LEGAL
Privacy Policy
⚠ DRAFT — REQUIRES LEGAL REVIEW. Solid SaaS-standard boilerplate adapted to ALL IN Tools realities. Not yet reviewed by counsel.
Last updated: 2026-05-03
This Privacy Policy explains how AllInNation, LLC ("we," "us") collects, uses, shares, and protects information in connection with the ALL IN Tools platform at app.allintools.com, the marketing site at allintools.com, and related subdomains and pages (the "Service").
1. Information We Collect
- Account information. Name, email, phone, password hash, role, tenant assignment, and 2FA configuration of users who sign in.
- List / lead information. When you join our list, the name, email, company, and interest you submit through our public forms.
- Customer Content. Records, contacts, deals, tickets, files, messages, call recordings, transcripts, and other data you and your users submit to the Service.
- Billing information. Limited card metadata (last four digits, expiry, brand) and processor customer/payment-method tokens. We do not store full card numbers.
- Usage and telemetry. Login events, IP addresses, user agents, pages visited, API calls, error logs, and feature-usage counters. Used to operate, secure, and improve the Service.
- Communications you send through the Service. Outbound SMS, voice calls, voicemail, transactional email, and inbound replies, which flow through our subprocessors.
- Cookies and local storage. Auth tokens, theme preference, and short-lived UI state.
2. How We Use Information
We use the information we collect to provide, secure, monitor, and improve the Service; bill you and prevent fraud; send transactional notifications and, where you have opted in, product updates; power AI features in the modules you have enabled; comply with legal obligations; and enforce these Terms and our Acceptable Use Policy.
We do not sell your information. We do not use Customer Content from one tenant to train AI models on behalf of another.
3. Subprocessors
The Service relies on third-party subprocessors — for card processing, SMS/voice, email delivery, AI assistants, and hosting/backups. Each is bound by a contractual data-protection agreement and processes data on our instructions. We keep the current list available on request and announce material additions at least 14 days in advance.
4. AI Processing
When you use an AI feature, the prompt and the context the assistant needs are sent to the AI provider configured for that function. Providers are contractually prohibited from using API content to train their general models. Outputs are returned to your tenant only and are not visible to other tenants. You can opt out by disabling AI modules in your settings.
5. Data Retention
| Data class | Retention |
|---|---|
| Customer Content while subscription active | Indefinite (you control deletion) |
| Customer Content after cancellation | 90 days, then hard-deleted unless under legal hold |
| List / lead information | Until you ask us to remove it |
| Billing records and tax-relevant invoices | Up to 7 years (tax/audit obligation) |
| Authentication logs | 12 months |
| Suppression / opt-out lists | Indefinite (regulatory) |
6. Your Rights
Depending on where you live, you may have the right to access, correct, delete, port, object to or restrict, and withdraw consent for the processing of your personal information. To exercise any of these, email privacy@allintools.com from the email address tied to your account. We respond within the timeframes required by applicable law.
California (CCPA/CPRA). California residents have the rights above plus the right to non-discrimination for exercising them. We do not sell or share personal information for cross-context behavioral advertising.
EEA / UK (GDPR). AllInNation acts as the data processor for Customer Content (the customer is the controller) and as the data controller for account, billing, telemetry, and security data.
7. Security
We use industry-standard practices: TLS in transit, encryption at rest for backups, bcrypt password hashing, token revocation, per-account login lockout, rate limiting, hardened HTTP headers, single-origin CORS, role-based access control, audit logging, and 2FA for privileged accounts. Report vulnerabilities to security@allintools.com.
8. Children
The Service is not directed to children under 13 (or 16 where that is the threshold) and we do not knowingly collect their personal information.
9. International Transfers
Data is hosted in the United States. If you access the Service from outside the U.S., your information is transferred to and processed in the U.S. We rely on standard contractual clauses where required.
10. Changes to This Policy
We will post material changes at least 14 days in advance.
11. Contact
Privacy questions: privacy@allintools.com. For legal process: legal@allintools.com.