Skip to main content

Privacy Policy

Last Updated: April 28, 2026

1. Introduction

Welcome to Toran ("we," "our," or "us"), available at toranhq.com. We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and share information about you when you use our website and services.

2. Data Controller vs. Data Processor

  • For our Direct Users (You): We act as the Data Controller for your account information (name, email, billing details).
  • For Your End-Users (Your Customers): When you use Toran widgets to interact with your visitors, we act as a Data Processor. You retain full ownership and control over your end-users' data.

3. Data We Collect

We collect the following categories of data:

  • Account Data: Name, email address, password hash, and billing history.
  • Usage Data: IP address, browser type, device type, and referring URLs.
  • Geo-Localization Data: Country of origin derived from IP address for regional pricing.
  • Widget Click Data: Anonymous metadata (click count, device type, country code).
  • AI Chat Conversation Data: Visitor messages and AI responses (temporarily stored for quality review).
  • Knowledge Base Data: Business content provided via the Toran Brain feature.

4. Trusted Third-Party Service Providers

We do not sell your data. We share data only with trusted providers required to run our Service:

  • Cloudflare: Hosting & Security (US, global edge)
  • Supabase: Database & Auth (US)
  • Paddle: Payments & Tax (UK / US)
  • Resend: Transactional Email (US)
  • Sentry: Error Monitoring (US — PII redacted client-side before transmission)
  • Slack: Owner Notifications (US — only when configured)
  • Google (Gemini): AI Inference (US)

Each sub-processor is bound by a Data Processing Agreement. We provide at least 30 days' prior written notice before engaging a new sub-processor that processes your data.

5. Data Retention

Account Data — 7-Day Deletion Cooldown

We retain your account, widget configuration, and notification settings for as long as your account is active. When you request deletion, we apply a 7-day cooldown before irreversible erasure proceeds:

  1. Immediately at request time, your widget is disabled and stops processing visitor data.
  2. For 7 days, you can cancel from the dashboard, the cancel link in our confirmation email, or the cancel landing page. Email, password, and MFA changes are blocked during this window to keep your cancel route safe if your credentials were compromised.
  3. After 7 days, your data is permanently and irreversibly erased from our active systems within 24 hours.

The 7-day cooldown is a security measure protecting you from account-takeover. If you require immediate erasure for a documented legal reason, contact privacy@toranhq.com with the supporting documentation. Operational backups (point-in-time recovery, 7–30 days) are retained for disaster recovery only and are never restored as a recovery mechanism for individual user data after erasure. Payment and invoice records held by our Merchant of Record (Paddle) may be retained by Paddle under their own legal obligation for tax and AML compliance for up to 10 years — please contact Paddle directly to exercise rights against those records.

AI Chat Conversation Data

Raw message content is retained for 30 days and then automatically and permanently deleted. Session metadata is retained for 90 days.

6. Security

We use industry-standard encryption (SSL/TLS) for data in transit and rely on Supabase's AES-256 encryption for data at rest. We enforce Multi-Factor Authentication (MFA) for all administrative access.

7. Contact Us

If you have any questions about this Privacy Policy, please contact us at privacy@toranhq.com.