topeek.app — effective February 17, 2026
Controller – Piotr Litwa, operating under the business name Piotr Litwa Web Analyst sp. z o.o., registered at ul. Plebiscytowa 1/121, 44-100 Gliwice, Poland, entered into the Central Register and Information on Economic Activity, NIP: 631 27 09 007, REGON: 523 692 332.
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC.
Service – the website operated by the Controller at topeek.app and the Chrome browser extension "ToPeek" distributed via the Chrome Web Store.
User – any natural person who visits the Service or uses the ToPeek extension or any of the services or functionalities described in this Policy.
In connection with the User's use of the Service and the ToPeek extension, the Controller collects data to the extent necessary to provide individual services. The detailed rules and purposes of processing personal data collected during the User's use of the Service are described below.
ToPeek uses a "privacy-first" architecture — access tokens for analytics platforms (Google Analytics 4, Google Ads) are stored exclusively in the User's browser and are not transmitted to the Controller's servers.
Personal data of all Users of the Service (including IP addresses or other identifiers and information collected via cookies) are processed by the Controller:
User activity in the Service, including personal data, is recorded in system logs. The information collected in logs is processed primarily for the purposes of service provision. The Controller also processes it for technical and administrative purposes, to ensure the security of the IT system, and for analytical and statistical purposes — the legal basis is the legitimate interest of the Controller (Art. 6(1)(f) GDPR).
The Controller's Service uses cookies. Failure to change browser settings is equivalent to consenting to their use. Cookies are short text files stored on the User's computer, phone, tablet, or other device. They can be read by the Controller and by systems belonging to other entities whose services are used (such as Google, Stripe). Cookies typically contain the name of the website they originated from, their storage time on the device, and a unique identifier. More information about cookies can be found at www.allaboutcookies.org.
Cookies used in the Service do not store personal data or other information collected from the User. The Service uses cookies to identify browser sessions, enabling the use of Service features.
Cookies are used for the following purposes: maintaining the security of services and preventing fraud, facilitating website performance, recording visits for statistical purposes, and supporting the login and authentication process.
By default, web browsers typically allow the use of cookies. The Controller advises that browser settings can be changed to completely block automatic cookie handling or to request notification each time a cookie is placed on the device.
The Controller advises that disabling or restricting cookies may cause difficulties in using the website and limit its functionality.
To log in to the User's account, the Controller offers login via Google. The User is redirected to the login window, where they use their credentials for the selected platform. Upon entering valid data, the User is redirected to their account on the Controller's website. This feature allows the Controller to obtain User data from another digital service provider where the User already has a verified account, without the need for separate registration. Data processing and security procedures are carried out in accordance with the rules established by the administrators of the platforms through which the User logs in.
The Controller also offers login via Magic Link — a one-time authentication link sent to the e-mail address provided by the User.
Within the Service, User data is processed by entities cooperating with the Controller that are obligated to comply with the same high privacy standards as set forth in this Policy, in accordance with Regulation (EU) 2016/679.
As some entities cooperating with the Controller are headquartered outside the European Union and are therefore treated as so-called third countries under the GDPR, the Controller ensures that data is transferred to entities in the United States that apply standard contractual clauses.
These companies guarantee compliance with standards analogous to those set forth in the GDPR with regard to the protection of personal data.
The period of data processing by the Controller depends on the type of service provided and the purpose of processing. As a rule, data is processed for the duration of the service or order fulfillment, until consent is withdrawn, or until a successful objection to processing is raised in cases where the legal basis for processing is the legitimate interest of the Controller.
The data processing period may be extended when processing is necessary to establish, pursue, or defend claims, and thereafter only to the extent required by applicable law. After the processing period expires, data is irreversibly deleted or anonymized.
The User has the right to:
To the extent that the User's data is processed on the basis of consent, consent may be withdrawn at any time by contacting the Controller.
The User has the right to object to data processing for marketing purposes if the processing is carried out in connection with the legitimate interest of the Controller, as well as — for reasons related to the User's particular situation — in other cases where the legal basis for processing is the legitimate interest of the Controller.
In connection with the provision of services, personal data may be disclosed to external entities, in particular providers responsible for operating IT systems and entities associated with the Controller.
The Controller reserves the right to disclose selected information about the User to competent authorities or third parties who submit a request for such information based on an appropriate legal basis and in accordance with applicable law.
The Controller can be contacted via e-mail at: hi@topeek.app or by mail to the registered office of the Controller.
This Policy is regularly reviewed and updated as necessary. The current version of the Policy was adopted and has been effective since February 17, 2026.