[ LEGAL_SPEC // POL_PRIVACY_v2.1 ]

Privacy Policy

[ EFFECTIVE: JUNE 6, 2026 ]
[ REGULATORY COMPLIANCE: GDPR / CCPA ]
Document Sections
SEC_01Information We CollectSEC_02How We Process Data & AI EngineSEC_03Cookies & Local StorageSEC_04Data Retention & PurgingSEC_05GDPR, CCPA & Privacy Rights
[ SEC_01 // SECTION_STREAM ]

Information We Collect

ToggleAI collects data to provide, improve, and optimize our feature flagging, remote configuration, and AI-powered insights engine. We collect information in the following categories:

  • Account Information: When you register for an account, we collect your name, email address, password hash, and organization details.
  • SDK Telemetry & Metadata: Our client-side and server-side SDKs collect anonymous evaluation telemetry, including feature flag evaluations, evaluation latency, SDK version, environment name, and targeted user attributes (as defined by your code configurations).
  • Usage & System Data: We log system events in the ToggleAI dashboard, including API request headers, dashboard navigation paths, configuration change logs, and IP addresses for security auditing.
// Example payload logged for SDK evaluations (sensitive fields stripped)
{
  "flag_key": "new-checkout-flow",
  "duration_ms": 1.4,
  "timestamp": 1780776488,
  "environment": "production"
}
[ SEC_02 // SECTION_STREAM ]

How We Process Data & AI Engine

We use the information we collect to operate our infrastructure, validate feature delivery, and power our real-time AI Insights. Specifically, we process data for:

  • Feature Flag Evaluation: Ensuring rules and criteria match the requests submitted by your active instances.
  • Anomaly Detection & Optimization: Our machine learning algorithms analyze aggregated, non-personally identifiable telemetry to identify configuration errors, latency spikes, or flag drift.
  • Security & Integrity: Preventing fraud, DDoS attacks, or unauthorized alterations to active environment settings.
[ SEC_03 // SECTION_STREAM ]

Cookies & Local Storage

ToggleAI uses essential cookies and local storage tokens to manage your session authentication and persist dashboard configurations (such as your active project workspace or theme preferences).

We do not use advertising tracking cookies or share visitor history with third-party retargeting networks. You can configure your browser to block cookies, but some interface elements of the dashboard may become unavailable as a result.

[ SEC_04 // SECTION_STREAM ]

Data Retention & Purging

We retain your account data and configuration history as long as your workspace account remains active. Evaluation metrics and telemetry are aggregated and automatically pruned or archived within 30 days of collection depending on your billing tier.

If you choose to delete your account or project, you can initiate a total project-wide database purge from the Organization settings panel. This action permanently deletes your configuration history and metadata within 24 hours. Backups are fully rotated and overwritten within 14 days.

[ SEC_05 // SECTION_STREAM ]

GDPR, CCPA & Privacy Rights

Under global regulatory frameworks (including GDPR in the EU and CCPA in California), users have explicit rights regarding their personal data:

  • The right to access and receive copies of your stored data.
  • The right to correct inaccurate or incomplete fields.
  • The right to request absolute deletion of all personal data.
  • The right to object to or restrict processing operations.

To exercise any of these rights, please submit a formal request to our compliance officer at compliance@toggleai.com. We respond to all validated requests within 30 days.