Privacy Policy
This public policy covers the AI Intake form, embeddable widgets, and GBP scan tooling that run on app.topposition.com. The client portal (portal.topposition.com) inherits the same controls plus additional softphone safeguards.
We store the contact details you submit (name, business, phone/email, service area) together with session context such as the advert or landing page that referred you. When you explicitly connect your Google Business Profile we only request the business.managescope and store an encrypted refresh token so that our software can read your verified locations. We never sell this data or share it with third parties.
We retain diagnostic submissions for up to 24 months so returning visitors can reload their plan without repeating the questionnaire.
Email privacy@topposition.com if you want to export the data stored about your business, disconnect Google Business access, or request erasure. We respond within two business days and confirm once the action is complete.
Supabase hosts our managed Postgres instance. All credentials and refresh tokens are encrypted using the NOTIFICATIONS_SECRET_KEY stored in Vercel and never leave our infrastructure. TLS is enforced end-to-end and Cloudflare protects the edge.
We update this document whenever scopes or processors change. Last updated: 12/4/2025. Historic versions are tracked in the repository under docs/legal.