Data Security and Privacy at Toggles

How we protect user data, ensure secure access, and maintain compliance.

Data Security

  • • All data is stored in a secure, enterprise-grade backend-as-a-service platform.
  • • Data is encrypted both at rest and in transit.
  • • Row-level access controls are enforced for all database tables to ensure strict isolation.

Access Control & Authentication

  • • Toggles does not store or manage user passwords.
  • • Authentication is handled via Microsoft Outlook (OAuth / OpenID Connect) or email login.
  • • Only users who can authenticate through Outlook have access to their Toggles account data.

File Handling & Storage

  • • Files are stored in isolated organization-specific storage buckets.
  • • Files are named using randomly generated identifiers to prevent guessing or exposure.
  • • Access to download files is provided via signed URLs that are short-lived and secure.

Infrastructure Location & Backups

  • • All systems and data are hosted in the United States.
  • • Automated daily backups are maintained by our hosting provider.

Data Retention & Deletion

  • • Files not tied to workflows will be auto-deleted in the future as part of planned cleanup.
  • • Users can request deletion of their data at any time via support.
  • • When an account is deleted, all associated data is removed permanently.

Permissions & Scope

  • • Toggles runs inside Outlook compose and reply flows. Users remain in control of applying, reviewing, and sending every email.
  • • Toggles uses Microsoft identity permissions for sign-in and basic profile access. It does not request Microsoft Graph Mail.Read or Mail.Read.Shared permissions.

Data We Don't Collect

  • • We do not passively collect, monitor, or store inbox messages, contacts, calendar items, or private file storage outside content a user intentionally saves into Toggles.
  • • No cookies or tracking beyond the standard telemetry sent through the Microsoft add-in framework.

Email Data Handling

  • • Toggles performs all email analysis locally within Outlook — email body, subject lines, and recipient addresses are never transmitted to our servers during normal compose or reply use.
  • • When you explicitly save a workflow from a draft, that draft's content (body, subject, and recipients) is stored solely to build your workflow template.
  • • Toggles does not analyze, scrape, or passively collect the contents of your emails at any time.

Admin Controls & Consent

  • • Admins can deploy, restrict, or remove Toggles via AppSource and the Microsoft admin portals.
  • • Users and tenant admins can revoke permissions at any time in the My Apps portal.

Platform Certifications

  • • Toggles does not currently maintain its own SOC 2 or ISO 27001 certification.
  • • Toggles is hosted on third-party cloud infrastructure that maintains industry security and compliance programs.

Admin Access & Logging

  • • Access by any employee must be granted by leadership.
  • • Data access is only granted as-needed for performing job responsibilities.

Third-Party Services

  • • Stripe is used for payment processing; no credit card data is stored by Toggles.
  • • Resend is used to send transactional and onboarding emails.
  • • Microsoft may collect usage analytics via the Office.js Outlook integration.

For Administrators

  • • No domain-wide Graph mailbox access required – Toggles operates on a per-user basis and does not request Mail.Read or Mail.Read.Shared.
  • • Limited mailbox use – The add-in is designed for compose and reply workflows. Toggles does not request Microsoft Graph mailbox-read scopes and does not perform ongoing inbox monitoring, scraping, or passive email collection.
  • • All user authentication is handled by Microsoft – We rely on OAuth/OpenID via Microsoft Identity, with no password storage by Toggles.
  • • Admin controls – Most users can sign in directly, while some organizations may still require admin approval based on their Microsoft tenant policies.
  • • Data residency – All data and files are stored in the United States.
  • • Microsoft AppSource listing – Toggles is available through Microsoft AppSource and can be deployed or restricted through Microsoft admin controls.

For more details, refer to our Privacy Policy and Terms of Service.

If you have any questions or concerns about our security practices, please contact us.

Last Updated: June 14th, 2025