Privacy Policy

This Privacy Policy explains how ToolWard ("we," "us," "our," or "the Company") collects, uses, discloses, and protects your personal information when you access or use our website at toolward.com (the "Site"), our 6,598+ online tools (the "Tools"), our APIs, and any related services (collectively, the "Service"). By using the Service, you consent to the practices described in this Policy. If you do not agree, please discontinue use of the Service immediately.

Table of Contents

1. Information We Collect
2. Client-Side Processing — How Your Data Stays in Your Browser
3. AI-Powered Tools — Data Sent to Third-Party AI Providers
4. How We Use Your Information
5. Cookies and Tracking Technologies
6. Third-Party Services and Data Processors
7. Data Sharing and Disclosure
8. Data Retention
9. Your Rights and Choices
10. GDPR — European Economic Area Provisions
11. NDPR — Nigeria Data Protection Regulation Provisions
12. CCPA — California Consumer Privacy Act Provisions
13. International Data Transfers
14. Security Measures
15. Children's Privacy
16. Embedded Tools on Third-Party Sites
17. Changes to This Privacy Policy
18. Contact Us

1. Information We Collect

1.1 Information You Provide Directly

• Account Registration Data: When you create an account, we collect your name, email address, and password (stored in hashed form). You may optionally provide a profile picture, display name, and other profile information.
• Payment Information: When you subscribe to a paid plan or purchase credits, your payment details (card number, billing address, transaction ID) are collected and processed directly by our payment processors (Paystack, Flutterwave, or Stripe). We receive only a transaction reference, amount, currency, and status confirmation. We do not store your full card number or CVV on our servers.
• Communications: When you contact us via email, submit feedback, report a bug, or participate in surveys, we collect the content of those communications along with your email address.
• User-Generated Content: Blog comments, tool ratings, reviews, community tips, and any other content you voluntarily post on the Service.
• AI Tool Inputs: When you use AI-powered tools, the prompts and inputs you submit are sent to our servers and forwarded to third-party AI providers (see Section 3).

1.2 Information Collected Automatically

• Usage Data: Pages visited, tools used, features accessed, search queries on our platform, time spent on pages, click patterns, and referring URLs.
• Device and Browser Information: Browser type and version, operating system, screen resolution, device type (desktop/mobile/tablet), language preference, and time zone.
• IP Address and Approximate Location: Your IP address is collected for security, rate limiting, guest usage tracking, and fraud prevention. We may derive your approximate geographic location (country/region level) from your IP address.
• Cookies and Similar Technologies: Session cookies, persistent cookies, and local storage entries (see Section 5).
• Log Data: Server logs that record HTTP requests including timestamps, URLs, HTTP methods, response codes, and user agent strings.

1.3 Information We Do NOT Collect from Standard Tools

The vast majority of our tools (image converters, calculators, text utilities, code formatters, unit converters, and similar) process your data entirely within your browser. The files you upload, the text you enter, and the results generated by these tools are never transmitted to our servers. We have no access to this data and cannot see, store, or recover it. See Section 2 for details.

Back to top

2. Client-Side Processing — How Your Data Stays in Your Browser

ToolWard's architecture is fundamentally different from most web applications. Our standard (non-AI) tools are JavaScript applications that run entirely in your web browser using technologies such as WebAssembly, Web Workers, and the Canvas API. This means:

• Files you upload to image converters, video tools, PDF tools, and similar utilities are processed locally on your device.
• Text you enter into calculators, formatters, generators, and encoders/decoders is processed locally.
• Results (converted files, calculated values, generated output) are created in your browser's memory and downloaded directly to your device.
• No file data, input text, or output results from standard tools are transmitted to ToolWard's servers or any third party.
• When you close your browser tab or navigate away, this data is discarded from memory unless you have explicitly saved it using our session persistence feature (which stores a reference on our server, not the full file data).

Exceptions: AI-powered tools (Section 3) and the optional session persistence feature do transmit data to our servers. These are clearly identified in the Service.

Back to top

3. AI-Powered Tools — Data Sent to Third-Party AI Providers

Certain tools on ToolWard are powered by artificial intelligence. When you use an AI-powered tool:

• Your input (prompt, text, or parameters) is transmitted from your browser to ToolWard's servers via an encrypted HTTPS connection.
• Our servers forward your input to a third-party AI provider (currently OpenAI and/or Anthropic) for processing.
• The AI provider generates a response, which is relayed back to you through our servers.
• We may cache AI responses (keyed by a hash of the prompt) to improve performance and reduce costs. These cached responses do not contain personally identifiable information unless you included such information in your prompt.
• We log AI usage (timestamp, tool slug, user ID if authenticated, token count) for rate limiting and abuse prevention. We do not log the full text of your prompts in our usage logs.
• Third-party AI provider policies: OpenAI's data usage policy (available at openai.com/policies) and Anthropic's privacy policy (available at anthropic.com/privacy) govern how they handle the data we send on your behalf. We encourage you to review these policies.

Back to top

4. How We Use Your Information

We use the personal information we collect for the following purposes:

• Service Delivery: To provide, operate, and maintain the Service, including serving tool bundles, processing payments, managing accounts, and delivering AI-powered features.
• Service Improvement: To analyse usage patterns, identify popular tools, diagnose technical issues, and improve the user experience.
• Security and Fraud Prevention: To detect, prevent, and respond to fraud, abuse, security incidents, and technical issues. This includes IP-based rate limiting and guest usage tracking.
• Communications: To send you essential service communications (account verification, password resets, payment receipts, subscription notices), and, with your consent, promotional communications (newsletters, new tool announcements).
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
• Advertising: To serve contextual advertisements on the Service and to provide aggregated analytics to advertisers. We do not sell your personal data to advertisers or build individual advertising profiles.
• User Support: To respond to your inquiries, provide customer support, and resolve disputes.

Legal Bases for Processing (GDPR): We process personal data on the following legal bases: (a) your consent; (b) performance of a contract (providing the Service you signed up for); (c) our legitimate interests (security, fraud prevention, service improvement); and (d) compliance with legal obligations.

Back to top

5. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve the Service.

5.1 Types of Cookies We Use

5.2 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or be notified before a cookie is set. Please note that disabling essential cookies may prevent you from using certain features of the Service, including authentication and session management.

5.3 Do Not Track Signals

We currently do not respond to "Do Not Track" browser signals, as there is no industry-wide standard for compliance. However, you may opt out of analytics tracking by using browser extensions or the cookie management controls described above.

Back to top

6. Third-Party Services and Data Processors

We use the following categories of third-party services that may process your data:

• Payment Processors: Paystack, Flutterwave, and Stripe process your payment transactions. They receive your payment details directly and are PCI DSS compliant. We do not store your full card details.
• AI Providers: OpenAI and Anthropic process AI tool inputs. They receive the prompts you submit to AI-powered tools.
• Analytics: Google Analytics collects anonymised usage data to help us understand how the Service is used.
• Hosting and Infrastructure: Our web hosting provider stores and serves the Service, including your account data and usage logs.
• Email Services: We use email service providers to send transactional and marketing emails.
• Content Delivery: We may use CDN services to deliver static assets for improved performance.

Each third-party service operates under its own privacy policy and terms. We select service providers who maintain appropriate data protection standards, and where required, we have data processing agreements in place.

Back to top

7. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

We may share your information in the following limited circumstances:

• Service Providers: With third-party service providers who perform services on our behalf (payment processing, analytics, email delivery, hosting), strictly for the purposes described in this Policy.
• Legal Requirements: When required by law, regulation, legal process, or governmental request, including to comply with a subpoena, court order, or similar legal mechanism.
• Safety and Rights Protection: When we believe in good faith that disclosure is necessary to protect the safety of our users, the public, or our rights, property, or the rights and property of third parties.
• Business Transfers: In connection with a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.
• With Your Consent: We may share your information for any other purpose with your explicit consent.
• Aggregated or De-Identified Data: We may share aggregated, anonymised, or de-identified data that cannot reasonably be used to identify you, for analytics, research, or business purposes.

Back to top

8. Data Retention

We retain personal information only for as long as necessary to fulfil the purposes described in this Policy, unless a longer retention period is required or permitted by law.

• Account Data: Retained for the duration of your account. Upon account deletion, personal data is permanently deleted or anonymised within 30 days, except where retention is required for legal or regulatory purposes.
• Payment Records: Transaction records are retained for 7 years as required by tax and financial regulations.
• Usage Logs: Server logs and analytics data are retained for up to 24 months, after which they are aggregated or deleted.
• AI Cache: Cached AI responses (keyed by prompt hash) are retained for up to 90 days for performance optimization.
• AI Usage Logs: Audit logs of AI tool usage (without full prompt text) are retained for up to 12 months.
• Guest Data: IP-based guest usage counters expire within 24 hours. No persistent guest profiles are created.
• User-Generated Content: Blog comments, reviews, and tips are retained until you request their deletion or your account is deleted.
• Tool Session Data: Saved tool state data is retained for up to 90 days of inactivity, after which it may be automatically purged.

Back to top

9. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete personal data.
• Right to Erasure ("Right to Be Forgotten"): Request deletion of your personal data, subject to legal retention requirements.
• Right to Restrict Processing: Request that we limit how we use your data in certain circumstances.
• Right to Data Portability: Request your personal data in a structured, commonly used, machine-readable format.
• Right to Object: Object to the processing of your personal data for direct marketing or where processing is based on our legitimate interests.
• Right to Withdraw Consent: Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
• Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority.

To exercise any of these rights, contact us at help@toolward.com. We will respond to your request within 30 days (or sooner if required by applicable law). We may require verification of your identity before processing your request.

Back to top

10. GDPR — European Economic Area Provisions

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the following additional provisions apply:

• Data Controller: ToolWard is the data controller responsible for your personal data. Contact details are provided in Section 18.
• Legal Bases: We process your data under the legal bases of consent, contractual necessity, legitimate interests, and legal obligation as described in Section 4.
• Data Protection Officer: For GDPR-related inquiries, contact us at help@toolward.com.
• Supervisory Authority: You have the right to lodge a complaint with your local supervisory authority if you believe your data protection rights have been violated.
• International Transfers: Where we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission or reliance on an adequacy decision.
• Automated Decision-Making: We do not engage in solely automated decision-making that produces legal effects or similarly significant effects on you.

Back to top

11. NDPR — Nigeria Data Protection Regulation Provisions

ToolWard is operated by a Nigerian company and is subject to the Nigeria Data Protection Regulation (NDPR) and the Nigeria Data Protection Act (NDPA) 2023. The following provisions apply to all users, with particular relevance to users in Nigeria:

• Lawful Processing: We process personal data based on your consent, contractual necessity, compliance with legal obligations, protection of vital interests, and our legitimate interests, in accordance with the NDPR and NDPA.
• Data Subject Rights: Nigerian data subjects have the right to access, rectify, delete, and port their personal data, as well as the right to object to processing and to withdraw consent, as provided under the NDPR.
• Data Protection Compliance Organisation (DPCO): Where required, we engage a DPCO to conduct data protection audits and ensure compliance with the NDPR.
• Filing a Complaint: Nigerian data subjects may lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.
• Cross-Border Transfers: Where personal data of Nigerian data subjects is transferred outside Nigeria, we ensure that the receiving country or organisation provides adequate data protection safeguards as required by the NDPR.
• Third-Party Processing: All third-party data processors engaged by us are contractually bound to process personal data in accordance with the NDPR.

Back to top

12. CCPA — California Consumer Privacy Act Provisions

If you are a California resident, the following additional rights apply under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business purpose for collection, and the categories of third parties with whom we share it.
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
• Right to Correct: You have the right to request correction of inaccurate personal information.
• Right to Opt Out of Sale or Sharing: We do not sell or share your personal information as defined under the CCPA/CPRA. If this practice changes, we will provide a "Do Not Sell or Share My Personal Information" link and update this Policy accordingly.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
• Authorised Agent: You may designate an authorised agent to submit requests on your behalf, subject to identity verification.
• Categories of Information Collected: Identifiers (name, email, IP address), commercial information (subscription and transaction records), internet activity (usage data, tool interactions), and inferences drawn from the foregoing.
• Sensitive Personal Information: We do not intentionally collect sensitive personal information as defined under the CPRA (e.g., social security numbers, precise geolocation, racial or ethnic origin, health information). If you inadvertently submit sensitive data to a tool, refer to Section 2 (client-side processing) or Section 3 (AI tools).

To exercise your CCPA/CPRA rights, contact us at help@toolward.com with the subject line "CCPA Request." We will verify your identity and respond within 45 days.

Back to top

13. International Data Transfers

ToolWard is operated from Nigeria and serves users worldwide. Your personal information may be transferred to, stored, and processed in countries other than the country in which you reside. These countries may have data protection laws that differ from the laws of your jurisdiction. By using the Service, you consent to the transfer of your information to Nigeria and other countries where our service providers operate. Where required by applicable law (including the GDPR and NDPR), we implement appropriate safeguards for international data transfers, including Standard Contractual Clauses, adequacy decisions, or other lawful transfer mechanisms.

Back to top

14. Security Measures

We implement a range of technical and organisational measures to protect your personal information, including:

• HTTPS/TLS encryption for all data in transit
• Password hashing using industry-standard algorithms (bcrypt)
• CSRF protection on all forms and state-changing requests
• Rate limiting on authentication endpoints and API routes
• Access controls limiting employee and contractor access to personal data on a need-to-know basis
• Regular security reviews and updates to dependencies
• Input validation and sanitisation to prevent injection attacks
• Sanctum token-based API authentication with scoped permissions

Despite these measures, no system is completely secure. We cannot guarantee the absolute security of your data. If we become aware of a security breach that affects your personal data, we will notify you and the relevant authorities in accordance with applicable law.

Back to top

15. Children's Privacy

The Service is not directed to children under the age of 13 (or under the age of 16 in the EEA). We do not knowingly collect personal information from children under these ages. If we become aware that we have collected personal data from a child under the applicable minimum age without parental consent, we will take steps to delete that information promptly. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at help@toolward.com.

Back to top

16. Embedded Tools on Third-Party Sites

ToolWard tools may be embedded on third-party websites. When you use an embedded tool, the tool code executes in your browser in the context of the third-party site. The same client-side processing principles apply: standard tool data is processed locally in your browser and is not sent to ToolWard's servers. However, the embedding website may have its own tracking and data collection practices that are outside our control. We encourage you to review the privacy policy of any third-party site where you use an embedded ToolWard tool. ToolWard may collect basic analytics data (page load events, tool slug) from embedded tool instances for usage statistics.

Back to top

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or through a prominent notice on the Service. We encourage you to review this Policy periodically. Your continued use of the Service after the posting of changes constitutes your acceptance of the revised Policy.

Back to top

18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For GDPR inquiries, include "GDPR" in the subject line. For CCPA requests, include "CCPA Request" in the subject line. For NDPR inquiries, include "NDPR" in the subject line. We aim to respond to all data protection requests within 30 days.