Privacy Policy for toolforest.io

Last Updated: April 8th, 2026

Introduction

Welcome to toolforest.io ("ToolForest", "we", "us", or "our"). We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our MCP (Model Context Protocol) tools service.

Information We Collect

Information You Provide Through Third-Party Authentication

When you authenticate with third-party services (such as Google, Microsoft, Slack, etc.), we access:

• Account Information: Basic profile information (typically name and email address)
• Authorized Resources: Access only to the specific resources and permissions you explicitly grant
• Service Data: Limited access to files, documents, or data you choose to work with through our service

The specific permissions requested will be clearly displayed during the authentication process for each service.

Automatically Collected Information

• Usage Data: How you interact with our tools and services
• Session Information: Temporary data required for the service to function
• Technical Data: Browser type, device information, and IP address for service optimization

How We Use Your Information

We use your information solely to:

• Provide Service Functionality: Enable MCP tools to interact with your authorized third-party services
• Process Your Requests: Execute the specific operations you request on your documents and data
• Improve Our Service: Understand usage patterns to enhance tool performance
• Communicate With You: Send service-related notifications and updates
• Ensure Security: Detect and prevent fraudulent or unauthorized access

Data Storage and Security

Storage Practices

• We do not permanently store the contents of your third-party service files or documents
• Authentication tokens are encrypted and stored securely
• Session data is temporary and cleared after you sign out

Security Measures

• Industry-standard encryption for data in transit (HTTPS/TLS) and at rest
• Secure OAuth 2.0 authentication flow
• Regular security audits and updates
• Limited access to user data (only when explicitly requested by you)

Data Sharing and Disclosure

We never sell, rent, or trade your personal information. We may share data only in these circumstances:

• With Your Consent: When you explicitly authorize us to share information
• For Legal Requirements: To comply with applicable laws, regulations, or legal processes
• To Protect Rights: To protect the rights, property, or safety of ToolForest, our users, or others
• Service Providers: With trusted third parties who assist in operating our service (under strict confidentiality agreements)

Third-Party API Services Compliance

Our use of third-party service data complies with all applicable API policies, including:

• Google API Services: We comply with the Google API Services User Data Policy, including Limited Use requirements
• We only use access to third-party data to provide and improve ToolForest services
• We do not transfer user data to other third parties except as necessary to provide our service
• We do not use third-party user data for advertising purposes
• We handle all user data in accordance with this Privacy Policy and applicable service agreements

As we add support for additional services (Microsoft, Slack, etc.), we will comply with their respective API policies and terms.

Toolforest Health Sync — Apple Health Data

What We Collect

Toolforest Health Sync reads the following categories of data from Apple Health, only when you explicitly enable each category:

• Activity: steps, distance walked/run, flights climbed, active energy burned, exercise minutes
• Sleep: sleep analysis including sleep stages and duration
• Heart Rate: resting heart rate, heart rate variability (HRV), walking heart rate average
• Nutrition: dietary energy consumed, protein, fat, carbohydrates, water, fiber, sugar
• Body Measurements: weight, body fat percentage, BMI, height, lean body mass
• Workouts: workout type, duration, energy burned, distance
• Blood Oxygen: SpO2 saturation percentage

The app reads this data from Apple HealthKit. It does not write data to Apple Health.

How Your Health Data Is Used

Your health data is transmitted from your device through Toolforest's servers and stored in your personal cloud storage (e.g., Google Drive) as configured by you. Toolforest does not retain your health data after transmission. Deletion and retention of stored data is governed by your cloud storage provider and can be managed directly by you.

All transmissions use encrypted HTTPS connections.

Background Syncing

If you enable background sync, the app will periodically transmit updated health data to your configured endpoint, even when the app is not in the foreground. You can disable this at any time in the app's Settings.

What We Do NOT Do With Your Health Data

In compliance with Apple's App Store Review Guidelines (Section 5.1.3):

• Your health data is never used for advertising or marketing
• Your health data is never used for data mining
• Your health data is never sold to or shared with third parties, data brokers, or information resellers
• Your health data is never stored in iCloud
• Your health data is never used for any purpose other than transmitting it to your configured cloud storage

Your Controls

• You choose exactly which health categories to sync
• You configure the destination for your data
• You can revoke HealthKit permissions at any time via iOS Settings > Health > Toolforest Health Sync
• You can disconnect your Toolforest account, which revokes the device key and stops all syncing
• You can reset the app, which deletes all local preferences, sync history, and connection data
• You can request deletion of any data by contacting privacy@toolforest.io

Device Information

Alongside health data, the app transmits: app version, iOS version, device model identifier, and timezone. This metadata is used solely for debugging sync issues and is not used for tracking or advertising.

Your Rights and Choices

You have the right to:

• Access Your Data: Request information about the data we have about you
• Revoke Access: Disconnect ToolForest from your third-party accounts at any time through each service's account settings (e.g., Google Account Settings)
• Delete Your Account: Request complete deletion of your account and associated data
• Data Portability: Request a copy of your data in a structured format
• Opt-Out: Unsubscribe from non-essential communications

Cookies and Tracking

We use essential cookies only to:

• Maintain your session while you're signed in
• Remember your preferences during your session
• Ensure security of your authentication

We do not use tracking cookies or third-party analytics cookies.

Children's Privacy

ToolForest is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date at the top
• Sending you an email notification (for significant changes)

Additional Rights for EU Users

If you are located in the European Union, you have additional rights under GDPR:

• Right to rectification of inaccurate personal data
• Right to restriction of processing
• Right to object to processing
• Right to lodge a complaint with a supervisory authority

Legal Basis for Processing

We process your personal data based on:

• Consent: When you authorize OAuth access
• Legitimate Interests: To provide and improve our services
• Legal Obligations: When required by law

Contact Us