Toast Privacy Policy

Toast Privacy Policy

Effective: October 1, 2018

Introduction

Welcome and thank you for visiting the Toast website (this site and any other Toast sites are referred to as the “Site”). Please read through this Privacy Policy carefully as it contains important information about how Toast collects and uses your personal information.

Toast offers an integrated restaurant point of sale and management system (collectively with its related APIs and applications, the “POS System”) consisting of a suite of integrated hardware, software, tools and services that help our Customers understand their Patrons and offer personalized products and services to them.

Here are a few terms we use throughout this Privacy Policy that you should know:

“Customers” are businesses that have purchased our products or services for use in their establishments.

“Patrons” are those individuals who complete transactions with our Customers.

“Personal Information” is: (i) information that directly identifies you as an individual, like your name or your email address, or (ii) a combination of pieces of information that do not identify you on their own, but could identify you when combined using reasonable effort.

This Privacy Policy describes how Toast, Inc. (“Toast”, “we”, “us” and/or “our”) collects, uses, shares and secures the Personal Information (defined below) of Customers in connection with our provision of the Site, POS System, and any other products or services we may offer from time to time (collectively, the “Services”).

This Privacy Policy also describes our use of Personal Information collected or received from Patrons. We acquire Personal Information when Patrons visit the Site or interact with the Services offered, including, for example, when Patrons place an order with one of our Customers, participate in loyalty or rewards programs, elect to receive an email, text receipt, or other communication from Toast or our Customers. Standard message and data rates may apply.

We may also obtain information, including Personal Information, from publicly available sources or third parties, and combine this information with the Personal Information you provide to us.

Our use of Patrons’ information is governed by this Privacy Policy and our contracts with Customers. We are not responsible for the privacy policies or data practices of our Customers.

By using the Services and/or providing us with your Personal Information, you agree to the processing of your Personal Information in the manner set out in this Privacy Policy.

Scope

This Privacy Policy only applies to Personal Information collected by us from: (i) visitors to our Site, (ii) our Customers, and (iii) from Patrons interacting with the Services.

Personal Information Collected through the Site

When you visit our Site, create an account, request information or evaluation tools (e.g., a product demo), communicate with customer service, or subscribe to email lists we may collect some, or all, of the following Personal Information from you:

  • Name
  • Email
  • Phone Number

Personal Information Collected Through The Services

If you are a Toast Customer we will collect Personal Information from you in connection with your service agreement and use of the Services, including, as applicable, your name, address, birth date, tax ID and/or passport number, Social Security Number, drivers’ license number, and banking or other payment information.

If you are a Customer employee we may collect Personal Information from you in connection with your use of the Services, including your name, address, birthdate, and other information such as wage rates, salaries, and hours worked.

If you are a Patron who placed an order with, made a purchase from, or otherwise completed a transaction with one of our Customers, we may collect or receive the following Personal Information from you through your interaction with the Services during the course of such transaction:

  • Name
  • Last four digits of card number and expiry
  • Transaction Details (e.g. amount, goods/services ordered, date, customer location, payment method and amount of payment)
  • Email
  • Phone Number

 

Personal Information Obtained from Publicly Available/Third Party Sources

We may also collect information about you (whether as a Customer, Patron or Site visitor) from third parties and/or our business partners, such as publicly available sources, contact/mailing list providers, identity verification services, credit bureaus (if applicable), credit card companies and/or our business partners with whom Toast has a business relationship.

Automatically Collected Information

When you visit the Site we will automatically collect information about you through cookies and similar technologies.

  • Cookies
    • A cookie is a small, unique piece of information placed and saved in your browser when you access our Customers’ websites, services, content or ads. Cookies help us collect information about your use of the Services over time. Most web and mobile device browsers are set to automatically accept cookies by default. However, you can change your browser settings to prevent automatic acceptance of cookies, or to notify you each time a cookie is set.
    • You also can learn more about cookies by visitinghttp://www.allaboutcookies.org, which includes additional useful information on cookies and how to block cookies on different types of browsers and mobile devices. Additionally, on most web browsers, you will find a “help” section on the toolbar. Please use this help section for information on how to request a notification when you receive a new cookie and how to limit, block or delete cookies. Please note, however, that by blocking or deleting cookies used in the Services, you may not be able to use, or take full advantage of the Services.
    • We use Cookies to provide our Services and help collect data. We may use Cookies for four main purposes: (1) authentication and sign-in; (2) security and Service integrity; (3) store your preferences and settings; and (4) analyze how our Services are performing. We use two types of cookies: Session Cookies, and Persistent Cookies. Session Cookies are temporary cookies that remain in the cookie file of your browser until you leave the Site. Session cookies do not store any personally identifying information, but contain a unique visitor ID number we use to customize the Services for you. Persistent Cookies remain in the cookie file of your browser for much longer, even after you leave the Site. Persistent cookies do not store personal information and are used to remember preferences that should persist from visit to visit.
  • Log Files and Device Information
    • Log files include information such as your IP address, browser type, the referring domain, pages visited, and search terms. We may also collect information about the device you use to connect to our services, including your device type (e.g., mobile, tablet, desktop/laptop), browser, and operating system.
  • Google Analytics
    • We use third-party analytics tools, including without limitation Google Analytics, to collect information about how users engage with our Services. The analytics tools use cookies and collect a variety of information, such as demographics, interests, and behaviors based on the information collected, as well as how often users visit particular websites, what pages they visit when they do so, and the websites they used prior to coming to the Site. We use the information we get from the analytics tools to provide and improve our Services. Google’s ability to use and share information collected by Google Analytics governed by the Google Analytics Terms of Use (available at https://www.google.com/analytics/terms/us.html) and the Google Partner Privacy Policy (available at https://www.google.com/policies/privacy/partners/). You can prevent Google Analytics from recognizing you on return visits to our Site by disabling cookies on your browser.

How We Use Personal Information

We may use Personal Information to:

  • Provide, operate, maintain, test, and improve the Services, including:
    • Provide and create documentation, training, and professional services related to the Services;
    • Process transactions;
    • Use transaction data to create user order histories and profiles.
  • To Secure and Protect Our Networks and Systems, including:
    • Implementing controls to ensure that users of the Services with accounts are limited in their data access and viewing rights only as authorized;
    • Monitor our systems to ensure that they are working as intended and to detect and fix errors;
    • Access log information to investigate problems or unauthorized use.
  • Create and deliver analytics and data aggregation, including de-identified comparative analytics for our own, or our customer’s sales and quality improvement purpose
  • Fulfill our legal and contractual obligations
  • Respond to requests for information about the Services
  • Marketing. We may contact you, or we may engage a third-party to contact you, via e-mail to send you marketing or promotional information, or requests to complete surveys and provide feedback. If you subscribe to our newsletter we will use your name and email address to send you the newsletter. If you do not wish to receive marketing or promotional emails from us you may follow the unsubscribe instructions included in each such message, or contact us at privacy@toasttab.com
  • Digital Receipts. During your use of the Services, you may also choose to receive receipts and/or other communications from Toast and our Customers via text message through the Services. You always have the option of opting out of automated email or text messages by emailing privacy@toasttab.com. Standard message and data rates may apply.
  • Financing. If you apply for financing, including for a merchant capital advance, or are otherwise a Customer applying for use of the Services, we will request a credit report to determine your eligibility for such financing and/or recommend financing providers based on your credit profile, as applicable.

 

Information We Share

 We may share the Personal Information as follows:

  • With any of our parent, subsidiary, or affiliate companies, agents, and business partners for the purposes outlined above;
  • With third parties to provide, maintain, and improve our Services, including service providers who access information about you to perform services on our behalf, such as:
    • hosting and database services,
    • payment processors,
    • identity verification services,
    • mail, e-mail, and text messaging services,
    • providers of analytics, data processing, order fulfillment, product delivery, user data management, and customer support services, and
    • marketing, research, and survey services.
  • In connection with, or during the negotiation of, any merger, sale of company stock or assets, financing, acquisition, divestiture, or dissolution of all or a portion of our business;
  • If we believe it is necessary to:
    • protect our rights or property, or the security or integrity of our Services;
    • enforce the terms of the Terms of Service or other applicable agreements or policies;
    • protect us, users of our Services, or the public from harm or potentially prohibited or illegal activities.
    • investigate, detect, and prevent fraud, security breaches; or
    • comply with any applicable law, regulation, legal process, or governmental request.

Other Information

We also may share aggregated and/or anonymized information that does not directly identify you, including device information and information derived from cookies and log files, to third parties.

Your Account and Personal Information

We generally retain Personal Information as long as reasonably necessary to provide the Services. We may retain archived copies of information about users of our Services for a period of time that is consistent with our data retention policy, applicable law, or as we believe is reasonably necessary to:

  • comply with applicable law, regulation, legal process, or governmental request;
  • prevent fraud;
  • collect fees owed;
  • resolve disputes;
  • address problems with our Services;
  • assist with investigations;
  • enforce our Terms of Service or other applicable agreements or policies; or
  • take any other actions consistent with applicable law.

Your Choices

As a Customer with an account, you may access, change, or correct your personal account information at any time by logging into your account.

As a Patron or visitor to the Site, if you believe that we have information about you that should be changed or corrected, you may make the request to us at privacy@toasttab.com . We may need to verify your identity before changing or correcting your information.

Please note, however, that due to legal, contractual, and technical restrictions, we may not be able to make the requested change or correction. For example,

  • If we received the information about you from one of our Customers, we may be legally and contractually required to refer your request to that customer;
  • In the event of legal action or dispute, we may be prohibited from altering any information; or
  • We maintain regular backups and archives of our data, and changing archived data may be impracticable.

Opt-Out of Communications From Us

We will endeavor to include instructions on how to "opt-out" of receiving future marketing in e-mail or text communications we send you. In addition, if at any time you wish not to receive any future communications, or you wish to have your name deleted from our mailing lists, please contact us at privacy@toasttab.com . Please note that you may still receive transaction-specific communications after opting-out of marketing communications, if applicable.

Do Not Track

We may, and we may allow third party service providers and other third parties to use cookies or other technologies on our Services that collect information about your browsing activities over time and across different websites following your use of the Services. Do Not Track (“DNT”) is an optional browser setting that allows you to express your preferences regarding tracking across websites. We currently do not respond to DNT signals. We may continue to collect information in the manner described in this Privacy Policy from web browsers that have enabled DNT signals or similar mechanisms.

State Privacy Rights

Some state laws may provide additional rights and protections for your information and privacy. For example, California law permits residents of California to request certain details about information we disclose to third parties for direct marketing purposes. If you are a California resident and would like to request this information, please contact us at the address listed below.

Security

We implement commercially reasonable administrative, technical, and physical safeguards, designed to protect your information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction.

Nevertheless, we cannot guarantee that internet, text or e-mail transmissions are fully secure or error free, or that any Personal Information in our possession is fully protected from all loss, misuse and unauthorized access, disclosure, alteration, or destruction. In particular, e-mail or messages sent to or from our Services may not be secure. Therefore, you should take special care in deciding what information you send to us.

Links to Other Services

This Privacy Policy only applies to information collected when visiting our Site or using our Services. While visiting the Site or using the Service, you may be directed through links to third-party websites or services not operated or controlled by us (“Third-Party Sites”). For example, you may be linked to:

  • Our social media sites;
  • Our Customer’s websites;
  • Partner websites; or;
  • A third-party authentication site (for example, if you use Google, Facebook, or an OAuth service to log into our Services).

We are not responsible for the privacy practices and policies of those Third-Party Sites. If you use or visit those Third-Party Sites, you are responsible for reviewing and understanding their terms and conditions and privacy policies. The inclusion of any website link does not imply our approval, endorsement, or recommendation, and we expressly disclaim any liability for these third party services. Please contact those sites directly for information on their privacy practices and policies.

Publicly Posted Information

This Privacy Policy does not apply to any information you post to the public areas of the Site, including, for example, comments to our blog. Comments posted to public areas may be viewed, accessed, and used by third parties subject to those parties’ privacy practices and policies.

Children

Our Services are not targeted or directed at children under the age of 13, and we do not knowingly collect Personal Information from children under the age of 13. If you have reason to believe that a child under the age of 13 has provided Personal Data to us, please contact us at privacy@toasttab.com with "Privacy Policy" in the subject line and we will endeavor to delete that information from our databases.

Changes to the Privacy Policy

We may revise this Privacy Policy at any time and will post updated versions of the policy on this Site. Please check the Site and this Privacy Policy regularly for updates. We will also keep prior versions of this Privacy Policy in an archive for your review. By continuing to access or use the Site or Services after we have posted an updated Privacy Policy, you consent to the revised Policy and the practices described therein.

Contact

If you have questions or comments about our privacy policy or practices, please email us at privacy@toasttab.com, with "Privacy Policy" in the subject line or contact us at:

Toast, Inc.
401 Park Drive, Suite 801 Boston, MA 02215