Toolset.cloud logotoolset.cloud
Back to home

Privacy Policy

Last updated: January 13, 2026

Privacy-First Design

At toolset.cloud, we believe in privacy by design. Most of our tools process your data entirely in your browser-meaning your files and information never leave your device. We only collect the minimum data necessary to provide you with a great experience.

1. Introduction

This Privacy Policy explains how toolset.cloud ("we," "us," or "our") collects, uses, discloses, and safeguards your information when you use our website and services. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the site.

2. Information We Collect

2.1 Information You Provide

When you create an account through third-party authentication (Google, GitHub), we collect:

  • Profile Information: Name, email address, profile picture from your authentication provider
  • Account Preferences: Theme settings, saved tool configurations
  • Saved Content: Data you choose to save (e.g., resume content, tool history)

2.2 Automatically Collected Information

When you visit our site, we automatically collect certain information:

  • Usage Data: Pages visited, features used, time spent on site
  • Device Information: Browser type, operating system, device type
  • Log Data: IP address, access times, referring URLs
  • Analytics: We use privacy-respecting analytics (Vercel Analytics) to understand how our service is used

2.3 Information We Do NOT Collect

Important: For most tools on toolset.cloud, your data is processed entirely in your browser:

  • Files you upload for conversion, compression, or editing are NOT sent to our servers
  • Text you process in text utilities stays on your device
  • Images edited or compressed are processed locally
  • QR codes are generated and scanned in your browser

This means we have no access to this content, and it cannot be recovered or viewed by anyone but you.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide, maintain, and improve our tools and features
  • Authentication: To verify your identity and manage your account
  • Personalization: To save your preferences and provide a customized experience
  • Analytics: To understand usage patterns and improve our service
  • Communication: To send important updates about the service (rarely, and only when necessary)
  • Security: To detect, prevent, and address technical issues and security threats
  • Legal Compliance: To comply with applicable laws and regulations

4. Data Storage and Security

4.1 Where We Store Your Data

When you save data to your account, it is stored securely using:

  • Database: Supabase (PostgreSQL) with encryption at rest and in transit
  • Authentication: NextAuth.js with OAuth 2.0 providers
  • Location: Data is stored in secure, industry-standard data centers

4.2 Security Measures

We implement industry-standard security measures including:

  • HTTPS encryption for all data transmission
  • Secure authentication through trusted OAuth providers
  • Regular security updates and monitoring
  • Access controls and authentication requirements
  • Security headers (HSTS, CSP, X-Frame-Options, etc.)

However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

5. Data Sharing and Disclosure

We do NOT sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

  • Service Providers: With trusted third-party services that help us operate (e.g., Supabase for database, Vercel for hosting)
  • Authentication Providers: Google and GitHub for account authentication (subject to their privacy policies)
  • Legal Requirements: When required by law, court order, or government request
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (you will be notified)
  • Protection: To protect our rights, privacy, safety, or property, and that of our users

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service:

6.1 Essential Cookies

  • Authentication: To keep you logged in and secure your session
  • Preferences: To remember your theme and settings

6.2 Analytics

  • Umami Analytics: Privacy-focused, open-source analytics that respects your privacy
  • No Cookies: Umami does not use cookies or collect personal data
  • No Tracking Across Sites: We only track visits to toolset.cloud
  • Anonymized Data: All analytics data is anonymized and aggregated
  • GDPR & CCPA Compliant: No consent banners needed
  • We only see: page views, referrers, device types, and tool usage statistics
  • We do NOT collect: IP addresses, personal information, or browsing history

You can control essential cookies (for authentication and preferences) through your browser settings. Note that disabling essential cookies may affect your ability to use certain features. Analytics tracking can be blocked using browser extensions or privacy tools.

7. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

Right to Access

Request a copy of the personal data we hold about you

Right to Correction

Request correction of inaccurate or incomplete data

Right to Deletion

Request deletion of your personal data

Right to Data Portability

Request a copy of your data in a machine-readable format

Right to Object

Object to processing of your personal data

Right to Withdraw Consent

Withdraw consent for data processing at any time

To exercise any of these rights, please contact us at contact@iamarsh.com. We will respond to your request within 30 days.

8. International Data Transfers

Your information may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ. By using our Service, you consent to this transfer. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

9. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will delete such information from our systems.

10. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

  • Account Data: Retained until you delete your account
  • Usage Logs: Typically retained for 90 days
  • Analytics Data: Anonymized and aggregated permanently
  • Legal Requirements: Some data may be retained longer if required by law

When you delete your account, we permanently delete your personal data within 30 days, except where we are required to retain it by law.

11. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to read the privacy policies of every website you visit.

12. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights regarding your personal information under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed and to whom
  • Right to say no to the sale of personal information
  • Right to access your personal information
  • Right to equal service and price, even if you exercise your privacy rights

Note: We do NOT sell your personal information to anyone.

13. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have data protection rights under the General Data Protection Regulation (GDPR). We process your data based on legitimate interests, consent, or contractual necessity. You have the right to access, correct, delete, or port your data, and to object to or restrict processing. Contact us to exercise these rights.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For material changes, we may provide additional notice (such as a prominent announcement on our website). You are advised to review this Privacy Policy periodically for any changes.

15. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Email: contact@iamarsh.com

Contact Page: toolset.cloud/contact

By using toolset.cloud, you acknowledge that you have read and understood this Privacy Policy and agree to the collection and use of information in accordance with this policy.

← Terms of ServiceAbout Us →