Privacy Policy | Toward
Toward Toward
Legal

Privacy Policy

Toward.One · Effective Date: January 1, 2026 · Last Updated: January 1, 2026

This Privacy Policy ("Policy") describes how Pathfix, Inc., a Delaware corporation ("Company," "we," "us," or "our"), collects, uses, and protects your information when you use Toward.One ("Service").

By using Toward, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Account Information

When you create a Toward account, we collect:

  • Email address
  • Password (hashed and encrypted)
  • Account name/display name
  • Optional profile information you provide

1.2 Content You Submit

We collect and store:

  • Text updates you write
  • Voice/audio messages you record
  • Files you upload
  • Metadata about these submissions (timestamps, source)

1.3 Usage Data

We automatically collect:

  • IP address and device information
  • Browser type and operating system
  • Pages visited and features used
  • Time spent in the Service
  • Interaction patterns (clicks, expansions, views)

1.4 AI Processing Logs

To improve the Service, we collect:

  • Records of what AI models processed (without storing the raw content long-term)
  • Accuracy metrics (did the AI thread correctly?)
  • Performance data (processing speed, error rates)

2. How We Use Your Information

2.1 Service Delivery

We use your information to:

  • Create and manage your account
  • Process your updates using AI to thread, organize, and prioritize
  • Deliver the core functionality of Toward
  • Store and retrieve your data on request

2.2 Service Improvement

We use information to:

  • Understand how users interact with Toward
  • Identify bugs and performance issues
  • Improve AI accuracy and responsiveness
  • Develop new features and functionality

2.3 Communication

We may send you:

  • Account notifications (login alerts, updates)
  • Service announcements (downtime, new features)
  • Customer support responses
  • Marketing emails (with opt-out available)

2.4 Compliance and Safety

We may use information to:

  • Detect and prevent fraud, abuse, or security threats
  • Comply with legal obligations
  • Enforce our Terms of Service
  • Protect rights and safety of users and the Company

3. AI Processing and Third-Party Services

3.1 Third-Party AI Providers

Your content is processed by third-party AI services, including:

  • Anthropic (Claude API) — For primary AI processing
  • OpenAI (GPT models) — For optional secondary processing
  • Other providers — As we expand for optimal performance

Each provider processes your data in accordance with their own privacy policies.

3.2 Data Transmitted

When you submit updates to Toward, we transmit your content to these AI providers to:

  • Understand context and meaning
  • Identify goals and workstreams
  • Determine status and blockers
  • Generate relevant suggestions

3.3 Data Not Used for Training

We do not use your content to train Toward's models or our own machine learning systems. However, third-party AI providers (Anthropic, OpenAI) may use content processed through their APIs according to their own data policies.

Note: If you have concerns about third-party data usage, review the privacy policies of Anthropic and OpenAI directly, or contact us to discuss custom arrangements.

3.4 Data Minimization

We transmit only the information necessary to deliver the Service. We do not send billing information, contact details, or metadata that is not required for processing.

4. Data Retention and Deletion

4.1 Retention During Active Account

While your account is active, we retain:

  • All submitted content (updates, voice messages, files)
  • Account information and settings
  • Usage and AI processing logs

4.2 Data Deletion

When you delete your account:

  • Your content is marked for deletion immediately
  • Active systems purge your data within 30 days
  • Backup copies may persist in our archival systems for an additional period for disaster recovery and compliance
  • We cannot recover deleted data

4.3 Your Deletion Rights

You may request deletion of your account and data at any time by contacting support@toward.one. We will initiate deletion within 5 business days.

5. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest for sensitive data
  • Regular security audits and penetration testing
  • Access controls and authentication
  • Secure deletion protocols

However, no security system is impenetrable. We cannot guarantee absolute security of your data. Use Toward with the understanding that transmission over the internet carries inherent risks.

6. Data Location

Your data is primarily stored on servers located in US Central (US region). By using Toward, you consent to storage and processing of your information in the United States.

6.1 International Users and GDPR

Toward currently complies with applicable data protection laws in the United States.

For European Users and GDPR: We recognize that EU residents have specific data protection rights. We are developing GDPR-compliant features and options:

  • If you require GDPR compliance (including data processing agreements and privacy guarantees), contact support@toward.one to discuss custom server options, private hosting, or alternative arrangements
  • We can explore dedicated hosting within the EU or other GDPR-compliant configurations based on your needs

7. Cookies and Tracking

7.1 Cookies

Toward uses cookies to:

  • Maintain login sessions
  • Remember user preferences
  • Track usage analytics
  • Detect and prevent fraud

7.2 Analytics

We use analytics tools (such as Mixpanel, Amplitude, or similar) to understand how users interact with Toward. These tools may set cookies or use similar technologies. You can opt out of analytics tracking by adjusting your browser settings or contacting us.

7.3 Third-Party Cookies

Third-party services we use may place their own cookies. See Section 8 for details on third-party integrations.

8. Third-Party Integrations

Toward may integrate with or link to third-party services (Slack, email, etc.). These integrations are optional and require your explicit authorization.

When you authorize an integration:

  • You grant Toward permission to access specific data from that service
  • Third-party services may access your Toward data according to their own privacy policies
  • We are not responsible for third-party data handling

Always review third-party privacy policies before authorizing integrations.

9. Your Rights and Choices

9.1 Access

You have the right to access your personal data. You can download your account information at any time through your account settings or by requesting an export from support@toward.one.

9.2 Correction

You may update or correct your account information at any time through account settings.

9.3 Deletion

You have the right to request deletion of your account and associated data. Deletion is processed within 30 days of request.

9.4 Opt-Out

You may:

  • Opt out of marketing emails by clicking "unsubscribe" or adjusting account settings
  • Disable cookies in your browser
  • Disable analytics tracking by contacting support@toward.one

9.5 Portability

You may request an export of your data in a portable format (JSON, CSV, etc.). Submit requests to support@toward.one.

10. Children's Privacy

Toward is not intended for users under 18 years old. We do not knowingly collect information from children under 18. If we learn that we have collected information from a child, we will delete it promptly.

If you believe we have collected information from a child, contact support@toward.one immediately.

11. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You can request what personal information we collect, use, and share
  • Right to Delete: You can request deletion of your data
  • Right to Opt-Out: You can opt out of "sale" or "sharing" of personal data
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise CCPA rights, contact support@toward.one. We will respond within 45 days.

Note: Toward does not "sell" your data in the traditional sense, but we do share data with third-party AI providers for processing. This may be considered "sharing" under CCPA.

12. Changes to This Policy

We may update this Privacy Policy at any time. We will notify you of material changes via email or in-app notification. Your continued use of Toward constitutes acceptance of updated policies.

13. Contact Us

For questions or concerns about this Privacy Policy:

Pathfix, Inc.
Email: support@toward.one
Address: [Company Address]

If you are a European resident with GDPR questions or wish to discuss compliant data arrangements, please contact support@toward.one with the subject line "GDPR Inquiry."

14. Data Processing Addendum (DPA)

For organizations requiring a Data Processing Addendum (DPA) for GDPR, CCPA, or other compliance frameworks, contact support@toward.one. We can negotiate terms for enterprise or custom arrangements.