Privacy Policy

1. Introduction

AceToolz.com ("we", "us", "our") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at https://www.AceToolz.com ("Service").

This policy complies with Indian data protection laws including the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

By using our Service, you consent to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information

We may collect the following personal information:

• Account Information: Name, email address, profile picture (when you register)
• Payment Information: Billing address, payment method details (stored securely by payment processors)
• Contact Information: When you contact our support team
• Google OAuth Data: Basic profile information from Google (name, email, profile picture)

2.2 Usage Information

We automatically collect information about your use of our Service:

• Log Data: IP address, browser type, operating system, pages visited, time stamps
• Device Information: Device type, screen resolution, browser version
• Usage Analytics: Tools used, features accessed, session duration
• Performance Data: Page load times, error reports, system performance

2.3 File and Content Data

• Temporary Files: Files you upload for processing (automatically deleted after 24 hours)
• QR Code Data: Content and styling information for saved QR codes (for premium users)
• User Preferences: Tool settings, customization preferences
• Generated Content: Temporary storage of processed outputs

2.4 Communication Data

• Support Interactions: Messages sent to our support team
• Email Communications: Responses to our marketing emails
• Feedback: Reviews, suggestions, or complaints you provide

3. How We Use Your Information

3.1 Service Provision

• Process your files and provide tool functionality
• Maintain your account and user preferences
• Enable authentication and secure access
• Provide customer support and respond to inquiries

3.2 Service Improvement

• Analyze usage patterns to improve our tools
• Monitor system performance and identify issues
• Develop new features and enhance existing ones
• Conduct research and analytics for service optimization

3.3 Business Operations

• Process payments and manage subscriptions
• Send transactional emails (receipts, account updates)
• Enforce our Terms of Service and prevent abuse
• Comply with legal obligations and regulatory requirements

3.4 Communication

• Send important service announcements
• Notify you about account-related activities
• Respond to your support requests
• Send marketing communications (with your consent)

4. Third-Party Services and Data Sharing

We use third-party services to provide and improve our Service. Your information may be processed by:

4.1 Authentication Services

• Google OAuth: For secure login and profile information
• Data Shared: Basic profile information (name, email, profile picture)
• Privacy Policy: https://policies.google.com/privacy

4.2 File Processing Services

• OpenAI: AI-powered text processing (grammar checking, summarization)
• Google Cloud Document AI: OCR and document analysis
• ImageKit.io: Image compression and processing
• iLovePDF: PDF manipulation and processing
• Data Shared: Only the files you upload for processing (temporarily)

4.3 Advertising Services

• Google AdSense: Display advertising and monetization
• Data Shared: Website content, user behavior, device information, IP address
• Privacy Policy: https://policies.google.com/privacy
• Ad Settings: https://www.google.com/settings/ads

4.4 Infrastructure Services

• Vercel: Website hosting and serverless functions
• Neon: Database hosting for user accounts and preferences
• Data Shared: Technical data necessary for service operation

4.5 Payment Processing

• Payment Gateway Partners: Secure payment processing
• Data Shared: Payment information, billing details
• Compliance: PCI-DSS compliant storage and RBI guidelines

4.6 Data Processing Agreements

All third-party services are bound by data processing agreements that require them to:

• Process data only for specified purposes
• Implement appropriate security measures
• Delete data when no longer needed
• Comply with applicable privacy laws

5. Data Security

5.1 Security Measures

We implement comprehensive security measures to protect your information:

• Encryption: All data transmission uses HTTPS/TLS encryption
• Authentication: Secure login with password hashing and OAuth
• Access Controls: Role-based access to user data and systems
• Regular Updates: Security patches and system updates

5.2 Payment Security

• PCI-DSS Compliance: Payment data stored on certified servers
• Two-Factor Authentication: Required for payment transactions
• Tokenization: Payment methods stored as secure tokens
• RBI Compliance: Adherence to Indian banking regulations

5.3 File Security

• Temporary Storage: Files deleted within 24 hours
• Secure Processing: Files processed in isolated environments
• No Permanent Storage: We don't permanently store your files
• Automated Cleanup: Regular deletion of temporary files

5.4 Incident Response

In case of a security incident, we will:

• Immediately assess and contain the incident
• Notify affected users within 72 hours
• Report to relevant authorities as required by law
• Implement additional security measures to prevent recurrence

6. Data Retention

6.1 Account Data

• User Profiles: Retained until account deletion
• Subscription Data: Retained for billing and tax purposes (7 years)
• Support Communications: Retained for 2 years for service improvement

6.2 Usage Data

• Analytics Data: Aggregated and anonymized data retained indefinitely
• Log Files: Retained for 6 months for security and performance monitoring
• Error Reports: Retained for 1 year for debugging and improvement

6.3 File Data

• Temporary Files: Automatically deleted within 24 hours
• QR Code Data: Retained until user deletion or account termination
• Processed Outputs: Not permanently stored

6.4 Legal Requirements

We may retain data longer when required by:

• Indian tax and accounting laws
• Legal proceedings or investigations
• Regulatory compliance requirements
• Fraud prevention and security purposes

7. Your Rights and Choices

7.1 Access and Control

You have the following rights regarding your personal information:

• Access: View and download your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and data
• Portability: Export your data in a machine-readable format

7.2 Communication Preferences

• Marketing Emails: Unsubscribe using the link in emails
• Account Notifications: Manage in your account settings
• Support Communications: Cannot be disabled for active accounts

7.3 Account Management

• Profile Updates: Change your information through account settings
• Privacy Settings: Control what information is shared
• Download Data: Export your account data and preferences
• Account Deletion: Permanently delete your account and all data

7.4 Exercising Your Rights

To exercise these rights, please contact us at:

• Email: [email protected]
• Response Time: We will respond within 30 days
• Verification: We may need to verify your identity

8. Advertising and Privacy Compliance

8.1 Google AdSense

We use Google AdSense to display advertisements on our website. AdSense may use cookies and similar technologies to:

• Serve ads based on your prior visits to our website or other websites
• Measure the effectiveness of advertisements
• Provide interest-based advertising across the web
• Prevent showing you the same ads repeatedly

8.2 Third-Party Advertising Partners

Third-party vendors, including Google, may display our ads on sites across the internet based on your prior visits to our website. These partners may use cookies to:

• Collect information about your visits to this and other websites
• Provide advertisements about goods and services of interest to you
• Measure advertising effectiveness and engagement
• Create advertising profiles based on your interests

8.3 Your Advertising Choices

Opt-Out of Interest-Based Advertising:

• Google Ad Settings: Visit https://www.google.com/settings/ads to opt out
• Industry Opt-Out: Visit www.aboutads.info/choices for additional options
• European Users: Visit www.youronlinechoices.eu

8.4 CCPA Privacy Rights (California Residents)

California residents have specific rights regarding their personal information:

Your CCPA Rights:

• Right to Know: What personal information we collect, use, disclose, and sell
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of the sale of personal information
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

Do Not Sell My Personal Information:

Under CCPA, sharing data for advertising purposes may constitute a "sale." California residents can opt out by:

• Contacting us at [email protected] with "CCPA Opt-Out" in the subject line
• Using Google Ad Settings to limit ad personalization
• Adjusting your browser settings to block advertising cookies

8.5 GDPR Compliance (EU/UK Residents)

European and UK residents have additional rights under GDPR:

Consent Management:

• We will obtain your consent before placing advertising cookies
• You can withdraw consent at any time through your browser settings
• Essential cookies for site functionality do not require consent
• Google Consent Mode v2 is implemented for EEA and UK users

Data Processing Lawful Basis:

• Consent: For advertising cookies and personalized ads
• Legitimate Interest: For website analytics and performance
• Contract Performance: For providing our services
• Legal Obligation: For compliance with applicable laws

8.6 US State Privacy Laws (2025)

We comply with privacy laws in Iowa, Delaware, New Jersey, Nebraska, and New Hampshire:

• Restricted Data Processing: Available for applicable state residents
• Global Privacy Platform: Support for IAB Tech Lab's GPP framework
• Opt-Out Rights: Similar to CCPA for targeted advertising and data sales
• Consumer Requests: Right to access, correct, and delete personal information

9. Cookies and Tracking Technologies

9.1 What Are Cookies

Cookies are small text files stored on your device when you visit our website. They help us provide you with a better experience by remembering your preferences and analyzing how you use our Service.

9.2 Types of Cookies We Use

Essential Cookies (Required)

• Authentication: Keep you logged in to your account
• Security: Protect against cross-site request forgery
• Session Management: Maintain your session state
• Load Balancing: Ensure optimal service performance

Functional Cookies (Optional)

• Preferences: Remember your tool settings and customizations
• Language: Remember your language preference
• Theme: Remember your UI theme preference
• Usage State: Remember your progress in multi-step tools

Analytics Cookies (Optional)

• Usage Analytics: Understand how visitors use our website
• Performance Monitoring: Identify and fix performance issues
• Feature Usage: Track which tools and features are most popular
• User Journey: Analyze user flow and improve user experience

Advertising Cookies (Optional)

• Google AdSense: Serve personalized ads based on your interests
• DoubleClick DART: Track ad effectiveness and user preferences
• Third-party Advertisers: Display relevant ads from advertising partners
• Interest-based Advertising: Show ads based on your browsing behavior
• Ad Frequency Control: Limit how often you see the same advertisement

9.3 Third-Party Cookies

Some cookies are set by third-party services we use:

• Google OAuth: Authentication and profile information
• Google AdSense: Advertising cookies and tracking
• DoubleClick: Ad serving and measurement cookies
• Payment Processors: Secure payment processing
• CDN Services: Content delivery and performance optimization

9.4 Managing Cookies

Browser Settings

You can control cookies through your browser settings:

• Chrome: Settings → Privacy and Security → Cookies
• Firefox: Options → Privacy & Security → Cookies
• Safari: Preferences → Privacy → Cookies
• Edge: Settings → Site Permissions → Cookies

Cookie Consent

• We will ask for your consent before using optional cookies
• You can change your cookie preferences at any time
• Essential cookies cannot be disabled as they are necessary for the service
• Disabling functional cookies may limit some features

9.5 Local Storage

We also use browser local storage to:

• Cache user preferences for better performance
• Store temporary data during file processing
• Maintain application state between sessions
• Enable offline functionality for some features

9.6 Do Not Track

Currently, we do not respond to Do Not Track signals. However, you can control tracking through your cookie preferences and browser settings.

10. Children's Privacy

10.1 Age Requirements

• Free Tools: Users must be at least 13 years old
• Paid Features: Users must be at least 18 years old
• Parental Consent: Required for users between 13-18 years

10.2 Parental Controls

Parents and guardians have the right to:

• Review information collected from their children
• Request deletion of their child's information
• Refuse to permit further collection of information
• Contact us with questions about their child's privacy

10.3 Information from Minors

• We do not knowingly collect information from children under 13
• If we discover we have collected such information, we will delete it immediately
• Parents should monitor their children's online activities
• Educational use should be supervised by teachers or parents

11. International Users

11.1 Data Transfers

Our Service is operated from India, but we may transfer your information to other countries where our service providers are located. These transfers are protected by:

• Contractual data protection clauses
• Certification programs (EU-US Privacy Shield equivalents)
• Adequacy decisions by relevant authorities
• Standard contractual clauses approved by authorities

11.2 Legal Compliance

We comply with applicable data protection laws including:

• India: IT Act 2000 and Privacy Rules 2011
• GDPR: For European users
• CCPA: For California residents
• Local Laws: Where applicable in user's jurisdiction

12. Changes to This Privacy Policy

12.1 Policy Updates

We may update this Privacy Policy from time to time to reflect:

• Changes in our practices or services
• Changes in applicable laws and regulations
• New features or functionality
• Feedback from users and regulatory authorities

12.2 Notification of Changes

We will notify you of significant changes through:

• Email: To your registered email address
• Website Notice: Prominent notice on our homepage
• In-App Notification: When you next log in
• Update Date: Changes to the "Last Updated" date above

12.3 Continued Use

Your continued use of our Service after changes to this Privacy Policy will constitute acceptance of the updated policy. If you do not agree with the changes, please discontinue using our Service.

13. Contact Information

13.1 Privacy Questions

If you have questions about this Privacy Policy or our privacy practices, please contact us:

13.2 Response Time

• General Inquiries: 48-72 hours
• Data Requests: Within 30 days
• Urgent Issues: Within 24 hours
• Legal Requests: As required by law

13.3 Complaint Process

If you have concerns about our privacy practices:

1. Contact us directly using the information above
2. We will investigate and respond within 30 days
3. If unsatisfied, you may contact relevant authorities
4. In India, you may contact the Grievance Officer as required under IT Rules

14. Legal Compliance

14.1 Indian Law Compliance

This Privacy Policy complies with:

• Information Technology Act, 2000
• IT (Reasonable Security Practices) Rules, 2011
• IT (Intermediary Guidelines) Rules, 2021
• Consumer Protection Act, 2019
• RBI Guidelines for payment data

14.2 Regulatory Reporting

We maintain compliance through:

• Regular privacy impact assessments
• Annual security audits and updates
• Staff training on privacy and security
• Incident reporting to relevant authorities

14.3 Law Enforcement

We may disclose information when required by:

• Valid legal process (court orders, warrants)
• Government investigations
• National security requirements
• Protection of rights and safety