Skip to Content

Privacy Policy

This Privacy Policy applies to the Toss mobile application ("Application") for iOS and Android, operated by Tossit ("Service Provider", "we", "us"). 
By using the Application you agree to the practices described below.

Information We CollectHow We Use Your InformationData Storage and RetentionThird-Party ServicesPermissions UsedIn-App PurchasesSecurityYour Rights (GDPR)Opt-OutChanges to This PolicyContact us

Information We Collect

Information you provide directly

  • Email address — collected when you sign in via magic link or Google OAuth (powered by Supabase). 
    Used for authentication and as your default capture destination.
  • Display name — optional. Used as the sender name on outgoing emails.
  • Email destinations — email addresses you add as capture destinations. 
    Stored locally on your device and sent to our server only when processing a capture.
  • Text captures — text you type and submit as a capture.
  • Voice recordings — audio recorded via the microphone when you use voice capture. 
    Uploaded to our server for transcription and AI processing.
  • Photos — images taken via the camera or selected from your library when you use photo capture.
  • Files — files selected from your device (any type, up to 10 MB) when you use file capture.

Information collected automatically

  • Device Internet Protocol (IP) address
  • Operating system and device type
  • App version and crash/error data (via Firebase Crashlytics)
  • Subscription and purchase status (via RevenueCat)

The Application does not collect precise location data.

How We Use Your Information

  • To deliver the core service — your captures (text, audio, photos, files) are forwarded as emails to the destination(s) you choose.
  • AI processing (Pro users) — voice recordings are transcribed using OpenAI Whisper. 
    Transcripts and capture content are processed by OpenAI GPT to generate titles, summaries, intent classification, and smart routing. 
    All AI processing happens server-side and asynchronously — it never blocks your capture.
  • Authentication — your email address is used to verify your identity via Supabase.
  • Subscription management — your purchase status is managed via RevenueCat to determine Free or Pro tier access.
  • Service improvement — anonymised, aggregated usage data may be used to improve the Application.
  • Communication — we may contact you at your account email address for important service updates. 
    We do not send marketing emails without your consent.

Data Storage and Retention

  • Captures are stored locally on your device (SQLite) until successfully sent, then kept in a local history log.
  • Captures transmitted to our server (hosted on Railway) are processed and forwarded by email. 
    We do not retain the content of your captures after delivery except for error logging purposes.
  • Account data (email, settings) is retained for as long as your account is active.
  • To request deletion of your data, contact us at hello@tossit.app
    We will respond within a reasonable time.

Third-Party Services

  • The Application uses the following third-party processors. Each has its own privacy policy.

    • Supabase — authentication and user management. Privacy Policy
    • OpenAI — AI transcription (Whisper) and content processing (GPT-4o mini) for Pro captures. Privacy Policy
    • Resend — transactional email delivery. Privacy Policy
    • RevenueCat — in-app subscription and purchase management. Privacy Policy
    • Railway — cloud hosting for the backend API. Privacy Policy
    • Firebase Crashlytics (Google) — crash reporting and diagnostics. Privacy Policy

    • We do not sell your personal data to any third party.

Permissions Used

  • Microphone (RECORD_AUDIO) — required for voice capture.
  • Camera — required for photo capture (long press on Attach button).
  • Storage / Media access — required to select files and photos from your device for file capture.
  • Internet — required to send captures and authenticate.

In-App Purchases

The Application offers a Pro subscription managed through Google Play Billing (Android) and Apple App Store (iOS) via RevenueCat. 
Payment information is handled entirely by the respective app store and is never processed or stored by us directly.

Security

We implement appropriate technical and organisational measures to protect your data, including encrypted data transmission (HTTPS), secure authentication tokens, and access controls on our backend infrastructure. 

No method of transmission over the internet is 100% secure, but we take reasonable steps to protect your information.

Your Rights (GDPR)

If you are located in the European Economic Area, you have the right to access, correct, or delete your personal data, restrict or object to processing, and request data portability. To exercise any of these rights, contact us at hello@tossit.app.

Opt-Out

You can stop all data collection by uninstalling the Application using the standard uninstall process on your device or via the app marketplace.

Changes to This Policy

We may update this Privacy Policy from time to time. 
We will notify you of material changes by updating the effective date at the top of this page. 
Continued use of the Application after changes constitutes your acceptance of the updated policy.

Contact us

If you have any questions about this Privacy Policy, please contact us at:
Email: hello@tossit.app