Privacy Policy — ToolVault Pro

Last updated: 2026

This Privacy Notice explains how Daylan Nekula ("we", "us") — the operator of ToolVault Pro (the "App") — collects, uses, stores, and shares your personal data. We act as the data controller for the data described below.

1. Data we collect

We collect the following categories of personal data:

Account data: email address and a securely hashed password (or OAuth identifier if you sign in with Google), account creation timestamp, and last sign-in time.
Subscription & billing data: subscription status, plan, billing period, and identifiers linking your account to your payment provider record. Card details and billing addresses are handled by Paddle (see Sharing below) and never reach our servers.
Inventory content: the tools, batteries, chargers, photos, notes, and borrow/lend records you create. By default this is stored on your device. If you enable backup or sync (Pro), this content is stored on our servers under your account.
Technical data: IP address, device/browser type, and basic request logs, used for security and abuse prevention.
Support data: any messages you send us through support channels.

2. Why we use it (purposes & legal bases)

Provide the service (account, sync, Pro features) — performance of our contract with you.
Process payments and manage subscriptions — performance of contract; handled by our reseller Paddle.
Security, fraud prevention, abuse handling — our legitimate interests.
Customer support — performance of contract / legitimate interests.
Legal compliance — where we are required to retain or disclose data by law.

3. Locally stored data

Inventory data you create (tools, batteries, chargers, photos, notes) is stored in your device's local storage by default. Photos captured via the camera are saved alongside the tool record on your device. We cannot access this on-device data unless you choose to back it up or sync it.

4. Sharing

We share personal data only with the following categories of recipients:

Hosting & backend infrastructure: Supabase (database, authentication, storage), used to operate accounts and any synced inventory data.
Merchant of Record: Paddle, our reseller, who handles checkout, payments, billing, tax, invoicing, refunds, and subscription management. Paddle receives the data necessary to process your purchase (e.g. name, email, billing address, payment details).
Authentication providers: if you sign in with Google, basic profile information is exchanged with Google to authenticate you.
Professional advisers (legal, accounting) where reasonably necessary.
Authorities where required by law.

We do not sell your personal data and do not use it for advertising.

5. International transfers

Our service providers may process data outside your country, including in the EU and the United States. Where required, transfers rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

6. Retention

We retain account and subscription data for as long as your account is active and for a reasonable period afterwards to comply with legal, tax, and accounting obligations. Synced inventory data is retained while your account exists; if you delete your account, it is deleted or anonymised within a reasonable period, except where we are required to keep records (e.g. transaction history) by law.

7. Your rights

Subject to your local law, you have the right to access, correct, delete, restrict, or port your personal data, to object to certain processing, and to withdraw consent where processing is based on it. EU/UK users may also lodge a complaint with their supervisory authority. To exercise these rights, contact us through the App's listing page; we will respond within one month.

8. Security

We use appropriate technical and organisational measures to protect your data, including encryption in transit, hashed passwords, access controls, and row-level security on our database so that your account data is only accessible to you.

9. Cookies & local storage

The App uses essential local storage and cookies required to keep you signed in and to remember your preferences. We do not use advertising or third-party tracking cookies.

10. Changes

We may update this notice from time to time. Material changes will be communicated in the App. Continued use after changes take effect constitutes acceptance.

11. Contact

Questions or requests? Reach us through the App's listing page.