Legal

Privacy Policy

Privacy Policy for toldly.

Privacy Policy for toldly

Effective date: 29 June 2026

1. Controller

The controller responsible for this app and this website is:

Tim Kolodziej Fontanestr. 6 34246 Vellmar Germany

Privacy email: E-Mail Support: E-Mail

2. Overview

toldly is a local-first organizer for moments, notes, contacts, birthdays, reminders and personal organization. The app can generally be used without a user account, without sign-in, without advertising and without analytics or tracking SDKs.

Your content stays local on your device by default. Data only leaves your device when you use features that technically require processing outside the device or that are provided by device or operating-system services. This particularly applies to AI features, speech recognition and visits to this website.

3. Locally stored app content

Content you create, such as moments, appointments, tasks, reminders, notes, contacts, people, companies, birthdays and optional profile pictures, is stored locally on your device.

toldly does not operate its own user-account server for this local content and does not synchronize this data with a toldly backend by default. The data remains stored until you delete it in the app, reset the local app data or uninstall the app.

4. AI Assistant

Use of the AI Assistant is optional. When you use the AI Assistant, for example through text input, a voice command after conversion into text, or a daily briefing, the text you enter is sent for processing to a toldly Supabase Edge Function and from there to OpenRouter. OpenRouter routes the request to connected model providers, for example OpenAI or other available AI providers.

Depending on your input, this text may contain personal data, such as names, appointments, contacts, notes or other information you enter yourself.

The purpose of the processing is to provide the assistant feature, in particular to understand your input, generate a response and execute permitted app commands.

The legal basis is Art. 6(1)(b) GDPR where the processing is necessary to provide the app feature you requested. Where required, we additionally rely on Art. 6(1)(f) GDPR, our legitimate interest in providing a functional, secure and user-friendly app.

toldly does not permanently store your AI inputs in its own user database. However, technical operational data, log data or metadata may be processed by involved service providers for provision, security, error analysis, billing or abuse prevention. Processing by OpenRouter and connected model providers is also subject to their respective terms and privacy information.

Simple commands may be recognized and processed locally on your device. In these cases, no AI request is triggered and the input does not leave your device.

5. Speech recognition

Voice input is optional. It uses the speech recognition functionality of the device or operating system. Depending on the device, operating system, language setting and configuration, audio may be processed locally or by services of the operating-system provider.

toldly itself does not operate its own audio server for voice input. The app receives the recognized transcript as text. You can review and edit the text before sending it. Only when you send the text will it be processed like normal text input.

6. App permissions

toldly only requests permissions when they are needed for a specific feature:

Microphone / speech recognition: for optional voice input.

Camera / photos: when you take or select a profile picture.

Notifications: for local reminders on your device.

Local reminders are provided without a dedicated push server.

7. Website and server log files

When you visit toldly.app, the website hosting provider processes technically necessary access data so that the website can be delivered. This may include, in particular, IP address, date and time of access, page accessed, browser type, operating system, referrer URL and technical status information.

The website hosting provider is:

TrafficPlex GmbH Project lima-city Konsul-Smidt-Str. 90 28217 Bremen Germany

The purpose of the processing is the secure and reliable provision of the website. The legal basis is Art. 6(1)(f) GDPR, our legitimate interest in operating, securing and maintaining the technical stability of the website.

toldly.app does not use analytics or tracking tools and does not use advertising cookies.

8. Contact by email

If you contact us by email, we process the data you provide, in particular your email address, the content of your message and technical email metadata, in order to handle your request.

The legal basis is Art. 6(1)(b) GDPR if your request relates to the use of the app or to pre-contractual or contractual matters. In other cases, the legal basis is Art. 6(1)(f) GDPR, our legitimate interest in handling inquiries.

9. No advertising, no tracking

toldly contains no advertising, no advertising SDKs, no analytics SDKs and no tracking SDKs. toldly does not create advertising profiles and does not share data for advertising purposes.

10. Recipients and service providers

When using the app locally without AI features, your locally stored content is not transmitted to toldly servers.

When using AI features, the following service providers or categories of recipients may be involved:

Supabase, for operating the Edge Function as a technical intermediary.

OpenRouter, for routing and processing AI requests.

Connected AI model providers, for example OpenAI or other providers, depending on the model used.

When visiting the website, the hosting provider may process access data:

TrafficPlex GmbH / lima-city, for hosting and delivering the website.

These service providers may receive personal data only to the extent necessary to provide the respective feature.

11. International data transfers

When using AI features, data may be transferred to service providers or model providers outside the European Union or the European Economic Area, in particular to the United States.

The transfer is encrypted via HTTPS. Where required, such transfers are based on appropriate safeguards such as standard contractual clauses, adequacy decisions or comparable protection mechanisms of the involved service providers.

The website hosting provider is located in Germany.

12. Storage period and deletion

Locally stored content remains stored on your device until you delete it in the app, use the “Delete local data” function or uninstall the app.

toldly does not permanently store AI inputs in its own user database. Where technical metadata, log data or billing data is created by service providers, the respective retention periods of those service providers apply.

Website log files are stored only for as long as necessary for operation, security, error analysis or abuse prevention.

You can remove local data in the app via Settings → “Delete local data”. Privacy requests can be sent to E-Mail.

13. Your rights

Where the GDPR applies, you have the right of access, rectification, erasure, restriction of processing, data portability and objection.

Because toldly works by default without a user account and your main data is stored locally on your device, toldly cannot centrally view, modify or delete much of your local content. Deletion of your local content takes place directly on your device through the app settings or by uninstalling the app.

You also have the right to lodge a complaint with a data protection supervisory authority.

14. No automated decision-making

toldly does not use automated decision-making within the meaning of Art. 22 GDPR and does not create user profiles for advertising or tracking purposes.

15. Children

toldly is not directed at children. The app is intended as a personal organizer for general users and does not contain content specifically directed at children.

16. Changes to this Privacy Policy

We may update this Privacy Policy if toldly, service providers used by toldly or legal requirements change. The current version is available at toldly.app/privacy. The effective date above indicates the latest update.

17. Contact

Privacy: E-Mail Support: E-Mail Legal inquiries: E-Mail Security reports: E-Mail