Privacy Policy

Effective date: July 5, 2026
Last updated: July 5, 2026

This Privacy Policy explains how Tinkerkeep ("Tinkerkeep," "we," "us," or "our") collects, uses, shares, and protects information when you use our website, platform, and services (collectively, the "Service"). Tinkerkeep is a company incorporated in North Carolina, United States.

Tinkerkeep operates a marketplace where independent builders publish small, single-purpose AI tools that you can discover, activate, configure, and run. When you activate a tool, the platform may connect to third-party services on your behalf (for example, Google) so the tool can do its job. This policy covers the data the platform handles. It does not govern how third-party services you connect handle your data under their own privacy policies.

By using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

Who is responsible for your data

Tinkerkeep is the data controller for the personal information described here. For privacy questions or to exercise your rights, contact us at info@tinkerkeep.com.

Information we collect

We collect only what we need to operate the Service.

Account information. When you sign up, our authentication provider collects your name and email address and creates an account for you. We use this to identify you, secure your account, and communicate with you.

Information from connected services (Google and others). When you activate a tool that connects to a third-party service such as Google, you grant that connection through the provider's standard consent flow (OAuth). Depending on which tools you activate and which permissions you approve, we may access data from services such as Gmail, Google Calendar, or Google Drive in order to run the tool you activated. We store the access credentials for each connection in encrypted form and use the connected data only to perform the function you requested. See "How we handle Google user data" below.

Tool configuration. Settings and inputs you provide to configure the tools you activate.

Usage and diagnostic data. Logs and metrics about how the Service runs — for example, when a tool executes, whether it succeeded, performance and error data, and resource usage. We use this to operate, secure, debug, and improve the Service.

Billing information. If you subscribe to a paid plan or buy credits, our payment processor collects and processes your payment details. We do not store full payment card numbers ourselves; we receive limited billing metadata (such as plan, status, and the last four digits of a card) from the processor.

Fraud-prevention signal. To prevent abuse of free trials and fraudulent activity, we collect a device signal (a "device fingerprint") when you sign up. We use this strictly for security and abuse prevention, not for advertising or marketing.

Onboarding and optional inputs. If you complete our optional onboarding questionnaire, we collect your responses to suggest relevant tools and to inform our product roadmap. Aggregated insights are anonymized by default.

Referral information. If you join through a referral link, we record the referral so we can attribute it correctly. A referral connects the referring and referred accounts for attribution purposes only.

How we use information

We use the information we collect to:

How we handle Google user data

Tinkerkeep's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

You can review and revoke Tinkerkeep's access to your Google account at any time at Google Account permissions.

How we share information

We do not sell your personal information. We share information only with the service providers ("sub-processors") that help us run the Service, and only as needed for them to perform their function. Our current sub-processors are:

Sub-processor Purpose Data involved
Clerk User authentication and account management Name, email, account/session data
Google OAuth connections and APIs for tools you activate Google account data you authorize
Cloudflare Hosting, storage, content delivery, and platform infrastructure All Service data is processed on this infrastructure
Stripe Payment processing and builder payouts Billing and payment data
Postmark Transactional email (e.g., account and billing notices) Email address, message content

We may also disclose information if required by law, to enforce our terms, to protect the rights, safety, and security of users or the public, or in connection with a corporate transaction such as a merger or acquisition.

As we add capabilities (such as additional AI inference providers), we will update this sub-processor list before those providers process your data.

Cookies and similar technologies

We use strictly necessary cookies to keep you signed in and to keep the Service secure. We use the device-fingerprint signal described above for fraud prevention. We do not use third-party advertising or marketing trackers. Where required by law, we will obtain consent before using any non-essential cookies or tracking technologies.

Data retention

We keep personal information for as long as your account is active or as needed to provide the Service, and afterward only as required to comply with our legal obligations, resolve disputes, and enforce our agreements. When you delete your account, we delete or anonymize your personal information within a reasonable period, except where retention is required by law (for example, transaction records for tax and accounting). Connection credentials are deleted when you remove a connection or delete your account.

Security

We protect your information using industry-standard measures, including encryption in transit and encryption of stored connection credentials, access controls, and audit logging of administrative access. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

Your rights

Depending on where you live, you may have rights to access, correct, delete, or export your personal information, to object to or restrict certain processing, and to withdraw consent. To exercise any of these rights, contact us at info@tinkerkeep.com. We will respond as required by applicable law. You also have the right to lodge a complaint with your local data protection authority.

International transfers

We are based in the United States and process data there. If you access the Service from outside the United States, your information will be transferred to and processed in the United States and other countries where we or our sub-processors operate, which may have different data protection laws than your country.

Children's privacy

The Service is not directed to children under 13 (or the minimum age required in your jurisdiction), and we do not knowingly collect personal information from them. If you believe a child has provided us personal information, contact us at info@tinkerkeep.com and we will delete it.

Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you. Your continued use of the Service after an update means you accept the revised policy.

Contact us

If you have questions about this Privacy Policy or our data practices, contact us at:

Tinkerkeep
North Carolina, United States
info@tinkerkeep.com