Privacy Policy
LegalLast updated: May 2026
This policy explains what data Toblero LLC collects, what we do with it, and what rights you have. We keep it straightforward.
What We Collect
If you fill out our contact form, we get your name, email, company, and whatever you write in the message box. That's it.
We use Cloudflare Turnstile on the contact form to block bots — it may store a temporary session cookie for verification, nothing more. We do not run advertising analytics or tracking pixels on this site.
Sub-Processors
When you use this website, the following third parties process data on our behalf:
| Processor | Purpose | Data | Location |
|---|---|---|---|
| Cloudflare | Hosting, CDN, security | IP address, request metadata | US / global |
| Cloudflare Turnstile | Bot protection on contact form | Browser signals, session cookie | Cloudflare network |
| Resend | Email delivery | Form data you submit (name, email, message) | US |
How AI Fits Into This
This matters, so read it carefully.
When you hire us, parts of your project data may be processed through third-party AI platforms — OpenAI, Anthropic, or Google — depending on the engagement. We use their enterprise APIs, which means:
- Your data is not stored by these providers after processing
- Your data is never used to train their models
- Each provider operates under a data processing agreement with us that enforces these terms
The specific categories of data we send depend on what you've hired us to do. It could be business documents for analysis, datasets for pattern recognition, or project briefs for strategy work. We define the exact scope in each client engagement agreement before any data moves.
What We Do With Your Information
We use contact form submissions to reply to you. We use engagement data to do the work you've hired us for. We don't sell your information. We don't rent it. We don't hand it to marketers.
International Transfers
Toblero is a US company. If you're contacting us from the EU, the UK, or anywhere outside the United States, your data crosses borders. Our AI sub-processors also operate infrastructure across multiple jurisdictions.
For EU-originating data, we rely on standard contractual clauses. If your jurisdiction requires specific transfer mechanisms, let us know and we'll work it out before the engagement starts.
How Long We Keep Data
Contact form submissions: 12 months, then deleted — unless we start working together, in which case we retain records for the duration of the relationship plus whatever period applicable law requires. You can ask us to delete earlier.
Cookies
We don't use tracking cookies. No advertising pixels. No retargeting. Cloudflare Turnstile may drop a session cookie during form submission. It expires when you close your browser.
Your Rights
If you're in the EU or UK (GDPR): You can ask us to show you what data we hold, fix anything that's wrong, delete it, restrict how we use it, get a portable copy, or object to processing. Email us and we'll respond within 30 days. If you think we've mishandled your data, you can file a complaint with your local data protection authority.
If you're in California (CCPA/CPRA): You can ask what personal information we've collected, request deletion, and opt out of any sale — though we don't sell personal information to begin with.
If you're in Texas or another US state with a privacy law: Similar rights apply. Contact us and we'll handle it.
Security
Data in transit is encrypted via TLS. Access to client data is restricted to the people working on your project. We don't pretend any system is bulletproof, but we take reasonable precautions.
Under 18
Our services are for businesses. We don't knowingly collect data from minors.
Updates
If we change this policy, we'll update the date at the top. For active clients, we'll notify you directly of anything material.
Questions
For privacy requests, deletion, or access: use our contact form and select Privacy request as the topic. We respond within 30 days.
Toblero LLC · United States