← Back to Tollgate

Privacy Policy

Last updated: May 8, 2026

1. What We Collect

We collect only what is necessary to operate the Service:

  • Account data — your email address, hashed password, and organization name
  • Agent data — agent names and hashed API keys
  • Policy data — the YAML policies you write and save
  • Action data — every call to tg.check(), including action name, payload, decision, and timestamp
  • Slack integration data — workspace name, team ID, and encrypted OAuth token if you connect Slack
  • Usage data — basic request logs for debugging and reliability

We do not collect payment information directly (we have no billing system yet). We do not sell your data to third parties.

2. How We Use Your Data

  • To authenticate you and operate your account
  • To evaluate your policies against agent actions in real time
  • To send approval notifications to Slack on your behalf
  • To send transactional emails (password resets) via Resend
  • To display your audit log and dashboard statistics
  • To diagnose errors and improve reliability

We do not use your action payloads or policy data to train machine learning models.

3. Data Storage and Security

Your data is stored in a PostgreSQL database hosted on Railway in the United States. Slack OAuth tokens are encrypted at rest using AES-256. API keys are stored as HMAC hashes — we cannot recover plaintext keys. Passwords are hashed using bcrypt.

We use HTTPS for all data in transit. Access to production infrastructure is restricted to authorized personnel.

4. Third-Party Services

We use the following third-party services to operate Tollgate:

  • Railway — API hosting and database (United States)
  • Vercel — frontend hosting (global CDN)
  • Resend — transactional email delivery
  • Slack — approval notifications (only if you connect your workspace)

Each of these services has their own privacy policies governing their handling of data.

5. Action Payload Data

When your agent calls tg.check(), the payload you pass is stored in our database as part of the audit record. Do not pass sensitive personal data (passwords, full credit card numbers, SSNs) as action payloads. Use anonymized identifiers (e.g. customer_id) instead of raw PII.

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, your data is permanently deleted within 30 days. Audit log entries are retained for 12 months by default. We do not currently offer configurable retention periods, but plan to.

7. Your Rights

You have the right to:

  • Access the data we hold about you
  • Correct inaccurate data
  • Request deletion of your account and associated data
  • Export your audit log data

To exercise any of these rights, email [email protected].

8. Cookies

We do not use tracking cookies. The dashboard uses localStorage to store your authentication token. No third-party analytics or advertising cookies are set.

9. Changes to This Policy

We may update this Privacy Policy as the Service evolves. Material changes will be communicated via email. The "last updated" date at the top of this page reflects the most recent revision.

10. Contact

Privacy questions or concerns? Email [email protected].