Privacy Policy
Last updated: February 25, 2026
Hey there, fellow potato lover
We take your privacy seriously — even more seriously than we take our potato puns (and that's saying something). This policy explains what information ToolPotato collects, why we collect it, and how we keep it safe.
Our role: processor, not controller
ToolPotato provides widgets that GoHighLevel agencies embed on their own websites. When a prospect fills in their details (name, email, phone number, WhatsApp number) in one of these widgets, that data is immediately forwarded via webhook to the agency that owns the widget.
We do not store this prospect data. The only thing we record is that a lead was submitted (an anonymous count) so the agency can see their widget performance. The agency is the data controller for their prospects' personal data — we act purely as a data processor that passes the information through.
What we collect from our customers (agencies)
When you sign up for a ToolPotato account, we collect:
- Account info — your name, email address, and password (hashed, never stored in plain text).
- Billing details — payment information processed securely through Stripe. We never see or store your full card number.
- Usage data — how you interact with ToolPotato, which features you use, and widget performance metrics (lead counts, page views).
- Device & browser info — IP address, browser type, and operating system, collected automatically through server logs and analytics.
What passes through our widgets (prospect data)
When a prospect fills in a widget, the following data may be submitted:
- Name
- Email address
- Phone number or WhatsApp number
This data is forwarded immediately via webhook to the agency's configured endpoint (typically their GoHighLevel account). We do not store, log, or retain this personal data on our servers. We only record an anonymized lead count for analytics purposes.
How we use your information
We use the account information we collect to:
- Provide, maintain, and improve ToolPotato's features.
- Process payments and manage your subscription.
- Send you important updates about the service (no spam, we promise).
- Understand how people use ToolPotato so we can make it better.
- Protect against abuse and keep the platform secure.
Cookies & analytics
We use cookies to keep you logged in and we use PostHog (hosted in the EU) for product analytics — both on the ToolPotato dashboard and on embedded widgets. Nothing sneaky, no cross-site tracking. Check our Cookie Policy for the full scoop.
Sub-processors & third parties
We don't sell your data. Period. We work with a small number of trusted service providers to run ToolPotato. All data processing happens within the European Union:
| Service | Purpose | Location |
|---|---|---|
| PocketBase | Database & authentication | EU (self-hosted) |
| PostHog | Product analytics (dashboard & widgets) | EU Cloud |
| Stripe | Payment processing | EU |
| Lettermint | Transactional & marketing emails | Netherlands |
| Hosting server | Application hosting & infrastructure | EU |
Your data does not leave the European Economic Area. Each sub-processor only receives the data they need to do their job and is bound by their own privacy and data protection obligations.
Data retention
- Account data — we keep your data for as long as your account is active. If you delete your account, we remove your personal data within 30 days, except where we're legally required to keep it longer (e.g. invoices for tax purposes: 7 years).
- Prospect data — we do not retain prospect data at all. It is forwarded via webhook in real time and not stored on our servers.
- Analytics data — anonymized usage metrics (page views, lead counts) are retained for as long as your account is active.
Your rights under the AVG/GDPR
As a user in the European Economic Area, you have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — request correction of inaccurate data.
- Erasure — request deletion of your data ("right to be forgotten").
- Restriction — object to or restrict certain processing.
- Portability — export your data in a portable format.
- Objection — object to processing based on legitimate interests.
To exercise any of these rights, email us at the address below. We'll respond within 30 days.
Contact us
Questions about your privacy? We're all ears (potatoes don't have ears, but you get the idea). Reach out at privacy@toolpotato.com.