COOKIE POLICY
Last updated: May 2026
1. Introduction
This Cookie Policy ("Policy") explains how TOPME.COM Ltd ("TOPMe", "we", "us", or "our") uses cookies and similar tracking technologies when you access or use our platform at www.topme.org (the "Platform") and the Services we offer through it.
Cookies help us deliver a functional, secure, and personalised experience on the Platform. They enable core features like user authentication and session management, allow us to understand how the Platform is used so we can improve it, and support certain third-party integrations that are essential to the Platform's operation.
This Policy should be read alongside our Privacy Policy and Terms of Service, both of which are available at www.topme.org. Together, these documents form the complete legal framework governing your use of the Platform.
By continuing to use the Platform after this Policy has been made available to you, you acknowledge that you have read and understood how we use cookies. Where we rely on your consent to set non-essential cookies, we will ask for that consent through our cookie consent banner before placing those cookies on your device.
2. What Are Cookies and Similar Technologies?
2.1 Cookies
Cookies are small text files that are placed on your device — computer, smartphone, or tablet — when you visit a website or use a web application. They are sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are widely used to make websites work more efficiently, to remember your preferences, and to provide analytical information to site owners.
Cookies do not contain executable code and cannot carry viruses or install malware on your device. They are simply small data files that store information about your visit.
2.2 How Long Cookies Last
Cookies can be categorised by how long they remain on your device:
- Session Cookies: These are temporary cookies that exist only for the duration of your browser session. They are deleted automatically when you close your browser. On TOPMe, session cookies are used primarily for authentication and session management — for example, to keep you logged in as you navigate between pages.
- Persistent Cookies: These cookies remain on your device for a set period after your session ends — from a few days to several years, depending on their purpose. On TOPMe, persistent cookies are used to remember your preferences and to support certain analytics functions.
2.3 First-Party and Third-Party Cookies
- First-Party Cookies: Cookies set directly by TOPMe for the Platform's own purposes — such as authentication and session management.
- Third-Party Cookies: Cookies set by third parties — such as our payment processors or analytics providers — when their services are integrated into the Platform. These cookies are governed by the privacy policies of the relevant third parties.
2.4 Similar Technologies
In addition to cookies, we and our third-party partners may use similar technologies to achieve the same or related purposes. These include:
- Web Beacons (also known as pixel tags or clear GIFs): Small transparent image files embedded in web pages or emails that allow us or third parties to detect when a page or email has been accessed, and to measure certain user interactions.
- Local Storage: Allows websites to store data in a user's browser with no expiry date, larger in size than a standard cookie. We may use local storage for session management and user preference storage on the Platform.
- Session Storage: Data stored in your browser that persists within a single browsing session but is not accessible after the browser tab is closed. Used on the Platform for temporary state management during navigation.
- JSON Web Tokens (JWTs): Alphanumeric strings stored in the browser as secure session identifiers. TOPMe uses JSON Web Tokens (JWTs) for authenticated session management across the Platform.
- Device Fingerprinting: Information collected automatically about your device, browser, and network configuration that can be used to identify your device across sessions, even without cookies. We do not use device fingerprinting for tracking or advertising purposes.
3. Categories of Cookies We Use
We use cookies in the following categories, each serving a distinct purpose on the Platform. These categories follow the standard classification framework adopted under the GDPR, the UK GDPR, and international best practices.
3.1 Strictly Necessary Cookies
These cookies are essential for the Platform to function. They cannot be switched off in our systems because without them, key features of the Platform — including user login, navigation, and security — would not work. You can set your browser to block or alert you about these cookies, but some parts of the Platform will then not function as intended.
Strictly necessary cookies on TOPMe include:
| Cookie / Token Name | Purpose | Type | Duration |
|---|---|---|---|
| JWT Authentication Token | Manages your authenticated session on the Platform — keeps you logged in securely as you navigate between pages | First-Party | Session / Short-term persistent |
| Session ID Cookie | Maintains your user session and ensures continuity of your interaction with the Platform | First-Party | Session |
| CSRF Token | Cross-Site Request Forgery protection — prevents malicious third-party sites from making unauthorised requests on your behalf | First-Party | Session |
| Cookie Consent Preference | Stores your cookie consent choices so we do not ask you repeatedly | First-Party | Up to 12 months |
| Load Balancer Cookie | Ensures your requests are directed to the correct server during your session for performance and stability | First-Party | Session |
Legal basis for processing: Strictly necessary cookies do not require your consent under applicable law. They are processed on the basis of our legitimate interest in operating a secure and functional platform, and as a technical necessity for service delivery.
3.2 Functional Cookies
Functional cookies allow the Platform to remember choices you have made in the past — such as your language preference, your notification settings, or whether you have previously agreed to our Terms of Service — to provide a more personalised experience. These cookies do not track your browsing activity across other websites.
Functional cookies on TOPMe include:
| Cookie Name | Purpose | Type | Duration |
|---|---|---|---|
| User Preference Cookie | Stores your display and notification preferences, including pseudonym/name display preference for donations | First-Party | Up to 12 months |
| Language / Locale Cookie | Remembers your preferred language or regional settings for the Platform interface | First-Party | Up to 12 months |
| Recently Viewed Projects | Stores a temporary record of project pages you have recently viewed to improve navigation | First-Party | Up to 30 days |
| Form Autofill Cookie | Preserves partially completed form data to prevent loss of progress if your session is interrupted | First-Party | Session |
| Newsletter Subscription Status | Records whether you have subscribed to or unsubscribed from the TOPMe newsletter to prevent repeat prompts | First-Party | Up to 12 months |
Legal basis for processing: Functional cookies are processed on the basis of your consent, which you provide through our cookie consent banner. You may withdraw your consent at any time by adjusting your cookie preferences through the Cookie Settings link in the Platform footer.
3.3 Analytics and Performance Cookies
These cookies collect information about how visitors use the Platform — which pages are visited most often, how long users spend on each page, where users navigate from, and any error messages they encounter. All information collected by these cookies is aggregated and therefore anonymised. It does not identify you personally. We use this data to improve the way the Platform works.
Analytics and performance cookies on TOPMe include:
| Cookie Name | Purpose | Type | Duration |
|---|---|---|---|
| Internal Analytics Cookie | Tracks anonymised page visit data, navigation patterns, and session duration for our internal Admin Dashboard analytics | First-Party | Up to 13 months |
| Performance Monitoring Cookie | Monitors Platform performance indicators including page load times, error rates, and server response times to support technical improvements | First-Party | Up to 30 days |
| _ga (Google Analytics) | If enabled in future: distinguishes unique users for Google Analytics traffic reporting. Not currently active. Will require explicit consent before activation. | Third-Party (Google) | Up to 2 years |
| _gid (Google Analytics) | If enabled in future: distinguishes unique users within a 24-hour window for Google Analytics. Not currently active. | Third-Party (Google) | 24 hours |
Please note: TOPMe does not currently use Google Analytics or any third-party analytics service. Our analytics are conducted through our own internal Admin Dashboard using first-party data only. If we integrate a third-party analytics service in future, we will update this Policy and request your consent before placing any new analytics cookies.
Legal basis for processing: First-party analytics cookies are processed on the basis of your consent. You may withdraw consent at any time through the Cookie Settings link in the Platform footer.
3.4 Third-Party Payment Processor Cookies
When you make a donation or complete a payment transaction on the Platform, our payment processors — Paystack, Flutterwave, Stripe, and PayPal — may set their own cookies on your device. These cookies are set by third parties and are governed by their respective privacy and cookie policies. TOPMe has no control over these cookies.
Payment processor cookies serve the following functions:
- Fraud prevention and transaction security — detecting and preventing suspicious payment activity
- Payment session management — maintaining the integrity of your payment transaction during processing
- Authentication — verifying your identity with the payment processor for secure transaction authorisation
- Compliance — supporting anti-money laundering and Know Your Customer (KYC) obligations
To learn more about how our payment processors use cookies, please refer to their respective cookie and privacy policies:
- •Paystack: https://paystack.com/privacy
- •Flutterwave: https://flutterwave.com/us/privacy-policy
Legal basis for processing: Payment processor cookies are necessary for the performance of the payment contract between you and the payment processor. They are strictly necessary for the completion of financial transactions and do not require separate consent for that purpose.
3.5 Third-Party Service Cookies
Certain features of the Platform involve integration with third-party services that may set their own cookies. These are described below:
3.5.1 SendGrid (Transactional Email)
TOPMe uses SendGrid to deliver transactional emails — including donation confirmations, account notifications, and project update emails. SendGrid may set tracking pixels or similar technologies in emails to confirm delivery and whether an email has been opened. This tracking helps us confirm that important account communications have reached you. For more information, visit: https://sendgrid.com/policies/privacy/
3.5.2 YouTube / Google (Video Content)
Where TOPMe Angels embed video content in project pages using YouTube links, Google's YouTube platform may set cookies on your device when you interact with or play that video content. These cookies are set by Google and governed by Google's Privacy and Cookie Policies. For more information, visit: https://policies.google.com/privacy
3.5.3 Google Sign-In
Where you use Google Sign-In to register or log into the Platform, Google may set authentication-related cookies or tokens on your device in connection with the sign-in process. These are governed by Google's Privacy Policy. For more information, visit: https://policies.google.com/privacy
3.5.4 Social Media Sharing
Where you use the social sharing features on the Platform to share projects or blog posts on Facebook, Twitter, or Instagram, those platforms may set cookies on your device when their sharing functionality is activated. TOPMe has no control over these cookies. Their use is governed by the privacy and cookie policies of the respective social media platforms.
4. How Cookies Are Used Across TOPMe's Platform Features
The table below maps our use of cookies and similar technologies to specific features and functionalities of the TOPMe Platform:
| Platform Feature | Cookies / Technologies Used |
|---|---|
| User Login and Authentication (all user types) | JWT Authentication Token; Session ID Cookie; CSRF Token |
| TOPMe Angel Registration and KYC | JWT Authentication Token; Session ID Cookie; Form Autofill Cookie |
| Google Sign-In | JWT Authentication Token; Google Authentication Cookies (Third-Party) |
| Project Creation and Management | Session ID; Form Autofill Cookie; Recently Viewed Projects Cookie |
| Donation Processing and Payment | Payment Processor Cookies (Paystack, Flutterwave, Stripe, PayPal); CSRF Token |
| Angel Support Transactions | Payment Processor Cookies; JWT Token |
| Anonymous / Pseudonymous Donation Preference | User Preference Cookie |
| Newsletter Subscription | Newsletter Subscription Status Cookie |
| Project Adoption | Session ID; User Preference Cookie |
| In-App Messaging | JWT Authentication Token; Session ID |
| Blog Interactions (likes, comments, sharing) | Session ID; Social Media Cookies (if sharing activated) |
| Notification Preferences (Angels and Donors) | User Preference Cookie |
| Social Media Sharing (Facebook, Twitter, Instagram) | Third-Party Social Media Cookies (activated only when sharing is used) |
| YouTube Video Content on Project Pages | Google / YouTube Cookies (Third-Party, activated on video interaction) |
| Transactional Email Tracking (SendGrid) | SendGrid Email Tracking Pixel |
| Admin Dashboard Analytics | Internal Analytics Cookie; Performance Monitoring Cookie |
| Cookie Consent Management | Cookie Consent Preference Cookie |
| Platform Performance and Error Monitoring | Performance Monitoring Cookie |
5. What We Do Not Do With Cookies
TOPMe is committed to using cookies responsibly and in a manner that respects your privacy. We want to be explicit about the limits of our cookie use:
- No advertising cookies: We do not use cookies or similar technologies to serve targeted advertising or behavioural advertising on the Platform or on any third-party platform.
- No sale of cookie data: We do not sell, rent, or otherwise transfer cookie-derived data about you to any third party for their own commercial purposes.
- No cross-site tracking: We do not use cross-site tracking technologies to follow your browsing activity across websites or platforms that are unrelated to TOPMe.
- No commercial profiling: We do not use cookies to build profiles of your browsing behaviour for commercial profiling or re-marketing purposes.
- No device fingerprinting for tracking: We do not use device fingerprinting for tracking or advertising purposes, though we may collect certain device information passively for security and fraud prevention as described in our Privacy Policy.
6. Your Cookie Consent
6.1 How We Obtain Your Consent
When you first visit the TOPMe Platform, a cookie consent banner will be displayed at the bottom (or top) of your screen. This banner provides you with clear information about the categories of cookies we use and gives you the option to accept all cookies, reject non-essential cookies, or customise your preferences by category. We will not place non-essential cookies — including functional, analytics, or certain third-party cookies — on your device until you have provided your consent through the banner.
Your essential and strictly necessary cookies are placed automatically without requiring consent, as these are technically required for the Platform to function.
6.2 Recording Your Consent
When you make a choice through our cookie consent banner, your preference is recorded in a Cookie Consent Preference cookie stored on your device. This cookie has a lifespan of up to 12 months, meaning we will not ask for your consent again within that period unless: (a) you clear your cookies; (b) you use a different device or browser; or (c) we make a material change to the categories or purposes of our cookies, in which case we will ask for fresh consent.
6.3 Withdrawing Your Consent
You may withdraw or change your cookie consent at any time by:
- Clicking the "Cookie Settings" link in the footer of the Platform to access the cookie preference centre and update your choices;
- Clearing your browser cookies and cache, which will reset your consent preference and trigger the consent banner again on your next visit; or
- Adjusting your browser settings as described in Section 7 below.
Please note that withdrawing consent for non-essential cookies will not affect the lawfulness of any processing that occurred before your withdrawal. Withdrawing consent for functional cookies may affect your ability to use certain features of the Platform, such as saved preferences and notification settings.
6.4 Consent for Users Under the Age of 18
The TOPMe Platform is not intended for use by individuals under the age of 18. We do not knowingly place cookies on the devices of minors. If you are under 18 years of age, please do not use the Platform. If we become aware that we have inadvertently collected cookie-derived data from a minor, we will take steps to delete that data promptly.
7. How to Manage and Control Cookies
7.1 Cookie Preference Centre
The easiest way to manage your cookie preferences on TOPMe is through our Cookie Preference Centre, accessible via the "Cookie Settings" link in the footer of every page of the Platform. The Preference Centre allows you to review the categories of cookies we use, understand their purpose, and enable or disable each non-essential category individually. Your choices are saved and applied immediately.
7.2 Browser Settings
You can also control cookies through your browser settings. Most browsers allow you to:
- View what cookies are currently stored on your device;
- Delete all cookies or cookies from specific websites;
- Block all cookies from being set;
- Block third-party cookies specifically; and
- Receive a notification each time a new cookie is placed.
Instructions for managing cookies in the most commonly used browsers are available at the following links:
- •Google Chrome: https://support.google.com/chrome/answer/95647
- •Mozilla Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
- •Apple Safari (macOS): https://support.apple.com/en-gb/guide/safari/sfri11471/mac
- •Apple Safari (iOS/iPhone): Settings > Safari > Privacy & Security > Block All Cookies
- •Microsoft Edge: https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09
- •Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Please note that if you choose to block all cookies through your browser settings — including strictly necessary cookies — certain features of the Platform will not function correctly. In particular, you will not be able to log in, maintain a session, or complete payment transactions.
7.3 Managing Third-Party Cookies
Third-party cookies set by our payment processors, SendGrid, Google, or social media platforms are governed by their own privacy and cookie policies. To manage cookies set by these third parties, please refer to their respective settings and opt-out mechanisms:
- •Google / YouTube: https://adssettings.google.com and https://policies.google.com/technologies/cookies
- •Paystack: https://paystack.com/privacy
- •Flutterwave: https://flutterwave.com/us/privacy-policy
- •SendGrid: https://sendgrid.com/policies/privacy/
- •Facebook: https://www.facebook.com/policies/cookies
- •Twitter/X: https://help.twitter.com/en/rules-and-policies/twitter-cookies
- •Instagram: https://help.instagram.com/1896641480634370
7.4 Do Not Track
"Do Not Track" (DNT) is a browser setting that sends a signal to websites requesting that they do not track your browsing activity. Because there is currently no agreed universal standard for how websites should respond to DNT signals, TOPMe does not currently respond to DNT signals. We do not engage in cross-site tracking for advertising purposes regardless of DNT status, as described in Section 5 above.
8. Legal Basis for Cookie Processing
The legal basis on which we process data collected through cookies varies depending on the category of cookie:
| Cookie Category | Legal Basis |
|---|---|
| Strictly Necessary Cookies | Legitimate interest (in operating a secure and functional platform) and technical necessity. No consent required. |
| Functional Cookies | Consent — provided through the cookie consent banner. Withdrawable at any time. |
| Analytics and Performance Cookies | Consent — provided through the cookie consent banner. Withdrawable at any time. |
| Payment Processor Cookies | Performance of contract (necessary for payment processing) and legitimate interest (fraud prevention). Consent required for non-essential payment processor analytics. |
| Third-Party Service Cookies (SendGrid, YouTube, Google Sign-In) | Consent and/or legitimate interest depending on the specific service. Where consent-based, withdrawable through Cookie Settings or third-party opt-out mechanisms. |
| Social Media Sharing Cookies | Consent — only activated when you actively use the social sharing features. Not placed passively. |
For users in Nigeria, cookie processing is governed by the Nigeria Data Protection Act 2023 (NDPA). For users in the European Economic Area or United Kingdom, processing is also governed by the GDPR and UK GDPR respectively. For users in California, processing is also governed by the CCPA/CPRA.
9. International Data Transfers Through Cookies
Some of the third-party cookies used on the Platform — particularly those set by payment processors, Google, SendGrid, and social media platforms — may transfer data to servers located outside Nigeria, including in the United States and European Union. Where such transfers occur:
- We ensure that appropriate contractual safeguards are in place, including Standard Contractual Clauses (SCCs) or equivalent mechanisms as required by the NDPA;
- We engage only with third-party processors that maintain adequate data protection standards consistent with applicable law; and
- We have reviewed the data transfer practices of our key third-party processors and are satisfied that they comply with applicable international transfer requirements.
For further information on our international data transfer safeguards, please refer to the "International Data Transfers" section of our Privacy Policy.
10. Cookie Retention Periods
The retention period of a cookie is the length of time it remains on your device after being set. Cookies on TOPMe are retained for the minimum period necessary to fulfil their stated purpose. The table below provides a summary of retention periods by cookie category:
| Cookie Category | Retention Period |
|---|---|
| Session Cookies (all categories) | Deleted when you close your browser |
| JWT Authentication Token | Short-term persistent — typically up to 24 hours or until logout |
| CSRF Token | Session only |
| Cookie Consent Preference | Up to 12 months from the date of consent |
| User Preference Cookie | Up to 12 months |
| Language / Locale Cookie | Up to 12 months |
| Newsletter Subscription Status | Up to 12 months |
| Recently Viewed Projects | Up to 30 days |
| Internal Analytics Cookie | Up to 13 months |
| Performance Monitoring Cookie | Up to 30 days |
| Payment Processor Cookies | Governed by the relevant payment processor's cookie policy |
| Google / YouTube Cookies | Up to 2 years (as governed by Google's Cookie Policy) |
| SendGrid Email Tracking | As governed by SendGrid's Privacy Policy |
| Social Media Cookies | As governed by the relevant platform's cookie policy |
11. Your Rights in Relation to Cookie Data
Data collected through cookies that constitutes personal data is subject to the same data subject rights described in our Privacy Policy. Under the Nigeria Data Protection Act 2023 (NDPA) and, where applicable, the GDPR and CCPA/CPRA, these include:
- The right to know what cookie data we hold about you and how it is used;
- The right to request deletion of personal data collected through cookies, subject to applicable legal retention requirements;
- The right to withdraw your cookie consent at any time through our Cookie Preference Centre;
- The right to object to the processing of your personal data collected through analytics cookies; and
- For California residents: the right to opt out of the "sharing" of personal information for cross-context behavioural advertising (TOPMe does not currently engage in this activity).
To exercise any of these rights, or if you have a question specifically about cookie-derived personal data, please contact us using the details in Section 14 below, or refer to the "Your Privacy Rights" section of our Privacy Policy for full details.
12. Cookies and Children
As stated in our Privacy Policy, the TOPMe Platform is strictly for users aged 18 years and above. We do not knowingly place cookies on the devices of individuals under the age of 18. If a parent or guardian believes that a minor has used the Platform and had cookies placed on their device without appropriate consent, please contact us immediately at contact@topme.org and we will investigate and take appropriate remedial action.
13. Changes to This Cookie Policy
We may update this Cookie Policy from time to time to reflect changes in the cookies we use, changes in applicable law, or changes in the third-party services integrated with our Platform. When we make material changes, we will:
- Update the "Last Updated" date at the top of this Policy;
- Display a prominent notification on the Platform informing you of the change; and
- Where the change involves new consent-based cookies, display a fresh cookie consent banner requesting your consent before placing the new cookies.
We encourage you to review this Policy periodically. Your continued use of the Platform after any update constitutes your acceptance of this Policy as updated.
14. Contact Us
If you have any questions, concerns, or requests relating to this Cookie Policy or the use of cookies on the TOPMe Platform, please contact us:
For wider privacy-related enquiries, including requests to exercise your data subject rights under the NDPA, GDPR, or CCPA/CPRA, please refer to the "Contacting TOPMe" section of our Privacy Policy.
15. Glossary of Key Terms
CCPA/CPRA: The California Consumer Privacy Act as amended by the California Privacy Rights Act — California's data protection law.
Cookie: A small text file placed on your device by a website or web application to store information about your visit.
CSRF Token: A Cross-Site Request Forgery token — a security measure that prevents unauthorised commands from being submitted from a user that a website trusts.
First-Party Cookie: A cookie set directly by the website you are visiting — in this case, TOPMe.
GDPR: The General Data Protection Regulation (EU) 2016/679 — the European Union's data protection framework.
JWT (JSON Web Token): A compact, cryptographically signed token used by TOPMe to manage authenticated user sessions securely.
Local Storage: A browser-based storage mechanism that holds data with no expiry date, larger in capacity than standard cookies.
NDPA: The Nigeria Data Protection Act 2023 — Nigeria's primary data protection legislation.
Persistent Cookie: A cookie that remains on your device after your browser session ends, until it expires or is deleted.
Session Cookie: A cookie that is deleted automatically when you close your browser.
Session Storage: Browser-based storage that holds data only for the duration of a single browser tab session.
Third-Party Cookie: A cookie set by a party other than the website you are visiting — such as a payment processor or analytics provider.
TLS 1.3/HTTPS: Transport Layer Security version 1.3 — the encryption protocol used by TOPMe to protect all data transmitted between your device and our servers.
Web Beacon: A small transparent image embedded in a webpage or email used to track whether a page or email has been accessed.