ToolSwift LogoTrust Center

Data Practices

We are transparent about how we handle your data. Learn about our data retention policies, deletion procedures, and your rights regarding your data.

Data Retention Policies

We retain your data only for as long as necessary to provide our services and comply with legal obligations. Retention periods vary depending on the type of data and its purpose.

General Retention Principles:

  • Account Data: Retained while your account is active and for a reasonable period after deletion
  • Transaction Data: Retained as required for tax and legal compliance (typically 7 years)
  • Business Data: Retained as necessary for business operations and service delivery

Specific retention periods may vary based on legal requirements, business needs, and the nature of the data. After retention periods expire, data is securely deleted or anonymized where possible.

For specific questions about data retention, please contact us at info@toolswift.ca

Data Deletion Procedures

You have the right to request deletion of your personal data. We have procedures in place to securely delete data upon request.

Deletion Process:

  • Submit a deletion request via email.
  • We verify your identity before processing the request
  • Data is deleted within 30 days of verification
  • Some data may be retained for legal compliance (e.g., transaction records)
  • Backup data is deleted within 90 days

To Request Deletion: privacy@toolswift.ca

Data Export Capabilities

You have the right to receive a copy of your personal data in a structured, commonly used, and machine-readable format.

Export Options:

  • Request a complete data export via email.

Exportable Data Includes:

  • Account information and profile data
  • Order history and transaction data
  • Quotes history data
  • Store details and inventory data
  • Customer data
  • Store analytics and sales data

To Request Export: info@toolswift.ca

User Data Rights

You have comprehensive rights regarding your personal data under GDPR, CCPA, and other applicable privacy laws.

Your Rights Include:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to certain types of processing
  • Right to Withdraw Consent: Withdraw consent for data processing

To exercise these rights, contact us at info@toolswift.ca

Data Security Measures

We implement security measures to protect your data throughout its lifecycle. Our infrastructure leverages AWS and Vercel's built-in security features.

Password Security

  • Passwords are hashed using bcrypt with 10 salt rounds
  • Passwords are never stored in plain text
  • One-way hashing ensures passwords cannot be reversed

Infrastructure Security

  • TLS/SSL encryption for all data in transit (handled by AWS Load Balancer and Vercel)
  • AWS-managed encryption for backend infrastructure
  • Encrypted connections to MongoDB database
  • Vercel provides automatic SSL/TLS for frontend traffic
  • AWS EC2 with Nitro System for hardware-based security
  • AWS Application Load Balancer for traffic distribution and SSL termination
  • AWS Firewall (WAF) for web application protection and DDoS mitigation

Access Controls

  • Secure authentication for user accounts
  • AWS IAM for infrastructure access management
  • Network-level access controls through AWS security groups
  • Session management for user authentication

For more details, see our Security page.

Third-Party Data Sharing

We may share your data with trusted third-party service providers who help us operate our business, subject to strict confidentiality agreements. All third-party providers are contractually obligated to protect your data and use it only for specified purposes.

Third-Party Services We Use:

  • Google Merchant Center: E-commerce listing and product catalog management service for online product listings
  • Facebook Catalog: Product catalog service for advertising and e-commerce integrations
  • Klaviyo: Email marketing and customer engagement platform for marketing communications

Categories of Third Parties:

  • Cloud Providers: AWS and Vercel for hosting and infrastructure services
  • E-commerce Platforms: Google Merchant Center and Facebook Catalog for product listing and catalog management
  • Marketing Services: Klaviyo for email marketing and customer engagement
  • Payment Processors: Secure payment processing services (as applicable)

Data shared with these services is limited to what is necessary for their specific functions and is subject to their respective privacy policies and our contractual agreements.

Contact for Data Requests

To exercise your data rights or request information about our data practices, please contact us:

We will respond to your request within 7 days, or as required by applicable law.