GDPR Policy

Controller and Scope

TooloraHub acts as the data controller for account, billing, and platform operations data, and as a processor for files uploaded for conversion workflows. This policy applies to users in the European Union (EU), European Economic Area (EEA), and other regions where GDPR-aligned rights apply.

Lawful Basis for Processing

• Contract performance: running conversions, authentication, and account features.
• Legitimate interests: platform security, abuse prevention, and reliability monitoring.
• Legal obligations: financial records, billing auditability, and compliance requests.
• Consent: optional cookie-based personalization and non-essential communication workflows.

Data Categories

• Identity and account data: email, hashed password, role, and plan entitlements.
• Operational data: IP/log records, job metadata, and queue/rate-limit counters.
• File workflow data: uploaded inputs and generated outputs for conversion delivery.
• Billing data: subscription status and webhook event history from payment providers.

Data Subject Rights

Where applicable, you may request access, rectification, erasure, restriction, portability, and objection.

Submit GDPR requests to privacy@toolorahub.com. We verify identity and respond within statutory timelines.

International Transfers

If data is processed outside the EU/EEA, TooloraHub applies contractual and technical safeguards designed to maintain GDPR-equivalent protections.

Retention and Security

Conversion files are retained only as needed for delivery and system integrity. Access is limited by role, token-based authorization, and service-level controls.

Supervisory Authority

You may lodge a complaint with your local supervisory authority if you believe your data rights are violated.

Last updated: February 23, 2026.