Effective: March 19, 2026 · Version v1.0
We collect information you provide when creating an account (email, name, practice name), data you enter into ToxPop (inventory logs, unit usage), and basic usage data to improve the service.
We use your data to provide and improve the ToxPop service, authenticate your account, send important service updates, and process billing. We do not sell your data to third parties.
Your data is stored securely using Supabase (PostgreSQL) with industry-standard encryption. We use row-level security to ensure users can only access their own data.
We share your data only with trusted service providers necessary to operate ToxPop (e.g., cloud hosting, payment processing). All third parties are bound by confidentiality obligations.
If you are part of a Med Spa team, your name, activity logs, and inventory usage are visible to the practice owner and other team members within your practice workspace.
ToxPop uses cookies solely for authentication and session management. We do not use tracking or advertising cookies.
You may request access to, correction of, or deletion of your personal data at any time by contacting us. Account deletion removes all associated data from our systems within 30 days.
If we make material changes to this policy, you will be notified in-app and required to accept the updated policy before continuing to use ToxPop.
Privacy questions? Email us at hello@toxpop.com