Privacy Policy

Last Updated: March 2, 2026
Scope: Toolcross, Xyfusion, Lead Management, & On-Demand Services

This Privacy Policy outlines how Toolcross ("we", "us") collects, uses, and protects data across our Enterprise SaaS products and Custom Development Services. It distinguishes our role as a Data Controller for our direct clients and a Data Processor for end-users.

1. Introduction

At Toolcross, we respect your privacy. This policy explains how we handle data for our two primary business activities:

  1. SaaS Products: Subscription-based software (e.g., Xyfusion, Health Management Systems).
  2. Development Services: Custom software development, freelancing, and enterprise solutions provided on request.

2. Our Role: Controller vs. Processor

To ensure compliance with global data standards (GDPR, CCPA), we distinguish our responsibilities:

Toolcross as Data Controller

We control data for our direct clients (Freelance Clients & SaaS Subscribers). This includes your billing info, project specs, and account details.

Toolcross as Data Processor

We process data on behalf of our Subscribers. For example, if a Gym uses our software to store member health data, the Gym is the Controller; we are merely the Processor.

3. Information We Collect

A. Information You Provide (Clients & Subscribers)
  • Account Data: Name, email, phone number, and billing address.
  • Project Specifications: For development services, we collect business logic, proprietary assets, and requirements documents.
  • Support Data: Queries sent to our helpdesk.
B. Information Processed via SaaS (End-Users)

Depending on the product, we may host:

  • End-User Profiles: Names, contacts, attendance logs.
  • Health & Biometric Data: (Strictly as input by the Subscriber for Health Management Systems).
  • Financial Logs: Transaction histories (Credit card numbers are tokenized via third-party gateways).

4. Purpose of Processing

Purpose Legal Basis
To provide SaaS functionality & Maintenance Performance of Contract
To deliver Custom Development Services Performance of Contract (SOW/MSA)
To process billing & prevent fraud Legitimate Interest & Legal Obligation

5. Data Sharing & Subprocessors

We do not sell data. We share data only with trusted infrastructure providers required to run our services:

  • Cloud Hosting: (e.g., AWS, Google Cloud) for database storage.
  • Payment Gateways: (e.g., Stripe, PayPal) for secure billing.
  • Communication: Email delivery services for transactional alerts.

6. Intellectual Property (Development Services)

For clients hiring us for custom development:

  • We treat your project specifications and business logic as Confidential Information.
  • Unless strictly agreed otherwise, we do not claim ownership over custom code built specifically for you once payment is settled.
  • We do not share your proprietary code or trade secrets with other clients.

7. Security Measures

We employ industry-standard security, including TLS encryption for data in transit, encryption at rest for sensitive databases, and strict role-based access control (RBAC) for our internal teams.

8. Data Retention

We retain personal data only as long as necessary. Upon termination of a SaaS subscription, data is held for a grace period (e.g., 30 days) to allow for reactivation or export, after which it is permanently deleted or anonymized.

9. Your Rights

You have the right to access, correct, or delete your data. Note for End-Users: If you are a customer of one of our Subscribers (e.g., a gym member), please contact the business directly. As a Data Processor, we cannot fulfill data requests without the Controller's authorization.

10. Contact Us

Toolcross Privacy Team
Email: privacy@toolcross.com
Address: [Insert Physical Company Address]