Privacy Policy
Last updated: February 2026
1. Introduction
Toggly ("we", "us", "our app") respects your privacy. This Privacy Policy explains what data we collect, how we use it, and what rights you have regarding your personal information.
Toggly is a productivity and household management app available on iOS, Android, and Web. It helps you manage calendar tasks, to-do lists, shared expenses, and collaborate with family members or housemates.
2. Data Controller
The controller of your personal data is:
Golinski Ventures sp. z o.o.
ul. Smardzewska 7, Łagiewniki Nowe
95-002 Smardzew, Poland
Email: contact@togglyapp.com
3. Data We Collect
3.1 Data You Provide
- Email address — used for account creation and authentication
- Display name — shown to other board members for collaboration
- Content you create — calendar tasks, to-do lists, expense records, tags, and notes you enter into the app
3.2 Data Collected Automatically
- User ID — a unique identifier linked to your account
- Crash data — anonymous crash reports to help us fix bugs
- Performance data — anonymous app performance metrics
- Basic usage analytics — feature usage patterns via Firebase Analytics (e.g., which screens are viewed, button taps)
3.3 Data We Do NOT Collect
- We do not track your location
- We do not access your bank accounts or payment card details
- We do not sell your personal data to third parties
- We do not use tracking technologies for advertising purposes
- We do not use your data for profiling or targeted advertising
3.4 Guest Mode
You may use Toggly in guest mode without creating an account. In guest mode, all data is stored locally on your device. No personal data is transmitted to our servers until you choose to create an account.
4. How We Use Your Data
| Purpose | Legal Basis (GDPR) | Data Used |
|---|---|---|
| Providing the service | Performance of contract | Email, name, content you create |
| User authentication | Performance of contract | Email, authentication tokens |
| Collaboration features | Performance of contract | Name, board membership |
| Payment processing | Performance of contract | Handled entirely by Apple/Google (we do not receive payment details) |
| Crash reporting and bug fixes | Legitimate interest | Anonymous crash data |
| App improvement and analytics | Legitimate interest | Anonymous usage statistics |
| Customer support | Performance of contract | Email, name |
We do NOT use your data for:
- Advertising or ad profiling
- Selling to data brokers
- Building credit or financial profiles
- Training AI or machine learning models
5. Data Sharing
5.1 Third-Party Processors
We use the following third-party services to operate Toggly:
| Service | Purpose | Data Shared | Location |
|---|---|---|---|
| Supabase | Database hosting and authentication | Account data, app content | EU/US (Standard Contractual Clauses) |
| Apple | App distribution, payments, Sign in with Apple | Purchase data (handled by Apple) | US |
| App distribution, payments, Sign in with Google, Firebase Analytics | Purchase data, anonymous analytics | US (Standard Contractual Clauses) | |
| Firebase (Google) | Crash reporting, analytics | Anonymous crash and performance data | US (Standard Contractual Clauses) |
| RevenueCat | Subscription management | Purchase receipts, user ID | US (Standard Contractual Clauses) |
| Microsoft | Outlook calendar sync (optional) | Calendar data (when connected by user) | US |
5.2 We Do NOT Share Data With:
- Advertisers
- Data brokers
- Any third parties for marketing purposes
5.3 Collaboration
When you join a shared board, other board members can see your display name and content you add to that board. You control which boards you join.
6. Data Security
We implement appropriate technical and organizational measures to protect your data:
- Encryption in transit — all data transmitted via TLS 1.3
- Encryption at rest — database encryption provided by Supabase
- Row Level Security (RLS) — database-level access control ensuring users can only access data from boards they belong to
- Minimal data access — principle of least privilege applied to all services
- No plaintext passwords — authentication handled via Supabase Auth with industry-standard hashing
7. Your Rights (GDPR)
If you are in the European Economic Area (EEA), you have the following rights:
- Right of access — request a copy of your personal data
- Right to rectification — correct inaccurate personal data
- Right to erasure — request deletion of your data ("right to be forgotten")
- Right to data portability — export your data in a machine-readable format
- Right to object — object to processing based on legitimate interest
- Right to withdraw consent — at any time, without affecting prior processing
- Right to lodge a complaint — with your local data protection authority
How to Exercise Your Rights
- Delete your account: Available directly in the app (Profile > Delete Account)
- Export your data: Available directly in the app (Profile > Export Data) — JSON backup is always free
- Other requests: Email us at contact@togglyapp.com
We will respond to all valid requests as required by applicable law.
8. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until you delete your account + 30 days |
| App content (tasks, lists, expenses) | Until you delete your account + 30 days |
| Crash logs | 90 days |
| Analytics data | 2 years (anonymized) |
| Backup data after account deletion | Permanently deleted after 30 days |
When you delete your account, all associated personal data is permanently removed from our systems within 30 days.
9. Children's Privacy
Toggly is not intended for children under the age of 16. We do not knowingly collect personal data from children. If you believe a child under 16 has provided us with personal data, please contact us at contact@togglyapp.com and we will promptly delete it.
10. International Data Transfers
Your data may be transferred to and processed in countries outside your country of residence, including the United States. When this occurs, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data Processing Agreements (DPAs) with all third-party processors
11. Calendar Sync (Optional)
If you choose to connect external calendars (Apple Calendar, Google Calendar, or Outlook), Toggly will sync calendar data between the external service and your Toggly board. You can disconnect at any time from the app settings. We only access calendars you explicitly select.
12. Cookies and Web Technologies
The Toggly web app (app.togglyapp.com) uses:
- Essential cookies — required for authentication and session management (Supabase Auth)
- No advertising cookies
- No third-party tracking cookies
13. Changes to This Policy
We may update this Privacy Policy from time to time. For significant changes, we will notify you through:
- An in-app notification
- Email notification (if required by law)
The "Last updated" date at the top of this page indicates when the policy was last revised.
14. Contact
For any privacy-related questions or requests:
Email: contact@togglyapp.com
Website: https://togglyapp.com