Privacy Policy
Your privacy is important to us. It is ToolsAday' policy to respect your privacy and comply with any applicable law and regulation regarding any personal information we may collect about you, including across our website, https://toolsaday.com, and other sites we own and operate.
This policy is effective as of 11 March 2021 and was last updated on 11 March 2021.
Information We Collect
Information we collect includes both information you knowingly and actively provide us when using or participating in any of our services and promotions, and any information automatically sent by your devices in the course of accessing our products and services.
Gmail Data Access and Usage
Note: This section applies only when you connect your Gmail account to our Inbox AI feature. Simply signing in to ToolsAday with your Google account does not grant us access to your Gmail data.
When you connect your Gmail account to our service for the Inbox AI feature, we request access to your Gmail data through Google's secure OAuth 2.0 protocol. We do not store your email messages on our servers.
Authentication vs. Gmail Connection
- Signing in with Google: If you use "Sign in with Google" to create or access your ToolsAday account, we only receive basic profile information (name, email address, profile photo). We do NOT have access to your Gmail messages.
- Connecting Gmail for Inbox AI: This is a separate, optional step where you explicitly grant us permission to access your Gmail to provide email management features. This requires additional consent through Google's OAuth screen.
What We Store (Inbox AI Only)
The following data is stored only when you connect your Gmail account for Inbox AI:
- OAuth Credentials: Encrypted access tokens that allow us to access your Gmail on your behalf
- Connected Account Information: Your Gmail email address, display name, and profile photo for the connected account
- User Preferences: Your custom labeling rules and tone preferences
What We Access (But Don't Store) - Inbox AI Only
When you use the Inbox AI feature, we access your Gmail data in real-time through Google's API:
- Email Messages: Subject lines, sender/recipient information, message content, and attachments
- Email Metadata: Labels, read/unread status, starred status, timestamps
- Gmail Organization: Your label structure, folders, and filters
- Draft Emails: Drafts you create through our interface
Important: This data is fetched directly from Gmail when you request it and is temporarily cached in your browser for performance. We do not store this data on our servers.
How We Use Your Gmail Data (Inbox AI Only)
We only access your Gmail data to provide the Inbox AI features you've requested:
- Email Display: Retrieve and show your emails in our unified inbox interface
- Email Actions: Send emails, create replies, mark as read/unread, apply labels, archive, or delete on your behalf
- Draft Management: Save drafts directly to your Gmail account
- Search: Search your emails using Gmail's search capabilities
Browser-Based Caching (Inbox AI Only)
To improve performance when using Inbox AI, your browser temporarily caches:
- Email Lists: Recently viewed email lists (cached for 5-15 minutes)
- Email Details: Content of opened emails (cached for 15 minutes)
- Profile Information: Your connected account name and photo
Note: This cache is stored locally in your browser only, not on our servers, and is automatically cleared when you close your browser or log out.
What We Do NOT Do With Your Gmail Data
- We DO NOT access your Gmail if you only sign in with Google - you must explicitly connect it for Inbox AI
- We DO NOT permanently store your email messages on our servers
- We DO NOT sell your email data to advertisers or third parties
- We DO NOT use your emails for targeted advertising
- We DO NOT read your emails for any purpose other than providing the Inbox AI features you've explicitly requested
- We DO NOT access emails from accounts you haven't explicitly connected through Inbox AI
Data Security (Inbox AI Connections)
- OAuth Tokens: Stored encrypted in Google Firebase Firestore with industry-standard encryption
- No Email Storage: Since we don't store emails, there's no email data at rest to secure
- Data Transmission: All communication uses HTTPS/TLS encryption
- Access Control: OAuth tokens are tied to your specific user account and cannot be accessed by other users
- Automatic Token Refresh: Access tokens automatically refresh to maintain connection security
- Google's Infrastructure: All email data remains in Google's secure infrastructure
Data Retention (Inbox AI Connections)
- OAuth Credentials: Retained only while your Gmail account remains connected to Inbox AI
- Email Data: Not stored - accessed only when you use Inbox AI features
- Browser Cache: Cleared automatically after 5-15 minutes or when you close your browser
- Auto-Labeling Rules: Stored until you delete them or disconnect your Gmail account from Inbox AI
- Uploaded Attachments: Temporarily stored during draft composition, deleted after email is sent
- Disconnection Logs: Account disconnection records kept for 30 days for security compliance, then permanently deleted
Your Rights and Controls (Inbox AI)
You have complete control over your Gmail connection to Inbox AI:
- Disconnect Anytime: Revoke Gmail access instantly from Settings → Connections → Disconnect
- Revoke Through Google: Manage app permissions at myaccount.google.com/permissions
- Disable AI Features: Turn off automatic labeling while keeping basic email access
- View Permissions: See exactly what permissions we have in your Google Account settings
- Delete Credentials: Disconnecting your Gmail account from Inbox AI immediately deletes stored OAuth tokens and revokes our access
- Data Lives in Gmail: Since we don't store emails, all your email data remains in your Gmail account under your control
- Continue Using Toolsaday: Disconnecting Gmail from Inbox AI does not affect your Toolsaday account or other features
Compliance with Google API Services User Data Policy
Our use of information received from Google APIs through the Inbox AI feature adheres to the Google API Services User Data Policy, including the Limited Use requirements. We access Gmail data only for the purposes explicitly disclosed in this privacy policy and that you have consented to through the OAuth authorization flow. We do not store, share, or use Gmail data for any purposes outside of providing our Inbox AI email management features to you.
Log Data
When you visit our website, our servers may automatically log the standard data provided by your web browser. It may include your device’s Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, other details about your visit, and technical details that occur in conjunction with any errors you may encounter.
Please be aware that while this information may not be personally identifying by itself, it may be possible to combine it with other data to personally identify individual persons.
Collection and Use of Information
We may collect personal information from you when you do any of the following on our website:
- Use a mobile device or web browser to access our content
- Contact us via email, social media, or on any similar technologies
- When you mention us on social media
We may collect, hold, use, and disclose information for the following purposes, and personal information will not be further processed in a manner that is incompatible with these purposes:
Please be aware that we may combine information we collect about you with general information or research data we receive from other trusted sources.
Security of Your Personal Information
When we collect and process personal information, and while we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use, or modification.
Although we will do our best to protect the personal information you provide to us, we advise that no method of electronic transmission or storage is 100% secure, and no one can guarantee absolute data security. We will comply with laws applicable to us in respect of any data breach.
You are responsible for selecting any password and its overall security strength, ensuring the security of your own information within the bounds of our services.
How Long We Keep Your Personal Information
We keep your personal information only for as long as we need to. This time period may depend on what we are using your information for, in accordance with this privacy policy. If your personal information is no longer required, we will delete it or make it anonymous by removing all details that identify you.
However, if necessary, we may retain your personal information for our compliance with a legal, accounting, or reporting obligation or for archiving purposes in the public interest, scientific, or historical research purposes or statistical purposes.
Third Party Privacy Policies
Toolsaday’s Privacy Policy does not apply to other advertisers or websites. Thus, we are advising you to consult the respective Privacy Policies of these third-party ad servers for more detailed information. It may include their practices and instructions about how to opt-out of certain options. You can choose to disable cookies through your individual browser options. To know more detailed information about cookie management with specific web browsers, it can be found at the browsers’ respective websites.
CCPA Privacy Rights (Do Not Sell My Personal Information)
Under the CCPA, among other rights, California consumers have the right to:
GDPR Data Protection Rights
We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
Advertising
We may use Service Providers to show advertisements to You to help support and maintain Our Service.
Google AdSense & DoubleClick Cookie
Google, as a third party vendor, uses cookies to serve ads on our Service. Google's use of the DoubleClick cookie enables it and its partners to serve ads to our users based on their visit to our Service or other websites on the Internet. You may opt out of the use of the DoubleClick Cookie for interest-based advertising by visiting the Google Ads Settings web page: http://www.google.com/ads/preferences/
Their Privacy Policy can be viewed at https://www.facebook.com/policy.php
Email Marketing
We may use Your Personal Data to contact You with newsletters, marketing or promotional materials and other information that may be of interest to You. You may opt-out of receiving any, or all, of these communications from Us by following the unsubscribe link or instructions provided in any email We send or by contacting Us. We may use Email Marketing Service Providers to manage and send emails to You.
Payments
We may provide paid products and/or services within the Service. In that case, we may use third-party services for payment processing (e.g. payment processors).
We will not store or collect Your payment card details. That information is provided directly to Our third-party payment processors whose use of Your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.
Stripe
Their Privacy Policy can be viewed at: https://stripe.com/us/privacy
Children’s Privacy
We do not aim any of our products or services directly at children under the age of 13, and we do not knowingly collect personal information about children under 13.
International Transfers of Personal Information
The personal information we collect is stored and/or processed where we or our partners, affiliates, and third-party providers maintain facilities. Please be aware that the locations to which we store, process, or transfer your personal information may not have the same data protection laws as the country in which you initially provided the information. If we transfer your personal information to third parties in other countries: (i) we will perform those transfers in accordance with the requirements of applicable law; and (ii) we will protect the transferred personal information in accordance with this privacy policy.
Your Rights and Controlling Your Personal Information
You always retain the right to withhold personal information from us, with the understanding that your experience of our website may be affected. We will not discriminate against you for exercising any of your rights over your personal information. If you do provide us with personal information you understand that we will collect, hold, use and disclose it in accordance with this privacy policy. You retain the right to request details of any personal information we hold about you.
If we receive personal information about you from a third party, we will protect it as set out in this privacy policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.
If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time. We will provide you with the ability to unsubscribe from our email-database or opt out of communications. Please be aware we may need to request specific information from you to help us confirm your identity.
If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, please contact us using the details provided in this privacy policy. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading, or out of date.
If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.
Limits of Our Policy
Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.
Changes to This Policy
At our discretion, we may change our privacy policy to reflect updates to our business processes, current acceptable practices, or legislative or regulatory changes. If we decide to change this privacy policy, we will post the changes here at the same link by which you are accessing this privacy policy.
If required by law, we will get your permission or give you the opportunity to opt in to or opt out of, as applicable, any new uses of your personal information.
Contact Us
For any questions or concerns regarding your privacy, you may contact us using the following details:
info
info@toolsaday.com