Toast Privacy Policy

Effective: June 1, 2019

Introduction and Scope

This Privacy Policy describes how Toast, Inc. and our affiliates (collectively “Toast”, “we”, “us” and/or “our”) collects, uses, shares and secures your Personal Information, whether you are a Merchant, a Diner, a visitor to one of our websites or a user of any other products or services that we may offer from time to time, including but not limited to our POS System, online ordering, our restaurant-specific loyalty programs and our mobile application (collectively, the “Services”).

Here are a few terms we use throughout this Privacy Policy that you should know:

  • “Merchants” are businesses that have purchased the Services for use in their establishments.
  • “Merchant Employees” are employees of our Merchants. 

  • “Diners” are individuals who use the Services, whether for transactional purposes with our Merchants or otherwise.

  • “Personal Information” is: (i) information that directly identifies you as an individual, like your name or email address, or (ii) a combination of pieces of information that do not identify you on their own, but could identify you when combined using reasonable effort.

  • “POS System” refers to the restaurant point of sale and management system offered to our Merchants that includes a suite of integrated hardware and software as well as various applications, application programming interfaces, tools and services (as offered from time to time).

  • “You” and/or “your” is a Merchant, a Merchant Employee, a Diner or a visitor to one of our websites.

Please note that our Merchants are independent third parties that maintain their own business practices and policies outside of their relationship with Toast and their use of the Services.  As a result, unless provided otherwise in this Privacy Policy, we are not responsible for the privacy policies or data practices of our Merchants, who may maintain separate policies and practices. 

By using the Services and/or providing us with your Personal Information, you agree to the processing and use of your Personal Information in the manner set out in this Privacy Policy.

Information we Collect

Personal Information Collected through our Websites

When you visit our websites, request information or evaluation tools (e.g., a product demo), communicate with customer service or subscribe to our blog or email lists, we may collect some, or all, of the following Personal Information from you:

  • Your name;

  • Email; and

  • Phone Number.

Certain information may also be collected automatically when you visit our websites. For more information, please see the section of this Policy entitled “Information Collected Automatically”.

Personal Information Collected through the Services

Merchants

If you are a Merchant we will collect Personal Information from you in connection with your service agreement and use of the Services, including, as applicable, your name, address, date of birth, tax identification number and/or passport number, Social Security Number, drivers’ license number and banking or other payment information.

Merchant Employees 

If you are an employee of a Merchant, we also collect information about you through your use of the Services. In these instances, Personal Information we collect may include your name, email, phone number, employee identification number, address and date of birth. We also collect information relating to your role, such as your job title, wage rates and salary and hours worked. 

Diners

We collect information from you through your use of the Services (as provided and developed by us from time to time), which includes your registration and use of our online ordering feature, our mobile application and other related products. We also may collect and/or receive your information when you place an order with, make a purchase from (including gift cards), or otherwise complete a transaction with our Merchants or participate in their respective loyalty programs. 

Depending on which Service you have used, Personal Information collected may include:

  • Your name;

  • Contact details such as your phone number and email;

  • Your address and other location details;

  • Your payment card information, such as the brand, card number, security code and expiration date;

  • Transaction information and details (e.g. history of goods/services ordered, date, payment method and amount of payment); 

  • Your date of birth if you choose to provide it;

  • Account and profile information such as your username and password; and 

  • If you are a member of a Merchant’s loyalty program, information in relation to your points balance and redemptions.

In certain cases, if you elect to provide it, your feedback in relation to your experience at our Merchants’ establishments may also be collected. 

Personal Information Obtained from other Sources 

Depending on whether you are a Merchant, a Diner or a visitor to one of our websites, we may also collect information about you from third parties including our business partners, contact/mailing list providers, identity verification services, credit bureaus (if applicable) and credit card companies. We may also collect information from you that is publicly available. For example, if you interact with us through various social media channels. 

Automatically Collected Information

When you visit our websites, we will automatically collect information about you through cookies and similar technologies.

  • Cookies

    • A cookie is a small, unique piece of information placed and saved in your browser when you access our websites or Merchants’ websites, services, content or ads. Cookies help us collect information about your use of the Services over time. Most web and mobile device browsers are set to automatically accept cookies by default. However, you can change your browser settings to prevent automatic acceptance of cookies, or to notify you each time a cookie is set.

    • You also can learn more about cookies by visiting http://www.allaboutcookies.org, which includes additional useful information on cookies and how to block cookies on different types of browsers and mobile devices. Additionally, on most web browsers, you will find a “help” section on the toolbar. Please use this help section for information on how to request a notification when you receive a new cookie and how to limit, block or delete cookies. Please note, however, that by blocking or deleting cookies used in the Services, you may not be able to use, or take full advantage of, the Services.

    • We use cookies to provide our Services and help collect data. We may use cookies for five main purposes: (1) authentication and sign-in; (2) security and Service integrity; (3) to store your preferences and settings; (4) to analyze how our Services are performing; and (5) provide and improve our Services. We use two types of cookies: session cookies, and persistent cookies. Session cookies are temporary cookies that remain in the cookie file of your browser until you leave the website. Session cookies do not store any Personal Information but contain a unique visitor ID number we use to customize the Services for you. Persistent cookies remain in the cookie file of your browser for much longer, even after you leave the website. Persistent cookies do not store Personal Information and are used to remember preferences that should persist from visit to visit.

  • Log Files and Device Information

    • Log files include information such as your IP address, browser type, the referring domain, pages visited, and search terms. We may also collect information about the device you use to connect to our services, including your device type (e.g., mobile, tablet, desktop/laptop), browser, and operating system.

  • Google Analytics

    • We use third-party analytics tools, including without limitation Google Analytics, to collect information about how Merchants, Diners or our website visitors engage with our Services. The analytics tools use cookies and collect a variety of information, such as demographics, interests, and behaviors based on the information collected, as well as how often Merchants, Diners or website visitors visit particular websites, what pages they visit when they do so, and the websites they used prior to coming to the website. We use the information we get from the analytics tools to provide and improve our Services. Google’s ability to use and share information collected by Google Analytics is governed by the Google Analytics Terms of Use (available at https://www.google.com/analytics/terms/us.html) and the Google Partner Privacy Policy (available at https://www.google.com/policies/privacy/partners/). You can prevent Google Analytics from recognizing you on return visits to our website by disabling cookies on your browser.

How We Use Personal Information

We use Personal Information to:

  • Provide, operate, maintain, test, and improve the Services, including to:

    • Process transactions and payments completed through the Services;

    • Enable our Merchants and our Merchant’s Employees to access and use the Services; 

    • Provide and create documentation, training, and professional services related to the Services;

    • Communicate with you in relation to your use of the Services or your requests, such as sending you a notification that your order is ready or responding to your feedback; and

    • Use transaction data to create user order histories and profiles.

  • Secure and protect our networks and systems, including to:

    • Implement controls to ensure that users of the Services with accounts are limited in their data access and viewing rights only as authorized;

    • Monitor our systems to ensure that they are working as intended and to detect and fix errors; and

    • Access log information to investigate problems or unauthorized use.

  • Create and deliver analytics, including de-identified comparative analytics for our own, or our Merchants’ sales and quality improvement purpose.

  • Fulfill our legal and contractual obligations.

  • Provide customer support and respond to other user requests relating to the Services.

  • For marketing purposes. Pursuant to the applicable law or with your consent, Toast and its Merchants may contact you, or we may engage a third-party to contact you in relation to our Services as well as other promotions and offers that you have requested or we believe might interest you.  If you subscribe to our newsletter, we will use your name and email address to send you the newsletter. If you do not wish to receive marketing or promotional emails from us you may follow the unsubscribe instructions included in each such message, or contact us at privacy@toasttab.com.

  • To send you digital receipts. During your use of the Services, you may also choose to receive receipts and/or other communications from Toast and our Merchants via email or text message through the Services. You always have the option of opting out of automated email or text messages by emailing privacy@toasttab.com. Standard message and data rates may apply.

  • For financing purposes. If you apply for financing, including for a merchant capital advance, or are otherwise a Merchant applying for use of the Services, we will request a credit report to determine your eligibility for such financing and/or recommend financing providers based on your credit profile, as applicable.

Information We Share

We may share Personal Information as follows:

  • With our Merchants and our Merchant’s Employees for the purposes of providing the Services to you and fulfilling your requests;

  • With our business partners (including our integration partners) in order to provide, maintain and improve our Services; 

  • With our parent, subsidiary, or affiliate companies, agents (if any) for the purposes outlined above;

  • With third parties to provide, maintain, and improve our Services, including service providers who access information about you to perform services on our behalf, such as:

    • hosting and database services,

    • payment processors,

    • identity verification services,

    • mail, e-mail, and text messaging services,

    • providers of analytics, data processing, order fulfillment, product delivery, user data management, and customer support services, 

    • credit bureaus and other related third parties (if applicable based on your status and the Services provided), and

    • marketing, research, and survey services.

  • In connection with, or during the negotiation of, any merger, sale of company stock or assets, financing, acquisition, divestiture, or dissolution of all or a portion of our business; and

  • If we believe it is necessary to:

    • protect our rights or property, or the security or integrity of our Services;

    • enforce the terms of the Terms of Service or other applicable agreements or policies;

    • protect us, users of our Services, or the public from harm or potentially prohibited or illegal activities.

    • investigate, detect, and prevent fraud, security breaches; or

    • comply with any applicable law, regulation, legal process, or governmental request.

We may also share aggregated and/or anonymized information derived from the Services that does not directly identify you, including device information and information derived from cookies and log files with third parties.

Your Account and our Retention of Personal Information

We generally retain Personal Information as long as reasonably necessary to provide the Services or carry out the purposes described in this Policy. We may retain archived copies of information about users of our Services for a period of time that is consistent with our data retention policy, applicable law, or as we believe is reasonably necessary to:

  • comply with applicable law, regulation, legal process, or governmental request;

  • prevent fraud;

  • collect fees owed;

  • resolve disputes;

  • address problems with our Services;

  • assist with investigations;

  • enforce our Terms of Service or other applicable agreements or policies; or

  • take any other actions consistent with applicable law.

Your Choices

As a Merchant with an account, for certain Services, you may access, change, or correct your personal account information at any time by logging into your account.

As a Diner or a website visitor, if you believe that we have information about you that should be changed or corrected, you may make the request to us at privacy@toasttab.com. We may need to verify your identity before changing or correcting your information. Depending on the Services you are using, you may also be able to access, change or correct your personal account information by logging into your account. 

Please note, however, that due to legal, contractual, and technical restrictions, we may not be able to make the requested change or correction. For example,

  • If we received the information about you from one of our Merchants or the request relates to something that the Merchant oversees, we may be legally and contractually required to refer your request to that Merchant;

  • In the event of legal action or dispute, we may be prohibited from altering any information; or

  • We maintain regular backups and archives of our data and changing archived data may be impracticable.

Opt-Out of Marketing Communications from Us

We will endeavor to include instructions on how to "opt-out" of any marketing communications we send you. In addition, if at any time you wish not to receive any future communications, or you wish to have your name removed from our mailing lists, please contact us at privacy@toasttab.com. Please note that you may still receive transaction-specific communications after opting-out of marketing communications, if applicable.

Do Not Track

We may use, and we may allow third party service providers and other third parties to use, cookies or other technologies on our Services that collect information about your browsing activities over time and across different websites following your use of the Services. Do Not Track (“DNT”) is an optional browser setting that allows you to express your preferences regarding tracking across websites. We currently do not respond to DNT signals. We may continue to collect information in the manner described in this Privacy Policy from web browsers that have enabled DNT signals or similar mechanisms.

State Privacy Rights

Some state laws may provide additional rights and protections for your information and privacy. For example, California law permits residents of California to request certain details about information we disclose to third parties for direct marketing purposes. If you are a California resident and would like to request this information, please contact us at the address listed below.

Security

We implement commercially reasonable administrative, technical, and physical safeguards, designed to protect your information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction.

Nevertheless, we cannot guarantee that internet, text or e-mail transmissions are fully secure or error free, or that any Personal Information in our possession is fully protected from all loss, misuse and unauthorized access, disclosure, alteration, or destruction. In particular, email or messages sent to or from our Services may not be secure. Therefore, you should take special care in deciding what information you send to us.

Links to Other Services

This Privacy Policy only applies to information collected when visiting our websites or using our Services. While visiting our websites or using the Services, you may be directed through links to third-party websites or services not operated or controlled by us (“Third-Party Sites”). For example, you may be linked to:

  • Our social media sites;

  • Our Merchant’s websites;

  • Business partner websites; or

  • A third-party authentication site (for example, if you use Google, Facebook, or an OAuth service to log into our Services).

We are not responsible for the privacy practices and policies of those Third-Party Sites. If you use or visit those Third-Party Sites, you are responsible for reviewing and understanding their terms and conditions and privacy policies. The inclusion of any website link does not imply our approval, endorsement, or recommendation, and we expressly disclaim any liability for these third party services. Please contact those sites directly for information on their privacy practices and policies.

Publicly Posted Information

This Privacy Policy does not apply to any information you post to the public areas of our websites, including, for example, comments to our blog. Comments posted to public areas may be viewed, accessed, and used by third parties subject to those parties’ privacy practices and policies.

Children

Our Services are not targeted or directed at children under the age of 13, and we do not knowingly collect Personal Information from children under the age of 13. If you have reason to believe that a child under the age of 13 has provided Personal Information to us, please contact us at privacy@toasttab.com with "Privacy Policy" in the subject line and we will endeavor to delete that information from our databases.

Changes to the Privacy Policy

We may revise this Privacy Policy at any time and will post updated versions of the Policy on this website. Please check this website and this Privacy Policy regularly for updates. An archived version of our previous Privacy Policy can be found here. By continuing to access or use the website or Services after we have posted an updated Privacy Policy, you consent to the revised Policy and the practices described therein.

Contact

If you have questions or comments about our privacy policy or practices, please email us at privacy@toasttab.com, with "Privacy Policy" in the subject line or contact us at:

Attn: Toast Privacy Office

Toast, Inc.
401 Park Drive, Suite 801 Boston, MA 02215