Privacy Policy

Introduction
Information We Collect
Cookies and Tracking Technologies
How We Use Your Information
Legal Basis for Processing (GDPR)
How We Share Your Information
Affiliate Links and Third-Party Products
Data Retention
Data Security
Data Breach Notification
Your Privacy Rights
Do Not Sell or Share My Personal Information
International Data Transfers
Children's Privacy (COPPA)
Third-Party Links and Services
Changes to This Policy
Contact Information

1. Introduction

RateTopic ("we," "us," or "our") operates the website located at ratetopic.com (the "Site"). RateTopic is a technology review and recommendation platform that covers mobile apps, software tools, AI products, and related digital services.

This Privacy Policy explains how we collect, use, disclose, store, and safeguard your personal information when you visit, browse, or otherwise interact with our Site. It applies to all visitors, users, and others who access the Site, regardless of how or where they access it.

By accessing or using the Site, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Site.

We are committed to protecting your privacy and being transparent about the data we collect. This policy has been drafted to comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other applicable privacy laws worldwide.

2. Information We Collect

2a. Information You Provide Directly

We collect personal information that you voluntarily provide to us when you interact with the Site. This includes:

Newsletter subscription: When you subscribe to our newsletter, we collect your email address. This email address is stored securely in our Firebase Firestore database and is used solely for the purpose of delivering newsletter communications.
Contact form submissions: When you use our contact form, we collect your name, email address, and the content of your message. This information is used to respond to your inquiry and is stored in Firebase Firestore.

2b. Information Collected Automatically

When you visit our Site, certain information is collected automatically through cookies, log files, and similar technologies. This may include:

IP address: Your Internet Protocol address, which may be used to derive your approximate geographic location (city or region level).
Browser type and version: The web browser you are using (e.g., Chrome, Firefox, Safari) and its version number.
Device information: Your device type (desktop, tablet, mobile), operating system, screen resolution, and device language settings.
Pages visited: The specific pages you view on our Site, including the order in which you view them, the time spent on each page, and the links you click.
Referring URL: The website or search engine that directed you to our Site.
Date and time of access: The date, time, and duration of each visit to our Site.
Approximate location: General geographic location derived from your IP address (not precise GPS coordinates).

2c. Information from Third Parties

We may receive information about you from third-party services that we integrate with, including:

Analytics providers: Firebase Analytics and Google Analytics provide us with aggregated and individual-level data about how users interact with our Site, including demographic insights and interest categories.
Advertising networks: Google AdSense may provide us with information about ad interactions, impressions, and click-through data associated with your browsing sessions.
Content delivery networks: Services such as Google Fonts and Font Awesome CDN may log your IP address when serving resources to your browser.

3. Cookies and Tracking Technologies

Cookies are small text files stored on your device when you visit a website. We and our third-party partners use cookies and similar tracking technologies (such as pixels, web beacons, and local storage) for the purposes described below.

3a. Essential Cookies and Local Storage

We use your browser's localStorage to save your theme preference (light or dark mode). This data is stored entirely on your device under the key ratetopic-theme, is never transmitted to our servers, and can be cleared at any time through your browser settings. These are strictly necessary for delivering the user experience you have selected.

3b. Analytics Cookies

We use Firebase Analytics (powered by Google Analytics) to understand how visitors use our Site. These cookies collect information such as:

The number of visitors to the Site
Which pages are visited most often and how visitors navigate between pages
Session duration and bounce rates
The geographic region, browser, and device type of visitors

Analytics data helps us improve the content, design, and performance of our Site. Firebase Analytics cookies include identifiers such as _ga, _ga_*, and _gid. For more information, see Google's Privacy Policy.

3c. Advertising Cookies

We use Google AdSense to display advertisements on our Site. Google AdSense uses cookies to:

Serve ads based on your prior visits to our Site and other websites
Personalize ad content to match your interests
Measure ad performance and engagement
Enable remarketing, which allows ads related to our Site to appear on other websites you visit

Google's use of advertising cookies enables it and its advertising partners to serve ads based on your browsing history. These cookies may include __gads, __gpi, IDE, ANID, and others managed by Google. For more information about how Google uses data when you visit partner sites, visit Google's Privacy & Terms page.

3d. How to Manage Cookies

You can control and manage cookies through the following methods:

Browser settings: Most browsers allow you to refuse, delete, or manage cookies through the browser settings or preferences menu. Consult your browser's help documentation for specific instructions.
Google Ads Settings: You can opt out of personalized advertising by visiting Google Ads Settings.
Network Advertising Initiative: You can opt out of interest-based advertising from many providers at NAI Opt-Out.
Digital Advertising Alliance: You can manage your ad preferences at DAA Opt-Out.
European users: You can manage ad preferences at Your Online Choices.
Google Analytics Opt-Out: You can install the Google Analytics Opt-Out Browser Add-On.

Please note that disabling cookies may affect the functionality of certain features on our Site and may result in a less personalized browsing experience.

3e. Global Privacy Control (GPC) Signals

We recognize and honor Global Privacy Control (GPC) signals sent by your browser. When we detect a GPC signal, we treat it as a valid request to opt out of the sale or sharing of your personal information, and we will limit the processing of your data accordingly. GPC is supported by major browsers and browser extensions. For more information, visit globalprivacycontrol.org.

3f. Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals to the websites you visit. There is currently no universally accepted standard for how websites should respond to DNT signals. At this time, we do not alter our data collection and usage practices in response to DNT signals. However, we do honor GPC signals as described above, which serve a similar purpose. We will update this policy if a uniform standard for DNT compliance is adopted in the future.

4. How We Use Your Information

We use the information we collect for the following purposes:

Newsletter delivery: To send periodic newsletters about new app reviews, guides, AI tool recommendations, and updates to subscribers who have opted in.
Site improvement and optimization: To analyze traffic patterns, understand user preferences, identify popular content, optimize page performance, and improve the overall user experience.
Analytics and reporting: To generate aggregate statistical reports about Site usage, audience demographics, content engagement, and visitor behavior.
Advertising: To display relevant advertisements through Google AdSense, including personalized ads based on your browsing behavior and interests.
Responding to inquiries: To reply to your questions, feedback, or requests submitted through our contact form.
Security and fraud prevention: To monitor for and protect against unauthorized access, malicious activity, spam, abuse, and other security threats to the Site.
Preference storage: To remember your theme preference (light or dark mode) for a consistent experience across visits.
Legal compliance: To comply with applicable laws, regulations, legal processes, or governmental requests.

5. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, we process your personal data only when we have a valid legal basis to do so. The legal bases we rely on include:

Consent: Where you have given clear, affirmative consent for us to process your personal data for a specific purpose. For example, when you subscribe to our newsletter or accept non-essential cookies. You may withdraw your consent at any time without affecting the lawfulness of processing carried out before the withdrawal.
Legitimate interests: Where processing is necessary for our legitimate interests (or those of a third party), provided those interests are not overridden by your rights and interests. Our legitimate interests include operating and improving the Site, analyzing usage trends, displaying relevant advertising, and ensuring the security of the Site.
Contract performance: Where processing is necessary for the performance of a contract with you or to take steps at your request prior to entering a contract. For example, when we process your contact form submission to respond to your inquiry.
Legal obligation: Where processing is necessary for compliance with a legal obligation to which we are subject, such as responding to a valid legal request from law enforcement or a regulatory authority.

We do not sell your personal information. We may share your information with the following categories of recipients in the circumstances described below:

We share data with Google through our use of Google AdSense (advertising), Firebase Analytics (usage analytics), and Cloud Firestore (data storage). Google processes this data in accordance with its own privacy policies. For details, see Google's Privacy Policy and Firebase Privacy and Security documentation.

When you click on an affiliate link on our Site, the destination website or affiliate network may receive referral information including your IP address, the referring page URL, and a unique tracking identifier. These affiliate partners operate under their own privacy policies, which we encourage you to review.

We may engage trusted third-party service providers to assist us in operating the Site, conducting business activities, or providing services on our behalf (such as hosting, email delivery, or technical support). These service providers are granted access to your personal information only to the extent necessary to perform their functions and are contractually obligated to protect your data.

We may disclose your personal information if required to do so by law or in response to valid legal requests from public authorities, including to meet national security or law enforcement requirements. We may also disclose your information where we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred to the acquiring entity or successor. We will provide notice before your personal information becomes subject to a different privacy policy.

We do NOT sell your personal information. We have not sold personal information in the preceding twelve (12) months and have no plans to do so.

7. Affiliate Links and Third-Party Products

Our Site contains reviews, recommendations, and links to third-party products and services. Some of these links are affiliate links, which means we may earn a commission if you click through and make a purchase or sign up for a service. This commission comes at no additional cost to you.

When you click on an affiliate link:

You will be redirected to a third-party website that operates under its own privacy policy and terms of service.
The affiliate partner may place cookies on your device to track the referral and attribute the purchase or sign-up to our Site.
The information collected by the affiliate partner is governed by their privacy practices, not ours.

Editorial independence: The presence of affiliate links does not influence our editorial opinions, ratings, or reviews. Our content is created independently based on thorough research and testing. Affiliate relationships do not affect the objectivity of our assessments, and we do not accept compensation in exchange for favorable reviews.

8. Data Retention

We retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy, or as required by applicable law. Specific retention periods are as follows:

Newsletter email addresses: Retained until you unsubscribe or request deletion of your data. Upon unsubscribing, your email address will be deleted from our active mailing list within 30 days.
Analytics data: Firebase Analytics data is retained for a maximum of 26 months. After this period, event-level data is automatically deleted. Aggregated reports may be retained indefinitely.
Contact form submissions: Retained for up to 12 months after the inquiry has been resolved, unless a longer retention period is required by law.
Server logs: Server access logs, which may contain your IP address and request details, are retained for a maximum of 90 days before being automatically purged.
Advertising data: Managed and retained by Google in accordance with their data retention policies.
Local storage data (theme preference): Stored on your device indefinitely until you clear your browser data or remove it manually.

9. Data Security

We take the security of your personal information seriously and implement reasonable administrative, technical, and physical safeguards to protect it. Our security measures include:

HTTPS encryption: All data transmitted between your browser and our Site is encrypted using TLS/SSL (HTTPS).
Firebase security rules: We use Firebase Security Rules to restrict access to our Firestore database, ensuring that data can only be read or written by authorized processes.
Access controls: Administrative access to our systems and data stores is restricted to authorized personnel only, protected by strong authentication mechanisms.
Infrastructure security: Our data is hosted on Google Cloud infrastructure, which employs industry-standard security measures including encryption at rest, physical security of data centers, and continuous monitoring.
Regular review: We periodically review and update our security practices to address emerging threats and vulnerabilities.

Important: While we strive to protect your personal information, no method of electronic transmission or storage is 100% secure. We cannot guarantee the absolute security of your data. You are responsible for maintaining the confidentiality of any account credentials and for controlling access to your devices.

10. Data Breach Notification

In the event of a data breach that compromises your personal information and is likely to result in a risk to your rights and freedoms, we will:

Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, in accordance with Article 33 of the GDPR and other applicable data protection laws.
Notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms, in accordance with Article 34 of the GDPR.
Provide details about the nature of the breach, the categories and approximate number of individuals affected, the likely consequences, and the measures taken or proposed to address the breach.
Document all breaches, including those that do not require notification, as part of our internal records.

Notifications will be provided via email (where we have your email address) and/or via a prominent notice on our Site. We will also comply with all applicable breach notification requirements under CCPA/CPRA and other state, federal, and international laws.

11. Your Privacy Rights

If you are a resident of the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under the GDPR and UK GDPR:

Right of access (Article 15): You have the right to request a copy of the personal data we hold about you, along with information about how it is processed.
Right to rectification (Article 16): You have the right to request correction of inaccurate or incomplete personal data.
Right to erasure (Article 17): You have the right to request deletion of your personal data ("right to be forgotten"), subject to certain legal exceptions.
Right to restriction of processing (Article 18): You have the right to request that we limit the processing of your personal data under certain circumstances, such as when you contest its accuracy.
Right to data portability (Article 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format (e.g., CSV or JSON) and to transmit that data to another controller.
Right to object (Article 21): You have the right to object to the processing of your personal data for direct marketing purposes, or where processing is based on legitimate interests.
Right to withdraw consent (Article 7): Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority in the EU/EEA member state of your habitual residence, place of work, or the place of the alleged infringement. A list of EU data protection authorities is available at edpb.europa.eu.

11b. CCPA/CPRA Rights (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

Right to know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources from which the information was collected, the business or commercial purpose for collecting the information, and the categories of third parties with whom we share it.
Right to delete: You have the right to request deletion of your personal information, subject to certain legal exceptions (e.g., information necessary to complete a transaction, detect security incidents, or comply with legal obligations).
Right to correct: You have the right to request correction of inaccurate personal information that we maintain about you.
Right to opt out of sale or sharing: You have the right to opt out of the "sale" or "sharing" of your personal information. While we do not sell personal information in the traditional sense, certain advertising activities involving third-party cookies may constitute "sharing" under the CCPA/CPRA.
Right to limit use of sensitive personal information: If we were to collect sensitive personal information, you would have the right to limit its use to purposes necessary for providing the services you request.
Right to non-discrimination: You have the right not to be discriminated against for exercising any of your CCPA/CPRA rights. We will not deny you services, charge different prices, or provide a different quality of service because you exercised your rights.

Categories of personal information collected in the past 12 months:

Identifiers (e.g., email address, IP address)
Internet or electronic network activity information (e.g., browsing history, search history, interaction with our Site)
Geolocation data (approximate location derived from IP address)

11c. US State Privacy Laws

Residents of certain other US states have additional privacy rights under their respective state laws:

Virginia (VCDPA): Virginia residents have the right to access, correct, delete, and obtain a portable copy of their personal data. You also have the right to opt out of the processing of your personal data for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects.
Colorado (CPA): Colorado residents have the right to access, correct, delete, and obtain a portable copy of their personal data, and to opt out of targeted advertising, the sale of personal data, and certain profiling activities.
Connecticut (CTDPA): Connecticut residents have the right to access, correct, delete, and obtain a portable copy of their personal data, and to opt out of targeted advertising, the sale of personal data, and profiling.
Utah (UCPA): Utah residents have the right to access, delete, and obtain a portable copy of their personal data, and to opt out of targeted advertising and the sale of personal data.
Other states: As additional states enact comprehensive privacy legislation, we will update this policy to reflect any new rights and obligations.

11d. How to Exercise Your Rights

To exercise any of your privacy rights described above, please contact us at:

Email: privacy@ratetopic.com

When submitting a request, please include sufficient information to verify your identity and specify the right(s) you wish to exercise. We may need to verify your identity before fulfilling your request. We will respond to your request within the timeframes required by applicable law:

GDPR: Within 30 days (extendable by up to 60 additional days for complex requests)
CCPA/CPRA: Within 45 days (extendable by up to 45 additional days)
Other state laws: Within 45 days (with applicable extensions)

You may also designate an authorized agent to submit a request on your behalf. We may require that you verify your identity directly with us and confirm that you have authorized the agent to act on your behalf.

12. Do Not Sell or Share My Personal Information

We do not sell your personal information. We have not sold personal information in the preceding twelve (12) months and have no intention of doing so.

While we do not engage in the traditional "sale" of personal data, some of our advertising activities (such as the use of third-party advertising cookies through Google AdSense) may be considered "sharing" of personal information under the CCPA/CPRA definition. You have the right to opt out of this activity.

To opt out of the sharing of your personal information for advertising purposes, you may:

Enable Global Privacy Control (GPC) in your browser, which we honor as a valid opt-out signal.
Adjust your cookie preferences through your browser settings to block third-party cookies.
Opt out of Google personalized advertising at Google Ads Settings.
Contact us at privacy@ratetopic.com with the subject line "Do Not Sell or Share My Personal Information."

13. International Data Transfers

Your personal information may be transferred to, stored in, and processed in countries other than your country of residence, including the United States, where our third-party service providers (such as Google) maintain servers and infrastructure.

These countries may have data protection laws that differ from the laws of your jurisdiction. When we transfer personal data outside the EEA, UK, or Switzerland, we ensure that appropriate safeguards are in place, including:

EU Standard Contractual Clauses (SCCs): We rely on Standard Contractual Clauses approved by the European Commission for transfers to countries that do not benefit from an adequacy decision.
UK International Data Transfer Agreement (IDTA): For transfers from the UK, we use the UK addendum to the EU SCCs or the UK IDTA as appropriate.
Adequacy decisions: Where available, we rely on adequacy decisions issued by the European Commission or UK authorities recognizing that a country provides an adequate level of data protection.
Service provider commitments: Our key service provider, Google, participates in the EU-US Data Privacy Framework and maintains appropriate data protection commitments.

By using our Site, you acknowledge and consent to the transfer of your information to these countries. You may contact us to obtain a copy of the safeguards we use for international transfers.

14. Children's Privacy (COPPA)

Our Site is not directed to children under the age of 16. We do not knowingly collect, solicit, or maintain personal information from anyone under 16 years of age. This is in compliance with the Children's Online Privacy Protection Act (COPPA) in the United States and Article 8 of the GDPR regarding conditions applicable to a child's consent in relation to information society services.

If we become aware that we have inadvertently collected personal information from a child under 16, we will take immediate steps to delete that information from our records. If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at privacy@ratetopic.com so we can take appropriate action.

15. Third-Party Links and Services

Our Site contains links to third-party websites, products, and services that are not owned or controlled by RateTopic. This includes links to reviewed apps, software tools, affiliate partner sites, and external resources referenced in our articles.

We are not responsible for the privacy practices, content, or security of these third-party websites or services. Each third-party website has its own privacy policy, and we encourage you to read the privacy policy of every website you visit. The inclusion of a link on our Site does not imply endorsement of the linked site's privacy practices.

Specifically, the following third-party services used on our Site have their own privacy policies:

Google (Analytics, AdSense, Firebase, Fonts): Google Privacy Policy
Font Awesome (CDN): Font Awesome Privacy Policy

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, applicable laws, technology, or business operations. When we make changes:

We will update the "Effective Date" and "Last Updated" date at the top of this page.
For material changes (such as changes to the categories of personal information collected, new data sharing practices, or changes to your rights), we will provide prominent notice via a banner on our Site and/or send an email notification to newsletter subscribers.
For minor changes (such as clarifications or formatting updates), we will update the policy without additional notice.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the Site after any changes to this Privacy Policy constitutes your acknowledgment of and consent to the updated terms.

Previous versions of this Privacy Policy are available upon request by contacting us at privacy@ratetopic.com.

17. Contact Information

If you have any questions, concerns, requests, or complaints regarding this Privacy Policy or our data practices, please contact us:

RateTopic
Email: privacy@ratetopic.com
Website: ratetopic.com

Mailing Address:
RateTopic
[Street Address]
[City, State, ZIP Code]
[Country]

We will make every effort to respond to your inquiry within a reasonable timeframe, and no later than the timeframes required by applicable law.

If you are located in the EU/EEA and are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.

Table of Contents