Privacy Policy

1. Introduction

At Progify ("we," "us," or "our"), we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use Tooly ("the Service").

Complete Agreement

This Privacy Policy works together with our Terms & Conditions and Refund Policy. By using our service, you agree to all these policies.

Privacy-First Commitment

We never train AI models on your data. Your prompts and content are sent only to the AI providers you select, and we do not store or use them for any other purpose.

2. Data We Collect

2.1 Account Information

When you create an account, we collect:

Email address - For authentication and communication
Password - Hashed and encrypted (we never see your plain-text password)
Account creation date - For record-keeping

2.2 Chat Messages & Conversations

To enable multi-device access and conversation history, we store:

Your chat messages - Prompts you send to AI models
AI responses - Responses from AI providers
Conversation metadata - Timestamps, selected models, credit usage

Why We Store Your Chats:

Your conversations are stored securely in our database so you can access your chat history from any device. This enables seamless switching between your computer, phone, and tablet while keeping all your conversations in sync.

2.3 Usage Data

To provide and improve the Service, we collect:

Credit usage and balance - To track your subscription and purchases
AI model selections - Which models you use and how often
Tool usage statistics - Which tools you use (not the content)
Custom tools - Prompts, names, and icons for custom tools you create
Subscription status - Your plan (Free or Pro) and billing cycle

2.4 Technical Data

We automatically collect:

Browser version - For compatibility and troubleshooting
Extension version - To ensure you're using the latest features
Error logs - Anonymized logs that do not contain personal data
IP address - For security and fraud prevention (not permanently stored)

2.5 AI Processing Data

When you use AI tools, we process:

Text sent to AI providers - Your prompts and selected text from web pages
Model selections - Which AI models you choose for each request
Credit calculations - Token usage for billing purposes

Your Data Flow:

You → Our Servers (encrypted) → AI Provider (OpenAI, Anthropic, etc.) → Response back to you

We act as a secure bridge between you and AI providers. Your prompts are transmitted with industry-standard encryption and processed according to each provider's privacy policy.

2.6 Highlights Data

When you use the highlighting feature, we store:

Highlight content - The text you highlight on web pages
Notes - Any notes you add to highlights
Page URL - The webpage where the highlight was created
Highlight color - Your color preference for each highlight

Why We Store Your Highlights:

Your highlights are stored securely in our database to enable cross-device sync. This means you can access your highlights from any device where you're logged in.

2.7 Data We Do NOT Collect

What We Don't Collect:

Your browsing history
Websites you visit (except pages where you create highlights)
Content from pages you don't interact with

3. How We Use Your Data

We use your information to:

Provide the Service - Process AI requests, manage credits, and enable features
Improve the Service - Analyze usage patterns (anonymized) to enhance features
Process billing - Handle subscriptions and credit purchases via Stripe
Send important updates - Service announcements, billing notices (you can opt-out of marketing emails)
Prevent abuse - Detect fraud, spam, and violations of our Terms
Comply with legal obligations - When required by law

We may share your personal information with:

Service Providers - Companies that perform services on our behalf (Supabase for database, Stripe for payments, OpenRouter for AI routing)
AI Providers - When you use AI tools, your prompts are shared with your selected AI provider (OpenAI, Anthropic, Google, etc.)
Legal Authorities - When required by law, court order, or to protect our rights, property, or safety
Business Transfers - In connection with a merger, acquisition, reorganization, or sale of assets, your data may be transferred as part of that transaction

Minimum Data Sharing

We share only the minimum data necessary for each purpose. We never share more information than required to provide the service.

5. Third-Party Disclosure

We Do NOT Sell Your Data

We do NOT sell, trade, rent, or otherwise transfer your personally identifiable information to third parties for their marketing purposes.

Your data is only shared as described in Section 4 above, with your explicit consent, or as required by law.

We are committed to transparency about how your data is used. If we ever need to share your data in ways not described in this policy, we will notify you first and obtain your consent where required.

6. Third-Party Services

We use the following third-party services:

Service	Purpose	Data Shared
Supabase	Authentication, Database	Email, hashed password, chat messages, usage data
OpenRouter	AI Model API Gateway	Your prompts, selected model, responses
AI Providers	AI Processing (via OpenRouter)	Your prompts and context
Stripe	Payment Processing	Email, payment details
Google Analytics	Usage Analytics	Anonymized usage stats

AI Providers We Use:

Through OpenRouter, your prompts may be processed by: OpenAI (GPT-5), Anthropic (Claude 4.5), Google (Gemini 3), Meta (Llama), and other top AI models.

Each AI provider has their own privacy policy and terms of service. We recommend reviewing their policies before using their models. Each provider processes your data according to their own privacy policies.

7. Data Storage & Security

7.1 Where Data is Stored

Account data - Supabase (encrypted at rest, US/EU servers)
Highlights - Database (encrypted, cross-device sync enabled)
Custom tools - Database (encrypted) + Chrome sync storage
Settings - Chrome sync storage (synced across your devices)

7.2 How We Protect Your Data

Enterprise Security

Your data is protected with enterprise-grade encryption using industry-standard security practices. We employ rigorous security measures to ensure your conversations stay private and secure.

AES-256 Encryption

Advanced encryption at rest

TLS 1.3

Secure data transmission

Row-Level Security

Your data isolated from others

✓

Encrypted database - Your chat messages stored with AES-256 encryption

✓

Secure transmission - All data sent over HTTPS with TLS 1.3

✓

Password protection - Bcrypt hashing with salt (we never see your password)

✓

Access isolation - Row-level security ensures you only see your own data

✓

Regular audits - Quarterly security reviews and penetration testing

What This Means for You:

Your conversations are protected with enterprise-level security. We use industry-standard encryption practices trusted by organizations worldwide. However, you are ultimately responsible for what information you choose to share in your chats (see Section 7.5 below).

7.3 Data Retention

We retain your data:

Active accounts - As long as your account exists
Deleted accounts - Up to 90 days for backup and recovery purposes
Legal obligations - As required by law (e.g., tax records for 7 years)

7.4 Data Breach Notification

In the unlikely event of a data breach affecting your personal information, we will:

Notify you - Within 72 hours via email
Investigate - Conduct a full investigation and implement corrective measures
Comply with regulations - Follow all GDPR/CCPA breach notification requirements

7.5 Your Data Responsibility

You are ultimately responsible for what you share in your chats. While we provide enterprise-level security, you should exercise caution when sharing sensitive information.

DO NOT Share in Chats:

✗

Credit card numbers or financial credentials

✗

Social security numbers or national IDs

✗

Passwords or API keys

✗

Private health information (PHI)

✗

Confidential business secrets

✗

Personal identification documents

How Your Data Flows:

You type a prompt in Tooly

Our servers encrypt and store your message (for multi-device sync)

OpenRouter routes your prompt to the selected AI provider (OpenAI, Anthropic, etc.)

AI provider processes your prompt according to their privacy policy

Response is sent back through our servers and displayed to you

Best Practices for Account Security:

Use a strong, unique password for your Tooly account
Never share your account credentials with anyone
Log out from shared or public computers
Be cautious of phishing emails claiming to be from Tooly
Regularly review your chat history and delete sensitive conversations
Enable two-factor authentication if/when available

Acknowledgment: By using Tooly, you acknowledge that you understand the data flow above and accept responsibility for any sensitive information you choose to share in your chats. If your account credentials are compromised due to your own negligence, we are not liable for unauthorized access to your data.

8. Your Rights (GDPR/CCPA)

You have the following rights regarding your personal data:

8.1 Right to Access

Request a copy of all personal data we hold about you. Contact us at privacy@progify.tech.

8.2 Right to Deletion ("Right to be Forgotten")

Delete your account and all associated data from your dashboard or by contacting support.

8.3 Right to Portability (Data Download)

You have the right to download all your data in machine-readable format (JSON). From your dashboard, you can export:

Chat history - All conversations with timestamps and model information
Custom tools - Your personalized AI tool templates
Highlights - Saved highlights from web pages with notes
Settings - Account preferences and configurations

Exported data is in JSON format and can be imported into other compatible systems. To request a complete data export, contact us at privacy@progify.tech.

8.4 Right to Correction

Update your email, password, and other account information from your dashboard.

8.5 Right to Opt-Out

Unsubscribe from marketing emails via the link in any email or from your account settings.

8.6 Right to Object

Object to processing of your data for certain purposes (e.g., marketing). Contact us to exercise this right.

How to Exercise Your Rights: Email privacy@progify.tech with your request. We will respond within 30 days.

9. Cookies & Local Storage

We use the following cookies and local storage:

Name	Purpose	Duration
auth_token	Authentication	7 days
theme_preference	UI theme setting	Permanent
tool_settings	Tool configurations	Permanent

You can manage cookies in your browser settings. Note that disabling cookies may affect Service functionality.

10. Children's Privacy

Tooly is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13.

If you are a parent or guardian and believe your child has provided us with personal information, contact us at privacy@progify.tech and we will delete it immediately.

11. International Data Transfers

Your data may be processed in the United States and the European Union. We ensure that adequate safeguards are in place, including:

Standard Contractual Clauses (SCCs) approved by the European Commission
Privacy Shield certification (where applicable)
GDPR-compliant data processing agreements with all vendors

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via:

Email to your registered address
In-app notification
Notice on our website

The "Last updated" date at the top of this policy indicates when changes were last made.

13. Contact Information

For questions or concerns about this Privacy Policy or how we handle your data:

Privacy Officer: privacy@progify.tech
General Support: support@progify.tech
Address: Office 12, Initial Business Centre, Wilson Business Park, Manchester, M40 8WN, United Kingdom

By using Tooly, you acknowledge that you have read, understood, and agree to this Privacy Policy, our Terms & Conditions, and our Refund Policy.