Privacy

Privacy Policy

How we collect, use, and protect your information

We do not sell, rent, or trade your personal information or business data to third parties for any purposes.

Introduction

At Topp Five Wholesale ("we", "our", or "us"), we respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our wholesale management platform.

Information We Collect

We collect the following types of information to provide and improve our wholesale management services:

Account Information

  • Contact name, email address, phone number, and business address
  • Company or business name
  • Authentication credentials managed through Firebase Authentication

Business Data

  • Product inventory details (brand, description, UPC, pricing, case pack, quantities)
  • Product images you upload for your inventory
  • Customer information you enter (names, emails, companies, phone numbers, addresses)
  • Sales orders and invoices you create
  • Warehouse locations and inventory allocations
  • Financial data for invoicing (bank account details, routing numbers) that you voluntarily provide

Email Integration

  • OAuth tokens from Gmail or Outlook if you connect your email account
  • Email drafts and metadata when the AI assistant helps you compose emails (emails are only sent after your approval)
  • Email content when you use the AI assistant to query, search, or analyze your emails
  • Email metadata (sender, subject, importance score) when we automatically scan incoming emails to identify important messages for you

Usage Information

  • Analytics data about how you use the platform
  • Log data including IP addresses, browser type, and access times
  • Sub-account information if you invite team members or sales representatives

AI Assistant Data

  • Conversation messages (your questions and the assistant's responses)
  • Conversation metadata (titles, timestamps, message counts)
  • File attachments and visualizations generated during conversations
  • AI reasoning traces and processing steps shown in the thinking panel
  • Model selection and complexity settings for each query
  • Token usage metrics for billing and usage limit enforcement
  • Data from connected integrations (QuickBooks invoices, customers, items, bills, purchase orders, vendors) cached for AI analysis when you enable integrations
  • Email data (sent emails metadata and email content when you query the AI assistant about your emails) when email integration is enabled
  • Smart suggestion interactions and follow-up query selections
  • Shared conversation links and access logs for public snapshots

How We Use Your Information

We use the information we collect to provide and improve our wholesale management platform:

  • To operate your wholesale dashboard and provide core functionality
  • To store and manage your product inventory, customer lists, and sales records
  • To draft and send emails via the AI assistant using your connected Gmail account, only after you review and approve each email
  • To allow the AI assistant to read and analyze your emails when you ask questions about email communications
  • To automatically scan your incoming emails to identify and highlight important messages that may require your attention
  • To generate PDF documents (sales orders, invoices) with your business information
  • To calculate analytics such as revenue, profit margins, customer engagement, and accounts receivable aging
  • To process your AI assistant queries and provide intelligent responses
  • To retrieve and analyze data from your connected integrations (QuickBooks, email, internal data) to answer your questions and generate insights
  • To store conversation history so you can resume conversations and reference past discussions
  • To generate smart suggestions and follow-up questions based on your conversation context and connected integrations
  • To create visualizations, reports, and file attachments in response to your queries
  • To track token usage for billing and enforcing subscription limits
  • To generate public share links when you choose to share a conversation
  • To display AI reasoning traces and processing steps in the thinking panel for transparency
  • To cache integration data (QuickBooks records, etc.) for faster AI responses
  • To manage sub-accounts and control access permissions for your team members
  • To process and store product images you upload
  • To provide customer support and respond to your inquiries
  • To send administrative notifications about your account and service updates
  • To improve platform functionality and user experience
  • To maintain security and prevent unauthorized access
  • To create anonymized and aggregated data sets from platform usage for market research, product development, and lead generation activities

Use of Aggregated and Anonymized Data

We may use aggregated and anonymized data derived from your usage of the platform, including AI agent interactions and integration data, for the following purposes:

  • Generating industry insights and benchmarking reports
  • Identifying market trends and business opportunities in the wholesale industry
  • Creating lead lists and prospecting data for marketing our AI assistant and platform features to other businesses

This aggregated and anonymized data cannot be used to identify you or your business specifically. We do not share your raw, identifiable business data with third parties for marketing purposes.

How We Protect Your Information

We implement security measures to protect your data:

  • All data is stored using Firebase and Google Cloud Platform infrastructure with encryption at rest and in transit
  • Authentication is managed through Firebase Authentication with secure token-based sessions
  • Email OAuth tokens are securely stored and used only to send documents on your behalf
  • API endpoints require authentication and validate user permissions before processing requests
  • Image uploads are validated, sanitized, and protected against malicious files
  • Access logs are maintained for security monitoring and debugging
  • Sub-account access is controlled through role-based permissions

While we implement industry-standard security practices, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security of your information.

Google User Data and Gmail Integration

When you connect your Gmail account to our platform, we access and use Google user data in accordance with Google API Services User Data Policy, including the Limited Use requirements. The AI assistant can help you draft emails, read your emails to answer questions, and automatically scan incoming emails to identify important messages. All AI-drafted emails require your explicit approval before sending.

What Google Data We Access

When you authorize our platform to connect with your Gmail account, we request the following permissions:

  • Gmail Send Permission: Allows us to send emails drafted by the AI assistant on your behalf, but only after you review and approve each email
  • Gmail Read Permission (readonly): Allows the AI assistant to:
    • Read your emails when you ask questions about email communications, search for specific emails, or analyze email content
    • Automatically scan your incoming emails to identify and highlight important messages for you
  • Profile Information: Your name and email address for account identification
  • OAuth Tokens: Access tokens and refresh tokens to maintain the connection

Limited Use of Gmail Data

We adhere to Google's Limited Use requirements. Specifically:

  • We only use Gmail send permission to send emails that the AI assistant drafts based on your request, and only after you explicitly review and approve each email before sending
  • We use Gmail read permission to:
    • Respond to your specific AI assistant queries about emails (searching, analyzing, retrieving email content)
    • Automatically scan your incoming emails to identify and highlight important messages that may require your attention
  • We do not read, scan, or analyze your emails for any purpose other than responding to your AI queries and identifying important messages to help you prioritize
  • We do not automatically send emails without your explicit approval - all AI-drafted emails are shown to you for review before sending
  • We do not share Gmail data with third parties except as necessary to provide the email sending service (using Gmail's SMTP servers)
  • We do not use Gmail data for serving advertisements
  • We do not transfer Gmail data to others unless necessary to provide or improve user-facing features, comply with applicable law, or as part of a merger or acquisition with user consent

Data Retention for Google User Data

We retain Google user data as follows:

  • OAuth Tokens: Stored securely in Firebase for as long as your Gmail connection is active. These tokens are automatically refreshed as needed to maintain the connection.
  • Profile Information: Stored for as long as your account remains active to identify your email sending account.
  • AI-Drafted Emails: Email drafts created by the AI assistant are shown to you for approval and are only sent after you approve them. We maintain basic logs of sent emails (timestamp, recipient, subject line) for 90 days for troubleshooting purposes. Email content is not permanently stored after sending.
  • Email Content Accessed by AI: When the AI assistant reads your emails to answer queries or scans incoming emails to identify important messages, the email content is temporarily processed but not permanently stored. Email data may be cached briefly in your AI conversation history for context during that conversation session, but is not retained long-term.
  • Email Prioritization Data: When we scan your emails to identify important messages, we may temporarily store metadata (sender, subject, importance score) to surface these emails to you. This metadata is retained for up to 30 days to maintain prioritization accuracy.

Revoking Access and Deleting Google User Data

You have full control over your Gmail connection and can revoke access at any time:

  • Disconnect from our platform: Go to Settings → Email Integration → Disconnect Gmail. This will immediately delete your OAuth tokens and stop all access to your Gmail account.
  • Revoke from Google: Visit Google Account Permissions and remove "Topp Five Wholesale" from your connected apps.
  • Request complete data deletion: Contact us at contact@toppfive.net to request deletion of all Google user data associated with your account. We will process your request within 30 days.

Upon disconnection or deletion request, all Google OAuth tokens and associated profile information are permanently deleted from our systems within 7 days.

Data Sharing and Third Parties

We do not sell, rent, or share your identifiable business data with third parties for their marketing purposes. However:

  • Infrastructure Providers: We use Firebase and Google Cloud Platform for data storage, authentication, and hosting. All data is encrypted at rest and in transit.
  • Aggregated Data: We may share anonymized and aggregated data that cannot identify your specific business for industry research, market analysis, and our own marketing purposes.
  • Third-Party Integrations: When you connect QuickBooks Online, Gmail, or other integrations, data is accessed according to your authorization and the third party's privacy policy. We only access data necessary for the features you use.
  • Google User Data: Gmail data obtained through OAuth is handled in accordance with Google API Services User Data Policy, including the Limited Use requirements.
  • Shared Conversations: When you create a share link, that specific conversation snapshot becomes publicly accessible to anyone with the link. No other data from your account is accessible via share links.

Legal Disclosures

We may disclose your information if required by law, court order, or to protect our rights, property, or safety, or that of our users or the public.

Cookies and Tracking Technologies

We use cookies and similar technologies for:

  • Maintaining your authenticated session when you log in
  • Remembering your preferences and settings
  • Analytics to understand how users interact with our platform

You can configure your browser to refuse cookies, but this may limit your ability to use certain features of the platform.

Data Retention and Deletion

We retain your data for as long as necessary to provide our services and comply with legal obligations:

  • Account Data: Retained while your account is active
  • Business Records: Invoices, sales orders, and customer data are retained for 7 years for accounting and tax purposes
  • Google OAuth Tokens: Retained while Gmail integration is active; deleted within 7 days of disconnection
  • QuickBooks Integration Data: Cached in Firestore and refreshed during each sync; OAuth tokens are deleted within 7 days of disconnection
  • AI Conversation History: Private conversations retained for 2 years or until manually deleted/account deletion, whichever comes first
  • Shared Conversation Snapshots: Public share links remain accessible indefinitely unless you delete the original conversation, at which point the share link expires
  • AI Token Usage Metrics: Retained for the duration of your subscription plus 7 years for billing records
  • Integration Cache Data: QuickBooks invoices, customers, and other records cached for AI analysis are refreshed on each sync and deleted within 7 days of integration disconnection
  • Email Send Logs: Basic metadata (timestamp, recipient, subject) retained for 90 days; email content is not stored
  • Analytics and System Logs: Retained for 90 days

When you delete your account, we permanently delete all your data within 30 days, except for business records we are legally required to retain (invoices, tax records) which are retained for 7 years as required by law.

Your Rights

Depending on your location, you may have certain rights regarding your personal information, including:

  • Access: The right to access the personal information we hold about you
  • Correction: The right to request correction of inaccurate personal information
  • Deletion: The right to request deletion of your personal information (subject to legal retention requirements)
  • Revoke Consent: The right to withdraw consent for processing your data, including disconnecting Gmail or QuickBooks integrations
  • Data Portability: The right to receive your data in a structured, machine-readable format
  • Object to Processing: The right to object to processing of your personal information

To exercise any of these rights, please contact us at contact@toppfive.net. We will respond to your request within 30 days.

Deleting AI Conversations

You have full control over your AI conversation data:

  • Delete Individual Conversations: Click the delete icon next to any conversation in the AI assistant sidebar to permanently delete it and all associated messages
  • Revoke Shared Links: Deleting a conversation also removes access to any public share links created from that conversation
  • Disconnect Integrations: Go to Settings → Integrations to disconnect QuickBooks, Gmail, or other data sources. This stops AI access to that data and deletes cached integration records within 7 days.

Account and Data Deletion

You can request deletion of your account and all associated data through the following methods:

  • In-app: Go to Settings → Account → Delete Account
  • Email: Send a deletion request to contact@toppfive.net with your account email
  • Phone: Call us at (631) 507-9288

Upon receiving your deletion request, we will:

  • Immediately revoke all OAuth connections (Gmail, QuickBooks, etc.)
  • Delete all OAuth tokens within 7 days
  • Delete your account profile, business data, AI conversation history, and integration cache data within 30 days
  • Invalidate all shared conversation links
  • Retain only legally required business records (invoices, tax documents) for 7 years, after which they are permanently deleted

Changes to Our Privacy Policy

We may update our privacy policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this privacy policy periodically for any changes.

Contact Us

If you have any questions or concerns about our privacy policy, please contact us at:

Email: contact@toppfive.net
Phone: (631) 507-9288

Last updated: December 30, 2025

Return to Home