Effective May 25, 2026

Privacy Policy

This Privacy Policy explains how Toolmux handles information when you use the Toolmux CLI, the hosted OAuth broker at api.toolmux.com, and the Toolmux Google Drive and Google Docs integration.

Toolmux's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Information Toolmux accesses

Toolmux requests Google OAuth access only when you choose to connect a Google toolbox. The supported Google scope is drive.file. With that scope, Toolmux can create files and access Google Drive or Google Docs files that you explicitly open for Toolmux or create with Toolmux.

Depending on the command you run, Toolmux may access file metadata, document text, document structure, exported file content, uploaded file content, file names, file IDs, and Drive Picker selections.

How Toolmux uses Google user data

Toolmux uses Google user data only to perform the command or workflow you request, such as exporting a document, appending text to a document, inserting an image, uploading a file, copying a file, or listing files you selected through Google Picker.

Toolmux does not sell Google user data, use it for advertising, or use it to train machine learning models. If you connect Toolmux to a local coding agent, information returned by a Toolmux command may be shown to that agent only as part of the task you initiated.

Credential storage

The Toolmux CLI stores OAuth credentials in your operating system credential store under the registered toolbox name. The hosted OAuth broker handles OAuth callbacks and token exchange for supported providers, then hands credentials back to your local Toolmux CLI. The broker is designed not to persist Google OAuth access tokens or refresh tokens.

Website and broker logs

The Toolmux website and hosted OAuth broker may receive ordinary server log data such as IP address, user agent, request path, and request time for operations, abuse prevention, security, and debugging. Logs are not intended to contain provider tokens, authorization codes, document contents, or file contents.

Sharing

Toolmux sends Google user data to Google APIs as needed to complete your requested commands. Toolmux does not share Google user data with third parties except when you direct Toolmux to pass command results to a local agent or workflow, when required to comply with law, or when necessary to protect the security and integrity of the service.

Retention and deletion

Google OAuth credentials remain in your local operating system credential store until you remove the toolbox or delete the credentials. Files and documents remain in your Google account unless you delete them in Google Drive or with a Google API command you choose to run. Local Toolmux configuration and cache files remain on your machine until you delete them.

Your choices

You can disconnect Toolmux from Google by removing the Google toolbox or deleting its stored credential.
You can revoke Toolmux access from your Google account permissions page.
You can remove local Toolmux configuration and cache files from your machine.

Security

Toolmux is designed to keep provider credentials out of prompts, logs, and committed files. Policy checks run before provider credentials are read for tool execution. No online service can be guaranteed perfectly secure, but Toolmux is built to minimize credential exposure.

Contact

Questions about this policy can be sent to alberto@garciahierro.com.