Last updated: April 15, 2026
TopKnock Marketing LLC ("TopKnock," "we," "us," or "our") operates the TopKnock platform (the "Service"). This Privacy Policy explains what personal information we collect, how we use it, with whom we share it, and the rights you have. It applies to the Service, our website, and related communications. It does not cover third-party websites, platforms, or services, which have their own privacy policies.
Who this applies to. This policy covers (i) our Customers and their Authorized Users (contractors and their teams who use the Service), (ii) visitors to our website, and (iii) end users whose data flows through the Service as leads, callers, or message recipients. If you are an end user and you have questions about how your data was collected or used by a contractor, contact that contractor directly — they are the controller of that data.
When you (as a Customer) run campaigns, connect phone numbers, or enable messaging, we process data about your leads, callers, and message recipients on your behalf. This may include:
We use information to:
We do not sell your personal information for money. See Section 8 regarding "sale" and "sharing" under state privacy laws.
If you are in the European Economic Area or United Kingdom, our legal bases are:
We share personal information only in the circumstances below. We do not authorize our service providers to use shared information for their own purposes.
We engage reputable providers to operate the Service. All processors are under written contracts that restrict their use of your data to providing the Service to you, require appropriate security (encryption in transit and at rest, access controls, breach notification), and, where required for cross-border transfers, include Standard Contractual Clauses.
The named subprocessors we use, the data they process, and their role are:
| Subprocessor | Role | Data shared |
|---|---|---|
| Vercel (US) | Application and asset hosting, edge delivery, serverless compute. | All data that transits the Service (in memory only during request handling); static assets. |
| Neon (US) | Managed PostgreSQL database — primary data store. | All application records (accounts, businesses, leads, campaigns, call/SMS metadata, audit logs). |
| Clerk | Authentication and identity — sign-in, session management, MFA. | Name, email, password hash, device/session identifiers, IP address. |
| Stripe | Payment processing and subscription billing (PCI-DSS certified). | Name, billing address, payment-card tokens, tax ID, transaction history. |
| Meta Platforms, Inc. | Advertising platform — ad campaign management, Lead Forms, Custom Audiences, Conversions API events. | Ad account ID, creative assets, campaign configuration, hashed conversion events, hashed audience identifiers (at your direction). |
| OpenAI (US) | AI text generation (ad copy, blog content, lead-scoring summaries) and image generation. | Prompt inputs you provide or that are derived from your business profile; voice-profile examples. Not used to train general-purpose models. |
| Replicate (US) | AI image generation (primary model: FLUX) for ad creatives. | Image prompts and style inputs; reference images you upload. |
| Stability AI | AI image generation (Stable Diffusion 3 fallback) for ad creatives. | Image prompts and style inputs; reference images you upload. |
| Twilio | Telephony — tracking phone numbers, call routing, call recording (when enabled), SMS/MMS, and (Pro) ringless voicemail. | Caller/called numbers, call metadata, recordings and transcripts (if enabled), SMS content and delivery status, voicemail audio. |
| Google (Calendar + Business Profile) | Calendar availability for capacity scaling; Google Business Profile insights (when connected). | OAuth tokens, event metadata, business-profile attributes and reviews. |
| BatchData | Lead enrichment — property ownership and contact data from public records and licensed datasets. | Address or phone number of the lead you submit for enrichment. |
| RentCast | Property data enrichment — valuation, rent estimates, and property attributes. | Address of the lead or property you submit for enrichment. |
| Shovels | Permit history enrichment for property-related leads. | Address of the lead or property you submit for enrichment. |
| PostHog | Product analytics — usage, feature adoption, funnel analysis. | Pseudonymous user ID, page/event metadata, device and browser attributes. Not used for advertising. |
| Resend (US) | Transactional email delivery — welcome emails, weekly reports, nurture sequences. | Recipient email address, email body and metadata, delivery status. |
| Drop Cowboy (US) | Ringless voicemail delivery (Pro tier only). | Recipient phone number, voicemail audio file, delivery status and metadata. |
| Sentry (US) | Error and performance monitoring — crash reports, stack traces, performance traces. | Error messages, stack traces, request metadata, pseudonymous user ID. No lead content. |
Business data submitted to any of the AI providers above (OpenAI, Replicate, Stability AI) is not used to train general-purpose models for other customers. We review subprocessors for security and legal compliance; material additions will be announced in-app or by email. Enterprise customers may receive an updated list under a Data Processing Agreement by emailing privacy@topknock.ai.
When you authorize an integration with a customer-relationship-management platform or a workflow-automation service, we transmit lead data — including names, phone numbers, email addresses, custom fields, campaign attribution, lead score, and call / SMS activity — to that platform on your behalf. Supported integrations are listed on the Service's integrations page and in your account settings. Your use of each third-party platform is governed by its own privacy policy and terms, which we do not control.
We may disclose information to: (i) comply with law, legal process, or a lawful request from a government authority; (ii) enforce our Terms and protect our rights, property, or safety, or that of our users or the public; (iii) detect, prevent, or address fraud, security, or technical issues; (iv) respond to subpoenas, court orders, or similar legal process; or (v) in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets.
We do not sell personal information for monetary consideration. We "share" information with Meta for advertising optimization only at your direction, consistent with the Meta-specific disclosures above. Where state law provides a right to opt out of "sharing" for targeted advertising purposes, you may exercise that right — see Section 8.
The Service can record inbound calls to tracking numbers you provision. Recording is disabled by default; if you enable it, you (the Customer) are the data controller for the recordings and are responsible for legal compliance, including jurisdictions that require all-party consent. We provide pre-call recording disclosures for your use. States that currently require all-party consent include California, Connecticut, Delaware, Florida, Illinois, Maryland, Massachusetts, Michigan, Montana, Nevada, New Hampshire, Oregon, Pennsylvania, and Washington (other states may also require consent under specific circumstances). You must confirm current local law. See the Terms of Service, Section 9.2.
Messages sent through the Service are transmitted via Twilio. You are responsible for obtaining required consent under the TCPA and state analogs, honoring STOP/HELP keywords, and registering campaigns (e.g., 10DLC) where required. We maintain an opt-out suppression list keyed to phone number for messages you send through the Service; opt-outs are honored for future messages you send through us.
Ringless voicemail drops are regulated in many jurisdictions. You are responsible for compliance, including any required consent. We store your voicemail audio for delivery and record delivery metadata.
When you connect a Meta account to the Service, we access and process data in accordance with Meta's Platform Terms and Developer Policies. Specifically:
We retain personal information only as long as necessary to provide the Service and fulfill the purposes described in this policy, then delete or de-identify it, except where longer retention is required or permitted by law (e.g., tax and financial records, dispute resolution, fraud prevention).
| Category | Retention |
|---|---|
| Account & business profile | For the life of the account, then 90 days after deletion |
| Billing records | 7 years (tax/compliance) |
| Lead records (names, phone, email) | For the life of the account plus 90 days; sooner on verified deletion request, subject to legal holds |
| Call recordings & transcripts | Default 90 days; configurable |
| SMS message content & delivery status | Default 24 months |
| Ad creative & campaign metrics | Life of the account (aggregate metrics may be retained indefinitely in de-identified form) |
| Audit logs | 24 months |
| Backups | Rolling 30 days; deletions propagate on the next backup cycle |
| Idempotency / webhook replay keys | 7 days |
Depending on your location, you may have the right to:
Send a request to privacy@topknock.ai or contact us at the address below. We will verify your identity before fulfilling requests. We will respond within the time frames required by applicable law (e.g., 45 days under CCPA/CPRA with a 45-day extension where necessary). We will not discriminate against you for exercising your rights.
When a contractor (our Customer) collects your data through the Service, the contractor is the controller. To exercise rights over that data, contact the contractor directly. We will assist our Customers in responding to verified consumer requests as their service provider / processor, as required by law.
We provide the disclosures required by the California Consumer Privacy Act (as amended by the CPRA), the Virginia Consumer Data Protection Act, the Colorado Privacy Act, the Connecticut Data Privacy Act, the Utah Consumer Privacy Act, and similar laws. Categories of personal information we collect correspond to Section 1 (Identifiers, Commercial information, Internet/network activity, Geolocation derived from IP, Professional or employment information, Audio/electronic information when recording is enabled, Inferences drawn for lead scoring and personalization). The sources, purposes, and recipients correspond to Sections 1, 2, and 4. We have not sold personal information for money in the preceding 12 months. We do not knowingly sell or share personal information of consumers under 16.
California Shine the Light. California customers may request information about disclosures of personal information to third parties for their direct marketing purposes. We do not share your personal information with third parties for their own direct marketing.
Our Service does not currently respond to "Do Not Track" browser signals because no common standard has been adopted. We respect the Global Privacy Control (GPC) signal as an opt-out request for "sale" and "sharing" in jurisdictions that recognize it.
The Service is operated from the United States. If you access the Service from outside the U.S., you understand that your information will be transferred to, stored in, and processed in the U.S. and in other countries where our subprocessors operate. Where required (e.g., transfers of EEA, UK, or Swiss personal data), we implement appropriate safeguards such as Standard Contractual Clauses.
We do not sell or share personal information for cross-context behavioral advertising as defined by the CCPA/CPRA. If you're a California resident and want to submit a verifiable consumer request to know, delete, or correct your data, email privacy@topknock.ai.
If you have Global Privacy Control (GPC) enabled in your browser, we honor that signal automatically — you don't need to do anything else.
We use strictly necessary cookies for authentication, security (CSRF, rate limiting), and core functionality. We use a limited set of first-party cookies and local storage for preferences and analytics. We do not use third-party advertising cookies on the Service. You can control cookies through your browser; blocking strictly necessary cookies may prevent the Service from working.
We implement administrative, technical, and physical safeguards designed to protect personal information, including:
No system is perfectly secure. If we become aware of a breach that affects your personal information, we will notify you and regulators as required by law.
The Service is intended for business users 18 years of age or older and is not directed to children. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child, contact us at privacy@topknock.ai and we will delete it.
The Service uses automated tools to score leads, optimize ad budgets, and generate content. These processes do not make decisions that produce legal or similarly significant effects on individuals. Lead scores are suggestions for Customer prioritization, not determinations about credit, employment, housing, or insurance. You can always review and override automated outputs.
We may update this policy from time to time. We will post the updated policy and revise the "Last updated" date, and for material changes we will notify you by email or in-app notice at least 14 days before the changes take effect. Continued use after the effective date constitutes acceptance.
Lost City Creations LLC
d/b/a TopKnock Marketing
290 Indian Ridge Ct
Fountain Inn, SC 29644
USA
Privacy: privacy@topknock.ai
Support: support@topknock.ai
Security: security@topknock.ai
EU/UK representatives: we do not currently have an Article 27 representative; EU/UK visitors may contact us at privacy@topknock.ai.