Last updated: January 22, 2026
This Privacy Policy explains how ToplineBase collects, uses, shares, and protects your personal data when you use our platform. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
The data controller responsible for your personal data is:
ToplineBase
Chamber of Commerce (KvK): 87084562
Country of establishment: The Netherlands
Email: support@toplinebase.com
ToplineBase is the data controller as defined under Article 4(7) of the GDPR, meaning we determine the purposes and means of processing your personal data.
| Category | Examples | Legal Basis (Art. 6 GDPR) |
|---|---|---|
| Account Data | Name, email, password, profile picture | Contractual necessity (Art. 6(1)(b)) |
| Profile Data | Bio, location, social links, portfolio | Contractual necessity (Art. 6(1)(b)) |
| Identity Verification (KYC) | Government ID, selfie, date of birth | Legal obligation (Art. 6(1)(c)) |
| Payment Data | Bank account (IBAN), PayPal email | Contractual necessity (Art. 6(1)(b)) |
| Audio Content | Vocal recordings, stems, metadata | Contractual necessity (Art. 6(1)(b)) |
| Communications | Support requests, feedback, messages | Legitimate interest (Art. 6(1)(f)) |
| Category | Examples | Legal Basis (Art. 6 GDPR) |
|---|---|---|
| Device Data | IP address, browser type, operating system | Legitimate interest (Art. 6(1)(f)) |
| Usage Data | Pages visited, features used, session duration | Legitimate interest (Art. 6(1)(f)) |
| Transaction Data | Purchase history, payout records | Contractual necessity / Legal obligation |
Important: Vocal recordings may contain biometric-adjacent data (voice characteristics). We process this data solely for the functional purpose of:
We do not: Use your audio to train AI models, sell your audio data, or process voice biometrics for identification purposes.
Legal Basis: Contractual necessity (Art. 6(1)(b))
Legal Basis: Contractual necessity (Art. 6(1)(b)) & Legitimate interest (Art. 6(1)(f))
Note: Audio analysis data is processed temporarily and not stored beyond the detection result.
Legal Basis: Legal obligation (Art. 6(1)(c))
Legal Basis: Legitimate interest (Art. 6(1)(f))
Legal Basis: Consent (Art. 6(1)(a))
You can withdraw consent at any time via your account settings or by clicking "unsubscribe" in any email.
Legal Basis: Legitimate interest (Art. 6(1)(f))
We share your personal data with the following categories of third-party processors:
Data shared: Name, email, bank account details, transaction data, identity verification documents
Purpose: Payment processing, identity verification (KYC), payout distribution
Role: Stripe acts as an independent data controller for payment services
Privacy Policy: stripe.com/privacy
Note: ToplineBase does not store full credit card numbers or complete bank account details. This data is processed and stored directly by Stripe.
Data shared: Account data, profile data, content metadata, transaction records
Purpose: Database hosting, user authentication, file storage
Privacy Policy: supabase.com/privacy
Data shared: Email address, name, email content
Purpose: Transactional emails, marketing communications
Privacy Policy: brevo.com/legal/privacypolicy
Data shared: IP address, device data, usage data
Purpose: Website hosting, content delivery, performance optimization
Privacy Policy: vercel.com/legal/privacy-policy
We may also share your data:
Some of our third-party processors are located outside the European Economic Area (EEA), including in the United States. When we transfer your data outside the EEA, we ensure appropriate safeguards are in place:
You may request a copy of the safeguards in place by contacting support@toplinebase.com.
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:
| Data Type | Retention Period |
|---|---|
| Account data | Duration of account + 2 years after deletion |
| Transaction records | 7 years (Dutch tax law requirement) |
| Uploaded content | Until you delete it or close your account |
| AI detection analysis | Detection result stored; raw analysis data deleted after processing |
| Identity verification (KYC) | Processed by Stripe; we store verification status only |
| Marketing preferences | Until you withdraw consent |
| Support communications | 3 years after last interaction |
After the retention period, data is securely deleted or anonymized for statistical purposes.
Cookies are small text files stored on your device when you visit a website. They help us remember your preferences and improve your experience.
| Category | Purpose | Legal Basis |
|---|---|---|
| Strictly Necessary | Authentication, security, session management | Legitimate interest (exempt from consent) |
| Functional | Preferences, language, audio player state | Consent |
| Analytics | Usage statistics, performance monitoring | Consent |
| Marketing | Personalized ads, remarketing (if applicable) | Consent |
You can manage cookie preferences through:
Note: Disabling strictly necessary cookies may prevent the Platform from functioning properly.
Under the General Data Protection Regulation, you have the following rights regarding your personal data:
Request a copy of the personal data we hold about you.
Request correction of inaccurate or incomplete personal data.
Request deletion of your personal data (subject to legal retention requirements).
Request that we limit how we use your data while a complaint or request is being resolved.
Request your data in a structured, machine-readable format for transfer to another service.
Object to processing based on legitimate interest or for direct marketing purposes.
Withdraw consent at any time where processing is based on your consent.
Not be subject to decisions based solely on automated processing that significantly affect you.
To exercise any of these rights, contact us at:
We will respond to your request within 30 days (extendable by 60 days for complex requests). We may ask for verification of your identity before processing your request.
If you believe we have violated your data protection rights, you have the right to lodge a complaint with your local Data Protection Authority.
For the Netherlands, this is the Autoriteit Persoonsgegevens (AP):
Autoriteit Persoonsgegevens
Hoge Nieuwstraat 8
2514 EL Den Haag
Netherlands
Website: autoriteitpersoonsgegevens.nl
We implement appropriate technical and organizational measures to protect your personal data, including:
While we strive to protect your data, no method of transmission or storage is 100% secure. If you become aware of any security incident, please contact us immediately at support@toplinebase.com.
ToplineBase is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at support@toplinebase.com, and we will delete such information.
We may update this Privacy Policy from time to time. Material changes will be communicated via:
Your continued use of the Platform after changes take effect constitutes acceptance of the updated Policy.
For questions, concerns, or requests regarding this Privacy Policy or our data practices: