Privacy Policy

Last updated: 30 March 2026

Engage Digital Projects Ltd (“we”, “us”, “our”) operates the ToneHone mobile application (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your personal data and complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

1. Data Controller

Engage Digital Projects Ltd is the data controller for the personal data processed through ToneHone. Registered in England and Wales.

• Email: privacy@tonehone.app

2. Data We Collect

2.1 Account Data

When you create an account, we collect:

• Email address (or Apple/Google identifier if using social sign-in)
• Authentication tokens (stored securely in iOS Keychain)
• Account creation date

2.2 Conversation Data

When you use ToneHone to generate replies, we process:

• Messages you paste into the app (the text you want to reply to)
• Your tone profile settings (slider values and presets)
• AI-generated suggestions and any refinements you make
• Conversation metadata (names, platform labels you assign)

2.3 Usage Data

• Credit balance and transaction history
• Feature usage patterns (which features you use, not what you write)
• App performance data (crash reports via Sentry, with PII removed)

2.4 Data We Do NOT Collect

• We do not access your contacts, photos, or camera (unless you choose to paste an image)
• We do not read messages from other apps
• We do not collect location data
• We do not use cookies or web tracking on the mobile app

3. How We Use Your Data

We process your data under the following lawful bases:

• Contract performance (Article 6(1)(b)): To provide the ToneHone service, generate AI replies, manage your account, and process credit purchases.
• Legitimate interests (Article 6(1)(f)): To improve our service, prevent fraud, ensure security, and analyse aggregate usage patterns. We balance our interests against your rights and freedoms.
• Consent (Article 6(1)(a)): For optional push notifications and marketing communications. You can withdraw consent at any time.

4. AI Processing

ToneHone uses third-party AI services (OpenAI) to generate reply suggestions. When you request a suggestion:

• The message you paste and your tone profile are sent to the AI provider for processing
• We do not send your name, email, or any identifying information to the AI provider
• AI-generated responses are returned to you and stored in our database for your refinement workflow
• We do not use your conversations to train AI models. Your data is processed only to fulfil your request.
• OpenAI's data processing is governed by their API data usage policy, which prohibits using API inputs for training

5. Data Storage & Security

• UK data residency: All personal data is stored on servers in the UK (eu-west-2 region) via Supabase PostgreSQL
• Encryption at rest: All database data is encrypted at rest using AES-256
• Encryption in transit: All data is transmitted over TLS 1.2+
• Authentication tokens: Stored in iOS Keychain with kSecAttrAccessibleAfterFirstUnlock protection
• Audit logging: All significant actions (billing, AI generation, data export/deletion) are logged in an immutable audit trail with PII sanitised
• Access control: Row-level security (RLS) policies ensure you can only access your own data

6. Data Sharing

We share your data only with:

• OpenAI: Message content and tone settings for AI reply generation (no identifying data)
• Supabase: Database hosting and authentication infrastructure (UK region)
• Apple: In-app purchase transaction validation (receipt data only)
• Sentry: Anonymised crash reports and performance monitoring (PII removed)
• Vercel: API hosting infrastructure

We do not sell, rent, or trade your personal data to third parties. We do not share data with advertisers or data brokers.

7. Data Retention

• Account data: Retained while your account is active, deleted within 30 days of account deletion
• Conversation data: Retained while your account is active. You can delete individual conversations at any time.
• AI generations: Retained for 90 days after creation, then automatically purged
• Audit logs: Retained for 2 years for compliance purposes, with PII anonymised
• Billing records: Retained for 7 years as required by UK tax law

8. Your Rights (UK GDPR)

You have the following rights regarding your personal data:

• Right of access: Request a copy of all data we hold about you via the app (Account Settings → Export My Data) or by emailing us
• Right to rectification: Update your account information at any time
• Right to erasure: Delete your account and all associated data via the app (Account Settings → Delete Account) or by emailing us. Deletion is permanent and includes all conversations, tone profiles, AI generations, and billing records (except where retention is legally required)
• Right to data portability: Export your data in a machine-readable JSON format
• Right to restrict processing: Request we limit how we process your data
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: Withdraw consent for push notifications or marketing at any time

To exercise any of these rights, use the in-app controls or contact us at privacy@tonehone.app. We will respond within 30 days.

9. International Transfers

Your data is primarily stored in the UK. Where data is processed outside the UK (e.g., OpenAI API calls to US servers), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) and adequacy decisions where available.

10. Children's Privacy

ToneHone is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 18, we will delete it promptly.

11. Keyboard Extension

The ToneHone keyboard extension operates within Apple's security sandbox. It:

• Does not have “Full Access” — it cannot send keystrokes to external servers
• Communicates with the ToneHone app only through Apple's App Group mechanism
• Stores your authentication token and tone preferences locally via App Group UserDefaults
• Makes API calls only to ToneHone's own servers for reply generation

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via in-app notification or email. The “Last updated” date at the top of this page indicates when this policy was last revised.

13. Complaints

If you are not satisfied with our response to a privacy concern, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Telephone: 0303 123 1113

14. Contact Us

For privacy-related enquiries:

• Email: privacy@tonehone.app
• Support: tonehone.app/support