Privacy Policy
Last updated: May 2026
1. Who we are
TOP RPM ("we", "us", "our") operates the website toprpm.co.uk. We are a UK-based business. For any privacy-related queries, contact us at hello@toprpm.co.uk.
2. What data we collect
When you use TOP RPM, we may collect the following personal data: your name, email address, and delivery address (when you create an account or place an order); payment information (processed securely by Stripe — we never see or store your full card details); the car card designs you create (stored in your account); and technical data such as your IP address, browser type, and pages visited (collected automatically via server logs).
3. How we use your data
We use your data to: create and manage your account; process and fulfil your orders; send you order confirmation and dispatch emails; improve our website and service; and respond to your support enquiries. We do not sell, rent, or share your personal data with third parties for marketing purposes.
4. Third-party services
We use the following third-party services which may process your data on our behalf: Supabase (account authentication and database hosting, EU servers); Stripe (payment processing — subject to Stripe's Privacy Policy); Resend (transactional emails); and Vercel (website hosting). Each operates under their own privacy policies and GDPR-compliant data processing agreements.
5. Data retention
We retain your account data and order history for as long as your account is active or as needed to fulfil our contractual and legal obligations. You can request deletion of your account and associated data at any time by contacting us.
6. Your rights
Under UK GDPR, you have the right to: access the personal data we hold about you; request correction of inaccurate data; request deletion of your data; object to or restrict certain processing; and request a portable copy of your data. To exercise any of these rights, email us at hello@toprpm.co.uk. We will respond within 30 days.
7. Cookies
TOP RPM uses only essential cookies required for the website to function (authentication session tokens). We do not use advertising or tracking cookies. If this changes in future, we will update this policy and provide appropriate notice and consent mechanisms.
8. Security
We take reasonable technical and organisational measures to protect your personal data, including encrypted connections (HTTPS), secure authentication via Supabase, and PCI-compliant payment processing via Stripe.
9. Changes to this policy
We may update this privacy policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically.
Questions? Contact us