Privacy Policy

1. Introduction

At Progify ("we," "us," or "our"), we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use Tooly ("the Service").

Complete Agreement

This Privacy Policy works together with our Terms & Conditions and Refund Policy. By using our service, you agree to all these policies.

Privacy-First Commitment

We never train AI models on your data. Your prompts and content are sent only to the AI providers you select, and we do not store or use them for any other purpose.

2. Data We Collect

2.1 Account Information

When you create an account, we collect:

Email address - For authentication and communication
Password - Hashed and encrypted (we never see your plain-text password)
Account creation date - For record-keeping

2.2 Chat Messages & Conversations

To enable multi-device access and conversation history, we store:

Your chat messages - Prompts you send to AI models
AI responses - Responses from AI providers
Conversation metadata - Timestamps, selected models, credit usage

✅ Why We Store Your Chats:

Your conversations are stored securely in our database so you can access your chat history from any device. This enables seamless switching between your computer, phone, and tablet while keeping all your conversations in sync.

2.3 Usage Data

To provide and improve the Service, we collect:

Credit usage and balance - To track your subscription and purchases
AI model selections - Which models you use and how often
Tool usage statistics - Which tools you use (not the content)
Custom tools - Prompts, names, and icons for custom tools you create
Subscription status - Your plan (Free or Pro) and billing cycle

2.4 Technical Data

We automatically collect:

Browser version - For compatibility and troubleshooting
Extension version - To ensure you're using the latest features
Error logs - Anonymized logs that do not contain personal data
IP address - For security and fraud prevention (not permanently stored)

2.5 AI Processing Data

When you use AI tools, we process:

Text sent to AI providers - Your prompts and selected text from web pages
Model selections - Which AI models you choose for each request
Credit calculations - Token usage for billing purposes

🔒 Your Data Flow:

You → Our Servers (encrypted) → AI Provider (OpenAI, Anthropic, etc.) → Response back to you

We act as a secure bridge between you and AI providers. Your prompts are transmitted with industry-standard encryption and processed according to each provider's privacy policy.

2.6 Data We Do NOT Collect

What We Don't Collect:

✅ Your browsing history
✅ Text you highlight or process (stored locally only)
✅ Websites you visit
✅ AI prompts and responses (sent directly to AI providers)
✅ Personal notes or highlights content

3. How We Use Your Data

We use your information to:

Provide the Service - Process AI requests, manage credits, and enable features
Improve the Service - Analyze usage patterns (anonymized) to enhance features
Process billing - Handle subscriptions and credit purchases via Paddle
Send important updates - Service announcements, billing notices (you can opt-out of marketing emails)
Prevent abuse - Detect fraud, spam, and violations of our Terms
Comply with legal obligations - When required by law

4. Third-Party Services

We use the following third-party services:

Service	Purpose	Data Shared
Supabase	Authentication, Database	Email, hashed password, chat messages, usage data
OpenRouter	AI Model API Gateway	Your prompts, selected model, responses
AI Providers	AI Processing (via OpenRouter)	Your prompts and context
Paddle	Payment Processing	Email, payment details
Google Analytics	Usage Analytics	Anonymized usage stats

🤖 AI Providers We Use:

Through OpenRouter, your prompts may be processed by: OpenAI (GPT-4, GPT-3.5), Anthropic (Claude), Google (Gemini), Meta (Llama), and 200+ other models.

Each AI provider has their own privacy policy and terms of service. We recommend reviewing their policies before using their models. See Section 7.5 for details on third-party provider acknowledgment.

5. Data Storage & Security

5.1 Where Data is Stored

Account data - Supabase (encrypted at rest, US/EU servers)
Highlights - Chrome local storage (your device only)
Custom tools - Database (encrypted) + Chrome sync storage
Settings - Chrome sync storage (synced across your devices)

5.2 How We Protect Your Data

🔒 Enterprise Security

Your data is protected with enterprise-grade encryption using industry-standard security practices. We employ rigorous security measures to ensure your conversations stay private and secure.

🛡️ AES-256 Encryption

Advanced encryption at rest

🔐 TLS 1.3

Secure data transmission

🔑 Row-Level Security

Your data isolated from others

✅

Encrypted database - Your chat messages stored with AES-256 encryption

✅

Secure transmission - All data sent over HTTPS with TLS 1.3

✅

Password protection - Bcrypt hashing with salt (we never see your password)

✅

Access isolation - Row-level security ensures you only see your own data

✅

Regular audits - Quarterly security reviews and penetration testing

💡 What This Means for You:

Your conversations are protected with enterprise-level security. We use industry-standard encryption practices trusted by organizations worldwide. However, you are ultimately responsible for what information you choose to share in your chats (see Section 5.5 below).

5.3 Data Retention

We retain your data:

Active accounts - As long as your account exists
Deleted accounts - Up to 90 days for backup and recovery purposes
Legal obligations - As required by law (e.g., tax records for 7 years)

5.4 Data Breach Liability

While we employ industry-standard security measures (encryption, regular audits, access controls), no system is 100% immune to sophisticated attacks. In the unlikely event of a data breach:

Notification - We will notify affected users within 72 hours via email
Investigation - We will conduct a full investigation and implement corrective measures
Regulatory compliance - We will comply with all GDPR/CCPA breach notification requirements

⚠️ Liability Limitation:

To the maximum extent permitted by law, our liability for any data breach shall not exceed the lesser of $100 or your total payments to us in the 12 months preceding the breach.

We are NOT liable for breaches caused by: (1) Your account credentials being compromised, (2) Third-party AI provider security incidents, (3) Sophisticated attacks beyond industry-standard defenses, or (4) Your own negligence in sharing sensitive information.

5.5 Your Data Responsibility

You are ultimately responsible for what you share in your chats. While we provide enterprise-level security, you should exercise caution when sharing sensitive information.

🚨 DO NOT Share in Chats:

❌

Credit card numbers or financial credentials

❌

Social security numbers or national IDs

❌

Passwords or API keys

❌

Private health information (PHI)

❌

Confidential business secrets

❌

Personal identification documents

🔄 How Your Data Flows:

You type a prompt in Tooly

Our servers encrypt and store your message (for multi-device sync)

OpenRouter routes your prompt to the selected AI provider (OpenAI, Anthropic, etc.)

AI provider processes your prompt according to their privacy policy

Response is sent back through our servers and displayed to you

✅ Best Practices for Account Security:

🔑 Use a strong, unique password for your Tooly account
🔐 Never share your account credentials with anyone
🚪 Log out from shared or public computers
📧 Be cautious of phishing emails claiming to be from Tooly
🔄 Regularly review your chat history and delete sensitive conversations
📱 Enable two-factor authentication if/when available

Acknowledgment: By using Tooly, you acknowledge that you understand the data flow above and accept responsibility for any sensitive information you choose to share in your chats. If your account credentials are compromised due to your own negligence, we are not liable for unauthorized access to your data.

6. Your Rights (GDPR/CCPA)

You have the following rights regarding your personal data:

6.1 Right to Access

Request a copy of all personal data we hold about you. Contact us at privacy@progify.tech.

6.2 Right to Deletion ("Right to be Forgotten")

Delete your account and all associated data from your dashboard or by contacting support.

6.3 Right to Portability (Data Download)

You have the right to download all your data in machine-readable format (JSON). From your dashboard, you can export:

Chat history - All conversations with timestamps and model information
Custom tools - Your personalized AI tool templates
Highlights - Saved highlights from web pages with notes
Settings - Account preferences and configurations

Exported data is in JSON format and can be imported into other compatible systems. To request a complete data export, contact us at privacy@progify.tech.

6.4 Right to Correction

Update your email, password, and other account information from your dashboard.

6.5 Right to Opt-Out

Unsubscribe from marketing emails via the link in any email or from your account settings.

6.6 Right to Object

Object to processing of your data for certain purposes (e.g., marketing). Contact us to exercise this right.

How to Exercise Your Rights: Email privacy@progify.tech with your request. We will respond within 30 days.

7. Cookies & Local Storage

We use the following cookies and local storage:

Name	Purpose	Duration
auth_token	Authentication	7 days
theme_preference	UI theme setting	Permanent
tool_settings	Tool configurations	Permanent

You can manage cookies in your browser settings. Note that disabling cookies may affect Service functionality.

8. Children's Privacy

Tooly is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13.

If you are a parent or guardian and believe your child has provided us with personal information, contact us at privacy@progify.tech and we will delete it immediately.

9. International Data Transfers

Your data may be processed in the United States and the European Union. We ensure that adequate safeguards are in place, including:

Standard Contractual Clauses (SCCs) approved by the European Commission
Privacy Shield certification (where applicable)
GDPR-compliant data processing agreements with all vendors

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via:

Email to your registered address
In-app notification
Notice on our website

The "Last updated" date at the top of this policy indicates when changes were last made.

11. Contact Information

For questions or concerns about this Privacy Policy or how we handle your data:

Privacy Officer: privacy@progify.tech
General Support: support@progify.tech
Address: [Your Business Address]

By using Tooly, you acknowledge that you have read, understood, and agree to this Privacy Policy, our Terms & Conditions, and our Refund Policy.