ToneFinder

Privacy Policy

Last updated: April 12, 2026

1. Information We Collect

We collect the account information you provide when you sign up (email address, name) via AWS Cognito, and if you sign in with Google, the email and name returned by Google's OAuth flow. When you use the Service we also store the gear photos you upload, the chat messages you exchange with the AI advisor, the virtual signal chains you build, and per-account usage metrics (gear detections, messages, tokens consumed).

2. How We Use Your Information

We use your information solely to operate the Service: to authenticate you, to run gear identification and tone advice via AI, to persist your virtual signal chains, and to enforce the quota limits of your subscription tier. We do not sell your data. We do not use your content to train third-party AI models.

3. Uploaded Photos and AI Processing

Gear photos are uploaded over HTTPS to an AWS S3 bucket in the eu-central-1 region, then sent to OpenAI's Vision API for identification. Photos are deleted from our S3 bucket shortly after processing completes, and an S3 lifecycle rule auto-deletes any residual raw uploads after two days as a safety net. OpenAI does not retain image inputs per their API terms at the time of writing.

4. Chat and Generation Data

Chat transcripts, AI responses, and AI-generated signal chains are stored in our database so you can revisit and edit them. The contents are sent to OpenAI's chat completion API each time you send a message or request a new AI-generated layout. OpenAI does not use API inputs for model training per their current API terms.

5. Cookies and Session Tokens

ToneFinder does not use advertising cookies. Your Cognito session tokens are stored in your browser's local storage by the AWS Amplify library and used to authenticate API requests. In production we load Google Analytics, which sets its own cookies to measure aggregate site traffic; Google Analytics is never loaded in development builds, so local usage is never recorded.

6. Third-Party Services

We rely on the following third-party services to run ToneFinder: AWS (Cognito for authentication, S3 for transient photo storage, all in eu-central-1); OpenAI (Vision API for gear detection, Chat Completions API for tone advice); Google (OAuth identity provider only when you sign in with Google); and Google Analytics (only in production). Each of these processors has its own privacy terms.

7. Data Retention

Account data is retained for as long as your account is active. Uploaded gear photos are typically deleted within minutes of processing. Chat transcripts, saved layouts, and usage history are retained until you delete them or close your account. When you delete your account, we remove your account record and cascade delete your gear, layouts, and chat history from our database.

8. Data Security

All traffic to ToneFinder is served over TLS. Data at rest in AWS RDS and S3 is encrypted using AWS-managed keys. We do not store your password — AWS Cognito handles credential hashing and verification. Session tokens expire within one hour and are refreshed automatically.

9. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, export, or delete the personal information we hold about you. You can delete your account and associated data at any time from your profile, or contact us for a data export. We honor GDPR, CCPA, and similar frameworks to the extent they apply.

10. Changes to This Policy

We may update this Privacy Policy as the Service evolves. Material changes will be announced via email or in-app notice at least fourteen days before they take effect. The “Last updated” date at the top of this page always reflects the current version. Questions about this policy? Contact us at privacy@tonefinder.io.