Free Blueprint — 60-second scan →
ToolbenchBuild my Blueprint
Compliance posture

Architected for trust, not just compliance.

Toolbench operates the AI Platform for the Trades. We act on behalf of independent service businesses — connecting to the platforms they already use (most notably Google Business Profile), reading and writing on their behalf, and making operational decisions through AI roles. That is a high-trust position, and the systems we run reflect it. This page summarizes the technical, operational, and policy commitments we hold ourselves to.

Draft — under review prior to launch
Architectural commitments

01Five things we built before we built the product.

Everything below is enforced by code, not policy. Bypass requires deliberate architecture changes — not configuration mistakes.

01

Per-customer credential isolation

Every customer connects their own Google account through OAuth. We store a refresh token per customer. All API calls execute against the customer's own credentials. There is no shared 'Toolbench master' account in any architecture diagram, present or future. This is the single architectural decision that prevents manager-account chain-reaction suspensions and keeps platform-level risk contained to one customer at a time.

02

Customer-owned AI Context Vault

Every customer has a per-business AI Context Vault that holds the data Toolbench works with. The vault is contractor-owned, not Toolbench-owned. Three guarantees, all architecturally enforced: export on demand, deletion on demand (propagating to derived embeddings within 30 days and to population-level model contributions within 90 days), and a vault-access audit log of every read with role identity, query, rationale, and timestamp.

03

Audit log of every action

Every API write, every AI role action, every vault read, and every administrative event is logged with full context. Customers can view their audit log at any time inside the Toolbench app. Audit logs are retained for one year for security and compliance purposes.

04

Rate limiter and behavioral humanization

All outbound API writes flow through a rate limiter calibrated below platform behavioral thresholds. Edit cadence on Google Business Profile is constrained at the system level (not the application level) to prevent any individual customer from being flagged for behavior that resembles automation abuse, even if a Toolbench operator inadvertently configured it that way.

05

Bright-line rules enforced in code, not policy

AI roles operate under a defined set of bright-line rules they cannot violate, regardless of customer request, competitive pressure, or revenue impact. These rules are enforced by the architecture itself.

The bright-line rules

02Six rules our AI roles cannot break.

Regardless of customer request, competitive pressure, or revenue impact. The full bright-line rule set is reviewed each quarter and published in our internal Trust & Safety policy.

No shared manager accounts — every customer connects their own Google account.

No AI-generated photos uploaded to GBP — only photos taken on-site by the business owner are eligible.

No AI-generated review responses without owner approval workflow — review responses are reviewed by configured posture and audited.

No exceeding platform behavioral thresholds — rate limiter is a hard bound.

AI Context Vault data is contractor-owned and exportable on demand, deletable on demand, and never sold to third parties.

Population-level learning is opt-in per source and revocable per source.

Google Business Profile

03How we comply with the GBP API policies.

Third-party platform policies
  • We do not require customers to apply for their own GBP API project.
  • We do not provide indirect access to a Toolbench API project to end customers; each customer authorizes us to act on their behalf using their own Google account.
  • We do not automate actions without express user consent. Each AI role's posture (auto-execute vs. flag-for-approval) is set by the customer at onboarding.
  • We comply with Google's photo policy: no AI-generated or stock images uploaded to customer profiles.
  • We comply with Google's review response policy: responses are professional, accurate, and reflect the business owner's voice.
Restricted-scope OAuth verification

Our use of the GBP API requires the restricted scope https://www.googleapis.com/auth/business.manage. Toolbench has completed (or is in the process of completing) Google’s restricted-scope verification, which includes:

  • OAuth consent screen verification by Google.
  • Annual third-party security assessment by a Google-approved assessor (CASA Tier 2 or equivalent).
  • Brand and domain verification.
  • Demo video and scope justification submitted to Google.
Security practices

04The security floor.

  • Encryption in transit (TLS 1.2+) and at rest (AES-256 or equivalent).
  • Access controls: production data access restricted to a small set of authorized personnel, gated by SSO and MFA, and logged. Reviewed quarterly.
  • Secrets management via a managed secrets vendor; no production credentials in source code.
  • Vulnerability disclosure program at toolbench.co/security; responsible disclosure is welcomed.
  • Documented incident response plan, tested and updated. Customers notified in a timely manner consistent with applicable law.
  • Sub-processor list maintained at toolbench.co/subprocessors; sub-processors bound by contractual confidentiality and data protection obligations.
Data handling

05What we don't do.

See our Privacy Policy for what we do with the data we collect. The list below is what we won't, regardless of opportunity.

We don't sell customer data.

We don't use customer data to train models for industries other than home services without explicit consent.

We don't share data with third parties for their own marketing or advertising.

We don't operate shared 'master' accounts on third-party platforms.

We don't use AI-generated photos on customer Google Business Profiles.

We don't bypass platform rate limits or behavioral thresholds.

We don't take actions that would violate platform policies — even if a customer requests it.

Customer rights

06What you can do, any time.

Through the Toolbench app or by contacting privacy@toolbench.co.

  • Export your full AI Context Vault in structured formats.
  • Hard-delete the vault, or any individual source within it.
  • View the vault audit log, including every action taken by every AI role and the data that informed each decision.
  • Configure the posture of each AI role (auto-execute vs. flag-for-approval) per category of action.
  • Toggle population-level learning on or off, per source.
  • Revoke our access to any connected platform.
The 48-hour notification SLAIf a Google policy update or platform incident materially affects how Toolbench operates on your behalf, every affected customer receives a notification within 48 hours. Notifications include what changed, what Toolbench adjusted on your account, and what (if anything) you need to do.
Contact

07Reach the right inbox.

General compliance
compliance@toolbench.co

Compliance posture, bright-line rules, the 48-hour SLA. For urgent platform issues, prefix the subject with [URGENT].

Privacy & data subject requests
privacy@toolbench.co

Export, deletion, access, opt-out, GDPR/CCPA requests.

Security disclosure
security@toolbench.co

Responsible vulnerability disclosure. Vulnerability program: toolbench.co/security.

Legal
legal@toolbench.co

Terms, contracts, notices.

Customers who want a deeper view (architecture diagrams, sub-processor list, security assessment letter, sample audit log entries) can request these by emailing compliance@toolbench.co.