Mobile phone numbers and SMS content collected through ToolBelt are never sold, shared, leased, or rented to third parties, affiliates, or lead generators for marketing or promotional purposes. They are used solely to deliver appointment scheduling messages for the specific business that obtained the consumer's consent. Full opt-in disclosure: /sms-opt-in · full terms in Section 4 below.
ToolBelt Tools LLC (“ToolBelt Tools,” “we,” “our,” or “us”), doing business as ToolBelt, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, SMS messaging services, and related services (collectively, the “Service”).
Please read this Privacy Policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy.
| Data Type | Examples | Purpose |
|---|---|---|
| Account Information | Name, email address, phone number, password | Create and manage your account |
| Business Information | Business name, address, industry, EIN | Set up your business profile |
| Identity Information | Last 4 digits of SSN, date of birth | Verify your identity for payments |
| Payment Information | Bank account details, routing numbers | Process payments and payouts |
| SMS/Phone Information | Mobile phone number, text message content | Provide AI-powered appointment scheduling via SMS |
| Data Type | Examples | Purpose |
|---|---|---|
| Device Information | Device type, operating system, unique device ID | Improve app performance |
| Usage Data | Features used, time spent, actions taken | Improve our Service |
| Log Data | IP address, access times, app crashes | Security and troubleshooting |
| SMS Metadata | Message timestamps, delivery status, opt-in/opt-out status | Manage SMS communications and compliance |
We receive information from third-party services you connect to your account, including financial institutions through Plaid (see Section 3).
We use Plaid Inc. (“Plaid”) to connect your bank accounts to our Service. When you link your bank account, you will be directed to Plaid’s interface to provide your credentials.
What Plaid Collects:
By using Plaid, you authorize Plaid to collect and share the following information from your financial institution:
Plaid’s Privacy Policy:
Plaid’s use of your data is governed by their privacy policy, available at: https://plaid.com/legal/#end-user-privacy-policy
Your Control:
You can disconnect your bank account at any time through the app settings or by contacting us.
ToolBelt offers an optional integration with Google Analytics that lets you view your Google Analytics 4 (GA4) reports inside the ToolBelt dashboard. If you choose to connect your Google account, the following terms apply. If you never connect a Google account, none of this section applies to you.
OAuth Scope Requested:
When you connect your Google account, ToolBelt requests a single OAuth scope:
https://www.googleapis.com/auth/analytics.readonly — read-only access to your Google Analytics 4 reports.How We Use Google Account Data:
We use this access solely to fetch report data (sessions, users, traffic sources, page metrics, and similar GA4 dimensions and metrics) from the Google Analytics Data API and Google Analytics Admin API, and to display that report data inside the ToolBelt dashboard for the account owner. We do not:
Storage and Security:
Your Google OAuth refresh token is stored encrypted at rest using AES-256-GCM on our servers and is used only to obtain short-lived access tokens when you view reports inside ToolBelt. Access tokens are held in memory only and are not persisted after the request that uses them. The state token used during the OAuth handshake is HMAC-SHA256 signed and expires after 10 minutes.
Your Control:
You can revoke ToolBelt’s access to your Google account at any time, either by disconnecting inside the ToolBelt app (Marketing → Analytics → Disconnect) or by visiting your Google Account permissions page at https://myaccount.google.com/permissions. Disconnecting deletes the stored refresh token from our servers.
Limited Use Disclosure:
ToolBelt’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
ToolBelt provides AI-powered appointment scheduling and booking management via SMS text messaging. This section describes how we handle data related to our SMS services.
When a customer texts a business phone number managed through ToolBelt, an AI assistant responds to help schedule, reschedule, or cancel appointments. Messages are processed through Twilio, our SMS service provider, and our AI systems to generate appropriate responses.
| Data Type | Examples | Purpose |
|---|---|---|
| Phone Numbers | Customer and business mobile/phone numbers | Deliver and receive SMS messages |
| Message Content | Text of inbound and outbound messages | Process appointment requests and generate AI responses |
| Conversation Metadata | Timestamps, delivery status, message count | Track conversation state and ensure delivery |
| Opt-In/Opt-Out Status | STOP, START, HELP keyword responses | Manage consent and comply with TCPA regulations |
| AI-Detected Intent | Booking intent, service preferences, scheduling data | Improve AI responses and complete bookings |
No mobile information (including phone numbers and opt-in consent data) will be shared with or sold to third parties, affiliates, or lead generators for marketing or promotional purposes. Mobile opt-in data and consent records are never sold or transferred for any purpose other than delivering the SMS scheduling service described in this policy.
SMS data is only shared with the following service providers solely to operate the scheduling service:
We do not sell, share, lease, or rent consumer mobile numbers or message content to third parties, affiliates, or lead generators for advertising or marketing purposes. Numbers are used solely to facilitate appointment scheduling for the business that collected the consent.
ToolBelt obtains express written consent through one of three documented, auditable opt-in flows before any SMS message is sent to a consumer:
sms_consent_audit log.Opt-Out:
Opt-In (re-subscribe after opting out):
Help:
Message and data rates may apply. Message frequency varies based on your interaction with the scheduling assistant.
| Data Type | Retention Period |
|---|---|
| SMS Conversation History | Duration of business account + 1 year |
| Message Content | Duration of business account + 1 year |
| Opt-Out Records | Indefinitely (required for compliance) |
| AI Conversation Context | Duration of active conversation |
| Purpose | Description |
|---|---|
| Provide Services | Process payments, payouts, transactions, and AI-powered SMS scheduling |
| Verify Identity | Confirm you are who you say you are (KYC compliance) |
| Prevent Fraud | Detect and prevent fraudulent transactions |
| Communicate | Send receipts, notifications, appointment confirmations, and support messages |
| Improve Service | Analyze usage to improve features and user experience |
| Legal Compliance | Meet legal and regulatory requirements including TCPA |
We do not sell your personal information. We may share your information with:
| Provider | Purpose | Data Shared |
|---|---|---|
| Plaid | Bank account connections | Bank credentials, account info |
| Stripe | Payment processing | Payment details, transaction info |
| Firebase / Google Cloud | Data storage and authentication | Account data, usage data |
| Twilio | SMS message delivery | Phone numbers, message content |
| Anthropic | AI-powered conversation processing | Message content (anonymized) |
| Google Analytics (optional) | Display your GA4 reports inside ToolBelt | GA4 report data via read-only OAuth (see Google Account Integration section above) |
| Postmark | Transactional and marketing email delivery | Recipient email, subject, body, delivery metadata |
We may disclose your information if required to:
If ToolBelt is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
We may share your information for other purposes with your explicit consent.
| Security Measure | Description |
|---|---|
| Encryption in Transit | All data transmitted using TLS 1.2 or higher |
| Encryption at Rest | All stored data encrypted using AES-256 |
| Access Controls | Limited access based on role and necessity |
| Multi-Factor Authentication | Required for all administrative access |
| Monitoring | Continuous monitoring for unauthorized access |
| SMS Security | Twilio webhook signature validation on all inbound messages |
While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
| Data Type | Retention Period |
|---|---|
| Account Information | Duration of account + 2 years |
| Transaction Records | 7 years (legal requirement) |
| Bank Account Tokens | Until you disconnect the account |
| Usage Data | 1 year |
| SMS Conversation History | Duration of business account + 1 year |
| SMS Opt-Out Records | Indefinitely (compliance requirement) |
After the retention period, data is securely deleted or anonymized.
You can request a copy of the personal information we hold about you.
You can update or correct your account information at any time through the app.
You can request deletion of your account and personal information. Note that some data may be retained for legal compliance.
You can disconnect linked bank accounts at any time through:
You can stop receiving SMS messages at any time by replying STOP to any message. See Section 4.5 for full details on SMS consent management.
You can opt out of promotional communications by:
Our app does not currently respond to “Do Not Track” signals.
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
| Right | Description |
|---|---|
| Right to Know | Request what personal information we collect, use, and share |
| Right to Delete | Request deletion of your personal information |
| Right to Opt-Out | Opt out of the sale of personal information (we do not sell your data) |
| Right to Non-Discrimination | We will not discriminate against you for exercising your rights |
To exercise these rights, contact us at privacy@tools-belt.com.
Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn we have collected information from a child under 18, we will delete it promptly.
Your information may be transferred to and processed in the United States, where our servers are located. By using our Service, you consent to this transfer.
Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.
We may update this Privacy Policy from time to time. We will notify you of any changes by:
Your continued use of the Service after changes constitutes acceptance of the updated policy.
If you have questions about this Privacy Policy or our privacy practices, please contact us:
ToolBelt Tools LLC (d/b/a ToolBelt)
Email: davidperez@tools-belt.com (general)
Privacy & Technical: logan@tools-belt.com
Mail: 43 Hope Road, Blairstown, NJ 07825
Co-Founder & Co-CEO: David Perez
Co-Founder & Co-CEO: Logan Garriques
By using ToolBelt, you consent to: