments (Stripe), emails (Resend), analytics, and content moderation
• Sponsored Content: Sponsors receive anonymized, aggregated analytics only. We do NOT share personal information with sponsors
• Legal Requirements: Compliance with legal obligations, subpoenas, or court orders
• Business Transfers: In connection with mergers, acquisitions, or asset sales

5. Data Retention and Deletion

• We retain information as long as your account is active or as required by law
• Gamification data is retained while your account is active
• Payment records are retained as required by tax and financial regulations (typically 7 years)
• When you delete your account: profile becomes inaccessible, submissions may be anonymized, gamification data is deleted, payment records retained as required by law
• You may delete individual submissions and comments at any time

6. Data Security

We implement industry-standard measures including:

• Encryption in transit (HTTPS/TLS) and at rest
• Secure password hashing using bcrypt
• Access controls, authentication, and role-based authorization
• Helmet middleware for XSS, clickjacking, and injection protection
• Rate limiting, input validation, and data sanitization
• Image upload validation and moderation
• Biometric data isolation on user devices via secure hardware

While we implement robust security measures, no method of transmission over the Internet is 100% secure. You are responsible for keeping your login credentials confidential.

7. Your Privacy Rights

General Rights: Depending on your location, you may have the right to access, correct, delete, port, object to, or restrict processing of your data.

California Residents (CCPA/CPRA): Right to know what information is collected, right to delete, right to opt out of sale (note: we do not sell data), right to equal service.

European Users (GDPR): We process data based on consent, contract performance, legitimate interests, or legal obligations. You may lodge complaints with your local data protection authority. You have rights to data portability, erasure (right to be forgotten), and may object to automated decision-making.

Illinois Residents (BIPA): We do not collect biometric identifiers. Biometric authentication data is processed exclusively on your device.

Additional State Laws: We comply with VCDPA, CPA, CTDPA, UCPA, and other applicable state privacy laws.

Exercising Your Rights: Contact us at info.toptenify@gmail.com. We will respond within 30 days.

8. Children's Privacy

The App is not intended for children under 13 (or under 16 where GDPR applies). We do not knowingly collect personal information from children. If you believe a child has provided us with information, contact us at info.toptenify@gmail.com.

9. International Data Transfers

Your information may be transferred to and processed in the United States. We implement appropriate safeguards including standard contractual clauses and data processing agreements.

10. Third-Party Services

• The App embeds content from platforms like YouTube, TikTok, Instagram, Spotify, and others. Their privacy policies apply to embedded content interactions.
• Payment processing by Stripe
• Transactional emails by Resend
• Authentication via Apple Sign-In and Google Sign-In

11. Notifications

We send in-app notifications for votes, comments, followers, achievements, Arena results, and more. Push notifications require your explicit consent and can be revoked at any time through the App's settings or your device settings.

12. Do Not Track

We currently do not respond to Do Not Track (DNT) browser signals. We honor Global Privacy Control (GPC) signals where required by law.

13. Data Breach Notification

In the event of a data breach, we will notify affected users without undue delay and within 72 hours where feasible, and notify relevant authorities as required by law.

14. Contact Us

By using TopTenify, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree, please discontinue use of the App immediately.