Privacy Policy

Last updated: February 10, 2026

1. Introduction

ToggleTown ("we", "us", "our") operates the toggletown.com website and the ToggleTown feature flag platform. This Privacy Policy explains how we collect, use, and protect your personal information when you use our services.

2. Information We Collect

We collect the following personal data:

  • Account information: Email address and password (hashed) when you create an account
  • Billing information: Payment details are processed by our payment provider (Polar) — we do not store credit card numbers
  • Usage data: API call counts, feature flag configurations, and project data you create within the platform
  • Feedback: Messages, ratings, and feature requests you voluntarily submit (can be submitted anonymously)
  • Technical data: IP addresses and browser information in server logs for security and debugging purposes

3. How We Use Your Information

  • To provide and maintain the ToggleTown platform
  • To authenticate your identity and manage your account
  • To process payments and manage subscriptions
  • To send transactional emails (team invitations, account notifications)
  • To respond to your feedback and support requests
  • To monitor and improve the performance and security of our services

4. Data Sharing

We do not sell your personal data. We share data only with the following third-party services necessary to operate our platform:

  • Polar — Payment processing (receives your email for billing)
  • Resend — Transactional email delivery (receives recipient email addresses)

We may also disclose information if required by law or to protect our rights and safety.

5. Data Security

  • Passwords are hashed using bcrypt and never stored in plaintext
  • All data is transmitted over HTTPS/TLS encryption
  • API keys are cryptographically generated and can be rotated at any time
  • Webhook payloads are signed with HMAC-SHA256
  • Access to production systems is restricted and monitored

6. Data Retention

We retain your account data for as long as your account is active. Audit logs are retained based on your plan: 30 days (Free), 90 days (Pro), or unlimited (Team). If you delete your account, we will delete your personal data within 30 days, except where we are required by law to retain it.

7. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and associated data
  • Export your data in a portable format
  • Object to processing of your data

To exercise any of these rights, contact us at [email protected].

8. Cookies

ToggleTown does not use cookies. Authentication is handled via JWT tokens stored in your browser's local storage. We do not use tracking cookies or third-party analytics cookies.

9. SDK Data

The ToggleTown SDKs send an API key to our servers to fetch flag configurations. The SDKs do not transmit end-user personal data to our servers. Flag evaluation happens locally within the SDK — user context data (such as user IDs or attributes you pass for targeting) never leaves your application.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on our website. Your continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact

For privacy-related inquiries, contact us at [email protected].