Last modified: 24. 5. 2018
At Toshl we take privacy and data security very seriously. We believe in the right of our customers to know which data is collected, for what purpose and also in the right of our customers to control this data and remove it if they so wish. In accordance with our beliefs, we make great effort to ensure the transparency of the methods with which we process your data and how we ensure it is kept secure and confidential. We value your privacy and will never sell your personal information to anyone.
- WHAT WE DO WITH YOUR INFORMATION. We want to be clear about what information we collect and how we use it to deliver our Services to you, improve your financial life, operate our business, and help make our Services work better for you. We do not sell or share your Personal Information with third parties for their own commercial uses without your consent.
Types of Information We Collect. In connection with accessing our Services, we may collect information from you which can be used to identify you (“Personal Information”), such as your name, shipping/billing address, email address, phone, username and password.
We collect information when you register or open an account, sign in, pay a bill, purchase a Service, use a Service, call us for support, or give us feedback. We may also get information from other companies or third parties, such as when you sync a third-party account or service with your Toshl Service, or when we may use service providers to supplement the Personal Information you give us (e.g., validate your mailing address) to help us maintain the accuracy of your data and provide you with better service. Finally, we also collect content or other information that you may provide or create when you interact with our Services.
We may also automatically collect certain usage information when you access our Services (“Usage Data”), such as Internet Protocol (“IP”) addresses, log files, unique device identifiers, pages viewed, browser type, any links you click on to leave or interact with our Services, and other usage information collected from cookies and other tracking technologies. For example, we collect IP addresses to track and aggregate non-personal information, such as using IP addresses to monitor the regions from which users navigate to our Services. We also collect IP addresses from users when they log into the Services as part of our log-in and security features. We may also, when you enable location-based Services, collect Global Positioning System (GPS) location data and/or motion data.
Our Services may change over time and we may introduce new features that may collect new or different types of information.
How We Use Your Information. We may use your information, including your Personal Information, for the following purposes:
Account Registration. We may use your name, address, phone number, and email address to register your Toshl Account for certain Services we provide and to communicate important information to you. We may obtain additional Personal Information about you, such as address change information, from commercially available sources, to keep our records current.
Communicate with You and Tell You About Other Services. We may use your information to communicate with you about our Services and to give you offers for third party products and services that we think may be of use to you.
To Improve Services and Develop New Services. We will use your information to personalize or customize your experience and the Service, develop new features or services, and to improve the overall quality of Toshl’s Services.
To Provide Our Services and Operate Our Business. We may use your information to operate our business, including providing Services you requested, provide you with support related to our Services, and to help us protect our Services, including to combat fraud and protect your information.
Customer Service and Technical Support. We may use your name, address, phone number, email address, how you interact with our Services, and information about your mobile device or computer configuration to resolve questions you may have about our Services and to follow up with you about your experience.
Feedback. We may use any information you volunteer in surveys you answer for us and combine them with answers from other customers in order to better understand our Services and how we may improve them. Answering any survey is optional.
Research, Including Publishing or Sharing Combined Information from Many Users, But Only in a Way that Would Not Allow You or Any Other Person to be Identified. Only in a way that would not allow you or any other person to be identified, we may prepare and share information about our customers with third parties, such as advertisers or partners, for research, academic, marketing and/or promotional purposes. For example, we may share demographic data that describes the percentage of our customers who use a particular operating system. We or our third-party partners may publicly report the aggregated findings of the research or analysis but only in a way that would not allow you or any other person to be identified.
Log in When you log in to your Toshl account, we will collect certain information for security purposes in order to verify your authorized access to an account or to reset your password if you cannot access your Toshl account. Some Services may require added security and you may be asked to provide additional information. The email address and password that you use to sign up for a Toshl account are your “credentials” that you will use to authenticate with our network. We assign a unique ID number to your credentials to track you and your associated information.
How We Share Your Personal Information. From time to time, we may need to share your Personal Information with others.
Third Party Service Providers. We may share your information, including Personal Information and Usage Data, with third party service providers who perform various functions to enable us to provide our Services and help us operate our business, such as website design, sending email communications, fraud detection and prevention, customer care, or performing analytics. Our contracts with these third parties require them to maintain the confidentiality of the Personal Information we provide to them, only act on our behalf and under our instructions, and not use Personal Information for purposes other than the product or service they’re providing to us or on our behalf.
Most of these services will not receive any personal information unless the user activates a particular feature that requires the third party service to function. Where possible, data is pseudo-anonymized, meaning that while a unique id is present, it cannot be linked to particular personal information by the third party service provider.
Third party service providers we use on Toshl with their respective Privacy Policies and Terms of Service.
Adyen - provides various credit card and bank transfer payment options when upgrading to paid Toshl products on the Toshl website.
Adjust SDK - provides attribution of app downloads to particular marketing campaigns. https://www.adjust.com/privacy-policy/
Amazon AWS - Simple Email Service (SES) for sending Toshl emails. S3 storage for storing entry photos and invoice copies. https://aws.amazon.com/privacy/
Apple services - used for keychain log in, paying for App Store in-app purchases of Toshl products on iOS. https://www.apple.com/privacy/
Batch SDK - enables sending customised push notifications, and app usage analytics. https://batch.com/privacy-policy
Fabric SDK - provides the ability to capture and collect crash logs through the Crashlytics service and app usage statistics. https://fabric.io/terms
Facebook SDK (Android, iOS) - enables log in with a Facebook account, app usage analytics, improves targeting of Toshl’s marketing campaigns. Also enables sharing of Toshl posts from Settings upon user request. https://www.facebook.com/about/privacy
Firebase SDK (by Google) - sending mobile app push notifications, app usage analytics. https://policies.google.com/privacy
GitHub - version control, tracking software development progress, and issues to resolve. While personal information of users is not typically stored there, account email addresses might be mentioned on issues from time to time when it pertains to resolving an issue on a particular user account. https://help.github.com/articles/github-privacy-statement/
Google Analytics - app usage analytics. https://policies.google.com/privacy
Google Play services - enables log in with a Google account on Android, accessing location data when saved on entry upon user request, paying for in-app purchases of Toshl products. https://policies.google.com/privacy
Google Sign In SDK - enables log in with a Google account on iOS https://policies.google.com/privacy
Evernote - enables exporting reports directly to an Evernote account when requested by user. https://evernote.com/privacy
Kissmetrics - general and app usage analytics. https://signin.kissmetrics.com/privacy/
PayPal - provides a payment option when upgrading to paid Toshl products on the Toshl website. https://www.paypal.com/si/webapps/mpp/ua/privacy-full
Plaid - bank and financial account data aggregation. https://plaid.com/legal/#end-user-privacy-policy
Salt Edge - bank and financial account data aggregation. https://www.saltedge.com/pages/privacy_policy
Twitter - “Follow Toshl” button on the toshl.com website. Also enables sharing of Toshl tweets from Settings upon user request. https://twitter.com/privacy
Usersnap - used for “Report a bug” function on the web app which stores a screenshot of the web app for easier reporting. https://usersnap.com/privacy-policy
Zendesk - support system used for communicating with Toshl users via the web app support form or email. https://www.zendesk.com/company/customers-partners/privacy-policy/
Response to Subpoenas and Other Legal Requests. We may share your information with courts, law enforcement agencies, or other government bodies when we have a good faith belief we’re required or permitted to do so by law, including to meet national security or law enforcement requirements, to protect our company, or to respond to a court order, subpoena, search warrant, or other law enforcement request.
With your Consent. Other than as set out above, we will provide you with notice and the opportunity to choose when your Personal Information may be shared with other third parties.
Syncing, Linking, Connecting Your Bank Account or Other Third-Party Services with Your Toshl Service.
You may choose to sync certain Toshl Services with information from other financial accounts. To sync your financial account information, we must access your online account with your financial institution. We will request your user name, password, and any other login bank data that you have set up with your financial institution to enable access. We use this information to update and maintain the account information you download, to assist with the download process, and to enhance the Services we may provide in the future.
We work with other companies or developers to offer you products and services and you may choose to sync, link or connect other third-party services with your Toshl Service. Sometimes Toshl may let you know about the service or product, or another company may let you know about a Toshl service or product. It will be clear who is referring the service or product, and who is providing the service or product. If you choose to accept these services, providing your consent to either the third party or to us, we may exchange your information, including your Personal Information, as well as information about how you interact with each company’s service or product. This exchange of information is necessary to maintain business operations and to provide the ongoing service you’ve requested.
By requesting or accepting these products or services, you are permitting us to provide your information, including your Personal Information, to the other party.
- Managing Marketing Communications From Us. We will honor your choices when it comes to receiving marketing communications from us. You can adjust your preferences in your Toshl notification settings. Remember that even if you choose not to receive marketing communications from us, we will continue to send you mandatory service or transactional communications.
- Updating Your Personal Information. In connection with your right to manage your Personal Information you provide to us, you may access, update, change, correct or request deletion of your information either through the Service or through our customer support.
Cookies and Similar Tracking Technologies. The following is a high-level summary of our practices and your controls for cookies and other tracking technologies.
In accordance with applicable law, Toshl and our service providers may use commonly-used tools to recognize your visit and track your interactions with our Services such as cookies, web beacons, pixels, local shared objects, and similar technologies (collectively, “Cookies”). Sometimes this tracking is necessary in order for us to provide you the Service you requested. Other times, we combine Usage Data collected from Cookies with that of other customers to improve your and other customers’ experience. You have control over some of the Usage Data we collect from Cookies and how we use it. Information on changing your browser settings to opt out of Cookies can be found in your browser settings.
Toshl also uses advertising networks and other third parties to display advertising on our website or to manage our advertising on other sites. Our third-party partners may place Cookies on our Services and unaffiliated websites in order to serve advertisements that may be relevant to you based on your browsing activities and interests, and to determine the effectiveness of such advertisements.
You can opt out of interest-based advertising. Please note that even if you out-out of such Cookies or otherwise opt-out of interest-based advertising, you will still receive advertisements, they just won’t be tailored to your interests. Also, if you opt-out and later delete your Cookies, use a different browser, or buy a new computer, you may need to renew your opt-out choices.
- DATA RETENTION AND YOUR ACCESS RIGHTS.
- Data Retention. In accordance with and as permitted by applicable law and regulations, we will retain your information as long as necessary to serve you, to maintain your account for as long as your account is active, or as otherwise needed to operate our business. We may continue to communicate with you about our Services, give you important business updates that may affect you, and let you know about products and services that may interest you, unless you have opted out of receiving marketing communications. We may also continue to use some of your information for business purposes and to improve our offerings or in some cases to develop new ones. We will retain and use your information as required by applicable regulations and Toshl’s records and information management policies to comply with our legal and reporting obligations, resolve disputes, enforce our agreements, complete any outstanding transactions and for the detection and prevention of fraud.
- Your Access Rights.
- If you have created an online account with us and would like to update the Personal Information you have provided to us, you can access your account to view and make changes or corrections to your Personal Information.
- EU individuals and Swiss individuals have certain rights to access Personal Information about them, and to limit use and disclosure of their Personal Information. Toshl has committed to respect those rights. If you wish to request access, to limit use, or to limit disclosure, please contact us at support.toshl.com and please provide the name of the Toshl customer who submitted your Personal Information to our services. We will refer your request to that customer and will support them as needed in responding to your request.
- Right to erasure (right to be forgotten)
- Every user has the right and ability to control and delete their data. If you want to delete your data, go to user settings (Me) where you will find the link “Delete my account”. Once you confirm the deleting of your account, your data will be deleted and will no longer be kept on our servers. Because we keep daily backups to ensure data security, your data may still be present for a while in the backups, but it will also be deleted soon as it will be overwritten with newer backups. For legal and accounting reasons the data on past purchases of Toshl products will remain saved.
- Data portability
- We believe that everyone should be able to control their own data, so we try to enable as much data portability as possible. The data that you entered into Toshl can be exported into a variety of formats.
- Toshl data can also be accessed programatically using the Toshl Developer API. The Toshl API also enables access to all types of data stored in Toshl, such as budgets, location data, repeating settings etc. These types of data can be somewhat limited in other types of exports due to the technical limitations of the export formats.
- SECURITY OF YOUR INFORMATION. Keeping your Information safe is important to us.
We provide reasonable and appropriate security measures in connection with securing Personal Information we collect.
For example, we:
- Constantly work to update our security practices to implement accepted best methods to protect your Personal Information and review our security procedures carefully.
- Comply with applicable laws and security standards.
- Securely transmit your sensitive Personal Information.
- Train our staff and require them to safeguard your data.
- Use SSL encryption (https) of the Web app.
- Use encryption of data transfer between devices.
- Use encryption of the database for personal information.
- Provide an optional passcode authentication in the mobile apps.
- Never send sensitive information in plain text.
- Keep daily backups of servers.
- Store passwords with one way hashing algorithm so they are known only by you.
- Only Toshl Inc. employees may access the personal data on the servers and only for technical support purposes. Toshl employees will only access personal user data in case the user contacts us regarding a technical support issue and we need the information to solve the problem.
INTERNATIONAL DATA TRANSFERS.
In accordance with and as permitted by applicable law and regulations, we reserve the right to transfer your information, process and store it outside your country of residence to wherever we or our third-party service providers operate.
- Via Direct Mail. Toshl, Inc., Attention: Privacy, 795 Folsom St., 1st Fl., San Francisco, CA 94107 USA.
CHANGES TO OUR PRIVACY POLICIES. From time to time we may change or update our Privacy Policies. We reserve the right to make changes or updates at any time. More information about how we will notify you is below.
If we make material changes to the way we process your Personal Information, we will provide you notice via our Service or by other communication channels, such as by email or community post.
COLLECTION AND USE OF CHILDREN’S PERSONAL INFORMATION. We do not knowingly collect information from minors.
Toshl Services are intended for and directed to adults. Our Services are not directed to minors and we do not knowingly collect Personal Information from minors.
- YOUR CALIFORNIA PRIVACY RIGHTS.
We do not share your Personal Information with third parties for their marketing purposes without your consent.