Effective Date: October 14, 2025
1. Who We Are
MicroTools ("we," "our," "us") operates the website https://microtools.tools and the MicroTools web application. We provide AI-powered utilities that help businesses create documents, emails and marketing content.
2. Information We Collect
- Account Data: Email address, password hash, profile info - to create and manage your account
- Billing Data: Payment method details handled by Stripe (we never see your card details)
- Usage Data: Documents generated, tool usage counts - to provide service and analytics
- AI Input/Output Data: Text you enter and AI responses - to generate your requested content
- Technical Data: Browser type, IP address (anonymized) - for security and analytics
3. How We Use Information
- To operate and improve the platform
- To provide AI generation services requested by you
- To bill and collect payments through Stripe
- To send essential emails (login, billing, notifications)
- To comply with legal obligations and prevent fraud
3a. Legal Basis for Processing (GDPR Article 6)
We process your personal data under the following legal bases:
| Data Type | Legal Basis | Purpose |
|---|
| Account data | Contract | To provide services |
| Billing data | Contract | To process payments |
| Usage data | Legitimate Interest | To improve platform |
| Marketing emails | Consent | To send updates (opt-in) |
| Analytics cookies | Consent | To analyze usage (opt-in) |
4. Third-Party Processors
- Supabase Inc. - Database, authentication & file storage
- Stripe Inc. - Payment processing
- OpenAI LLC - AI content generation
- Resend - Transactional email delivery
4a. International Data Transfers (GDPR Chapter V)
Some of our service providers are located outside the UK/EEA:
- OpenAI LLC (USA) - AI content generation
Protected by: Standard Contractual Clauses (SCCs) and OpenAI's Data Processing Agreement
OpenAI Privacy Policy → - Stripe Inc. (USA) - Payment processing
Protected by: Standard Contractual Clauses (SCCs) and Stripe's Data Processing Agreement
Stripe Privacy Policy →
We ensure all international transfers comply with GDPR Chapter V requirements through appropriate safeguards.
5. Your Rights (GDPR)
Under UK GDPR, you have the following rights:
- Right of Access - Request a copy of your personal data
- Right to Rectification - Request correction of inaccurate data
- Right to Erasure - Request deletion of your data ("right to be forgotten")
- Right to Restrict Processing - Request limitation of how we use your data
- Right to Data Portability - Receive your data in a machine-readable format
- Right to Object - Object to processing based on legitimate interests
- Right to Withdraw Consent - Withdraw consent for marketing emails or analytics cookies
To exercise any of these rights, contact: privacy@microtools.tools
5a. Right to Lodge a Complaint
If you're unhappy with how we handle your data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):
6. Data Retention
Account data is kept while your account is active. Documents and logs are deleted within 30 days of account deletion.
7. Automated Decision-Making (GDPR Article 22)
We use AI to generate content based on your inputs. This is not automated decision-making that produces legal effects or similarly significantly affects you.
Important: You retain full control over all AI outputs and must review them before use. The AI provides suggestions and drafts, not final decisions. You are responsible for verifying accuracy and compliance of all generated content.
8. Cookies
We use essential cookies for authentication and optional analytics cookies (with your consent). For full details, see our Cookie Policy.
9. Contact
Data Controller: Hillmade
Data Protection Contact: privacy@microtools.tools