TOOLIO Back to Home

Privacy Policy

Last updated: 21 May 2026

1. Who We Are

TOOLIO ("we", "us", "our") operates the tool-io.uk website and TOOLIO application. TOOLIO is a tool identification and ownership inventory platform designed for contractors, tradespeople, and DIY enthusiasts. For any questions about this privacy policy or your personal data, please contact us at hello@tool-io.uk.

2. What Data We Collect

We collect the following information when you use TOOLIO:

Account Information

  • Email address
  • Password (stored securely using one-way encryption)
  • Phone number (optional, used for contact in theft recovery)
  • Postcode (optional, used for regional theft alerts)
  • Profile image (optional)

Tool Data

  • Tool photographs and label images
  • Manufacturer, model number, and serial number
  • Tool type and description
  • Estimated replacement value
  • Tool status (Active, Stolen, Sold, Discarded, Written Off)
  • Ownership and status change history

Usage Data

  • IP address and approximate location when scanning or checking a tool
  • Browser type and device information
  • Session data for authentication

3. How We Use Your Data

We use your data for the following purposes:

  • Tool Registration & Management: To create and maintain your tool inventory, generate unique TOOLIO IDs, and track tool ownership.
  • AI-Powered Scanning: Tool images are processed using AI services to extract manufacturer, model, and serial number information. Images are not stored by the AI provider after processing.
  • Theft Protection: To flag stolen tools, notify you when a stolen tool is scanned, and share relevant information with law enforcement.
  • Insurance Reports: To generate professional PDF reports of your tool inventory and stolen items for insurance claim purposes.
  • Price Estimation: To search publicly available retail pricing for your tool model to estimate replacement values.
  • Communication: To send verification emails, password resets, and theft alert notifications.
  • Public Tool Check: To allow anyone to verify whether a tool has been reported as stolen. Only the tool's registration status is shown publicly — no owner details are revealed to the public.

4. Who We Share Your Data With

We do not sell your personal data. We may share data with:

  • Law Enforcement: When a tool is marked as stolen, authorised police personnel can access the tool owner's contact details (name, email, phone number) through the secure Police Portal to assist with recovery.
  • AI Service Providers: Tool images are sent to OpenAI for text recognition. Images are processed in real-time and not retained by the provider.
  • Email Service Provider: We use a third-party email service to send transactional emails (verification, password resets, notifications).
  • Image Hosting: Tool photographs are stored securely using a cloud image hosting service.

5. Legal Basis for Processing

Under UK GDPR, we process your data on the following bases:

  • Contract: Processing necessary to provide the TOOLIO service you signed up for.
  • Legitimate Interest: Theft prevention, fraud detection, and platform security.
  • Legal Obligation: Cooperating with law enforcement regarding stolen property.
  • Consent: Optional data such as phone number and postcode, which you can withdraw at any time.

6. How Long We Keep Your Data

  • Active accounts: Your data is retained for as long as your account is active.
  • Deleted accounts: Upon account deletion, your personal data is removed within 30 days. Tool records that have been marked as stolen may be retained in an anonymised form to support ongoing theft investigations.
  • Audit logs: Security and access logs are retained for up to 12 months.

7. Your Rights

Under UK data protection law, you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Ask us to correct inaccurate data.
  • Erasure: Request deletion of your personal data.
  • Data Portability: Export your tool inventory data (available via CSV and PDF export within the app).
  • Withdraw Consent: Remove optional information (phone, postcode) from your profile at any time.
  • Object: Object to processing based on legitimate interest.

To exercise any of these rights, or to request deletion of your account and all associated data, please email hello@tool-io.uk. We will respond within 30 days.

8. Cookies & Sessions

TOOLIO uses essential session cookies to keep you logged in. We do not use advertising or tracking cookies. No third-party analytics or tracking scripts are loaded on the platform.

9. Data Security

We take the security of your data seriously. Measures include:

  • Passwords are hashed using industry-standard one-way encryption
  • All data is transmitted over HTTPS
  • Rate limiting and brute-force protection on all authentication endpoints
  • Input sanitisation to prevent injection attacks
  • Regular automated backups of all data
  • Security practices aligned with OWASP Top 10 and Cyber Essentials guidelines

10. Children's Privacy

TOOLIO is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at hello@tool-io.uk and we will delete it promptly.

11. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this page periodically.

12. Contact Us

If you have any questions about this privacy policy, your personal data, or wish to make a complaint, please contact us:

TOOLIO

Email: hello@tool-io.uk

Website: tool-io.uk

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data has been handled improperly.

TOOLIO

© 2026 TOOLIO. All rights reserved.