Privacy Policy

We collect information you provide directly to us, including:

• Account information: Name, email address, company name when you create an account or contact us
• Project information: Repository URLs, project descriptions, and requirements you share during onboarding and planning
• Communication data: Messages, feedback, and meeting notes from your interactions with our AI team and engineers
• Usage data: How you interact with our platform, including pages visited, features used, and session duration
• Payment information: Billing details processed by our third-party payment provider (we do not store full payment card details)

We use the information we collect to:

• Provide, maintain, and improve our services
• Analyze your codebase to generate accurate effort unit estimates and project plans
• Communicate with you about your project, development cycles, and deliverables
• Process payments and manage your subscription
• Send service-related notifications (development cycle updates, review requests, etc.)
• Respond to your support requests and inquiries

We do not sell your personal information to third parties. We do not use your code or project data to train AI models.

Your data is protected with industry-standard security measures:

• All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Project data is isolated per-tenant with strict access controls
• Code analysis occurs in ephemeral, isolated containers that are destroyed after execution
• Regular security audits and vulnerability assessments
• Access to your data is restricted to authorized personnel only

Data is processed in EU-based infrastructure. We can discuss specific data residency requirements for Enterprise clients.

We use the following third-party services to operate our platform:

• AI providers: We use third-party AI language model providers (such as Anthropic, OpenAI, and similar services) to power codebase analysis, effort unit estimation, code generation, and other AI-assisted features. Your project data — including code snippets, repository structure, and project descriptions — may be sent to these providers for processing. We select providers that offer data processing agreements and do not use customer data to train their models. We review provider terms regularly to ensure compliance with our data protection standards.
• Payment processing: Card payments are processed by Stripe (PCI DSS compliant). We also accept wire transfers (SWIFT, SEPA) and cryptocurrency (BTC, ETH, USDT, USDC, SOL, and other major coins). Payment data handling varies by method — we never store full card details
• Repository access: GitHub API for read-only codebase analysis (you control access permissions)
• Contact form: Our contact form collects your name, email, and message to respond to your inquiry. This data is processed and stored securely on our servers.
• Communication: Email services for project communication and notifications

We do not share your personal data with third parties for advertising or marketing purposes. For details on how each provider handles your data, we encourage you to review their respective privacy policies.

You have the right to:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate personal data
• Deletion: Request deletion of your personal data (subject to legal retention requirements)
• Portability: Request your data in a structured, machine-readable format
• Objection: Object to processing of your personal data for certain purposes
• Revoke access: Revoke repository access and platform permissions at any time

To exercise any of these rights, contact us at [email protected].

We retain your data for as long as your account is active or as needed to provide services. Specifically:

• Account data: Retained while your account is active, deleted within 30 days of account closure
• Project data: Retained for the duration of the project engagement, deleted within 90 days of project completion unless otherwise agreed
• Code analysis data: Ephemeral — destroyed immediately after execution
• Communication records: Retained for 12 months after project completion for support purposes
• Payment records: Retained as required by applicable tax and accounting laws

Our marketing website (toolwiz.ai) does not use analytics scripts or third-party advertising pixels. We use the following cookies:

• Affiliate referral (twz_ref): When you visit via an affiliate referral link (containing ?ref=code), we store the referral code in a first-party cookie. This cookie is scoped to .toolwiz.ai (shared across toolwiz.ai and app.toolwiz.ai), persists for 90 days, and uses first-touch attribution (the first affiliate link clicked gets credit). It is used solely to attribute signups to our affiliate program. No personal data is stored in this cookie — only the affiliate code
• Contact form: No additional cookies are set by our contact form beyond essential session handling
• Authentication: Essential session cookies are used when you are logged into the platform (app.toolwiz.ai)

You can manage cookie preferences at any time through your browser settings. Clearing cookies will remove the affiliate referral attribution.

We may update this privacy policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of our services after changes constitutes acceptance of the updated policy.