Topscan

Privacy Policy

Last updated: 12 Feb 2026

This Privacy Policy explains how Topscan.me, operated by METTY FSZO, Dubai Silicon Oasis, Techno Hub 1, Dubai, United Arab Emirates ("we", "us", or "our"), collects, uses, and protects your personal data when you use the Topscan.me platform (the "Service").

By using Topscan.me, you agree to this Privacy Policy. If you do not agree, please discontinue use of the Service.

1. Who We Are

TopScan.me is an online service for vulnerability scanning and continuous security monitoring.

For privacy questions: legal@topscan.me

2. Data We Collect

We only collect data necessary to operate the platform efficiently and securely.

2.1 Data You Provide to Us

When you create an account or interact with Topscan.me, we may collect:

  • Account & Authentication: name, corporate email, password hash, corporate name, address, and VAT number for invoices.
  • Billing & Payments: processed by Stripe. We receive payment identifiers & status.
  • Service Usage: targets you add (domains, IPs), scan schedules and settings, and scan result metadata.
  • Communications: support tickets, feedback, and survey responses.

We do not request or store sensitive personal data such as national IDs, government documents, biometric data, or highly sensitive financial information.

2.2 Information Collected Automatically

When you use the Service, we automatically collect limited technical data, including:

  • Technical Data: IP address, user agent, browser type, operating system, time zone, device data, and event logs for performance, fraud detection, and security monitoring.
  • Analytics: cookies and similar technologies such as Google Analytics.

3. How We Use Your Information

We use your data solely to operate, secure, and improve the platform. Specifically, we use it to:

  • Create and manage user accounts and customer infrastructure.
  • Run vulnerability scans, aggregate data, and generate reports and recommendations.
  • Process payments and billing.
  • Provide customer support.
  • Maintain platform security and prevent fraud or abuse.
  • Comply with legal obligations.

We do not sell personal data and do not use personal data for advertising purposes.

3.1 Scan Data

You control which targets are scanned and confirm you have the right to scan them. We process and store result metadata to provide the Service, maintain logs, and deliver support. Upon request, we may purge or minimize such data, subject to legal and contractual requirements.

3.2 Payments

Payments are processed by Stripe. We do not store full card details. See the provider’s policy: https://stripe.com/legal/privacy-center

4. Role of the Parties (Controller vs Processor)

For personal data related to account management, billing, and platform operations, TopScan acts as a data controller.

When processing scan targets, infrastructure data, and other customer-submitted content on behalf of users, TopScan acts as a data processor, and the Customer acts as the data controller.

Customers are responsible for ensuring they have the legal right to submit data to the Service and to authorize its processing.

5. Legal Basis for Processing

We process your data based on:

  • Contractual necessity: to provide the Service and fulfill our obligations.
  • Legitimate interest: to prevent fraud, ensure security, and improve platform functionality.
  • Legal obligation: when required by law or regulatory authorities.
  • Consent: when you voluntarily provide information or agree to receive communications.

6. Data Sharing

We share data only when necessary and under strict conditions:

  • Payment processors for handling payments.
  • Analytics providers for performance monitoring and fraud detection.
  • Legal authorities when required by applicable law or court order.

All third-party partners are bound by confidentiality and data protection obligations.

7. Children’s Privacy

Our services are not directed to individuals under 18. We do not knowingly collect their data.

8. Data Retention

We retain your data for as long as your account remains active and as necessary to operate the platform, meet legal obligations, or resolve disputes.

  • Account and billing data: retained while your subscription is active and for 30 days thereafter for accounting and legal requirements.
  • Scan logs and metadata: retained for seven days (configurable per plan).
  • Upon request, we may delete or anonymize data unless retention is required by law.

We may continue storing information for:

  • Record-keeping, analytics, and fraud prevention.
  • Compliance with tax and financial reporting requirements.
  • Defense against potential legal claims.

You may request deletion of your personal data or account at any time by contacting legal@topscan.me.

Upon verified request, we will delete or anonymize your data within 30 days, unless legally required to retain it.

9. Cookies and Tracking

Topscan.me uses cookies and similar technologies to:

  • Maintain user sessions and preferences.
  • Analyze traffic and improve performance.
  • Detect suspicious or automated activity.

You can manage or disable cookies in your browser settings, but some platform features may not function properly without them.

10. Data Security

We implement industry-standard administrative, technical, and organizational safeguards designed to protect personal data, including:

  • Encrypted communications.
  • Access controls and multi-factor authentication for internal systems.
  • Logging, tenant isolation, and routine security updates.
  • Regular security reviews and backups.

However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

11. Security Incident Notification

In the event of a confirmed security incident affecting personal data, TopScan will notify affected customers without undue delay as required by applicable law.

We will take commercially reasonable steps to investigate, contain, and remediate such incidents.

12. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access a copy of the personal data we hold about you.
  • Request correction or deletion of inaccurate data.
  • Object to or restrict certain processing.
  • Withdraw consent where applicable.

To exercise these rights, contact legal@topscan.me. We may require proof of identity before processing requests.

13. International Data Transfers

Your information may be transferred and stored outside your country of residence, including in the United Arab Emirates or other jurisdictions where we or our partners operate.

All transfers are performed in accordance with applicable data protection laws and appropriate contractual safeguards.

14. Third-Party Links

The Topscan.me website or dashboard may contain links to third-party sites. We are not responsible for their privacy practices and encourage you to review their policies before providing personal data.

15. Governing Law

This Privacy Policy shall be governed by the laws of the United Arab Emirates, as applied in the Emirate of Dubai.

Any disputes shall be subject to the exclusive jurisdiction of the courts of Dubai, UAE.

16. Updates to This Policy

Topscan.me may update this Privacy Policy from time to time. Updates will be published at topscan.me and become effective upon posting.

Your continued use of the Service constitutes acceptance of the revised Policy.

17. Contact Us

legal@topscan.me

METTY FSZO
Dubai Silicon Oasis, Techno Hub 1
Dubai, United Arab Emirates