Legal

Privacy Policy.

What we collect, why we collect it, and how to take it back. GDPR-compliant.

Last updated · January 2026

1. Who we are

This Privacy Policy applies to ToolScale (referred to as "ToolScale", "we", "us") and the website toolscale.io. We are the data controller of any personal information you provide when subscribing to or using the service.

2. What we collect

We collect only what we need to deliver the service:

  • Account info: email, name, country, password (hashed).
  • Billing info: payment is handled by Stripe — we never see or store your card number. We only see the last 4 digits, brand and expiry from Stripe's API.
  • Usage data: which tools you open, frequency of use, device and browser, IP address.
  • Support history: messages you send us by email, WhatsApp or our contact form.
  • Cookies: see section 4 below.

3. How we use it

We use your information to:

  • provide and maintain your access to the bundled tools;
  • process payments and send invoices;
  • send service-related emails (password resets, billing receipts, important changes);
  • detect fraud, abuse and seat sharing in violation of our Terms;
  • improve the product (which tools are popular, which break, which to add next);
  • respond to support requests.

We never sell your personal data. We don't run advertising on it. We don't share it with data brokers.

4. Cookies & tracking

We use the smallest set of cookies needed to run the site:

  • Strictly necessary: session, authentication, fraud prevention.
  • Analytics: anonymised page-view stats so we know what's working. You can opt out in your browser settings or by rejecting analytics via our cookie banner.
  • Marketing / affiliate: FirstPromoter tracks affiliate referrals (only if you arrived via an affiliate link).

5. Third-party services

We use a small set of trusted third-party providers to run ToolScale. Each one has its own privacy policy:

  • Stripe — payment processing
  • Webflow — website hosting
  • FirstPromoter — affiliate tracking
  • Google Analytics — anonymised traffic stats
  • Brevo — transactional and marketing emails

Beyond these, the bundled tools you access through ToolScale (Semrush, Canva, Anthropic, etc.) each have their own privacy policies that apply when you use them.

6. Data retention

We keep your account data for as long as your subscription is active and for a reasonable period after cancellation to comply with our accounting and legal obligations (typically up to 10 years for invoices, as required by French tax law). Support messages are kept for up to 3 years. Anonymised analytics are kept indefinitely.

7. Data sharing

We share data only with the third-party providers listed in section 5, and only to the extent needed for them to perform their function. We may also disclose data when required by law or to enforce our Terms of Service. We never sell or rent personal data.

8. Data subject rights

Most of the personal data we process is strictly necessary to provide the service you subscribed to (account, billing, fraud prevention, support). Without it, we are not able to deliver access to ToolScale or honour our contractual and legal obligations. As a result, requests to delete or restrict processing of essential service data will generally entail the termination of your subscription, with no entitlement to a refund.

Subject to applicable data protection law and the conditions below, you may submit a request relating to the personal data we hold about you. All requests must:

  • be sent in writing to contact@toolscale.io from the email address registered on the account;
  • contain proof of identity sufficient to confirm that the request is genuine;
  • describe the request with enough specificity to allow us to identify the data and lawful basis concerned.

We will assess each request on its own merits and respond within the period required by applicable law. In line with article 12(5) of the General Data Protection Regulation, we reserve the right to refuse, or to charge a reasonable administrative fee for, requests that are manifestly unfounded, excessive, repetitive, or made through automated means. Where a request would conflict with our retention obligations (e.g. invoices kept for accounting purposes), with the rights of third parties, or with the security of the service, it will be declined.

If you remain dissatisfied with the way a request has been handled, you may refer the matter to the competent supervisory authority in your country of residence.

9. Security

We protect your data with industry-standard measures: encrypted connections (HTTPS / TLS) site-wide, hashed passwords, isolated browser environments for tool access, and limited employee access on a need-to-know basis. No system is 100 % secure — we'll notify affected users promptly if a breach ever occurs.

10. International transfers

Some of our third-party providers (Stripe, Google Analytics, Brevo) process data outside the European Union. When this happens, we rely on Standard Contractual Clauses approved by the European Commission to ensure your data remains protected to EU standards.

11. Children

ToolScale is not directed at people under the age of 16. We don't knowingly collect data from minors. If you believe we have collected data from a child, contact us and we'll delete it.

12. Changes to this policy

We may update this policy as the service evolves. When we do, we update the "Last updated" date at the top and, for material changes, email active subscribers. Continued use of the service after an update means you accept the updated policy.

13. Contact

Privacy-related correspondence should be addressed to contact@toolscale.io.

Julia Ask anything to Julia on WhatsApp now