Privacy Policy

Last updated: March 17, 2026

1. Introduction

Tooliki ('we', 'us' or 'our') is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose and safeguard your data when you visit our website and use our field data collection and inspection platform.

We are based in Germany and comply with the General Data Protection Regulation (GDPR) and applicable German data protection laws.

2. Data Controller

The controller responsible for processing your personal data is:

Tooliki

Email: support@tooliki.com

3. Data We Collect

We collect and process the following types of personal data:

  • Account information: Name, email address, organization details
  • Inspection data: Project information, forms, measurements, and findings entered through workflows
  • Evidence data: Photos, voice recordings, annotations, optional GPS location
  • Technical data: IP address, browser type, device information, usage data
  • Communication data: Information you provide when contacting support
  • Commercial data: Billing address, subscription plan, payment information

4. How We Use Your Data

We use your personal data for the following purposes:

  • Workflow execution: To process and complete your inspection workflows
  • Report generation: To generate reports and documentation from collected data
  • Communication: To send account notifications, updates, and responsive support
  • Payment processing: To process subscription billing and invoicing
  • AI assistance: To provide AI-powered extraction and report suggestions
  • Legal compliance: To comply with tax and regulatory requirements
  • Website improvement: To analyze usage and enhance our service

4A. AI Processing and Third-Party Sharing

When you use AI-assisted features, certain data may be transmitted to our AI subprocessors to generate responses and structured outputs.

  • AI provider: OpenAI (via Tooliki backend services)
  • Data categories: chat text, selected photos, optional voice transcripts, workflow metadata, and related inspection context
  • Purpose: assist data extraction, summarization, and workflow support
  • Control: users are asked for consent in-app before AI data sharing is activated

5. Legal Basis for Processing

Under GDPR, we process your data based on:

  • Contract performance: Processing necessary to fulfill your workflow and provide services
  • Consent: For marketing communications (which you can withdraw anytime)
  • Legal obligation: For tax and accounting requirements
  • Legitimate interest: For website analytics and security

6. Payment Processing

We use PayPal and bank transfer as payment processors. When you make a purchase, your payment information is collected and processed directly by these providers. We do not store full payment details on our servers. Please refer to their privacy policies for information on their data processing.

7. Data Sharing

We do not sell your personal data. We share data only with:

  • Payment processors: PayPal for payment processing
  • Cloud hosting providers: For data storage and backup
  • Email service providers: For sending transactional and service emails
  • AI subprocessors: OpenAI for AI-assisted processing when users opt in
  • Legal authorities: When required by law

All third-party service providers are contractually bound to protect your data and comply with GDPR.

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right of access: Request a copy of your personal data
  • Right to rectification: Correct inaccurate data
  • Right to erasure: Request deletion of your data
  • Right to restrict processing: Limit how we use your data
  • Right to data portability: Receive your data in a structured format
  • Right to object: Object to certain types of processing
  • Right to withdraw consent: Withdraw consent for marketing communications

To exercise any of these rights, contact us at support@tooliki.com

9. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy, or as required by law. Inspection data is retained according to your organization's retention policy. After account deletion, data is retained for a reasonable backup period then permanently deleted, except where required by law.

10. International Data Transfers

Where service providers are located outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or misuse. This includes encryption, secure servers, and restricted access controls.

12. Cookies and Tracking

Our website uses essential cookies for functionality. We do not use third-party advertising or tracking cookies without your consent. You can manage cookie preferences in your browser settings.

13. Children's Privacy

Our services are not intended for children under 16. We do not knowingly collect data from children. If you believe we have collected data from a child, please contact us immediately.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of changes by posting the new policy on this page and updating the 'Last Updated' date.

15. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at:

Email: support@tooliki.com

16. Supervisory Authority

If you believe we have not addressed your concerns adequately, you have the right to lodge a complaint with a supervisory authority in your country.

Terms of Service | Contact Us