Download App

Privacy Policy

Last updated: April 14, 2026

1. Introduction

Welcome to Tolloop ("we," "us," or "our"). Tolloop operates the Tolloop mobile application and the website at https://tolloop.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services. If you have any questions about this Policy, please contact us at [email protected].

2. Information We Collect

2.1 Information You Provide

  • Name, email address, phone number, and country
  • Profile photo and profile details
  • Password (stored encrypted using bcrypt hashing)
  • Provider business details (for users listing services)
  • In-app chat messages exchanged with other users
  • Contracts and bookkeeping records associated with your account

2.2 Information Collected Automatically

  • Device information (model, OS version, language)
  • Firebase Cloud Messaging (FCM) token for push notifications
  • IP address
  • In-app usage analytics
  • Crash reports collected via Firebase Crashlytics
  • Recently viewed items and recent searches (stored locally on your device)

2.3 Information from Third Parties

  • Google AdMob advertising identifiers for ad delivery and measurement
  • Firebase telemetry for performance and reliability monitoring

3. How We Use Your Information

  • Account creation, management, and authentication
  • Enabling in-app chat between buyers and providers
  • Displaying your public profile within the marketplace
  • Sending push notifications relevant to your account and activity
  • Analytics and crash reporting to improve the service
  • Delivering personalized advertising through Google AdMob
  • Fraud detection and prevention
  • Legal and regulatory compliance

4. Data Storage & Security

4.1 Encryption

  • All network traffic is encrypted in transit via HTTPS/TLS
  • Sensitive tokens are stored in the iOS Keychain and Android Keystore
  • Passwords are hashed using bcrypt
  • Sensitive API payloads are protected with AES-256-GCM encryption

4.2 Local Device Storage

  • JWT authentication tokens
  • Cached profile data
  • Onboarding completion flag
  • Recently viewed items (maximum 20 entries)
  • Recent searches (maximum 10 entries)
  • Cached public images
  • All locally stored data is deleted when you log out

4.3 Server-Side Storage

  • Profile information
  • Chat history
  • Contracts and associated records

5. Data Sharing

We never sell your personal information. We share information only in the following circumstances:

  • With other users, limited to the public portions of your profile
  • With Cloudflare R2 for file and media storage
  • With Firebase (Google) for push notifications, crash analytics, and backend services — see firebase.google.com/support/privacy
  • With Google AdMob for advertising — see policies.google.com/technologies/ads
  • With email service providers for transactional emails (OTP, verification)
  • When required by law, court order, or to protect our legal rights

6. Advertising

The Tolloop app displays ads via Google AdMob, which may use advertising identifiers to personalize ads. You can limit ad personalization at any time:

  • Android: Settings → Google → Ads → Reset advertising ID (or opt out of personalization)
  • iOS: Settings → Privacy → Tracking

7. Push Notifications

We use Firebase Cloud Messaging (FCM) to deliver push notifications. You can disable notifications at any time from your device's system settings.

8. Your Rights

Subject to applicable law (including the GDPR), you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate information
  • Request deletion of your data
  • Withdraw consent where processing is based on consent
  • Data portability
  • Lodge a complaint with your local data protection supervisory authority

To exercise any of these rights, email [email protected]. We will respond within 30 days.

9. Account Deletion

You may delete your account at any time:

Your personal data will be deleted within 30 days of a valid request. Certain legal and financial records may be retained for up to 7 years as required by law.

10. Children's Privacy

Tolloop is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with information, please contact [email protected] and we will take steps to delete it.

11. International Data Transfers

Your information may be processed in countries other than the one in which you reside. We use industry-standard safeguards to protect your data during such transfers.

12. Data Retention

  • Active accounts: data retained while the account remains active
  • Inactive accounts: retained for 24 months, then eligible for deletion
  • Chat history: retained until you delete the messages or your account
  • Financial records: retained for 7 years to comply with legal requirements
  • Crash logs: retained for 90 days
  • Analytics data: retained for 14 months

13. Third-Party Links

The Tolloop app or website may link to third-party sites. We are not responsible for the privacy practices or content of those third parties.

14. Cookies and Tracking

The Tolloop mobile app does not use browser cookies. We do not use third-party tracking cookies.

15. User-Generated Content & Moderation

Chat messages and profile content are user-generated content (UGC). To keep the community safe:

  • Every message and every user profile includes an in-app Report button
  • Every user can be blocked in-app at any time
  • We actively moderate abusive, unlawful, or policy-violating content
  • All users must comply with our End User License Agreement (EULA) and Terms of Service

16. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via in-app notice or email prior to the changes taking effect.

17. Contact Us