ToolChoice
privacy policy

Privacy

Last updated 2026-07-16 · public beta

What we store

When you run an audit, we store the tool definitions you paste (names, descriptions, input/output schemas), the audit settings you choose, and the generated results: test intents, selection outcomes, findings, scores, and rewrite candidates. If you join the early-access list, we store the email address you submit, your selected plan, your optional use-case note, and your consent.

What we never do with your schemas

Your tool definitions are used only to produce your audit report. We do not use them to train models, we do not sell them, and we do not share them with third parties except as required to run the audit you requested (see “Model providers” below). Detected secrets (API keys, tokens) are redacted before anything is persisted.

Retention and deletion

Anonymous audits are automatically deleted 7 days after creation. Expired audits stop resolving immediately (their pages, exports, and public links return “not found”) and the underlying records are removed by a daily cleanup job. The built-in example report is permanent because it contains only our own demo data. To request earlier deletion of a specific audit, email support@toolchoice.dev with the report link.

Public sharing

Reports are private by default. If you make a report public, anyone with the link can view tool names, descriptions, scores, and findings; raw parameter tables are hidden on public pages. Public report pages are marked noindex so they do not appear in search engines. You can revoke a public link at any time from the report page, which takes effect immediately.

Model providers

In live-model mode, your tool definitions and the generated test intents are sent to Anthropic to perform the evaluation, subject to Anthropic's data-use terms. In synthetic mode, no external model is called and nothing leaves our infrastructure. Every report states which mode produced it.

Analytics and rate limiting

We record product events (for example “audit completed”) with coarse properties like tool counts. Event data never includes tool names, descriptions, schemas, test content, report content, or email addresses. For abuse prevention we keep a rate-limit counter keyed by a one-way hash of your network address; the raw address is not stored with it, and counters roll out of the window within 24 hours. Error monitoring, when enabled, records error types and stack traces with request payloads scrubbed.

Early-access list

If you join the early-access list we use your email only to contact you about the availability of the plan you selected. It is stored separately from audits, never added to analytics, and removed on request — email support@toolchoice.dev.

Contact

Questions or deletion requests: support@toolchoice.dev. See also the terms of service.

This policy was written to accurately describe system behavior and has not yet been reviewed by counsel; it will be updated if legal review requires changes.