Toolsy logo

Privacy Policy

Last updated: March 21, 2026

1. Introduction

Toolsy ("we", "our", or "us") operates the Toolsy platform at https://toolsy.my. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit or use our service. Please read it carefully. If you disagree with its terms, please discontinue use of the site.

2. Information We Collect

Account information

When you sign in with Google OAuth, we receive your name, email address, and profile picture from Google. We store these to identify your account and personalise your experience.

Usage data

We log which tools you use and when, to power your usage history dashboard and to improve the platform. Logs are retained for 90 days.

Payment information

Credit purchases can be paid by card (via Stripe) or cryptocurrency (via NOWPayments). We never store raw card numbers — card data is handled entirely by Stripe's PCI-compliant infrastructure. Crypto payments are processed on-chain through NOWPayments; we only receive a settlement confirmation after a successful transaction.

Tool inputs

Text, files, or other content you submit to a tool are processed server-side and are not permanently stored unless explicitly stated for a specific tool feature.

Cookies & local storage

We use browser cookies to maintain your session (via NextAuth) and local storage to remember your preferences such as theme and cookie consent. We do not use third-party advertising cookies.

3. How We Use Your Information

  • To provide, operate, and maintain the Toolsy service
  • To process credit purchases and manage your credit balance
  • To send transactional emails (e.g. purchase receipts) — no marketing without consent
  • To monitor usage patterns and improve tool quality
  • To detect and prevent abuse, fraud, or violations of our Terms
  • To comply with applicable laws and legal obligations

4. Third-Party Services

Google OAuth

Authentication — your Google profile data is used to create/manage your account.

Stripe

Card payment processing — credit/debit card data is handled entirely by Stripe's PCI-compliant infrastructure.

NOWPayments

Cryptocurrency payment processing — used when you choose to pay with crypto. No personal financial data is stored by us.

OpenRouter

AI inference — prompts you submit to AI tools are forwarded to OpenRouter's API.

Vercel

Hosting, edge network, and serverless compute.

Upstash Redis

Rate limiting and ephemeral caching — no personal data is persisted in Redis.

5. Data Retention

We retain your account data for as long as your account is active. You may request deletion at any time (see Section 7). Tool usage logs are retained for 90 days. Anonymised, aggregated analytics may be kept indefinitely.

6. Security

We implement industry-standard security measures including HTTPS/TLS, database encryption at rest, and Stripe's PCI-compliant payment infrastructure. No system is 100% secure, and we cannot guarantee absolute security.

7. Your Rights

Depending on your jurisdiction you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Object to or restrict certain processing activities
  • Data portability (receive your data in a machine-readable format)

To exercise any of these rights, contact us at the email address below. We will respond within 30 days.

8. Children's Privacy

Toolsy is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us personal data, please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this page. Continued use of the service after changes constitutes acceptance of the new policy.

10. Contact

If you have questions or concerns about this Privacy Policy, please contact us at privacy@toolsy.my.