At Toshl we take privacy and data security very seriously. We believe in the right of our customers to know which data is collected, for what purpose and also in the right of our customers to control this data and remove it if they so wish. In accordance with our beliefs, we make great effort to ensure the transparency of the methods with which we process your data and how we ensure it is kept secure and confidential.
We value your privacy and will never sell your personal information to anyone.
Types of data we collect and what is it used for
Manually entered financial data
It's kept so you have information about what, when, where and how much you have spent. Based on that we can also draw graphs and produce other statistics about your spending that you may find of interest. The user entered data can consist of: category, tag, amount, date, description, account, currency, reminders, repeats, photos, budgets, saving goals or any other data that the user entered.
Automatically imported financial data
This is the data that was automatically imported from a data source that the user authorised for importing. It can consist of a data from a financial institution or 3rd party application. The data imported is basically everything that you see on your bank statement. Based on this, Toshl will try to automatically assign the type of data (expense, income, transaction), categorise and tag it to fit into your Toshl system. Automatic importing can be deactivated at any time in the Import Settings.
Toshl users can choose to record location data together with their expenses. This can be enabled or disabled when adding an expense in the Toshl apps. Toshl will record the most precise coordinates it can gather from the mobile or web app. Based on those coordinates it will suggest venues where the expense or income took place. Recording of the location and venue information is optional.
Your email is required for the functioning of Toshl services, it is the unique ID of your account and the principal manner of communication with Toshl. It is also necessary to reset your password in case you forget it.
First and last name
We ask you for your first and last name during the sign up, but we make it clear that it is optional. Your name will only be used so that we can address you nicely with notifications and when providing user support. You can use the free account anonymously if you like, with an email address that does not reveal your identity. When upgrading to Toshl Pro we will need to know your name to verify the payment information.
Social network connections
Users that choose to log in to Toshl using their social network accounts or connect with them for posting will have those connections saved in Toshl. With Facebook and Google Plus, we ask for your name, email address and ID. ID is simply a unique semi-random number assigned to your account on each social network so your account has a unique identifier. On Foursquare we only remember the random token generated by Foursquare to log you in.
In case you want to post a monster tip or a post for Toshl Pro discount on any of the social networks, we will ask you for posting permissions. Any posting will be done only with your expressed permission. Toshl will not post anything automatically without your confirmation of the content.
To enable you to securely log in, we need to keep your password in our database. The passwords are kept in an encrypted form. We will never send you your password. In case you forget it, we will reset your password using the email address you provided, so you can then set a new password.
Toshl remembers the local settings for your account and devices, such as the time zone, date format, currency and language you use. This is remembered so that you always have a pleasant experience with the correct default settings.
Mobile device name and unique id
In order for all your financial data to be synced correctly across different devices, we need to retain some information about them. The name of the device (e.g. Dan's iPhone 6), the version of the Toshl mobile app it's running, when it was last synced and the IP address of the device when the last sync was done. We also need a unique ID of your device. On some mobile platforms that is the IMEI number (Android, Windows Phone), or a more abstract unique device identifier (iOS). This is used so we can differentiate between devices for data sync. You can remove a device at any time in the Settings.
Payment records of Toshl Pro upgrades
We keep a list of your past purchases of Toshl Pro, with the amount, date, ID and payment method of the purchase as well as the purchaser's name and billing address. We do not keep your credit card number on Toshl servers. That information is kept by the payment providers in-app (Apple, Google, Microsoft) or credit card (Adyen, Amazon, PayPal) purchases.
Analysis of anonymous aggregated data
We use anonymous and aggregated financial data gathered in the Toshl services for statistical analysis and comparison. Data used in such analysis is first stripped of any personally identifiable information. Data in the analysis is aggregated, meaning that any information produced on the basis of such analysis will contain data from a great number of different sources so they cannot be traced to an individual.
Examples of how the anonymous aggregated statistics can be used:
Monster tips are available to all Toshl users and offer entertaining content based on comparing one's own spending to the averages of other Toshl users. That way you can compare how much you spend e.g. on rent, compared to other people in your or other countries. There are endless automatically generated comparisons, which provide a entertaining insight into spending around the world. The only concrete number for an individual user that can be seen in monster tips is your own. No one else can access your individual data. Only completely anonymous, greatly aggregated and averaged data is available to other users.
From time to time we produce infographics displaying interesting bits of statistical data. For example, the differences between countries in earning and spending, differences between users of mobile platforms etc. As with all data comparisons, the data used is strictly anonymous and aggregated. Past examples of financial infographics can be seen at: https://toshl.com/financial-infographics/.
Third party data analysis
We may provide anonymous and aggregated statistical data to third parties for commercial or scientific analysis. As with all such analysis, no personal information is exchanged. Third parties do not have direct access to Toshl data. Upon contractual agreement, we can provide exports of anonymous aggregated data to third parties. Example uses of such data can be comparing the spending at a retail chain in a specific country and time period, or comparing the general macroeconomic outlook of a country to the official economic forecasts.
Deleting data - Right to be forgotten
Every user has the right and ability to control and delete their data. If you want to delete your data, go to Settings where you will find the link "Delete my account". Once you confirm the deleting of your account, your data will be deleted and will no longer be kept on our servers. Because we keep daily backups to ensure data security, your data may still be present for a while in the backups, but it will also be deleted soon as it will be overwritten with newer backups. For legal and accounting reasons the data on past purchases of Toshl Pro will remain noted.
Personal and financial data that you have entered into Toshl can be edited. Your personal data is editable in user account settings and the financial data is editable throughout the mobile and web apps. Some data such as the IMEI number of your phone is unmodifiable, but you may always choose to remove your device if you wish.
We believe that everyone should be able to control their own data, so we try to enable as much data portability as possible. The data that you entered into Toshl can be exported into a variety of formats. You can download you expense, income and transaction data in CSV, PDF and Excel formats. Additionally, you can choose to send your data to your Google Documents or Evernote accounts.
Toshl data can also be accessed programatically using the Toshl Developer API. The Toshl API also enables access to all types of data stored in Toshl, such as budgets, location data, repeating settings etc. These types of data can be somewhat limited in other types of exports due to the technical limitations of the export formats.
We use session cookies containing encrypted information to allow the system to uniquely identify you while you are logged in. Such cookies are deleted immediately once you close your web browser's window.
We also use a more permanent cookie if you check the option "Remember me" when you Log in. That cookie is then read the next time you visit the site so you don't have to log in manually each time.
Social network cookies
If you are a user of various social networks you very likely already have cookies provided by those social networks on your computer. As we use the Like / Tweet/ +1 buttons on our title page and allow Log in using Facebook, Google and Etalio identities, those social networks are able to detect your presence on toshl.com using their cookie already stored on your computer. These cases are covered by the privacy policies of the social networks that you use.
Google Analytics cookie
As a great number of internet sites, we use Google analytics to measure the usage of our website. Google Analytics uses a cookie to more efficiently track individual users of the site.
Do Not Track
We are however legally obliged to disclose that: "At present, Toshl does not respond to or alter its practices when a Do Not Track signal is received."
Anonymous use of Toshl
You are free to use Toshl completely anonymously if you like, within the technical limitations. We ask for your name during sign up, because we can then address you more nicely in our messages to you. Naturally you can leave it empty or fill in false data if you prefer. We also require a working email address, to prevent fake automatic registrations.
There are limitations to anonymity when upgrading to Toshl Pro, as we are required to know your name for payment information.
Security and secrecy
We take precautions and enforce safety measures to ensure that your data is kept confidential and safe.
- SSL encryption (https) of the Web app
- encryption of data transfer between devices
- encryption of the database
- optional passcode in the mobile apps
- we never send sensitive information in plain text
- daily backups of servers are kept
- your passwords are stored with one way hashing algorithm and are known only by you
- you cannot retrieve a lost password, you can only set a new one once you receive the reset e-mail
- Only Toshl Inc. employees may access the personal data on the servers and only for technical support purposes. Toshl employees will only access personal user data in case the user contacts us regarding a technical support issue and we need the information to solve the problem.
Contact regarding privacy
If you have further questions regarding privacy with Toshl and have already signed up in Toshl, the best way to contact us is through our support system at http://support.toshl.com. You can also contact us by email at firstname.lastname@example.org.