Privacy Policy
Table of Contents
- 1. Introduction
- 2. Information We Collect
- 3. How We Use Information
- 4. Data Sharing & Disclosure
- 5. Data Security
- 6. Data Retention
- 7. Your Rights & Choices
- 8. International Transfers
- 9. Children's Privacy
- 10. Cookies & Tracking
- 11. Third-Party Services
- 12. Policy Changes
- 13. Data Controller/Processor
- 14. Contact Us
1. Introduction
ToolHub ("we," "us," "our") is committed to protecting the privacy and security of the information we collect and process. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our multi-tenant ERP platform.
Our Commitment: Your data privacy is fundamental to our business. We implement strict multi-tenant isolation ensuring your business data is never accessible to other companies.
2. Information We Collect
2.1 Information You Provide Directly
Account and Company Data
- Company name, address, contact information
- User names, email addresses, login credentials
- User roles, permissions, organizational hierarchy
Financial and Accounting Data
- Chart of accounts and journal entries
- Bank account information and transactions
- Financial reports and reconciliation data
Invoice and Billing Data
- Customer invoices with line items and tax calculations
- Vendor bills and expense tracking
- Payment status and aging information
Inventory and Product Data
- Product catalogs with EAN codes
- Stock levels, warehouse locations, movements
- Sales history and purchasing data
Supplier and Customer Data
- Contact information and brand associations
- Pricelists and pricing information
- Meeting logs and interaction history
HR Data
- Employee profiles and hire dates
- Vacation quotas and leave requests
- Manager assignments and approvals
2.2 Automatically Collected Information
- Login timestamps and session duration
- IP addresses and geographic location (country/region)
- Browser type, operating system, device type
- Email tracking (opens, clicks) for bulk emailer
3. How We Use Your Information
- Service Operation: Processing your business data, generating reports, managing operations
- Authentication: Managing user accounts and enforcing permissions
- Improvement: Analyzing usage patterns, fixing issues, developing features
- Communication: Service notifications, support responses
- Security: Detecting fraud, maintaining audit trails, compliance
4. Data Sharing and Disclosure
Critical Security Guarantee: Company Data belonging to one Tenant Company is NEVER shared with or accessible by other Tenant Companies.
4.1 Service Providers
- Cloud Infrastructure: AWS S3, Google Cloud Storage
- Database: PostgreSQL hosting
- Task Queue: Redis/Celery
- Email Validation: Mailboxlayer
4.2 Other Disclosures
- Legal requirements (court orders, regulatory inquiries)
- Business transfers (merger, acquisition)
- With your explicit consent
5. Data Security
- Encryption in transit (TLS/SSL)
- Secure password hashing
- Role-based access controls
- Multi-tenant isolation via middleware
- Regular security monitoring
No method of transmission is 100% secure. We encourage strong passwords and credential protection.
6. Data Retention
- Active Accounts: Data retained while subscription is active
- After Termination: 30-day grace period for data export, then scheduled deletion
- Legal Requirements: Financial records may be retained longer for compliance
7. Your Rights and Choices
7.1 All Users
- Access: Export your data via the Service
- Correction: Update information through the interface
- Deletion: Request account and data deletion
7.2 GDPR Rights (EU/EEA Users)
- Right to access, rectification, erasure
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right to lodge complaint with supervisory authority
7.3 CCPA Rights (California Residents)
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt-out of sale (Note: We do not sell personal information)
- Right to non-discrimination
8. International Data Transfers
Your information may be transferred internationally. We use appropriate safeguards including standard contractual clauses and adequacy decisions.
9. Children's Privacy
The Service is for business use and not intended for children under 16. We do not knowingly collect information from children.
10. Cookies and Tracking
- Session Cookies: Essential for authentication and tenant context
- Analytics: Usage pattern analysis
- Email Tracking: Open and click tracking in bulk emailer
11. Third-Party Services
The Service may link to third-party websites. We are not responsible for their privacy practices.
12. Changes to This Policy
We may update this Policy with notice via website, email, or updated "Last Updated" date. Continued use constitutes acceptance.
13. Data Controller and Processor
- Data Processor: For Company Data you upload (you are the Controller)
- Data Controller: For account registration and usage analytics
14. Contact Us
ToolHub Privacy Team
Support: [email protected]
Address: Budapest, Hungary
Data Protection Officer: [email protected]
Support: [email protected]
Address: Budapest, Hungary
Data Protection Officer: [email protected]
By using ToolHub, you acknowledge that you have read and understood this Privacy Policy.