Last updated: May 2026 (v2) · Effective immediately
Toombler is a free service that turns Google Drive PDFs into embeddable flipbooks. This policy explains exactly what information we collect, why we collect it, and — just as importantly — what we don't collect. We try to be genuinely minimal: if we don't need it, we don't keep it.
Toombler is operated as an independent web service, accessible at toombler.com and toombler.net. If you have questions about this policy you can reach us at privacy@toombler.com.
| Data point | Stored on our servers? | Why |
|---|---|---|
| Google user ID (opaque identifier, e.g. "118…") | Yes | To associate your flipbooks with your account |
| Flipbook title | Yes | To display in your dashboard |
| Google Drive share URL | Yes | To load and serve your PDF |
| Embed settings (nav, sound, autoplay, etc.) | Yes | To remember your preferences per flipbook |
| Creation timestamp | Yes | To sort your dashboard |
| Your email address | No | Only temporarily in your browser's sessionStorage — never sent to our servers |
| Your name or profile picture | No | Only temporarily in your browser's sessionStorage — never sent to our servers |
| Passwords | No | We use Google Sign-In — you never create a password with us |
| Payment information | No | Toombler is free; no payments are processed |
| Your PDF content | No | Your files stay in your own Google Drive; we only proxy them on request |
| IP addresses | No | Cloudflare (our infrastructure provider) logs IPs temporarily for security; we do not store or process them |
| Browsing history of your flipbook readers | No | We have no visibility into who views embedded flipbooks |
When you sign in, your name, email address, profile picture and authentication token are stored in your browser's sessionStorage. This is local to your browser tab and is automatically deleted when you close the tab. It is never transmitted to our servers. We also use localStorage in the viewer to remember your last-read page and night-mode preference — this data never leaves your device.
Sign-in is handled entirely by Google Identity Services. We receive a signed token from Google that we verify server-side using Google's public API. We never see or store your Google password. Google's own privacy policy governs how they handle your sign-in: policies.google.com/privacy.
Toombler is free. The only thing we ask in return is a single advertisement shown on the inside of the cover (page 2) of each embedded flipbook. This ad is served by Google AdSense. Google may use cookies to serve relevant ads; their privacy policy applies to that interaction. We do not control the content of individual ads and do not receive any personal data from AdSense beyond aggregate revenue reports.
We use Google Analytics 4 on our own pages (toombler.com, toombler.net) and inside the embedded flipbook player (including when a flipbook is embedded on a third-party website via iframe, JS snippet, or Web Component). This means that visitors who view an embedded flipbook are subject to Google Analytics data collection in the same way as visitors to our own pages. GA4 may set cookies. The data is pseudonymised and processed by Google in accordance with their data processing terms. If you embed a Toombler flipbook on your own website, please ensure your site's own privacy policy and cookie notice covers this.
If you use the JS snippet or Web Component embed method, a small script (embed.js) is loaded from toombler.com in the context of the embedding website. This script does nothing other than create a flipbook iframe — it does not read cookies, access local storage, or collect any information from the host website or its visitors. The resulting iframe loads the same embedded flipbook player described above, so the same analytics and advertising disclosures apply.
Toombler runs on Cloudflare Pages. Your requests pass through Cloudflare's global network, which provides DDoS protection and CDN caching. Cloudflare processes IP addresses and request metadata transiently for security purposes under their own privacy policy. Your flipbook data is stored in Cloudflare's D1 database service (SQLite at the edge) within the EU/US regions.
Regardless of where you are located, you have the following rights with respect to data we hold about you:
EU residents: the legal basis for storing your flipbook data is contract performance (Article 6(1)(b) GDPR) — we need to store it to provide the service you requested. Analytics is based on legitimate interest (Article 6(1)(f) GDPR).
We keep your flipbook data for as long as you maintain an account. If you delete a flipbook, that record is removed immediately from our database. Flipbook links that have not been accessed for more than 12 months and were created more than 12 months ago are automatically deleted, along with any associated account data if no other flipbooks remain. If you have not signed in for 12 months, we may delete inactive accounts and their associated data after giving notice by email (if we have it — remember, we usually don't store it server-side; in that case we will post a notice on this page).
Toombler is not directed at children under 13 (or under 16 in the EU). We do not knowingly collect data from children. If you believe a child has created an account, please contact us and we will delete it.
If we make material changes we will update the "Last updated" date at the top of this page. For significant changes we will also post a notice on the homepage. Continued use of Toombler after a change constitutes acceptance.