Get now7 day Premium trial.
Logo
Get started

Toolsey Privacy Policy

Effective date: October 22, 2025

Applies to: the Toolsey marketing website (the "Website"), Toolsey App, and OC Lead Management App (together, the "Apps"), and related services provided by Toolsey, Inc. ("Toolsey," "we," "us," or "our").

Quick summary: We collect business-contact info you give us, technical data from your browser/device, and (in the Apps) optional location, photos/video, and usage data to power features like geofencing, measurements, messaging, analytics, and support. We don't sell your Personal Data, and we only share it for the purposes described here. Your rights vary by region—you'll find state and international rights sections below.

1) Who we are & scope

This Policy governs the Website at toolsey.com and our Apps available via the Apple App Store and Google Play, including private-label versions such as OC Lead Management. It also covers other services that link to this Policy.

  • Controller vs. Processor.
    - For data about your Toolsey account, billing, marketing, and product usage, Toolsey is the controller.
    - For Customer Data you upload or capture in the Apps (e.g., leads, photos, addresses, measurements, messages) as part of your business account, Toolsey generally acts as a processor (service provider) to your company and processes that data under your company's instructions and our Data Processing Addendum (DPA). If you need a signed DPA, contact privacy@toolsey.com.

2) Information we collect

A. Information you provide

  • Account and profile details (name, email, phone, company, role)
  • Business info (company name, address, website, locations)
  • Lead and sales records (contacts, notes, estimates, appointments)
  • Communications (support tickets, chat/email, SMS/voice features)
  • Payment info (handled by our payment processor; we store limited tokens/metadata, not full card numbers)
  • User-generated content (photos, video, forms, signatures)

B. Information we collect automatically

  • Device and network data (IP address, device/OS/browser, app/version)
  • Usage data (pages/screens viewed, actions/events, feature usage, diagnostics, crash logs)
  • Cookies, SDKs, and similar tech (see Cookies & Tracking below)

C. Location data (Apps)

With your permission, the Apps may collect precise location (including in the background) to power features like geofencing, site photo organization, and field operations. You can disable location in your device settings; some features may stop working.

D. Photos, video, and metadata (Apps)

If you capture or upload photos/video, we process the media and related metadata (e.g., timestamps, device info; and, if you permit, location) to organize assets, attach them to job sites/leads, and enable search, analytics, and sharing with your authorized teammates.

E. Information from integrations

If you connect third-party tools (e.g., measurement providers, CRMs, messaging, e-signature), we receive data from those providers per your settings and their policies.

3) How we use information

We use Personal Data to:

  • Provide, maintain, and improve the Website and Apps
  • Deliver core features (e.g., lead intake, scheduling, photo management, measurements, messaging)
  • Personalize and optimize your experience
  • Provide customer support and training
  • Process payments and prevent fraud
  • Analyze usage, quality, and security of our services
  • Send service notices and product/marketing communications (you can unsubscribe)
  • Comply with law and enforce terms

Legal bases (EEA/UK): performance of a contract, legitimate interests (e.g., product security, analytics, B2B marketing), consent (e.g., precise location, certain cookies/SDKs), and legal obligations.

4) How we share information

We do not sell your Personal Data. We share it only as follows:

  • Service providers / processors. Hosting, analytics, support, communications, payment processing, and related vendors under contract.
  • Integrations you enable. If you connect third-party services, we share relevant data as needed to make the integration work.
  • Business transfers. In a merger, acquisition, or sale, data may transfer as part of the transaction.
  • Legal and safety. To comply with law, respond to lawful requests, enforce terms, and protect rights, safety, and security.

Where required by U.S. state law:
• We do not sell Personal Data and we do not process Sensitive Personal Information for inferring characteristics.
• We may "share" (as defined by the CPRA) limited identifiers with analytics/ads partners for cross-context behavioral advertising on the Website. You can opt out—see Privacy Choices.

5) Cookies & tracking (Website and Apps)

We use cookies/SDKs for:

  • Essential (security, authentication, load balancing)
  • Analytics (e.g., product usage, performance)
  • Marketing/ads on the Website (retargeting, campaign attribution)

Your options:

  • Adjust browser/app and OS privacy settings, including Limit Ad Tracking on mobile.
  • Use our Privacy Choices link to manage Website analytics/ads preferences and opt out of "sell/share" and targeted advertising where required.
  • We recognize Global Privacy Control (GPC) signals for Website visitors where legally required.

6) Data retention

We keep Personal Data only as long as necessary for the purposes above, including security, legal, tax, and accounting needs. Typical ranges:

  • Account & billing records: 7 years (legal/tax)
  • Product usage logs/analytics: 12–36 months (then aggregated/de-identified)
  • Customer Data (processor role): per your account settings and contract/DPA, or until deletion at termination

You can request deletion (see Your rights). Certain data must be retained if required by law or to defend legal claims.

7) Security

We use administrative, technical, and physical safeguards appropriate to the nature of the data, including encryption in transit, access controls, environment hardening, and monitoring. No system is 100% secure; we maintain and test our controls and follow applicable breach-notification laws.

8) Your privacy rights

Your rights depend on where you live. We will verify your request and respond within the time required by law. You may use an authorized agent where permitted.

U.S. state rights (e.g., CA, CO, CT, VA, UT):

  • Know/access the data we hold about you
  • Correct inaccuracies
  • Delete your Personal Data
  • Receive a portable copy
  • Opt out of:
    • Sale of Personal Data (we do not sell)
    • Sharing for cross-context behavioral advertising (Website; see Privacy Choices)
    • Targeted advertising (Website; see Privacy Choices)
    • Profiling in furtherance of decisions that produce legal/similar significant effects (not applicable to consumer lending/employment decisions here)
  • Non-discrimination for exercising rights
  • Appeal: If we deny your request, you may appeal by replying to our decision. If we still deny, California residents may contact the AG; Colorado/Connecticut/Virginia residents may contact their state AG.

EEA/UK (GDPR) rights:

access, rectify, erase, restrict, object (including to direct marketing), data portability, and the right to withdraw consent at any time. You may lodge a complaint with your local supervisory authority.

How to exercise: email privacy@toolsey.com or use the Privacy Choices link for Website "sell/share/targeted ads" preferences.

9) Children's privacy

Our services are not directed to children under 16, and we do not knowingly collect Personal Data from children. If you believe a child under 13 has provided data, contact hello@toolsey.com or privacy@toolsey.com and we will delete it as required by COPPA.

10) International transfers

We are based in the United States. If you access from outside the U.S., your data may be transferred to and processed in the U.S. and other countries. Where required (e.g., EEA/UK), we use Standard Contractual Clauses and implement appropriate safeguards.

11) Changes to this Policy

We may update this Policy from time to time. We will post updates on this page and, if changes are material, we'll notify you via the service or email. Please review periodically. Continued use means you accept the updated Policy.

12) Contact us

Email: privacy@toolsey.com

Website: toolsey.com

13) Additional California disclosures (CPRA)

Categories collected (in last 12 months): identifiers (e.g., name, email, IP); commercial info (transactions); internet/electronic activity (usage); geolocation (Apps, with consent); audio/visual content (photos/video you upload); professional information (company, role); inferences (product preferences). We do not collect sensitive identifiers like SSN. We do not sell Personal Data. We may share limited identifiers with analytics/ads partners for cross-context behavioral advertising on the Website (opt out via Privacy Choices or GPC).

Sources: you; your devices/browsers; your company; third-party integrations and service providers.

Business/commercial purposes: as described in How we use information.

Retention: see Data retention above.

Shine the Light: We do not disclose personal information to third parties for their own direct marketing.

14) Controller details & reps (GDPR/UK GDPR)

Controller: Toolsey, Inc.
If we appoint an EEA/UK representative or DPO, we will update this section with their contact details.

15) Role of customers (B2B)

Your company (our customer) is responsible for:

  • Defining the lawful basis and providing notices to its users/leads when required
  • Configuring retention/deletion within the product
  • Managing requests from its data subjects; we assist as a processor per the DPA