ToolNestToolNest

Privacy Policy

Last updated: May 2026

1. Who we are

This Privacy Notice is issued by The Ultimate Toolkit Hub ("we", "us", "our"), trading as ToolNest. We act as the data controller for personal data processed through the ToolNest service (the "Service"). This policy explains what data we collect, why we collect it, the legal basis for each activity, and your rights.

2. Data we process & legal basis

Files you upload — processed in your browser whenever possible. For server-processed tools, files are temporarily handled to deliver the conversion. Legal basis: performance of contract.

Account data — email, name, hashed password (or Google OAuth identity), subscription status. Legal basis: performance of contract.

Usage analytics — page views, tool usage counts, anonymized IP for rate-limiting and abuse prevention. Legal basis: legitimate interest in operating and securing the Service.

Marketing communications — only when you opt in. Legal basis: consent (withdrawable at any time).

Legal/compliance records — invoices, tax records, fraud signals. Legal basis: legal obligation and legitimate interest.

3. Data retention

  • Uploaded files (server-processed): deleted within 1 hour of processing.
  • Account data: retained while your account is active, then deleted within 90 days of account closure (except where retention is legally required).
  • Billing & tax records: retained up to 7 years to comply with applicable tax law.
  • Usage analytics: retained in aggregated/anonymized form for up to 24 months.
  • Support correspondence: retained for up to 24 months after the last interaction.

4. Cookies

We use essential cookies for authentication and consent storage. Optional analytics cookies are loaded only after your consent and can be revoked at any time via your browser settings.

5. Your rights (GDPR & CCPA)

You have the right to access, rectify, export (portability), restrict, object to, or delete your personal data, and to withdraw consent at any time. EEA/UK residents may also lodge a complaint with their local supervisory authority. We respond to requests within 1 month. Contact privacy@toolnest.app.

6. Security measures

We apply appropriate technical and organisational measures to protect personal data, including: TLS encryption in transit, encryption at rest for credentials and sensitive data, hashed passwords (bcrypt/argon2), least-privilege access controls with role-based permissions, audit logging, automated backups, and regular security reviews of dependencies and infrastructure. No system is perfectly secure, but we work continuously to reduce risk.

7. Third-party processors & data sharing

  • Lovable Cloud — hosting, database, authentication.
  • Paddle.com Market Limited — Merchant of Record for all payments, subscription management, tax compliance, and invoicing.
  • Mailgun — transactional email delivery.
  • Professional advisers — legal and accounting, where strictly necessary.
  • Authorities — where required by applicable law.

8. International transfers

Where personal data is transferred outside the UK/EEA, we rely on adequacy decisions or Standard Contractual Clauses (SCCs) with appropriate supplementary safeguards.

9. Contact

The Ultimate Toolkit Hub — privacy queries: privacy@toolnest.app.