Privacy Policy

Privacy Policy

Last Updated: December 18, 2024

Welcome to Toph-Air. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our platform and services. By using Toph-Air, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information You Provide Directly

Account Information

  • Name and email address (via Auth0 authentication)
  • Role designation (Host or Tenant)
  • Contact preferences

Profile Information for Hosts

  • Property details (address, description, amenities, pricing)
  • Contact information (name, email, phone, address)
  • Property access instructions and rules
  • Payment information for subscription billing (processed by Stripe)

Tenant Information (Provided by Hosts)

  • Name, email, and phone number
  • Address and location information
  • Employment details (job title, company)
  • Gender (optional)
  • Booking history and stay details

Booking and Transaction Data

  • Booking dates and status
  • Payment amounts and transaction history
  • Invoice and payment records

Communications

  • Messages sent through our platform
  • Email communications with Tenants
  • Support inquiries and correspondence

Documents and Files

  • Property rules and lease templates
  • Signed lease agreements (via DocuSeal e-signature integration)
  • Property photos
  • Other documents uploaded by users

1.2 Information Collected Automatically

Usage Information

  • Pages visited and features used
  • Time and duration of visits
  • Referring websites
  • Device type and browser information

Technical Information

  • IP address
  • Browser type and version
  • Operating system
  • Device identifiers
  • Cookie data

Error and Performance Data

  • Application errors and crashes (via Sentry)
  • Performance metrics and logs
  • Diagnostic information

1.3 Information from Third Parties

Authentication Provider (Auth0)

  • User profile information (name, email)
  • Authentication tokens
  • Login activity

Payment Processor (Stripe)

  • Payment method information
  • Transaction status and history
  • Subscription details

Email Service (Resend)

  • Email delivery status
  • Email engagement metrics

Maps Provider (Google Maps)

  • Location data for property addresses
  • Geocoding information

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Provide and Maintain Our Services

  • Create and manage user accounts
  • Process bookings and transactions
  • Facilitate communication between Hosts and Tenants
  • Store and manage documents
  • Send transactional emails (booking confirmations, payment reminders, etc.)
  • Provide customer support

2.2 Process Payments

  • Process subscription payments from Hosts via Stripe
  • Maintain billing records
  • Handle refunds and disputes

2.3 Improve Our Services

  • Analyze usage patterns and trends
  • Monitor and improve platform performance
  • Debug errors and technical issues
  • Develop new features and functionality

2.4 Communicate with You

  • Send service updates and notifications
  • Respond to inquiries and support requests
  • Send welcome emails to new users
  • Provide important account and security information

2.5 Ensure Security and Compliance

  • Detect and prevent fraud and abuse
  • Enforce our Terms of Service
  • Comply with legal obligations
  • Protect the rights and safety of our users
  • Send promotional emails about new features or offerings
  • Share product updates and announcements

You may opt out of marketing communications at any time by following the unsubscribe link in our emails or updating your communication preferences.

3. How We Share Your Information

We do not sell your personal information. We share information only in the following limited circumstances:

3.1 Between Users

  • Hosts and Tenants: Information necessary for bookings and communications (names, contact details, booking information)
  • Property information is shared with prospective Tenants as part of the listing

3.2 Service Providers

We share information with third-party service providers who perform services on our behalf:

  • Auth0: Authentication and user identity management
  • Stripe: Payment processing and subscription management
  • DocuSeal: Electronic signature and document workflow
  • Resend: Transactional email delivery
  • AWS S3: Secure document and file storage
  • Google Maps: Location services and geocoding
  • Sentry: Error tracking and application monitoring

These providers are contractually obligated to protect your information and may only use it to provide services to us.

We may disclose information if required by law or in response to:

  • Court orders, subpoenas, or legal processes
  • Government or law enforcement requests
  • Protection of our rights, property, or safety
  • Investigation of fraud or security issues

3.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website before your information is transferred and becomes subject to a different privacy policy.

We may share information with third parties when you explicitly consent or direct us to do so.

4. Data Storage and Security

4.1 Data Storage

  • Application data is stored in secure PostgreSQL databases hosted on Fly.io
  • Documents and files are stored in AWS S3 with encryption at rest
  • Backups are maintained in accordance with our data retention policies

4.2 Security Measures

We implement industry-standard security measures to protect your information:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest for stored data
  • Secure authentication via Auth0
  • Regular security audits and monitoring
  • Access controls and authentication
  • Error monitoring and alerting via Sentry

4.3 Data Retention

We retain your information for as long as necessary to provide our services and fulfill the purposes outlined in this policy. Specifically:

  • Account information is retained while your account is active
  • Booking and transaction records are retained for accounting and legal compliance
  • Documents are retained according to user preferences or legal requirements
  • Deleted content may remain in backups for a limited period

5. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

5.1 Access and Portability

You can access and download your information through your account settings or by contacting us.

5.2 Correction and Update

You can update your account information and preferences directly in your account settings.

5.3 Deletion

You can request deletion of your account and associated data by contacting us. Note that some information may be retained for legal or legitimate business purposes.

5.4 Opt-Out of Communications

You can opt out of promotional emails by clicking the unsubscribe link in our emails or updating your preferences in account settings. You cannot opt out of transactional emails necessary for the Service.

5.5 Data Export

You can request a copy of your data in a portable format by contacting us.

You can control cookies through your browser settings. Note that disabling cookies may affect functionality.

6. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Maintain your session and keep you logged in
  • Remember your preferences
  • Analyze usage patterns
  • Improve performance and security

Types of Cookies:

  • Essential Cookies: Required for authentication and core functionality
  • Analytics Cookies: Help us understand how users interact with our Service
  • Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings, but disabling certain cookies may limit functionality.

7. International Data Transfers

Toph-Air is based in the United States. If you access our Service from outside the U.S., your information may be transferred to, stored, and processed in the U.S. or other countries where our service providers operate. By using our Service, you consent to such transfers.

We take steps to ensure that your information receives adequate protection in accordance with applicable data protection laws.

8. Children’s Privacy

Toph-Air is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 18, we will take steps to delete such information promptly.

9. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

9.1 Right to Know

You have the right to request information about the categories and specific pieces of personal information we have collected, the sources, purposes, and third parties with whom we share it.

9.2 Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions.

9.3 Right to Opt-Out

You have the right to opt out of the sale of your personal information. Note: We do not sell personal information.

9.4 Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights.

To exercise these rights, contact us at support@toph-air.com. We will verify your identity before processing requests.

10. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

We process your information based on:

  • Contract Performance: To provide the Service and fulfill bookings
  • Legitimate Interests: To improve our Service, ensure security, and communicate with users
  • Consent: For marketing communications and certain data processing activities
  • Legal Obligations: To comply with applicable laws

10.2 Your Rights

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure (“right to be forgotten”)
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent
  • Right to lodge a complaint with a supervisory authority

To exercise these rights, contact us at support@toph-air.com.

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

  • Posting the updated policy on our website
  • Updating the “Last Updated” date
  • Sending you an email notification (for significant changes)

Your continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Toph-Air Email: support@toph-air.com

For privacy-specific inquiries, please include “Privacy Request” in your subject line.

14. Data Processing Summary

For transparency, here is a summary of the data we process:

Data CategoryPurposeLegal BasisRetention Period
Account information (name, email)Service provision, authenticationContract, Legitimate InterestWhile account is active
Property and tenant dataPlatform functionality, bookingsContractWhile account is active
Payment informationSubscription billingContractDuration of subscription + legal retention
CommunicationsSupport, service updatesContract, Legitimate InterestWhile account is active
DocumentsStorage and sharingContractUser-controlled
Usage dataService improvement, analyticsLegitimate Interest24 months
Technical data (IP, cookies)Security, fraud preventionLegitimate Interest12 months

15. Information for Specific User Types

15.1 For Hosts

As a Host, you control tenant data you input into the system. You are responsible for:

  • Obtaining necessary consents from your tenants for data processing
  • Ensuring accuracy of tenant information
  • Complying with applicable data protection laws in your jurisdiction

15.2 For Tenants

As a Tenant, your information is provided to Toph-Air by your Host. If you have questions about how your information is used by your Host, please contact them directly. For questions about how Toph-Air processes your data, contact us at support@toph-air.com.

Thank you for trusting Toph-Air with your information. We are committed to protecting your privacy and providing a secure platform for crashpad management.