Privacy Policy

Effective Date: March 30, 2026

This Privacy Policy describes how Product Labs, operated by N. Barrett ("we," "us," or "our"), collects, uses, and shares information when you use ToolAudit at toolaudit.ai (the "Service"). We believe in transparency about data practices and have written this policy in plain language.

1. Information We Collect

We collect the following categories of information:

• Email address: Collected when you subscribe to our newsletter, sign up for a Pro account, or use our priority support form.
• Payment information: Processed securely through Stripe when you purchase a Pro subscription. We do not store credit card numbers or bank account details on our servers. Stripe handles all payment data under PCI-DSS standards.
• Account data: If you subscribe to ToolAudit Pro, we store your email address, subscription status, plan type, and billing period in our database.
• Outbound click data: When you click a "Visit Website" link to an external tool, we log the tool name, timestamp, and referrer. This helps us understand which tools are most popular and improve our directory.
• Affiliate link clicks: Some outbound links are affiliate links. When you click these, the click is tracked separately so we can receive commissions from tool vendors. See Section 8 (Affiliate Disclosure) for details.
• Analytics data: We use Vercel Analytics and Vercel Speed Insights to understand how visitors use our site. Vercel Analytics is cookie-free and privacy-friendly — it collects aggregated page view and visitor data without storing personal identifiers.

2. Authentication and Cookies

When you sign in to ToolAudit Pro, we use a magic link system. Here is how it works:

• You enter your email address, and we send you a one-time sign-in link via Resend (our email provider).
• Magic link tokens are stored in our database, expire after 1 hour, and can only be used once.
• After you click the magic link, we set an httpOnly JWT cookie called pro_token on your browser. This cookie is used solely to keep you signed in and verify your Pro subscription status. It expires after 1 year.

We do not use advertising cookies, third-party tracking pixels, or retargeting cookies. The pro_token cookie is the only cookie set by ToolAudit, and it is strictly functional.

3. How We Use Your Information

We use the information we collect for these purposes:

• Providing the Service: To authenticate your account, deliver Pro features, and process subscription payments.
• Transactional emails: To send magic link sign-in emails, subscription confirmations, and critical service announcements. These are necessary to operate the Service.
• Newsletter: If you subscribe to our newsletter (via Beehiiv), we send product updates and AI tool news. You can unsubscribe at any time using the link in any newsletter email.
• Improving the directory: We use aggregated click data to understand which tools are popular, improve our ratings, and make the directory more useful.
• Support: To respond to your questions and support requests.
• Fraud prevention: To detect and prevent fraudulent transactions or abuse of the Service.

4. AI-Generated Content Disclosure

ToolAudit uses AI (Anthropic's Claude) to generate and assist with content on the site, including tool descriptions, ratings, comparisons, and "Best Of" guides. Our 6-dimension rating rubric is applied through an AI-assisted process with periodic human review.

This means:

• Tool descriptions, ratings, and comparisons may contain errors or become outdated.
• AI-generated content reflects automated analysis, not hands-on product testing.
• You should verify information directly with tool vendors before making purchasing decisions.

We refresh our AI-generated content periodically to maintain accuracy, but we cannot guarantee that all information is current at any given time.

5. Data Storage and Security

Your data is stored and processed using the following infrastructure:

• Supabase (PostgreSQL): Stores account information, subscription records, outbound click logs, and magic link tokens.
• Stripe: Processes and stores payment data under PCI-DSS standards.
• Beehiiv: Stores newsletter subscriber email addresses.

We implement reasonable technical and organizational measures to protect your personal information. However, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.

6. Third-Party Services

We use the following third-party services that may process your data:

• Stripe: Payment processing. See Stripe's Privacy Policy.
• Supabase: Database hosting. See Supabase's Privacy Policy.
• Vercel: Website hosting, analytics, and speed insights. See Vercel's Privacy Policy.
• Resend: Transactional email delivery (magic links, support emails). See Resend's Privacy Policy.
• Beehiiv: Newsletter platform. When you subscribe to our newsletter, your email address is shared with Beehiiv. See Beehiiv's Privacy Policy.
• Google Search Console: SEO monitoring. This service processes aggregated search query and page performance data. See Google's Privacy Policy.
• Anthropic (Claude): AI content generation. We use Claude to generate tool descriptions, ratings, and comparisons. No user data is sent to Anthropic — only tool-related prompts. See Anthropic's Privacy Policy.
• jsDelivr CDN: Our site loads fonts from jsDelivr. When you visit our site, your browser makes requests to this service, which may process your IP address. See jsDelivr's Privacy Policy.

We do not sell, rent, or share your personal information with third parties for their own marketing purposes.

7. Data We Do Not Collect

To be clear about our data practices:

• We do not store your credit card number, CVV, or bank account details. All payment data stays with Stripe.
• We do not use advertising cookies or retargeting pixels.
• We do not build behavioral profiles for advertising purposes.
• We do not sell personal data to third parties.

8. Affiliate Disclosure

Some outbound links on ToolAudit are affiliate links. When you click these links and make a purchase from a tool vendor, we may earn a commission at no additional cost to you.

We track affiliate link clicks separately from standard outbound clicks to measure commission eligibility. Affiliate relationships do not influence our AI-generated ratings or rankings. Our ratings are generated using a standardized 6-dimension rubric applied consistently across all tools, regardless of whether we have an affiliate relationship with the vendor.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate personal data.
• Deletion: Request deletion of your personal data. If you are a Pro subscriber, this will also cancel your subscription.
• Portability: Request a portable copy of your data.
• Opt-out of newsletter: Unsubscribe at any time using the link in any newsletter email.

To exercise any of these rights, contact us at support@toolaudit.ai. We will respond to your request within 30 days.

10. California Residents (CCPA)

If you are a California resident, you have the right to:

• Know what personal information we collect about you and why.
• Request deletion of your personal information.
• Opt out of the sale of personal information. We do not sell personal information.
• Not be discriminated against for exercising your privacy rights.

To make a request, contact us at support@toolaudit.ai.

11. European Residents (GDPR)

If you are in the European Economic Area, our lawful bases for processing your data are:

• Contract performance: Processing your subscription, authenticating your account, and delivering Pro features.
• Legitimate interest: Analytics, outbound click tracking, and improving the Service. You can object to processing based on legitimate interest by contacting us.
• Consent: Newsletter signup and marketing emails. You can withdraw consent at any time.

Data is processed in the United States. By using the Service, you consent to the transfer of your data to the U.S. You have the right to lodge a complaint with your local data protection authority.

12. Data Retention

• Account data: Retained for as long as your subscription is active, plus 90 days after cancellation to allow for reactivation.
• Magic link tokens: Automatically expire after 1 hour and are deleted from our database.
• Outbound click logs: Retained indefinitely in aggregated form for analytics. We may delete individual-level click data after 12 months.
• Newsletter data: Retained by Beehiiv until you unsubscribe. After unsubscribing, Beehiiv's retention policy applies.
• Payment records: Retained by Stripe as required by applicable tax and financial reporting laws.

You can request deletion of your data at any time by contacting support@toolaudit.ai.

13. Children's Privacy

ToolAudit is not directed to children under the age of 13. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 13, we will delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Effective Date" above. For Pro subscribers, we will also send an email notification for material changes. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

15. Contact Us

If you have questions or concerns about this Privacy Policy, contact us at:
support@toolaudit.ai

Product Labs
Operated by N. Barrett