OUR PRIVACY POLICY

4.1 Information That You Provide Directly to Us

We may collect information from you directly in various ways, such as when you: • Open an account or otherwise access, use, interact with, or register for the Services; • Create a profile as a TOPMe Angel or Donor, or are designated as a Service Provider in connection with a fundraising project; • Create, update, manage or delete a fundraising project or cause campaign; • Share or adopt a project on the platform or on social media platforms; • Submit identity verification documents in connection with your Angel registration; • Donate to a project or cause, whether as a registered user or visitor; • Choose whether your official name or a pseudonym is displayed in connection with your donation or platform activity; • Post comments, like blog posts or project updates, send messages, submit project reports, or otherwise communicate with other users or with our team through our Services; • Fill out a survey, submit feedback, or contact us for support purposes; • Subscribe to our newsletter or request updates and other features; or • Upload images, videos, or other media in connection with your profile or project pages. The information you provide directly to us may relate to you or others and may include, without limitation:

4.1.1 Account Registration Information

such as your first and last name, email address, phone number, location and confirmation that you have agreed to our Terms and Conditions. If you register as a TOPMe Angel, you may also provide your phone number, date of birth, gender, country, state, city, residential address, biography, display picture and social media links. If you register or sign in using a third-party service such as Google, Facebook or X, we may receive certain profile information from that service.

4.1.2 Project Information

such as the title, description, target funding amount, currency, location, and media (images and video links) associated with a fundraising project. This may also include the name, contact details, phone number, email address, and website of the Service Provider and details of the beneficiary for whom the project is created.

4.1.3 Service Provider Data

For Service Providers receiving funds, we collect entity name, public profile or website link, email address, phone number, and bank account details (account name, account number, and bank name) required for the disbursement of funds. These details are stored with enhanced encryption and are accessible only on a strict need-to-know basis, as described further in the Security section below.

4.1.4 Donor Preference Information

where you choose to make a donation, we collect your stated preference regarding whether your official name or a pseudonym should be displayed in connection with your donation on the platform. If you donate without onboarding, we collect your name and email address in order to send you project update notifications, as further described in the "Our Use of Information Collected" section below.

4.1.5 Project Adoption Information

where you choose to adopt a project, that is, to publicly support and share a project in order to help it reach its funding goal, we collect information about you like your name (stage name or professional name/moniker) and your adoption activity, including the project adopted.

4.1.6 Financial Information

such as donation amounts, currency, and payment transaction details. We use third-party payment processors to handle financial transactions on the platform, including Paystack, and Flutterwave. These payment processors may collect personal data, including through cookies and similar technologies. The personal data they collect includes transactional data, identifying information about you, and information about the devices you use to access their services. They use this data for fraud detection, authentication, and performance analytics. They operate both as processors for us and as independent controllers for the information they collect directly from you. Where a payment dispute arises, relevant transaction information may be shared with the applicable payment processor for the purpose of investigating and resolving the dispute. Please note that TOPMe does not store full cardholder data, in alignment with PCI-DSS principles. To learn more about how our payment processors handle your personal data, please visit their respective privacy policies: • Paystack: https://paystack.com/privacy • Flutterwave: https://flutterwave.com/us/privacy-policy

4.1.7 Newsletter Subscription Information

where you subscribe to our newsletter, we collect your email address and subscription preferences. You may unsubscribe at any time by following the unsubscribe instructions included in any newsletter email or by contacting us directly.

4.1.8 Publicly Available and Non-Publicly Available Communications and Content

We may collect information that you share, including comments, messages, blog post interactions (including likes and comments), project updates, and other communications with other users through our Services. Any content you choose to post on publicly available pages of the platform is available to the public by default. Please remember that information disclosed in public areas becomes public information and can be viewed, used, or shared by others. Please also be considerate and respectful of others in your public communications on the platform. We reserve the right, but do not have the obligation, to review and monitor publicly available content, non-public communications between users, and any other content posted on or through our Services that may be used for internal analytics, and to remove postings or content that may be viewed as inappropriate, harmful, or offensive.

4.1.9 Information About Yourself and Others, Including Sensitive Information

We may collect information about fundraising projects and the Service Providers that are designated as beneficiaries, including project goals, funding targets, and descriptions of the circumstances motivating a fundraising request. This information may include personal or sensitive details depending on what you choose to share, such as references to health conditions, economic hardship, or social circumstances. If you post this information in connection with a project, you choose to provide it for public display. If you provide us with information about third parties, you acknowledge and confirm that you have the authority and consent of the relevant parties to provide their information to us, that you have notified them, and that you have informed them of how their information is collected and used by us to provide the Services.

4.1.10 Communications with Our Team

We may collect information for troubleshooting or support purposes when you contact us through the platform's messaging system, the contact page, via email, or when you submit a report about a project through our "Report a Project" or "Submit a Report" feature. We may retain records of your communications with our team, including support requests, project reports, and feedback, for quality assurance and operational purposes. We would ask that you refrain from sending financial account information, sensitive health data, information about minors without their parent or guardian's consent or other sensitive personal data to us through our general communication channels.

4.1.11 Identity Verification Information

As part of the TOPMe Angel registration and approval process, we collect government-issued identity documents to verify your identity. This may include a copy of your International Passport, or Driver's License, as well as other nationally recognised identity documents where applicable. Where document verification requires facial matching or similar processes, this may be facilitated by third-party identity verification vendors. TOPMe does not retain biometric data independently of this process, and any such data collected by verification vendors is subject to their own retention policies and applicable law.

4.2 Information We Collect from Other Parties

4.2.1 Data Enhancement and Verification

TOPMe engages third-party vendors to support identity verification, fraud prevention, and compliance. These vendors may provide us with additional information about you in connection with these purposes, in accordance with their own privacy policies and applicable law.

4.2.2 Payment Processing Information

Our payment processors collect and provide certain information to us in order to facilitate donations made on the platform and to process payments to Service Providers. This may include transaction confirmation data, payment status information, and fraud prevention signals. By using our payment features, you acknowledge that your financial transaction data will be processed by our third-party payment processors in accordance with this Policy and their own privacy policies.

4.2.3 Account and Profile Information from Third-Party Services

TOPMe users may register or sign in to the platform using a third-party service such as Google, Facebook or X. Where you use this feature, the relevant third-party service will provide us with access to certain information from your profile on that service such as your name, email address, and profile photograph based on your privacy settings with that service. We will use, store, and disclose such information in accordance with this Policy. Please note that the manner in which third-party services use, store, and disclose your information is governed by the policies of those parties, and TOPMe is not responsible for the privacy practices of third-party services. Where you use social sharing features to share projects or blog posts on platforms including Facebook, Twitter, and Instagram, limited information such as project links and descriptions may be shared with those platforms in accordance with their respective terms of service. Where you upload video content to your project page using a YouTube link, your content will be subject to Google's Privacy Policy and Terms of Service in addition to this Policy.

4.3 Information That Is Passively or Automatically Collected

4.3.1 Location Information

This general location information is used to provide you with an optimised browsing experience and to display relevant project listings. When you create a project or profile on the platform, you may also be asked to provide your country, state, and city, which may be displayed publicly in connection with your profile or project. TOPMe does not currently request access to precise geolocation data from mobile devices. If this changes in future, we will request your permission before collecting such data.

4.3.2 Site Usage, Session, and Activity Log Information

We collect information about your interaction with our Services, including the pages you visit, the resources you access, how much time you spend on each page, and how you navigate through the platform. We use session management technologies, including JSON Web Tokens (JWTs), to manage authenticated sessions securely. We also maintain an activity log that records key actions performed on the platform. This includes, but is not limited to, login and logout events, account creation and updates, project creation, updates and deletion, blog post creation and management, the approval and removal of TOPMe Angels by Admins, and payment activities. This activity log is used for security, audit, and platform integrity purposes, and may be accessed by Admins in the course of platform administration.

6.1. Provision of Services

To provide, operate, and maintain the Services, including to register and manage your account, complete your profile, facilitate financial transactions including donations and Angel Support payments, and support the creation and management of fundraising projects. We verify the identity of TOPMe Angels and Service Providers through the Know Your Customer (KYC) process and we use your information to detect and prevent fraud or other misuse of the platform. We also use your data to communicate with you regarding your account, including to confirm registration, send verification links, notify you of project approvals or administrative decisions, and provide support in response to your queries and reports. Transactional emails including donation confirmations, project updates, and account notifications are delivered via SendGrid.

6.2. Project Adoption

Where you adopt a project on the platform, we use your adoption activity to update the project's adoption status and to notify the relevant TOPMe Angel of the adoption. Adoption activity is visible to other users of the platform.

6.3. Blog and Community Interactions

Where you interact with blog posts or project threads, including posting comments, liking content, or sharing posts on social media, we use that activity to display your interactions on the platform, to generate engagement metrics for internal analytics.

6.4. Notifications

We operate a notification system for registered Angels and Donors. We use your account and activity information to generate and deliver in-platform notifications about events relevant to you, including project updates, donation activity, administrative decisions, messages received, and suggestions for cause adoption. You may manage your notification preferences through your account settings.

6.5. Admin Platform Management

Admins use personal data collected on the platform to perform authorised administrative functions, including reviewing and approving or rejecting TOPMe Angel applications, monitoring and moderating platform content, managing user accounts, creating and managing blog posts and project pages, sending broadcast email communications to donors and platform users, accessing and reviewing platform-wide analytics and financial reports. Admin access to personal data is restricted to what is necessary for their authorised functions and is subject to confidentiality obligations. Admin accounts are accessed through dedicated credentials separate from general user accounts.

6.6. Personalisation of Our Services

We may use information to analyse, improve, and personalise the Services. For example, we may use your project history, donation activity, and engagement patterns to surface relevant projects on your dashboard, display Featured Angels based on performance metrics or make recommendations about causes or projects that may interest you. We do not currently use your data to train artificial intelligence or machine learning models for purposes unrelated to the Services.

6.7. Improving Our Services

We may use information to develop new features and improve existing functionality; to conduct internal research and analytics on platform usage and performance, and to identify and resolve technical issues.

6.8. Fraud Detection and Security

We may use information to maintain the security of your account, to detect and investigate suspicious or fraudulent activity, to enforce our platform policies, and to protect the rights and safety of our users and the public.

6.9. Compliance with Legal Obligations

We may use information to comply with applicable laws and regulations, legal obligations, law enforcement requests and legal processes, and to protect the rights, privacy, safety, or property of TOPMe, its employees, its users or members of the public, including to enforce our Terms and Conditions and other applicable agreements.

6.10. Other Purposes

We may aggregate, anonymise, or de-identify information collected through the Services. We may use and disclose such aggregated or de-identified information for any lawful purpose, including research and analytics, without limitation, as it no longer constitutes personal data.

7.1 Business Transfers

In the event of a corporate transaction such as a merger, acquisition, restructuring, or asset sale, user information may form part of the assets reviewed and transferred. We will notify you of any such transfer in accordance with our obligations under applicable law.

7.2 Affiliated Entities

We may share your personal information among affiliated entities for purposes consistent with this Policy, such as to provide and improve the Services, facilitate payments, prevent fraud, and conduct other activities described in this Policy.

7.3 Payment Gateways

Paystack and Flutterwave receive the minimum data required to process donations and Angel Support transactions. All payment gateways are bound by data-processing agreements that enforce equivalent protection standards.

7.4 Transactional Email Service

SendGrid processes emails solely for the purpose of sending transactional communications, including donation confirmations, account notifications, and project updates. SendGrid does not use this data for its own marketing purposes. All data shared with SendGrid is governed by our data-processing agreement with that provider.

7.5 Authentication providers

TOPMe contracts with third-party companies to assist us in performing certain business-related functions, including cloud hosting and infrastructure, identity verification, fraud prevention, legal services, and platform analytics. We provide access to your information with these companies only to the extent necessary for them to perform services on our behalf. All third-party processors are required to handle your personal data in accordance with applicable data protection laws and are bound by appropriate contractual data protection obligations.

7.6. Legal Requirements

We may transfer, disclose, and preserve your information for courts, law enforcement agencies, government authorities, tax authorities, or other authorised third parties, if and to the extent we are required or permitted to do so by law, or where disclosure is reasonably necessary to: (i) comply with our legal obligations; (ii) comply with a valid legal request such as a court order or subpoena; (iii) respond to claims asserted against us; (iv) respond to a valid legal request relating to a criminal investigation or alleged illegal activity; (v) enforce and administer our Terms and Conditions or other applicable agreements; or (vi) protect the rights, property, or personal safety of TOPMe, its employees, users, or members of the public.

7.7. TOPMe Angels and Service Providers

7.7.1. TOPMe Angels.

We may disclose certain information about Donors to the TOPMe Angel who created the project to which a donation was made. For example, a Donor's name (or pseudonym if they chose to display a pseudonym) and donation amount may be visible to the relevant Angel to support project management, reporting, and donor communication.

7.7.2. Service Providers

TOPMe Angels may create projects designating a Service Provider to receive donations and to execute the project. Where a Service Provider is so designated, that institution may have access to certain project and fundraising information, including details of the funds raised and the progress of the campaign. TOPMe contractually requires Service Providers to use such information solely for the legitimate purpose of the relevant project. If you create a project and designate a Service Provider, you authorise us to share your information including your name and contact details with that Service Provider for the purpose of the project.

7.7.3. Anonymous and Pseudonymous Donations.

If you choose not to be named publicly on a project's public page, your donation will be displayed as "anonymous" on the public activity feed. If you choose to use a pseudonym, that pseudonym will be displayed in place of your official name. However, your actual name and other information may still be visible to the relevant TOPMe Angel, the Service Provider and Admins, and will be processed in accordance with this Policy.

7.8. Broadcast Communications

We may send broadcast email communications to platform users for the purpose of making platform-wide announcements, sharing important updates, or communicating information about causes and projects. You may manage your communication preferences through your account settings or by following the unsubscribe instructions included in any such email.

7.9. With Your Consent

In certain situations, we may share your information where you have specifically consented to that disclosure.

7.10. Aggregated Data

We aggregate, anonymise, and de-identify information collected from users so that it no longer relates to any individual. We may use and share that aggregated data for various lawful purposes, including but not limited to research on our community demographics, reporting on platform impact, and analytics.

7.11. Other Users of Our Services

We make certain information available to other users of the platform. For example, contact profile information is public: your name, about, location, and project history are made visible to other users and to the general public. Similarly, donations made to public project pages, blog interactions, and project adoption activity may appear in the relevant project or platform activity feed.

9.1. Online Analytics

We may use third-party web and product analytics services on the platform to help us understand how users interact with the Services. These vendors use technologies described in the "Information That is Passively or Automatically Collected" section above to analyse usage patterns, measure the effectiveness of platform features, and support continuous improvement of the Services.

9.2. Platform Performance Analytics

Our Admin Dashboard uses internal analytics tools to display platform-wide metrics, including project performance, donation volumes, user activity, and engagement trends. These analytics are used solely for the internal management and improvement of the platform and are not shared with third parties for advertising purposes.

18.1 Account Information.

You may verify, correct, update, or delete certain of your information through your account settings page. If you encounter difficulties, please contact us at the address set out in the "Contacting TOPMe" section below.

18.2 Donor Name and Pseudonym Preferences.

You may update your preference regarding the display of your name or pseudonym in connection with your donations and platform activity through your account settings at any time.

18.3 Marketing and Broadcast Communications.

Any marketing or broadcast email communications we send you will include instructions permitting you to unsubscribe from future communications. You may also contact us directly to opt out. We may still send you transactional or service-related communications regarding your account or the Services you have requested, even after you opt out of marketing.

18.4 Newsletter Subscription.

You may unsubscribe from our newsletter at any time by following the unsubscribe link in any newsletter email or by contacting us directly.

18.5 Notification Preferences.

You may manage your in-platform notification preferences through your account settings.

18.6 Cookies and Similar Technologies.

You can manage your cookie preferences through your browser settings or through the cookie management options available in the platform footer. Please refer to our Cookie Policy for further information.

19.1. Users in the European Economic Area and United Kingdom

If you are accessing the Services from the European Economic Area (EEA) or the United Kingdom (UK), we seek to comply with the General Data Protection Regulation (GDPR) and the UK GDPR respectively. In such cases, Digital Communities Ltd acts as the data controller. Our legal grounds for processing your information may include consent, performance of a contract, compliance with a legal obligation, or our legitimate interests where such interests are not overridden by your rights and freedoms. Residents of the EEA and UK have the right to lodge a complaint with their local data protection authority. In the UK, this is the Information Commissioner's Office (ICO) at www.ico.org.uk. In the EEA, please visit https://www.edpb.europa.eu/about-edpb/about-edpb/members_en for details of your national supervisory authority. We encourage you to contact us first before making a complaint.

19.2 Users in California (CCPA/CPRA)

If you are a resident of California, the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA) provides you with additional rights in relation to your personal information. These rights include the right to know what personal information we collect about you and how we use it, the right to delete personal information we have collected from you (subject to certain exceptions), the right to correct inaccurate personal information, the right to opt out of the sale or sharing of personal information, and the right not to be discriminated against for exercising your CCPA/CPRA rights. TOPMe does not sell or share personal information for cross-context behavioural advertising. California residents may submit privacy requests by emailing contact@topme.org or using the in-app privacy request interface. We will respond to verifiable California consumer requests within 45 days, with a possible extension of a further 45 days where necessary.

19.3 Users in Other Jurisdictions

If you are accessing the Services from a jurisdiction not specifically addressed above and your local data protection laws provide you with additional rights or protections, we will seek to comply with those requirements to the extent applicable. Please contact us at the address in the "Contacting TOPMe" section below for further information.