Effective Date: July 24, 2025
Information Collection
Toad collects information necessary to provide AI compliance services. This includes:
- Code repositories and software designs submitted for analysis
- API usage data and system logs
- Account information including email addresses and company details
- Performance metrics and vulnerability scan results
- Communication records for support and compliance reporting
Data Usage
Your information is used exclusively for:
- Providing AI compliance testing and monitoring services
- Identifying vulnerabilities and security risks in your systems
- Generating compliance reports and automated alerts
- Improving our red-teaming algorithms and detection capabilities
- Communicating service updates and compliance requirements
Data Security
We implement enterprise-grade security measures:
- End-to-end encryption for all data transmission
- Zero-trust architecture with multi-factor authentication
- Air-gapped analysis environments for sensitive code review
- SOC 2 Type II compliance and regular security audits
- Automated data retention policies and secure deletion
Data Sharing
Toad does not sell or share your data. Limited sharing occurs only for:
- Compliance reporting to regulatory agencies when legally required
- Service providers under strict confidentiality agreements
- Emergency security response to prevent imminent threats
- Aggregate, anonymized metrics for industry research (no identifying information)
Cookies & Tracking
We use minimal tracking technologies:
- Essential cookies for authentication and session management
- Performance monitoring for system optimization
- No third-party advertising or behavioral tracking
- All tracking can be disabled in your account settings
Your Rights
You have complete control over your data:
- Access and download all your stored information
- Request corrections to inaccurate data
- Delete your account and all associated data
- Opt-out of non-essential data processing
- Port your data to another compliance provider
International Data
For global compliance operations:
- Data is processed in secure facilities within your region
- Cross-border transfers use appropriate safeguards
- We comply with GDPR, CCPA, and other applicable privacy laws
- Data residency requirements are honored for regulated industries