← Back to App

Privacy Policy

Last Updated: June 8, 2026

At TopicTide, we take your privacy and data security seriously. This privacy policy describes how we collect, use, and safeguard personal information under federal and provincial regulations, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and the General Data Protection Regulation (GDPR).

1. Accountability

TopicTide Inc. is responsible for all personal information under its control, including information transferred to third-party service providers for processing on our behalf. We have designated a Privacy Compliance Officer (PCO) accountable for overseeing our compliance with the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Ontario privacy law. You may contact the PCO at: privacy@topictide.com.

Summary: We have a named person in charge of protecting your privacy. If you have any questions, concerns, or want to make a request about your data, email privacy@topictide.com and they will respond.

2. Identifying Purposes — Why We Collect Your Data

TopicTide collects personal information only for the following clearly defined, legitimate purposes: (a) creating and managing your user workspace account; (b) authenticating and processing your API and third-party integration credentials (e.g., Zendesk, Google Drive, SurveyMonkey); (c) generating AI-powered sentiment analytics, KPI dashboards, and competitor intelligence reports; (d) communicating service updates, billing information, and support correspondence; and (e) improving platform features and stability through aggregate, anonymized usage signals. Purposes are identified at or before the time of collection.

Summary: We collect your data for one reason: to power your dashboard. This includes setting up your account, connecting your integrations, and generating your reports. We will always tell you why we need any information before we collect it.

3. Consent — Your Express Agreement

TopicTide obtains meaningful, express consent by requiring users to check the 'I agree to the Privacy Policy' checkbox during account registration — constituting consent prior to or at the time of collection, as required by PIPEDA. You may withdraw consent at any time by contacting privacy@topictide.com. Withdrawal of consent may affect our ability to provide certain services. Implied consent is relied upon only for purposes a reasonable person would consider obvious given the context of the service relationship (e.g., using account information to process a support ticket).

Summary: When you tick the 'I agree' checkbox at signup, you are giving us clear, informed permission to collect and use your data. You can take that permission back at any time by emailing us — though some features may not work without it.

4. Limiting Collection — Only What We Need

TopicTide limits collection to information necessary for the stated purposes. The categories of personal data collected are strictly: full name, work email address, company name, account password (stored as a secure hash), and user-provided API credentials and OAuth tokens for integration sources. We do not collect payment card data directly. We do not collect sensitive personal data categories (e.g., health records, SIN, financial account numbers, or biometric data).

Summary: We only ask for what we absolutely need: your name, work email, company, and the API keys you choose to connect. We do not touch credit card numbers, health records, or any sensitive personal information.

5. Limiting Use, Disclosure & Retention

Personal information is used or disclosed solely for the purposes described in Section 2, unless you provide additional consent or disclosure is required by law. We share data only with the following authorized subprocessors: (a) cloud infrastructure providers for secure data hosting; (b) Google Gemini API for AI-powered text analysis of your connected feedback sources; (c) SendGrid or Resend for transactional and report emails. All subprocessors are bound by data processing agreements. Data is retained for the duration of your active account plus 30 days following deletion, after which it is permanently purged.

Summary: Your data is only ever shared with our cloud host, the AI that powers your reports, and the email service that sends your reports. All of them are bound by security contracts. When you delete your account, your data is gone within 30 days.

6. Accuracy of Personal Information

TopicTide takes reasonable steps to keep personal information accurate, complete, and current to the extent necessary for its intended use. Users may update their profile information (name, email, company name) directly within the platform's Profile screen or by contacting support. Inaccurate information that may be used to make decisions affecting users will be corrected upon request.

Summary: If any of your information we have is wrong, you can fix it yourself in your profile settings or email us and we will correct it promptly.

7. Security Safeguards (Ontario Consumer Protection Act)

TopicTide employs technical, organizational, and physical safeguards appropriate to the sensitivity of the information. These include: (a) TLS 1.2+ encryption for all data in transit; (b) AES-256 encryption at rest for stored API credentials and OAuth tokens; (c) role-based access control (RBAC) restricting data access to authorized personnel only; (d) automated state persistence via secured server-side JSON with file-level access restrictions. In the event of a confirmed breach of personal data, TopicTide will notify all affected users and file a mandatory breach report with the Office of the Privacy Commissioner of Canada within 72 hours of verification, as required under PIPEDA's mandatory breach reporting provisions.

Summary: Your data is encrypted both when it's being sent and when it's stored. Only authorized people in our company can access it. If there is ever a security breach, we will email you and file a report with the Canadian government within 3 days.

8. Openness — Data Access & Correction Rights

TopicTide makes information about its privacy policies and practices readily available. Upon written request to privacy@topictide.com, any user may: (a) access a copy of their personal information that TopicTide holds; (b) request correction of inaccurate data; (c) request the deletion of all personal data associated with their account (Right to be Forgotten); and (d) obtain information about third parties to whom we have disclosed their information. We will respond to access requests within 30 days. Requests for data deletion trigger permanent removal within 30 days of processing.

Summary: Email us anytime to get a copy of what we have on you, fix anything that's wrong, or ask us to delete everything. We must respond within 30 days.

9. Cookies, Local Storage & Third-Party Analytics

TopicTide uses the following browser and tracking technologies: (a) Session authentication cookies and localStorage tokens to maintain your logged-in session and workspace state; (b) sessionStorage for caching competitor analysis results to reduce repeated API calls; and (c) Google Analytics 4 (GA4) to dynamically analyze how visitors use our platform (including screen views, active page durations, and user navigation paths). We use Google Analytics solely to analyze usage patterns and improve platform functionality. No tracking data is used for advertising purposes, sold, or shared with third-party advertisers.

Summary: We use basic browser storage to keep you logged in. We also use Google Analytics to see which screens are popular and how long you spend on them so we can make the app better. We never use this for ads, and we never sell your tracking data.

10. International Users — GDPR & CCPA Coverage

If you are located in the European Economic Area (EEA), TopicTide processes your personal data under a legitimate interest and consent legal basis as defined in the EU General Data Protection Regulation (GDPR). You have rights to data access, rectification, erasure, restriction, and portability. For California residents, TopicTide complies with the California Consumer Privacy Act (CCPA): we do not sell personal information, and you may submit opt-out or deletion requests via privacy@topictide.com.

Summary: No matter where you are in the world — Canada, Europe, or the US — your privacy rights are respected. You can always ask to see, fix, or delete your data. We never sell your information, ever.

11. Google API & YouTube API User Data Policy Compliance

TopicTide's use and transfer of information received from Google APIs (including Google Drive and YouTube API Services) to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Google user data is accessed, processed, and cached exclusively to perform user-initiated operations (e.g., retrieving feedback files from Google Drive and fetching public video comments/metrics via YouTube API Services for dashboard sentiment reports). We do not use Google user data to serve advertisements, build profiles for advertising, or sell your information. For more information, please see the Google Privacy Policy and the YouTube Terms of Service.

Summary: We comply fully with Google's Limited Use rules. Your Google Drive files and YouTube metrics are only accessed to display them on your dashboard—we never sell this data or use it for ads.