Privacy Policy

Last updated: March 5, 2026

Tool Atlas ("we", "us", "our") operates the website at thetoolatlas.com. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights under the General Data Protection Regulation (GDPR) and other applicable privacy laws.

If you have any questions or wish to exercise your rights, please contact us at privacy@thetoolatlas.com.

1. Data Controller

The data controller responsible for your personal data is:

Tool Atlas
Website: thetoolatlas.com
Email: privacy@thetoolatlas.com

2. Personal Data We Collect

We collect the following categories of personal data:

Grid Block Purchases

When you purchase advertising space we collect: your email address, company/brand name, the image URL you submit, and your website URL. We also store the grid coordinates of your purchased area, the purchase price, and the date of purchase.

Lawful basis: performance of a contract (Article 6(1)(b) GDPR) — this data is necessary to fulfil your purchase and place your block on the grid.

Business Account (Claim)

If you claim a business listing you provide your email address and create a password (stored as a secure bcrypt hash — we never store your plain-text password). You may also optionally provide business details such as address, phone, description, and social media links.

Lawful basis: performance of a contract (Article 6(1)(b) GDPR) — to provide you with account access and business management features.

Reviews

When you submit a review you provide your name (displayed publicly after approval), an optional email address (not displayed publicly; used only for internal moderation), a star rating, and review text.

Lawful basis: legitimate interests (Article 6(1)(f) GDPR) — enabling genuine public reviews is a legitimate interest of both the business being reviewed and the general public.

Page View Analytics (Business Profiles)

We record page views on business profile pages to provide owners with visitor statistics. We store a hashed, anonymised token derived from your IP address and the current date using SHA-256. Your raw IP address is never stored. The hash changes daily and cannot be reversed to identify you.

Lawful basis: legitimate interests (Article 6(1)(f) GDPR) — providing business owners with aggregated, anonymised traffic insights.

3. Cookies & Similar Technologies

Strictly Necessary Cookies

We use a PHP session cookie (PHPSESSID) to maintain your login session if you are a business owner. This cookie is deleted when you close your browser or log out. No consent is required for this cookie as it is essential for the service to function.

Analytics Cookies (Requires Consent)

With your consent, we use Google Analytics 4 (GA4) to understand how visitors use our website. GA4 sets cookies (_ga, _ga_*) that persist for up to 2 years. Google Analytics data is processed by Google LLC under the EU–US Data Privacy Framework.

You can change your analytics preference at any time using the button below:

Third-Party Cookies

Stripe may set cookies during the payment checkout process for fraud prevention and security. These are strictly necessary for completing payments. Google Fonts is loaded from fonts.googleapis.com; Google may log the request but we do not receive personal data from this service.

4. How We Use Your Data

  • To display your purchased advertising block on the grid.
  • To process your payment via Stripe and confirm your purchase.
  • To provide you with a business owner account and management tools.
  • To display approved reviews on business profile pages.
  • To provide business owners with anonymised page-view statistics.
  • To analyse site usage and improve the service (analytics, with consent only).
  • To comply with legal obligations.

5. Data Sharing & Third-Party Processors

We do not sell your personal data. We share data only with the following processors as necessary to operate the service:

Processor Purpose Location
Stripe, Inc. Payment processing USA (EU–US DPF)
Google LLC Analytics (GA4) — consent-gated USA (EU–US DPF)
Hostinger Website hosting & database EU / Lithuania

6. Data Retention

  • Purchase records — retained indefinitely as your block is permanent. Contact us to request deletion of your email from the purchase record.
  • Business owner accounts — retained while your listing exists. You may request account deletion at any time.
  • Reviews — retained while the business listing exists. Reviewers may request removal of their review by contacting us.
  • Anonymised page-view hashes — retained for 90 days, then automatically deleted.
  • Analytics data (GA4) — governed by Google's data retention settings (default 14 months).

7. Your Rights Under GDPR

If you are located in the European Economic Area (EEA) or UK, you have the following rights:

Right of Access
Request a copy of the personal data we hold about you.
Right to Rectification
Ask us to correct inaccurate or incomplete data.
Right to Erasure
Request deletion of your personal data ("right to be forgotten").
Right to Restriction
Ask us to limit how we process your data in certain circumstances.
Right to Portability
Receive your data in a structured, machine-readable format.
Right to Object
Object to processing based on legitimate interests (e.g. analytics).
Right to Withdraw Consent
Withdraw analytics consent at any time without affecting lawfulness of prior processing.
Right to Lodge a Complaint
Complain to your national supervisory authority (e.g. the ICO in the UK, or your country's DPA).

To exercise any of these rights, email us at privacy@thetoolatlas.com. We will respond within 30 days.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction. Passwords are hashed using bcrypt. Payments are handled entirely by Stripe — we never receive or store your card details. Our website is served over HTTPS.

9. Children's Privacy

Tool Atlas is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The "last updated" date at the top of this page will reflect any changes. Continued use of the site after changes are posted constitutes your acknowledgement of the updated policy.

11. Contact Us

For any privacy-related questions, data subject requests, or to withdraw consent, please contact:

Tool Atlas — Privacy Team
privacy@thetoolatlas.com