Privacy Policy

How Topline collects, uses, and protects your data

Effective Date: March 1, 2026

Table of Contents

  1. Overview & Scope
  2. Data We Collect
  3. How We Use Your Data
  4. Data Isolation & Separation
  5. Data Sharing & Third Parties
  6. Data Retention & Deletion
  7. Security
  8. Your Rights (GDPR & Privacy Laws)
  9. Children's Privacy
  10. Changes to This Policy
  11. Contact Us

1 Overview & Scope

Topline ("we," "our," or "us") is a franchise intelligence platform operated by Legacy F&B, LLC. This Privacy Policy explains how we collect, use, disclose, and protect information when you use the Topline platform, including our web application, reports, and related services (collectively, the "Service").

This policy applies to franchise operators and their authorized users who access Topline under a subscription agreement. By using the Service, you agree to the practices described here.

Topline is a B2B service designed for Wendy's franchise operators. We take data privacy seriously because the financial and operational data you share with us is sensitive business information — and we treat it accordingly.

2 Data We Collect

We collect the following categories of data in connection with your use of the Service:

2.1 SBONet Financial & Operational Data

With your authorization, we access SBONet data on your behalf, including:

2.2 Account & User Data

2.3 Usage Data

2.4 Communications

3 How We Use Your Data

We use the data we collect strictly to provide and improve the Service:

We do not use your operational or financial data to train machine learning models shared across clients, build industry benchmarks that could be attributed to you, or for any purpose other than providing you with the Service.

4 Data Isolation & Separation

Each client's data is stored in a logically isolated environment. This means:

Think of it like a bank vault: your data is in your vault. We hold the keys as your processor, but we cannot and do not open your vault for anyone else — including other operators.

5 Data Sharing & Third Parties

We do not sell your data. Period. We do not sell, rent, license, or trade your personal information or operational data to any third party for their own marketing or commercial purposes.

We may share data only in the following limited circumstances:

Aggregate, anonymized, industry-level statistics (e.g., "Wendy's operators on our platform average X% labor") may be published. These statistics cannot be traced back to any individual client or store.

6 Data Retention & Deletion

Active accounts: We retain your SBONet data, reports, and account data for the duration of your active subscription plus 90 days after termination (to allow data export).

After termination: Following the 90-day export window, we will delete or anonymize your operational and financial data from our production systems within 30 days. Backups containing your data are purged on a rolling 90-day cycle thereafter.

Billing records: We retain billing records for 7 years to comply with applicable accounting and tax laws. These records contain billing amounts and dates but not your operational data.

Email communications: Support and onboarding communications are retained for 2 years.

Requesting Deletion

You may request deletion of your data at any time by contacting us at privacy@topline.app. We will confirm receipt within 5 business days and complete deletion within 30 days (subject to legal retention requirements).

7 Security

We implement industry-standard security measures to protect your data:

In the event of a data breach affecting your information, we will notify you and applicable regulators within the timeframes required by applicable law (no later than 72 hours where GDPR applies).

8 Your Rights (GDPR & Privacy Laws)

Depending on where you are located, you may have the following rights regarding your personal data:

To exercise any of these rights, contact us at privacy@topline.app. We will respond within 30 days. We may need to verify your identity before processing your request.

If you believe we have not adequately addressed your concern, you have the right to lodge a complaint with your local data protection authority.

9 Children's Privacy

Topline is a B2B service intended for business operators and their authorized employees. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that a minor has provided personal information, we will delete it promptly.

10 Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

Your continued use of the Service after the effective date constitutes acceptance of the updated policy. If you do not agree to the changes, you may cancel your subscription before the effective date.

11 Contact Us

For privacy-related questions, data requests, or concerns, please contact our privacy team:

Privacy Team — Topline by Legacy F&B

privacy@topline.app

We respond to all privacy inquiries within 5 business days.