Privacy Policy
Last Updated: November 30, 2025
Your privacy is important to us. This Privacy Policy explains how TOOLKIT collects, uses, stores, and protects your information when you use our service.
1. Information We Collect
1.1 Information You Provide Directly
When you create an account and use TOOLKIT, you provide us with:
- Account Information: Email address, password (encrypted), display name, company name, company ID
- Business Information: Shop name, address, phone number, tax rate, labor rate, pricing settings
- Work Order Data: Customer names, addresses, phone numbers, vehicle information (VIN, make, model, year), service descriptions, parts, labor, pricing
- Payment Information: Payment method types (cash, check, card), amounts, dates (Note: Credit card details are handled by third-party processors and never stored by us)
- Appointment Data: Scheduled appointments, customer contact information, service requests
- Digital Signatures: Customer and technician signatures (stored as SVG data), IP addresses, timestamps
1.2 Information We Collect Automatically
- Usage Data: Pages accessed, features used, time spent in app, click patterns
- Device Information: Browser type, operating system, device type (desktop/mobile), screen resolution
- Technical Data: IP address, session duration, login/logout times
- Performance Data: Error logs, crash reports, load times
1.3 Cookies and Similar Technologies
We use cookies and similar technologies for:
- Authentication: Keeping you logged in (Firebase session cookies)
- Preferences: Remembering your settings (device name, view preferences)
- Analytics: Understanding how you use TOOLKIT (if Google Analytics is enabled)
You can disable cookies in your browser, but this may affect functionality.
2. How We Use Your Information
2.1 To Provide and Improve Our Service
- Create and manage your account
- Store and retrieve your work orders, invoices, estimates, and appointments
- Calculate totals, taxes, and pricing
- Generate reports and analytics
- Enable multi-user access with role-based permissions
- Provide customer support and respond to inquiries
- Improve features and fix bugs
2.2 To Communicate With You
- Send account-related notifications (password resets, account changes)
- Provide customer support responses
- Send service updates and new feature announcements
- Send billing and payment confirmations
2.3 For Security and Fraud Prevention
- Detect and prevent unauthorized access
- Monitor for suspicious activity
- Verify user identity
- Protect against malicious use
2.4 For Legal Compliance
- Comply with legal obligations
- Respond to legal requests (subpoenas, court orders)
- Enforce our Terms of Service
- Protect our rights and property
3. How We Share Your Information
3.1 We DO NOT Sell Your Data
We never sell, rent, or lease your personal information to third parties.
3.2 Service Providers We Share Data With
We share data only with trusted third-party services necessary to operate TOOLKIT:
| Service Provider |
Purpose |
Data Shared |
| Google Firebase |
Database, authentication, hosting |
All app data, email addresses, encrypted passwords |
| Payment Processors (Stripe, etc.) |
Process subscription payments |
Email, payment method, billing amount |
| Email Services |
Send transactional emails |
Email address, name, notification content |
| Analytics Services (if enabled) |
Understand usage patterns |
Anonymized usage data, device info |
3.3 Public Sharing (Estimates)
When you generate a shareable estimate link:
- The estimate becomes accessible via unique token (no login required)
- Anyone with the link can view the estimate and sign it
- Estimate data remains private unless you share the link
- Links are not indexed by search engines
3.4 Legal Requirements
We may disclose your information if required by law or in response to:
- Subpoenas or court orders
- Law enforcement requests
- Government investigations
- Legal processes
4. Data Security
4.1 Security Measures
We implement industry-standard security practices:
- Encryption in Transit: All data transmitted via HTTPS/TLS
- Encryption at Rest: Firebase database encryption
- Password Security: Passwords hashed and salted (never stored in plain text)
- Authentication: Firebase Authentication with secure session management
- Access Controls: Role-based permissions (owner, manager, tech, pending)
- Regular Updates: Security patches and software updates
4.2 Security Limitations
No system is 100% secure. While we take reasonable precautions:
- We cannot guarantee absolute security
- You are responsible for maintaining password confidentiality
- You should maintain your own data backups
- Internet transmission carries inherent risks
4.3 Data Breach Notification
In the event of a data breach affecting your personal information, we will:
- Notify you via email within 72 hours of discovery
- Describe the nature of the breach
- Explain what data was affected
- Provide steps to protect yourself
- Report to authorities as required by law
5. Your Privacy Rights
5.1 Access and Portability
You have the right to:
- Access your personal data stored in TOOLKIT
- Export your data in a readable format
- Request a copy of all data we hold about you
How to exercise: Contact us at privacy@toolkitlogic.com
5.2 Correction and Update
You have the right to:
- Update your account information at any time
- Correct inaccurate data
- Modify business settings and preferences
How to exercise: Update directly in the app via Settings, or contact us
5.3 Deletion (Right to be Forgotten)
You have the right to:
- Delete your account and associated data
- Request permanent deletion of all personal information
How to exercise: Contact us at privacy@toolkitlogic.com. We will delete your data within 30 days, except where retention is required by law.
Note: Deletion is permanent and cannot be undone. Export your data before requesting deletion.
5.4 Opt-Out of Communications
You have the right to:
- Unsubscribe from marketing emails (click unsubscribe link)
- Opt out of non-essential notifications
Note: You cannot opt out of essential service communications (password resets, billing notices, Terms updates).
6. Data Retention
6.1 Active Accounts
We retain your data for as long as your account is active and for legitimate business purposes.
6.2 Inactive Accounts
- Accounts inactive for 2+ years may be archived
- We will notify you before archiving
- You can reactivate archived accounts upon request
6.3 Deleted Accounts
- Upon account deletion, we delete personal data within 30 days
- Some data may be retained for legal/accounting requirements (invoices, payment records)
- Anonymized usage data may be retained for analytics
- Backup copies may persist for up to 90 days
7. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
7.1 Right to Know
You can request disclosure of:
- Categories of personal information collected
- Sources of personal information
- Business purposes for collection
- Third parties we share data with
- Specific pieces of personal information we hold
7.2 Right to Delete
You can request deletion of your personal information (subject to legal exceptions).
7.3 Right to Opt-Out of Sale
We do not sell personal information. No opt-out required.
7.4 Right to Non-Discrimination
We will not discriminate against you for exercising your CCPA rights.
7.5 How to Exercise CCPA Rights
Email us at: privacy@toolkitlogic.com with "CCPA Request" in the subject line. We will respond within 45 days.
8. European Privacy Rights (GDPR)
If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):
8.1 Legal Basis for Processing
We process your data based on:
- Contract: To provide TOOLKIT services you subscribed to
- Consent: When you agree to our Terms and Privacy Policy
- Legitimate Interest: To improve our services and prevent fraud
- Legal Obligation: To comply with applicable laws
8.2 GDPR Rights
- Right to Access: Request a copy of your data
- Right to Rectification: Correct inaccurate data
- Right to Erasure: Request deletion ("right to be forgotten")
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Receive data in machine-readable format
- Right to Object: Object to processing for certain purposes
- Right to Withdraw Consent: Withdraw consent at any time
8.3 Data Transfers
Your data may be transferred to and processed in the United States. We rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Firebase's compliance with EU-U.S. Privacy Shield framework
8.4 How to Exercise GDPR Rights
Email us at: privacy@toolkitlogic.com with "GDPR Request" in the subject line. We will respond within 30 days.
8.5 Supervisory Authority
You have the right to lodge a complaint with your local data protection authority if you believe we have violated GDPR.
9. Children's Privacy (COPPA Compliance)
TOOLKIT is not intended for use by anyone under 18 years of age.
- We do not knowingly collect information from children under 18
- If we discover we have collected data from a child, we will delete it immediately
- Parents/guardians: Contact us if you believe a child has provided data
10. International Data Transfers
TOOLKIT is hosted in the United States. If you access TOOLKIT from outside the U.S.:
- Your data will be transferred to and stored in the United States
- U.S. privacy laws may differ from your country's laws
- By using TOOLKIT, you consent to this transfer
11. Third-Party Links
TOOLKIT may contain links to third-party websites or services. We are not responsible for their privacy practices. We encourage you to read their privacy policies.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes:
- We will update the "Last Updated" date
- We will notify you via email
- We will display a notice in the app
- Continued use after changes constitutes acceptance
We recommend reviewing this policy periodically.
13. Contact Us
For privacy-related questions, requests, or concerns, contact us:
- Privacy Inquiries: privacy@toolkitlogic.com
- Data Requests: privacy@toolkitlogic.com (Subject: Data Request)
- CCPA Requests: privacy@toolkitlogic.com (Subject: CCPA Request)
- GDPR Requests: privacy@toolkitlogic.com (Subject: GDPR Request)
- Website: https://toolkitlogic.com
We will respond to all requests within 30-45 days.
14. Your Consent
By creating an account and using TOOLKIT, you consent to this Privacy Policy and our collection, use, and sharing of your information as described herein.
← Back to Home