The Top Finds

Legal

Privacy Policy

Last updated: May 28, 2026

The Top Finds ("we," "our," or "us") operates the website at the-top-finds.com (the "Site"). This Privacy Policy explains what information we collect, why we collect it, who we share it with, how long we keep it, and the choices you have. By using the Site you agree to this policy. If you do not agree, please do not use the Site.

This policy is written to comply with US federal law, the California Consumer Privacy Act as amended by the CPRA ("CCPA"), the EU and UK General Data Protection Regulation ("GDPR"), the Children's Online Privacy Protection Act ("COPPA"), and the CAN-SPAM Act. Where those laws conflict, the law applicable to you controls.

1. Who we are

The Top Finds is an editorial discovery site that publishes reviews and curated lists of consumer products and earns affiliate commissions when readers buy through outbound links. We do not sell, ship, or process payment for any product ourselves. Purchases happen on third-party retailer sites under their own terms and privacy policies.

For privacy questions, write to privacy@the-top-finds.com. EU and UK readers may also contact our representative at that address; we will route your request appropriately.

2. What information we collect

2.1 Information you give us

  • Email address, if you subscribe to our newsletter.
  • Message content (name, email, body), if you contact us by email.

2.2 Information collected automatically

  • Server logs: IP address, user-agent, referring URL, requested URL, response status, and timestamp.
  • Analytics events: pages viewed, approximate (city-level) location derived from IP, device and browser type, referrer source, and aggregated session metrics. We do not use cross-site advertising trackers.
  • Outbound-click events: when you click an affiliate link, we record the product, source network, and timestamp, together with a hashed form of your IP (one-way SHA-256, not the raw address) so we can attribute conversions without retaining a direct identifier.
  • Cookies and similar technologies: small, first-party cookies that keep the Site functional and let us measure traffic. See our Cookie Policy for the full list.

2.3 Information we do not collect

  • We do not run third-party advertising networks on the Site.
  • We do not buy data about you from data brokers.
  • We do not knowingly collect information from children under 13 (or under 16 in the EU/UK). See section 9.

3. Why we use it (legal bases under GDPR)

  • To operate the Site — serving pages, preventing abuse, and keeping it secure. Legal basis: legitimate interests.
  • To send the newsletter you asked for — we only email you if you subscribed, and you can unsubscribe from every issue. Legal basis: consent.
  • To attribute affiliate commissions — so that the retailer correctly credits the click. Legal basis: legitimate interests (our funding model is reader-supported affiliate revenue).
  • To improve the Site — aggregate analytics tell us which pages help readers and which need work. Legal basis: legitimate interests.
  • To respond to you — when you email us. Legal basis: legitimate interests.
  • To comply with the law — including responding to lawful requests, defending claims, and meeting tax obligations. Legal basis: legal obligation.

4. Who we share it with

We share information only with the third parties we need to run the Site. Each is bound by a written contract that restricts their use of your data to the services they provide for us.

  • Hosting and content delivery: Vercel Inc. (US).
  • Database: Supabase Inc. (US), hosting our product catalog and analytics tables.
  • Analytics: Vercel Analytics (privacy-preserving, IP not stored).
  • Email delivery (for the newsletter): the email service provider we use at the time you subscribe — disclosed in the footer of every issue and in our Cookie Policy.
  • Affiliate networks and retailers: when you click an outbound link we redirect you to a retailer or affiliate network (Mavely, Amazon Associates, CJ Affiliate, Impact, Rakuten Advertising, ShareASale, and direct retailer programs). They may set their own cookies and collect data once you land on their site under their privacy policy, not ours.

We do notsell your personal information for money. We do not engage in "sharing" or cross-context behavioral advertising as those terms are defined under the CCPA.

We may also disclose information when required by law, to enforce our Terms of Use, to protect the rights, property, or safety of The Top Finds or others, or in connection with a merger, acquisition, or sale of assets (in which case the acquirer will be bound by this policy).

5. International transfers

We operate the Site in the United States. If you access it from outside the US, your information will be transferred to and processed in the US. For transfers of personal data from the EU, the UK, or Switzerland, we rely on the European Commission's Standard Contractual Clauses (or the UK International Data Transfer Addendum) with our processors, and we take additional safeguards where required by Schrems II.

6. How long we keep it

  • Server logs: up to 90 days.
  • Aggregated analytics: indefinitely, in aggregated form that does not identify you.
  • Outbound-click records (hashed IP only): up to 24 months for attribution and fraud prevention.
  • Newsletter subscriptions: until you unsubscribe (every issue includes a one-click unsubscribe link), then deleted within 30 days.
  • Email correspondence: for as long as needed to respond and for a reasonable period afterwards (typically 24 months) to handle related follow-ups.

7. Your rights

7.1 Everyone

You can email privacy@the-top-finds.com to ask what we hold about you, correct it, or delete it. We respond within 30 days.

7.2 California residents (CCPA / CPRA)

You have the right to:

  • Know what categories of personal information we collect, the sources, the purposes, and the categories of third parties we disclose to.
  • Request a copy of the specific pieces of personal information we have collected about you in the last 12 months.
  • Delete personal information we collected from you (subject to legal exceptions).
  • Correct inaccurate personal information.
  • Limit the use of sensitive personal information. (We do not knowingly collect any.)
  • Opt out of the "sale" or "sharing" of personal information. We do not sell or share personal information as defined under the CCPA, but if that ever changes we will publish a "Do Not Sell or Share My Personal Information" link in the footer.
  • Not be discriminated against for exercising any of these rights.

To exercise these rights, email privacy@the-top-finds.com with the subject line "California privacy request". We may ask for information to verify that you are the person the request is about. You may use an authorized agent; we will ask for written permission and verify your identity directly.

7.3 EU/UK/Swiss residents (GDPR / UK GDPR)

You have the right to:

  • Access your personal data and receive a copy.
  • Correct inaccurate or incomplete data.
  • Have your data deleted ("right to be forgotten").
  • Restrict or object to processing.
  • Receive your data in a portable, machine-readable format.
  • Withdraw consent at any time (which does not affect prior processing).
  • Lodge a complaint with your national data protection authority.

8. Do Not Track and Global Privacy Control

We honor the Global Privacy Control (GPC) browser signal as an opt-out of any "sale" or "sharing" of personal information. Because we do not engage in either, GPC primarily limits the use of first-party analytics cookies on your visit. We do not currently respond to general Do-Not-Track headers because there is no industry consensus on what they mean.

9. Children

The Site is intended for adults. We do not knowingly collect personal information from children under 13 (or under 16 in the EU/UK). If you believe a child has provided us with personal information, email privacy@the-top-finds.com and we will delete it.

10. Security

We use industry-standard measures — TLS in transit, access controls, short retention windows, and IP hashing for attribution — to protect information. No system is perfectly secure; we cannot guarantee absolute security, but we will notify affected readers and the relevant authorities of a personal data breach as required by law.

11. Third-party links

The Site contains many outbound affiliate links to retailers and affiliate networks. Once you click out, the destination site's privacy policy applies, not ours. We are not responsible for the practices of third-party sites.

12. Changes to this policy

We may update this policy from time to time. When we make material changes we will update the "Last updated" date and, where required by law, notify subscribers by email. Continued use of the Site after a change means you accept the updated policy.

13. Contact

Email privacy@the-top-finds.com for any privacy question, request, or complaint.

This policy is provided for transparency and is not legal advice. If you are a business considering similar practices, consult your own counsel.