Privacy Policy

1. Data Controller

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

SVIX Media
Email: privacy@toolzoo.io

2. Overview of Data Processing

The following overview summarises the types of personal data processed, the purposes of processing, and the categories of data subjects.

Types of Data Processed

• Usage data (pages visited, access times, referrer URL)
• Meta/communication data (IP addresses, device information, browser type and version)
• Contact data (name, email address — only when you contact us or submit a tool)
• Content data (tool submissions, message content from contact enquiries)

Categories of Data Subjects

• Visitors and users of the website
• Persons who contact us via email
• Persons who submit tools for listing

3. Legal Bases for Processing

Below is an overview of the legal bases under the GDPR on which we process personal data:

• Consent (Art. 6(1)(a) GDPR): The data subject has given consent to the processing of their personal data for one or more specific purposes.
• Performance of a contract / pre-contractual measures (Art. 6(1)(b) GDPR): Processing is necessary for the performance of a contract or in order to take steps at the request of the data subject prior to entering into a contract (e.g., responding to enquiries).
• Legitimate interests (Art. 6(1)(f) GDPR): Processing is necessary for the purposes of the legitimate interests pursued by the controller (e.g., website security, performance analytics, optimisation).

4. Security Measures

We take appropriate technical and organisational measures in accordance with Art. 32 GDPR, taking into account the state of the art, costs of implementation, and the nature, scope, context, and purposes of processing. These measures include:

• Encryption of data in transit (TLS/SSL — indicated by "https://")
• Access controls and restriction of access to personal data
• Regular security updates to server software
• Storage on servers located within the European Union (Hetzner, Germany)

5. Transfer of Personal Data

Personal data is not transferred to third parties unless it is necessary for the fulfilment of our contractual obligations, we are legally obliged to do so, or the third-party services described below are used.

We do not sell your personal data to any third party.

6. Data Retention and Deletion

Personal data is deleted as soon as the purpose of processing has been fulfilled and no statutory retention obligations apply. Where data cannot be deleted because it is required for other lawful purposes, its processing is restricted to those purposes.

• Contact enquiries: Deleted after the enquiry has been resolved, no later than 12 months.
• Tool submissions: Retained permanently to maintain an accurate tool database.
• Server log files: Automatically deleted after 14 days.

7. Cookies and Local Storage

This website does not use advertising or tracking cookies.

7.1 Strictly Necessary Cookies

We only use cookies that are strictly necessary for the operation of the website (e.g., session cookies for the admin area). Legal basis: Art. 6(1)(f) GDPR (legitimate interest in operating the website).

7.2 Local Storage (Favourites)

To save your favourites list (bookmarked tools), we use the Local Storage feature of your browser. This data remains exclusively on your device and is nottransmitted to our servers. You can clear this data at any time via your browser settings or by using the "Clear all" function on the website.

7.3 Theme Preference (Dark/Light Mode)

Your preferred colour scheme (light or dark mode) is stored in your browser's Local Storage. This data also remains exclusively on your device.

8. Web Hosting

We process user data to provide our online services. For this purpose, we process the user's IP address, which is necessary to deliver the content and functions of our website to the user's browser or device.

8.1 Hetzner Online GmbH

Our web server is operated by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. Hetzner processes access data (server log files) on our behalf, which is automatically collected when you visit the website:

• IP address of the requesting device
• Date and time of access
• Name and URL of the requested page/file
• Volume of data transferred
• Notification of whether the request was successful (HTTP status code)
• Browser type and version
• Operating system
• Referrer URL (previously visited page)

This data is used exclusively to ensure the smooth operation of the website and to improve our service. Server log files are automatically deleted after 14 days.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the secure and efficient provision of the website).

Data Processing Agreement: We have entered into a Data Processing Agreement (DPA) with Hetzner, ensuring that Hetzner processes visitor data only in accordance with our instructions and in compliance with the GDPR.

Hetzner privacy policy: hetzner.com/legal/privacy-policy

9. Google Fonts (External Loading)

This website uses the web fonts "Inter" and "Outfit" provided by Google LLC ("Google Fonts"). When you open a page, your browser loads the required fonts from Google's CDN (fonts.googleapis.com / fonts.gstatic.com). In this process, your IP address is transmitted to Google servers in the United States.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a visually appealing and consistent presentation of the website).

Third-country transfer: Google LLC participates in the EU-U.S. Data Privacy Framework. For more information, see the Google Privacy Policy.

10. Brandfetch (Logo CDN)

We use the Brandfetch service (cdn.brandfetch.io) to dynamically display logos and brand images of the tools listed on toolzoo.io. When a tool profile loads, your browser establishes a connection to Brandfetch servers, transmitting your IP address.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the correct display of brand logos).

Brandfetch privacy policy: brandfetch.com/privacy-policy

11. Affiliate Links and Outbound Tracking

Some links on this website are so-called affiliate links. When you click on such a link, you are redirected via our redirect page (/go/[tool]) to the website of the respective provider. In this process, we record the following data on our server:

• The tool that was clicked (slug identifier)
• Date and time of the click
• IP address (not stored permanently)

This data is used exclusively for statistical analysis of click volumes and does not influence our editorial reviews, test scores, or rankings.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the commercial operation of the website).

After clicking an affiliate link, the privacy policies of the respective third-party provider apply. We have no control over data processing by third-party providers.

12. Contact Enquiries

When you contact us via email or through our contact page, the data you provide (e.g., name, email address, message content) is stored by us for the purpose of processing your enquiry.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures / processing of enquiries).

Deletion: Data collected in connection with contact enquiries is deleted after the enquiry has been resolved, no later than 12 months, unless statutory retention obligations apply.

13. Tool Submissions

When you submit a tool for listing on toolzoo.io via our submission form, the data you provide (tool name, URL, description, category, and your email address) is stored in our database and reviewed by our editorial team.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract — processing the submitted tool).

Retention period: Tool data is retained permanently to maintain an accurate database. Your email address is used internally and is never published on the website.

14. Your Rights as a Data Subject

Under the GDPR, you have the following rights with regard to your personal data:

• Right of access (Art. 15 GDPR): You have the right to obtain confirmation as to whether personal data concerning you is being processed and, where that is the case, access to the personal data.
• Right to rectification (Art. 16 GDPR): You have the right to obtain the rectification of inaccurate personal data or the completion of incomplete data.
• Right to erasure (Art. 17 GDPR):You have the right to obtain the erasure of your personal data where the conditions of Art. 17 GDPR are met ("right to be forgotten").
• Right to restriction of processing (Art. 18 GDPR): You have the right to obtain restriction of processing of your data under certain circumstances.
• Right to data portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to object (Art. 21 GDPR): You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data based on Art. 6(1)(f) GDPR (legitimate interests).
• Right to withdraw consent (Art. 7(3) GDPR): You have the right to withdraw any consent you have given at any time, with effect for the future.
• Right to lodge a complaint (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data infringes the GDPR.

To exercise any of your rights, please contact us at: privacy@toolzoo.io

15. Changes to This Privacy Policy

We reserve the right to update this privacy policy to reflect changes in legal requirements or changes to our services. The most current version will always be available on this page.