Back to Home

Privacy Policy

Last Updated:

Introduction

Welcome to Tooly Iq. We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we handle your information when you use our AI-powered image processing services.

Important: By using our services, you agree to the collection and use of information in accordance with this policy. We process images temporarily and do not store them permanently.

Information We Collect

We collect minimal data necessary to provide our AI image processing services:

Authentication Data

  • Google Authentication: When you sign in, we collect your name and email address from Google OAuth
  • User ID: A unique identifier for your account managed by Firebase Authentication

Image Processing Data

  • Temporary Image Storage: Images you upload are stored only during processing (maximum 24 hours)
  • Processing Metadata: Image size, format, processing time, and enhancement level
  • No Permanent Storage: All uploaded images are automatically deleted from our servers after processing

Payment Data

  • Stripe Payment Processing: We use Stripe for secure payment processing
  • No Credit Card Storage: We never store full credit card information on our servers
  • Payment Confirmation: We receive transaction IDs and confirmation from Stripe only

Security Measures

We implement comprehensive security measures to protect your data:

Technical Security

  • End-to-End Encryption: All data transfers use SSL/TLS encryption
  • Secure Authentication: Google OAuth 2.0 with Firebase Authentication
  • Input Validation: All user inputs are validated and sanitized to prevent XSS attacks
  • File Validation: Uploaded files are checked for validity, size, and type before processing

Infrastructure Security

  • Firebase Security: User data stored in Firebase with security rules
  • Stripe PCI Compliance: All payments processed through PCI DSS compliant Stripe infrastructure
  • Rate Limiting: API endpoints are protected with rate limiting (100 requests/minute)
  • CORS Protection: Cross-Origin Resource Sharing properly configured

Data Retention & Deletion

  • Automatic Deletion: Uploaded images deleted automatically after 24 hours
  • User Control: Users can delete their accounts and all associated data
  • Log Rotation: Application logs are rotated and don't contain sensitive data
  • Credit Data: User credit information stored securely in Firebase Realtime Database

How We Use Your Information

Purpose Data Used Legal Basis
AI Image Processing Uploaded images (temporary) Contractual necessity
User Authentication Google OAuth data Contractual necessity
Credit Management User ID, credit balance Contractual necessity
Payment Processing Stripe transaction data Contractual necessity
Security Monitoring IP address, request logs Legitimate interest
Service Improvement Anonymous usage data Legitimate interest

Data Sharing & Disclosure

We do not sell, trade, or rent your personal identification information to third parties. We only share data with essential service providers:

  • Google Authentication: For secure sign-in via OAuth 2.0
  • Stripe: For secure payment processing (PCI DSS compliant)
  • Firebase: For user authentication and data storage (Google Cloud Platform)
  • AI Processing: Images processed locally using u2net model - no external AI APIs

We may disclose your personal data in the following circumstances:

  • Legal Requirements: To comply with legal obligations or protect against liability
  • Security Emergencies: To investigate or prevent security breaches
  • Business Transfers: In connection with merger, sale, or acquisition

Cookies & Tracking

We use essential cookies and similar technologies for service operation:

  • Session Cookies: Maintain your login state via Firebase Authentication
  • Security Cookies: Protect against Cross-Site Request Forgery (CSRF)
  • Preference Cookies: Remember your settings and processing preferences
  • No Advertising Cookies: We do not use tracking cookies for advertising

Browser Settings: You can control cookies through your browser settings. However, disabling essential cookies may prevent some features from working properly.

Your Data Rights

You have the following rights regarding your personal data:

  • Right to Access: Request copies of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Delete your account and all associated data
  • Right to Restrict Processing: Request restriction of processing
  • Right to Data Portability: Request transfer of your data
  • Right to Object: Object to our processing of your data

Exercise Your Rights

To exercise any of these rights, please contact us at: privacy@toolyiq.com

You can also delete your account directly from your account settings in the application.

Response Time: We will respond to data requests within 48 hours.

Payment Security

We implement robust payment security measures:

  • Stripe Integration: All payments processed through Stripe's secure infrastructure
  • PCI DSS Compliance: Stripe is Level 1 PCI DSS compliant
  • No Card Storage: We never store credit card numbers or CVV codes
  • Tokenization: Payment information tokenized by Stripe
  • 3D Secure: Support for 3D Secure 2 authentication
  • Fraud Detection: Stripe's advanced fraud detection systems

Security Incident Response

In the event of a security breach:

  • Immediate Investigation: We investigate all security incidents within 24 hours
  • User Notification: We notify affected users within 72 hours of confirmation
  • Regulatory Compliance: We comply with applicable data breach notification laws
  • Remediation: Immediate steps to contain and remediate the breach
  • Prevention: Implementation of measures to prevent future incidents

Children's Privacy

Our service is not intended for anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13.

If you are a parent or guardian and you believe your child has provided us with personal data, please contact us immediately. We will take steps to remove that information from our systems.

Changes to This Policy

We may update our Privacy Policy periodically. We will notify you of any changes by:

  • Updating the "Last Updated" date at the top of this page
  • Posting a notice on our website for significant changes
  • Sending email notification to registered users

Notification: We will provide at least 30 days notice before significant changes take effect.

Contact Us

If you have questions about this Privacy Policy or our security practices:

Email

privacy@toolyiq.com

Security Concerns

security@toolyiq.com

Response Time

We aim to respond to privacy and security inquiries within 24 hours.