Privacy Policy
Controller
Toolkit Vault (“we”, “us”, “our”). Contact: [email protected]
1 - What we collect
We collect the minimum necessary data to operate and improve the service:
- Usage & diagnostics: pages/screens viewed, actions, timestamps, rough location (IP-derived), device/OS, app version, performance and crash data.
- Identifiers: cookies or similar identifiers (e.g., AAID/IDFA) for analytics and (if enabled) advertising.
2 - How we use data
To run and secure the service, measure performance, debug issues, prevent fraud/abuse, and—only if enabled and lawful—serve ads and measure their effectiveness.
3 - Google services we use
We use Google services that may process your data:
- Google Analytics 4 (GA4). We disclose our use of GA4 and how it collects and processes data. Learn how Google uses information from sites/apps: https://policies.google.com/technologies/partner-sites. You can opt out with the GA opt‑out add‑on: https://tools.google.com/dlpage/gaoptout.
- Google AdSense/Ads. Third parties (including Google) may use cookies/SDKs and device identifiers to serve and measure ads, including personalized ads where allowed. Manage Google ad personalization: https://adssettings.google.com. We follow Google’s publisher policies and EU/UK/CH consent requirements. Where required for ads in the EEA/UK/CH, we use a Google‑certified CMP integrated with IAB TCF to capture and honor your choices.
4 - Cookies, consent & regional controls (EU/UK/CH)
Where required by law, we obtain consent for cookies/identifiers and for personalized ads. Your choices are presented in our consent banner and can be changed any time in Settings → Privacy. If you refuse consent, we won’t set non‑essential cookies or use data for ads personalization in the impacted regions.
5 - Legal bases (GDPR)
Depending on the activity, we rely on:
- Consent (e.g., analytics/ads where required).
- Legitimate interests (service security, fraud prevention, metrics, product improvement).
- Contract (providing requested features).
Your GDPR rights include access, rectification, erasure, restriction, objection, and data portability. Contact us to exercise these rights.
6 - Data sharing
We share data with:
- Google and advertising partners via Google (only if ads/personalization are enabled and consented where required).
- Service providers that help us operate the product (under contract and subject to confidentiality).
- Authorities when legally required.
We do not sell personal data.
7 - Data retention
- On our servers: we avoid storing personal data; most features run client‑side.
- Analytics (GA4): event‑level/user‑level data in explorations is retained 2 months by default (can be configured up to 14 months). Google‑signals data is retained up to 26 months by Google. You can request deletion at any time; we also honor consent withdrawals, and we configure GA4 to respect deletion/retention settings.
8 - Children
Our service is not directed to children under 13. We do not knowingly collect their data.
9 - International transfers
When data is transferred outside your country (including outside the EEA/Switzerland/UK), we rely on appropriate safeguards such as Standard Contractual Clauses.
10 - Your controls
- Analytics opt‑out: GA opt‑out add‑on and/or adjust consent in Settings → Privacy.
- Ads personalization: https://adssettings.google.com and platform settings (Android/Apple).
- Regional signals: We honor legally required signals (e.g., consent strings under IAB TCF; other applicable regional preferences).
11 - Changes
We may update this policy. Material changes will be notified in‑app/on‑site. The “Last updated” date will be revised.