Privacy Notice
This Notice explains how Ziggy Henriquez, sole trader, operating TopSecretDocuments ("we", "us"), collects and uses your personal data when you visit the site or buy a product. We are the data controller responsible for your information.
1. What we collect & why
| Category | Examples | Purpose | Legal basis |
|---|---|---|---|
| Account & contact | Name, email | Deliver purchases, send order confirmations, provide support | Contract performance |
| Order data | Product purchased, order ID, country (for tax) | Fulfilment, record-keeping | Contract performance / legal obligation |
| Usage & device | IP address, browser, pages visited | Security, fraud prevention, improving the site | Legitimate interests |
| Support messages | Whatever you write to us | Answering your question | Legitimate interests |
Payment card details are handled by Paddle and are not stored by us.
2. Who we share data with
- Paddle — our Merchant of Record, for processing sales, subscription management, payments, tax compliance, invoicing, and refund handling.
- Hosting & infrastructure providers — to run the site and store data.
- Analytics providers — to understand how the site is used (aggregated where possible).
- Professional advisers — legal, accounting, where required.
- Authorities — where required by law.
We do not sell your personal data.
3. International transfers
Some of our service providers may process data outside your country. Where this happens, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.
4. Retention
We keep account and order data for as long as your account is active and for as long as needed to meet tax, accounting, and legal obligations (typically up to 7 years for order records). Support messages are kept for as long as needed to resolve issues. After that, we delete or anonymize the data.
5. Your rights
Depending on where you live, you may have the right to:
- Access the personal data we hold about you;
- Have inaccurate data corrected;
- Request deletion ("right to be forgotten");
- Restrict or object to certain processing;
- Receive your data in a portable format;
- Withdraw consent at any time, where processing is based on consent;
- Lodge a complaint with your local data protection authority.
To exercise any of these rights, contact us through the site. We aim to respond within one month.
6. Security
We apply appropriate technical and organisational measures to protect your data, including encryption in transit, access controls, and vetted service providers. No system is perfectly secure, but we take it seriously.
7. Cookies
The site uses a small number of cookies and similar technologies — essential cookies to keep the site working (e.g. cart, session), and optional analytics cookies to understand usage. You can manage cookies through your browser settings.
8. Changes to this Notice
We may update this Notice from time to time. Material changes will be posted here with a revised date.
9. Contact
Questions about your data? Contact us through the site. For payment-related data, you can also reach Paddle at paddle.net.