Privacy Policy
Last updated
Overview
ToolCribr, LLC (“ToolCribr”, “we”) provides tool and asset tracking software for contractors and field service teams. This policy explains what we collect, why we collect it, and what you can ask us to do with it.
This policy covers the ToolCribr web application and API. It does not cover any third-party site we link to.
Who controls your data
ToolCribr is a multi-tenant business product. When your employer or contractor organization creates an account, that organization controls the data in it and decides who may access it. If you are a crew member or subcontractor, direct requests about your data to your organization’s administrator first — they can change or remove your records directly.
We act as a processor on that organization’s behalf for the operational data they put into the platform.
What we collect
We collect the following categories of data:
- Account information. Name, email address, role, and organization membership, used to authenticate you and decide what you may see.
- Operational data. The records you create in the product: tools, assets, checkouts, returns, transfers, rentals, consumables, jobs, locations, certifications, and photos you upload.
- Custody and audit records. A tamper-evident, append-only log of who took custody of what, and when. These records are retained for the integrity of the chain of custody and cannot be edited after the fact.
- Billing information. Subscription tier, billing status, and payment records. Card details are handled by Stripe and are never stored on our servers.
- Technical data. Log and diagnostic data such as timestamps, error traces, and request metadata, used to keep the service running and to investigate problems.
We do not sell your data, and we do not use it to train third-party advertising models.
Location data
Some workflows can record the location of a device at the moment a custody event is captured, where your organization has enabled it and your device has granted permission. This is used to establish where a tool changed hands. You can decline the browser permission; the workflow still completes without it.
How we use it
We use your data to operate the service: authenticating you, enforcing which organization’s records you may reach, running the workflows you invoke, sending the alerts and reports you configure, billing your subscription, and diagnosing faults. We also use aggregate, non-identifying usage information to decide what to build next.
Who we share it with
We share data only with the vendors required to run the product, and only to the extent they need it:
- Supabase — database, authentication, and file storage.
- Stripe — subscription billing and payment processing.
- Railway — application hosting.
- Sentry — error monitoring and diagnostics.
We may also disclose data where we are legally required to, or where it is necessary to investigate abuse or protect the service. If ToolCribr is ever acquired, your data may transfer with the business; we will say so before that takes effect.
If your organization reaches ToolCribr through a reseller or partner integration, that partner may provision your organization and receive the operational metadata needed to administer it.
How we protect it
Every tenant’s data is isolated at the database layer, and access is derived from your authenticated session rather than from anything a browser can supply. Data is encrypted in transit. API keys are stored only as hashes, and stored credentials are encrypted at rest. The audit trail is hash-chained so that alteration is detectable.
No system is perfectly secure. If we discover a breach affecting your data, we will notify affected organization administrators.
How long we keep it
We retain operational data for as long as your organization’s account is active. When an account is closed, we delete or anonymize its data within 90 days, except where we must retain records to meet a legal, tax, or accounting obligation.
Audit and custody records are retained for the life of the account by design — they exist to answer “who had this, and when” after the fact, and are not editable.
Your rights
You may request access to the personal data we hold about you, ask us to correct it, or ask us to delete it. Depending on where you live, you may also have the right to object to processing or to receive a portable copy. Because your organization controls its own records, we will usually route your request through your administrator.
To make a request, contact us at privacy@toolcribr.com.
Cookies
We use cookies that are necessary for the product to function — principally to keep you signed in. We do not use advertising or cross-site tracking cookies.
Children
ToolCribr is a workplace tool and is not directed at children. We do not knowingly collect data from anyone under 16.
Changes to this policy
If we make a material change, we will update the date at the top of this page and notify organization administrators before it takes effect.
Contact
Questions about this policy can go to privacy@toolcribr.com. See also our Terms of Service.