Skip to content
ToolFarmToolFarm

Privacy policy

Last updated: 26 May 2026

This Privacy Policy describes the processing of personal data carried out through toolfarm.io (the "Site"), in accordance with Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the Safeguarding of Digital Rights (LOPDGDD).

1. Data controller

The controller responsible for processing personal data is:

  • Company name: Zerkan Technologies S.L.
  • Tax ID (CIF / NIF): B27557933
  • Address: Calle Castelao 121 Bajos, 08902 L'Hospitalet de Llobregat, Barcelona, Spain
  • Data-protection contact email: contact@toolfarm.io
  • Website: toolfarm.io

2. Data we process

ToolFarm is designed to perform most operations in the user's browser, so files and text entered by the user are not transmitted to our servers unless a specific tool requires it and explicitly states so.

When the user grants analytics consent in the cookie banner, the Site processes the following categories of data:

  • An anonymous visitor identifier (UUID v7) stored locally in the browser.
  • Events about navigation and tool usage (page viewed, tool opened, success or error, anonymised input size category, locale, environment).
  • Coarse user-agent family (Chrome, Safari, Firefox, etc.), never the raw User-Agent string.
  • Information collected by Microsoft Clarity (session recordings, heatmaps, clicks) and Google Analytics 4 (aggregated traffic metrics).

Files, input contents, output contents, file names and the full User-Agent are never transmitted or stored.

3. Purposes of processing

Data is processed solely to:

  • Provide and maintain the Site and its tools.
  • Analyze usage of the Site in an aggregated, anonymous manner.
  • Comply with applicable legal obligations.

4. Legal basis

The legal basis for processing is the legitimate interest of the provider in the proper operation of the Site (article 6.1.f GDPR), except where another legal basis applies (consent or compliance with a legal obligation), in which case it will be stated explicitly.

5. Retention period

Retention periods apply per category:

  • First-party analytics events stored on our own infrastructure (Amazon DynamoDB, eu-west-1): 90 days, after which records are deleted automatically by a TTL policy.
  • Microsoft Clarity session data: per Microsoft's published Clarity retention policy.
  • Google Analytics 4 user-level data: 14 months (the maximum configured in our Google Analytics property).
  • Aggregated, fully anonymous metrics may be retained for longer for historical comparisons.

6. Disclosure to third parties

To analyse traffic and improve the experience we use:

  • Microsoft Clarity (operated by Microsoft Corporation): session recordings and heatmaps. Privacy policy: https://privacy.microsoft.com.
  • Google Analytics 4 (operated by Google LLC): aggregated traffic measurement. Privacy policy: https://policies.google.com/privacy.

Both providers act as independent data controllers for the data they process under their own terms. They may transfer data outside the EU; in those cases they rely on Standard Contractual Clauses or other safeguards provided for in articles 44 to 49 GDPR.

For first-party analytics we use Amazon Web Services (AWS) infrastructure in the eu-west-1 region (Ireland). Data does not leave the European Economic Area.

7. International transfers

The Site is hosted on infrastructure that may include servers in different regions. Where an international transfer occurs, the safeguards provided for in articles 44 to 49 GDPR will apply.

8. Your rights

Under articles 15 to 22 GDPR, you have the following rights:

  • Access to your personal data.
  • Rectification of inaccurate data.
  • Erasure where applicable.
  • Restriction of processing.
  • Objection to processing.
  • Data portability.
  • Not to be subject to automated decisions with legal effects.
  • Withdrawal of consent at any time, where consent was the basis.

9. How to exercise your rights

To exercise any of the rights above, write to contact@toolfarm.io, providing sufficient identification. Your request will be processed within the legal timeframes.

10. Right to lodge a complaint

If you consider that the processing of your personal data does not comply with applicable law, you have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos, AEPD), C/ Jorge Juan 6, 28001 Madrid (www.aepd.es).

11. Changes

This policy may be updated to reflect legal or operational changes. The last-updated date is shown at the top of this page.