Privacy Policy

This privacy policy applies to the ToolBake web application (hereby referred to as "Application") created by the ToolBake team (hereby referred to as "Service Provider") as an Open Source service. This service is intended for use "AS IS".

What information does the Application obtain and how is it used?

The Application can be used in Guest Mode without registration or providing any personal information. In Guest Mode, no personal data is collected or transmitted to our servers.

If you choose to create an account or sign in, the Application may collect the following information:

  • Account information: user ID, display name, and email address (provided directly or obtained through SSO providers).
  • Authentication credentials: passwords (stored in hashed form), Passkey/WebAuthn credential identifiers, and two-factor authentication (TOTP) configuration.
  • SSO profile data: when you sign in via GitHub or Google, we receive basic profile information (such as your name and email) as authorized by you through those providers.

Data stored in your browser

The Application uses your browser's local storage to persist certain preferences and data locally on your device. This data is never transmitted to our servers and includes:

  • Theme and accent color preferences.
  • OpenAI API configuration (API key, endpoint URL, model selection) that you provide for AI-assisted features. These credentials are stored exclusively in your browser and are sent only to the OpenAI API endpoint you configure.
  • Authentication tokens for maintaining your login session.
  • Tool data and workspace settings.

Does the Application collect location information?

This Application does not collect any location information from your device.

Do third parties see and/or have access to information obtained by the Application?

The Service Provider does not sell, trade, or share your personal information with third parties. Limited data exchange occurs only in the following scenarios:

  • SSO providers (GitHub, Google): when you choose to sign in via SSO, standard OAuth authentication data is exchanged with the selected provider.
  • OpenAI API: if you configure an OpenAI API key, the data you submit through AI-assisted features is sent directly to the OpenAI endpoint you specify. This is initiated by your action and governed by OpenAI's own privacy policy.

What are my opt-out rights?

You can stop all collection of information by the Application by ceasing to use it and clearing your browser's local storage for this site. If you have an account, you can delete it through the Profile Settings page, which will remove all associated server-side data.

Children

The Application is not used to knowingly solicit data from or market to children under the age of 13.

The Service Provider does not knowingly collect personally identifiable information from children. The Service Provider encourages all children to never submit any personally identifiable information through the Application and/or Services. The Service Provider encourages parents and legal guardians to monitor their children's Internet usage and to help enforce this Policy by instructing their children never to provide personally identifiable information through the Application and/or Services without their permission. If you have reason to believe that a child has provided personally identifiable information to the Service Provider through the Application and/or Services, please contact the Service Provider via the GitHub Issues page so that they will be able to take the necessary actions. You must also be at least 16 years of age to consent to the processing of your personally identifiable information in your country (in some countries we may allow your parent or guardian to do so on your behalf).

Security

The Service Provider is concerned about safeguarding the confidentiality of your information. We employ industry-standard security measures including encrypted data transmission (HTTPS), hashed password storage, and support for secure authentication methods such as Passkeys and two-factor authentication (2FA/TOTP). Sensitive data such as your OpenAI API key is stored only in your browser's local storage and is never transmitted to our servers.

Changes

This Privacy Policy may be updated from time to time for any reason. The Service Provider will notify you of any changes to their Privacy Policy by updating this page with the new Privacy Policy. You are advised to consult this Privacy Policy regularly for any changes, as continued use is deemed approval of all changes.

This privacy policy is effective as of 2026-02-09.

Your Consent

By using the Application, you are consenting to the processing of your information as set forth in this Privacy Policy now and as amended by the Service Provider.

Contact Us

If you have any questions regarding privacy while using the Application, or have questions about the practices, please contact the Service Provider by opening an issue on our GitHub repository.

This privacy policy page was generated by App Privacy Policy Generator and adapted for the ToolBake web application.