Privacy Policy

Last updated: 24 March 2026

Gold Top Collective Ltd ("we", "us", "our") is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your personal information when you use our website, services, and AI-powered development tools.

1. Who We Are

Gold Top Collective Ltd is a company registered in England and Wales (Company No: 13334037, VAT No: 377538844). We provide AI-powered development, design, and technology services.

For data protection purposes, we are the data controller. You can contact us at: hello@goldtopcollective.com

2. Information We Collect

We may collect the following types of information:

• Contact information — name, email address, phone number, and business details provided when you enquire about or purchase our services
• Account information — email address and authentication data when you sign in to our tools and platforms via Google OAuth or other authentication providers
• Project data — content, files, code, and specifications you provide as part of a development or design project
• Usage data — how you interact with our websites and tools, including pages visited, features used, and session duration
• Technical data — IP address, browser type, device information, and cookies

3. How We Use Your Information

We use your information to:

• Deliver and manage the services you have requested
• Communicate with you about your projects, account, and our services
• Process payments and maintain financial records
• Improve our websites, tools, and services
• Comply with legal and regulatory obligations

4. AI Processing

Our services use artificial intelligence tools to assist with development, design, and content generation. When you provide project data:

• Your data may be processed by third-party AI providers (such as Anthropic and OpenAI) in accordance with their data processing agreements and privacy policies
• We do not use your project data to train AI models
• AI-generated outputs are reviewed by our team before delivery
• You retain ownership of all project data and deliverables as outlined in your service agreement

5. Legal Basis for Processing

We process your personal data on the following legal bases under UK GDPR:

• Contract — processing necessary to deliver services you have engaged us for
• Legitimate interests — improving our services, communicating relevant information, and maintaining security
• Legal obligation — complying with tax, accounting, and other regulatory requirements
• Consent — where you have given explicit consent, such as for marketing communications

6. Data Sharing

We do not sell your personal data. We may share your information with:

• Service providers — hosting providers (Railway, Cloudways, DigitalOcean), payment processors (Stripe, Xero), project management tools, and AI service providers, who process data on our behalf
• Professional advisors — accountants, lawyers, or auditors where necessary
• Legal authorities — where required by law or to protect our legal rights

7. Data Retention

We retain your personal data only for as long as necessary for the purposes outlined in this policy. Typically:

• Project data is retained for the duration of our working relationship plus 12 months
• Financial records are retained for 7 years as required by UK tax law
• Marketing consent records are retained until you withdraw consent
• Website usage data is retained for up to 26 months

8. Your Rights

Under UK GDPR, you have the right to:

• Access the personal data we hold about you
• Rectify inaccurate or incomplete data
• Erase your personal data (in certain circumstances)
• Restrict or object to processing
• Data portability
• Withdraw consent at any time

To exercise any of these rights, contact us at hello@goldtopcollective.com. We will respond within 30 days.

9. Cookies

Our websites use essential cookies to maintain sessions and authentication. We may also use analytics cookies to understand how our sites are used. You can control cookie preferences through your browser settings.

10. Security

We implement appropriate technical and organisational measures to protect your personal data, including encrypted connections (HTTPS/TLS), secure authentication, access controls, and regular security reviews.

11. International Transfers

Some of our service providers operate outside the UK. Where personal data is transferred internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

12. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via our website. The "last updated" date at the top of this page indicates when this policy was last revised.

13. Contact & Complaints

If you have questions about this policy or wish to make a complaint, contact us at hello@goldtopcollective.com.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.