ToneClone LogoToneClone

ToneClone Privacy Policy

Effective date: Sept 2, 2025

Company & Contact

Crouton Creations, LLC

100 N HOWARD ST STE R
Spokane, WA 99201

Email: privacy@toneclone.ai

1) Scope & Relationship to Terms

This Policy applies to the Service, including any integrations and APIs we offer. Your use of the Service is subject to our Terms of Use, which incorporate this Policy.

2) Information We Collect

We collect information directly from you, automatically when you use the Service, and from third parties as described below.

A. Information You Provide

  • Account & profile: name, email, password or SSO identifiers, organization, roles, settings.
  • Content: prompts, documents, instructions, persona data, training examples, and any files or text you upload ("Content").
  • Communications: support requests, feedback, survey responses.
  • Billing: payment method details are handled by our payment processor (e.g., Stripe); we receive limited billing metadata (e.g., last4, card brand, status).

B. Information Collected Automatically

  • Usage data: feature usage, timestamps, logs, clickstream, referring/exit pages, crash/diagnostic reports.
  • Device & technical: IP address, coarse location (city/region), device identifiers, browser type, operating system, app version, language, time zone.
  • Cookies & similar: authentication, preferences, analytics, rate limiting, and fraud prevention cookies or local storage. See Cookies below.

C. Information from Third Parties

  • Third‑party AI providers: processing results, error logs, and metadata when we route your Content to model providers to generate Output.
  • Auth & integrations: single sign‑on providers, third‑party integrations you connect, and analytics.
  • Vendors: payment processors, hosting, security tooling.

We do not require sensitive personal data to use the Service. If you choose to include it in Content, you are responsible for having a lawful basis to do so.

3) How We Use Information

We use information to:

  1. Provide the Service: create and manage accounts, authenticate, process Content and generate Output, provide support, and operate integrations.
  2. Personalize & customize: maintain your custom tone/model/knowledge card used to tailor results for you or your organization.
  3. Safety & integrity: monitor for abuse, security threats, spam, and policy violations; debug and fix issues.
  4. Analytics & improvement: understand usage and improve features, UX, and performance. (See training section for how we handle model improvement.)
  5. Communicate: send transactional messages (e.g., account, security, changes to terms). With your consent where required, send product updates and marketing.
  6. Legal & compliance: comply with laws, enforce our terms, and protect our rights or users.

Legal bases (EEA/UK): performance of a contract (Service operation and your custom model), legitimate interests (safety, analytics, core improvements), consent (optional global model improvement, certain cookies/marketing), and legal obligations.

4) Model Training & Data Controls

ToneClone relies on personalization to work well. We separate per‑user/organization customization from global model improvement:

  • Custom models/knowledge cards (required to provide the Service). To deliver your requested functionality, we store and process your Content to train or adapt a model/knowledge card for your account or organization. These artifacts (parameters, embeddings, feature weights) are logically isolated from other customers and are not used to improve general models for others.
  • Global model improvement (opt‑in). By default, we do not use your Content to improve our general models. You may opt in within settings to allow us to use your Content and usage metadata to improve our models and features. You can withdraw consent at any time; changes apply prospectively.
  • Third‑party AI providers. We may send Content to third‑party AI model providers only to generate the Output you request. We impose contractual limits and safeguard requirements. We do not sell personal data.
  • Retention. We retain Content and derived custom model/knowledge card artifacts as needed to provide the Service, comply with law, and enforce terms. If you delete items or your account, we will delete or de‑identify associated Content within a reasonable period, subject to backups and legal holds. Artifacts already incorporated into your custom model/knowledge card may persist until that model/knowledge card is retrained or deleted.

For enterprise/API customers, a Data Processing Addendum (DPA) and stricter controls may apply.

5) Cookies & Analytics

We use cookies, local storage, and similar technologies to keep you signed in, remember preferences, prevent abuse, and perform analytics/telemetry. You can control cookies through your browser settings; however, essential cookies are required for the Service to function. We currently do not respond to Do Not Track signals.

6) How We Share Information

  • Service providers / processors (e.g., cloud hosting, security, analytics, email delivery, customer support, and Stripe for payments).
  • Third‑party AI providers to process your Content and produce Output.
  • Affiliates (if any) consistent with this Policy.
  • Legal & safety: to comply with law, enforce our terms, or protect rights, safety, or property.
  • Business transfers: in connection with a merger, acquisition, financing, or sale of assets.

We do not sell personal data. We may disclose de‑identified or aggregate data.

7) International Data Transfers

We are based in the United States. If we transfer personal data internationally, we will use appropriate safeguards (e.g., Standard Contractual Clauses) and additional measures as needed.

We are based in the United States. If we become required to appoint an EEA/UK representative or a Data Protection Officer (DPO), we will update this Policy with their contact details.

8) Your Rights & Choices

Depending on your location, you may have rights to access, correct, delete, restrict, object to processing, or export your personal data, and to withdraw consent where we process data based on consent.

  • Access/Deletion. Use in‑product settings where available or contact us at privacy@toneclone.ai. We may need to verify your identity and request additional information.
  • CCPA/US state privacy. California and certain U.S. states provide rights to know, delete, correct, and opt out of certain data uses. We do not sell personal data. To exercise rights, use settings or email us. You may use an authorized agent; we will require proof of authorization.
  • Marketing. You can opt out of marketing emails via the unsubscribe link or by contacting us. Transactional communications are still sent.
  • Training opt‑in. You can enable/disable global model improvement in settings at any time.

9) Security

We use administrative, technical, and physical safeguards designed to protect information (e.g., encryption in transit, access controls, monitoring). No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

10) Children’s Privacy

The Service is not directed to children. You must be at least 13 years old to use the Service; if under 18, you must have parental/guardian permission. If we learn we collected personal data from a child under 13 without verifiable consent, we will take steps to delete it.

11) Data Retention

We retain personal data for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by category (e.g., account data for the life of the account; audit logs and security records for a reasonable period; billing records per tax/accounting laws). Backups may persist for a limited period.

12) Third‑Party Links & Services

The Service may link to or integrate with third‑party websites or services. Their privacy practices are governed by their own policies, and we are not responsible for them.

13) Changes to This Policy

We may update this Policy from time to time. For material changes that adversely affect you, we will provide at least 30 days’ notice (e.g., in‑product or email). The "Effective date" above shows when this Policy last changed.

14) How to Contact Us

Questions or requests about this Policy can be sent to privacy@toneclone.ai.