Data deletion

Last updated: 31 May 2026

You can permanently delete your Topolog account and every piece of personal data we hold about you at any time. This page describes the two routes (the in-product self-serve flow and the email fallback) and what happens after you confirm.

Self-serve (recommended)

1. Sign in to www.topolog.co.uk.
2. Open Settings → Data.
3. Click Delete my account, type the confirmation phrase, and confirm.

That’s it. The deletion runs immediately from our live database — there is no grace period or recovery window and the “Delete” button has no undo. Make sure you’ve downloaded anything you want to keep first; the same Data tab offers a one-click JSON export of every workspace, goal, task, edge, observation, and schedule we hold for you.

One caveat: our database hosting provider (Supabase) takes encrypted daily backups for disaster recovery. A snapshot taken before your deletion can therefore still contain your data for up to 7 days, after which it rotates out and is unrecoverable. We do not access or restore individual records from those backups in the ordinary course of business — they exist only to recover from a catastrophic platform incident — and we cannot selectively wipe a single user from an encrypted snapshot. See “What survives, and why” below.

If you can’t sign in

If you’ve lost access to the email address you signed up with (or if the in-product flow doesn’t work for any reason), email us:

privacy@topolog.co.uk

Include the email address the account was registered under and any context that helps us verify you (e.g. a billing receipt reference). We’ll acknowledge within 5 working days and complete the deletion within 30 days, in line with UK GDPR Article 12(3).

What gets deleted

• Your profile (email, name, avatar, preferences)
• Every workspace, goal, task, edge, and milestone you own
• Your weekly availability template and any computed schedules
• Task observations (start time, end time) used by the scheduler
• Any team you founded; remaining members are notified and the team is dissolved (their personal accounts are not deleted)
• Your Intercom contact record (email, name, and our linkage ID are scrubbed and the contact archived. The underlying conversation transcripts persist impersonally under Intercom’s own retention policy and can no longer be traced back to you)

What survives, and why

A small set of records persist after account deletion. Apart from the disaster-recovery backups noted below (which DO contain the data they captured before deletion until they rotate out), none of the items here can be linked back to a deleted user:

• Encrypted database backups (up to 7 days). Supabase, our database host, takes daily encrypted backups for disaster-recovery purposes and retains them on a 7-day rolling window. A backup taken before your deletion will therefore contain your data until it rotates out, after which it is unrecoverable. The backups are encrypted at rest, are not accessed in the ordinary course of business, and cannot be selectively edited — we can’t wipe a single user from a snapshot, and we don’t restore individual records from them. They exist only to recover from a catastrophic platform incident.
• Trial-abuse-prevention hash. A one-way SHA-256 hash of your canonical email is kept for up to two years so the same address can’t be used to spin up a fresh free trial immediately after deletion. The hash cannot be reversed to the original email.
• Stripe-side payment records. Stripe keeps its standard customer and transaction history per their own retention policy and UK HMRC’s 7-year requirement for tax records. We don’t hold a separate copy on our side; any tax audit runs through Stripe directly.
• Infrastructure logs. Standard function and edge logs (IP, user agent, timestamp) are retained by our hosting platform (Vercel) under whatever schedule the platform applies to this project, typically days to a few weeks. We don’t maintain a parallel copy.
• Aggregate page-view counts. Vercel Analytics records site-level page-view counts cookielessly. These were never linked to your account in the first place, so there’s nothing user-specific to delete.

Third parties

When you delete your account we propagate the deletion to:

• Supabase: your auth record and all rows you own (cascade)
• Stripe: your customer object is detached; payment records survive for tax law as noted above
• Intercom: your contact is anonymised (email / name / external linkage replaced with sentinel values) and then archived via the Intercom API. The transcript bodies stay under Intercom’s DPA but cannot be linked back to you. If you need the conversations themselves removed, email privacy@topolog.co.uk and we’ll action it manually

Mistral AI (which we call on your behalf when you trigger an AI action) never receives a persistent user identifier (only the immediate prompt), so nothing to delete on their side. Vercel Speed Insights (the optional Core Web Vitals collector gated on the “analytics” cookie category) receives only anonymous per-page-load timing data with no user identifier. Meta Pixel (the optional ad-conversion tracker gated on the “advertising” cookie category) sees only the events you triggered while consent was active, hashed client-side; we don’t hold a server-side mapping from your account to its Meta-side record, so account deletion is automatically scoped, so there’s no per-user delete we could propagate. Clear the _fbp / _fbc cookies in your browser if you want to sever any residual Meta-side linkage.

Related

Full Privacy Policy · Terms of Service · Cookie Policy