Privacy Policy

• Account data — email, name (if provided), authentication identifiers from Google.
• Project data — your sites, topics, brand voice, generated posts, and publish settings.
• WordPress connection — OAuth tokens or app passwords you provide to publish on your behalf.
• Billing data — handled by Stripe; we store customer IDs and subscription status, not card numbers.
• Usage data — basic logs (timestamps, errors, feature usage) to operate and debug.

• Run the service: research, draft, image-gen, publish, and monitor your posts.
• Bill subscriptions and prevent abuse.
• Send transactional and security notifications.
• Improve the product — aggregated/anonymized signals only.

Your topics and brand instructions are sent to AI providers (currently Google, OpenAI, and Anthropic via the Lovable AI Gateway, plus Firecrawl for web research) to generate posts and images. These providers do not train on your data.

We don't sell your data. We share only with subprocessors needed to run toba: Stripe (billing), Cloudflare (hosting/CDN), Supabase (database/auth), Lovable AI Gateway, Firecrawl, and email providers.

Data is encrypted in transit (TLS) and at rest. WordPress credentials are stored encrypted. Access is restricted to authorized personnel.

We keep account and post data while your account is active. On deletion, we remove personal data within 30 days, except where retention is legally required (e.g. invoices).

You can access, export, correct, or delete your data at any time from settings, or by emailing privacy@toba.ai. EU/UK residents have rights under GDPR; California residents under CCPA.

We use essential cookies for authentication and basic analytics. No advertising trackers.

toba isn't for users under 18.

Privacy questions: privacy@toba.ai