Legal & compliance

Transparent by default.

Tóg is a data processor for the merchants who run our plugins. These documents set out exactly what data we handle, where it lives, how we protect it, and the rights you and your customers have. Every statement reflects our real stack — no claims we can’t stand behind.

• Privacy Policy

  What personal data we process for merchants and end-shoppers, why, the legal bases, retention, your rights, and how to exercise them.

  Read →

• Terms of Service

  The rules for using the marketplace and its plugins — subscriptions and billing, acceptable use, your bring-your-own-key responsibilities, and liability.

  Read →

• Data Processing Addendum

  Our processor commitments to merchants (the controllers): processing scope, security measures, sub-processors, data-subject assistance, and deletion on termination.

  Read →

• Security

  How we protect data — encryption at rest and in transit, secret handling, tenant isolation, audit logging, access control, and our honest certification posture.

  Read →

• Sub-processors

  The published, dated list of the third parties that process data on our behalf — name, purpose, data, and region — with a change-notice commitment.

  Read →

• AI Data Handling

  Exactly what content the AI plugins send to which model providers, bring-your-own-key versus Tóg-paid, training, and retention — stated conservatively.

  Read →

• Data Residency

  Where your data is stored — our primary database runs in the EU (Firestore eur3) — what that means for EU and non-EU merchants, and how transfers to US sub-processors are handled.

  Read →

Need a signed Data Processing Agreement, a security questionnaire completed, or have a data-protection question? Email support@togs.ie.