Toast Privacy Policy

Scope

This Privacy Policy describes the information Toast, Inc. (“Toast”, “we”, “us” and/or “our”) collects when you and others interact with us through our products and services, including our customer point-of-sale systems, websites, applications, APIs, and any other covered product or service that links to this Policy (collectively, the “Services”).  It also explains how we use and share that information, the measures we take to secure your information, and the choices you have with respect to information about you.

Consent

Please read this Policy carefully.  You agree and consent to this Policy by using the Services. 

If you are using the Services on behalf of a company, organization, government, or other legal entity, your use certifies to us that an authorized person from your organization has accepted this Policy on your behalf, and that you are authorized to use the Services.

Changes to the Privacy Policy

We may revise this Privacy Policy from time to time. The changes will not be retroactive, and the most current version of the Policy, which will always be at https://pos.toasttab.com/privacy, will govern. We will try to notify you of material revisions, for example via a Service notification or an email if you have an account. We will also keep prior versions of this Privacy Policy in an archive for your review. By continuing to access or use the Services after those revisions become effective, you agree to be bound by the revised Policy.

Children

Our Services are not targeted or directed at children under the age of 13, and we do not knowingly collect personal information from children under the age of 13. 

Information We Collect

We collect information from a variety of sources.

Information You Provide

We collect information from and about you if you create an account (either directly with us or through our customer websites), and as part of our identity verification process.  This information may include personally identifiable information, such as your name, address, phone number, email address, username, and password.

We collect information about you when you complete a transaction using our Services, such as an online order from one of our customers.  Transaction information includes:

  • Your account and identify information;
  • Billing and delivery information, including credit card / payment details;
  • Details about the transaction (amount, goods/services ordered, customer name, time and date, etc.).

We also collect information about you when you contact us, such as when you:

  • Contact us with questions or feedback regarding our Services,
  • Purchase or register a Service, or
  • Respond to one of our surveys.

Information We Collect When You Access Our Services

We collect information about the Services you use and how you use them.  This information includes:

  • Log Files and Device Information
    • Log files include information such as your IP address, browser type, the referring domain, pages visited, and search terms.  We may also collect information about the device you use to connect to our services, including your device type (e.g., mobile, tablet, desktop/laptop), browser, and operating system.
  • Cookies
    • We use Cookies to provide our Services and help collect data.  Cookies are small files sent from a web server to the device you use to connect to the website.  We may use Cookies for four main purposes: (1) authentication and sign-in; (2) security and Service integrity, (3) store your preferences and settings; and (4) analyze how our Services are performing.  We use two types of cookies: Session Cookies, and Persistent Cookies. Session Cookies are temporary cookies that remain in the cookie file of your browser until you leave our website. Session cookies do not store any personally identifying information, but contain a unique visitor ID number we use to customize the Services for you.  Persistent Cookies remain in the cookie file of your browser for much longer, even after you leave our website.  Persistent cookies do not store personal information and are used to remember preferences that should persist from visit to visit.
  • Google Analytics
    • We use third-party analytics tools, including “Google Analytics,” to collect information about how users engage with our Services.  The analytics tools use cookies and collect a variety of information, such demographics, interests, and behaviors based on the information collected, as well as how often users visit particular websites, what pages they visit when they do so, and the sites they used prior to coming to our website.  We use the information we get from the analytics tools to provide and improve our Services.  Google’s ability to use and share information collected by Google Analytics governed by the Google Analytics Terms of Use and the Google Partner Privacy Policy.  You can prevent Google Analytics from recognizing you on return visits to our Websites by disabling cookies on your browser.

Information We Receive From Other Sources

We receive and store information, which may include information about you, from a variety of other sources. 

We receive information from our customers, which may contain information about you.  Examples of customer information we may receive includes:

  • Employee information, which may include personally identifiable information (name, address, birthdate, etc.), and other information such as wage rates, salaries, and hours worked;
  • Menu items and prices;
  • Order and transaction information, including net sales, discounts, and voids;

We may also receive information about you from third parties.  For example, we may receive information about you from:

  • third-party identity verification and authentication services;
  • credit bureaus such as Experian and Transunion;
  • credit card companies such as Visa, MasterCard, American Express, and Discover;
  • Social media platforms & providers such as Facebook, Google, etc.;
  • mailing list providers; and
  • publicly available sources.

How We Use Information We Collect

We may use the information we receive to:

  • Provide, operate, maintain, test, and improve the Services;
  • Provide and create documentation, training, and professional services related to the Services;
  • Fulfill our legal and contractual obligations;
  • Process transactions and use transaction data to create user order histories and profiles; and
  • Create and deliver analytics and data aggregation, including de-identified comparative analytics for our own, or our customer’s sales and quality improvement purposes.

Examples of ways we use the information for the reasons described above include:

  • Implementing controls to ensure that users with accounts only see the information they are authorized to see;
  • Monitoring our systems to ensure that they are working as intended and to detect and fix errors;
  • Accessing log information to investigate problems or unauthorized use; and
  • Analyzing data and usage patterns to improve the Services and make them easier to use.

We may use the information we collect to contact you via e-mail, SMS / text, or via in-App notifications.  For example, we may send you:

  • Transaction & order confirmations, cancellations, status updates, and receipts;
  • News, information, and updates about the Services or your account;
  • Promotions & marketing information about and from us or our Customers; and
  • Requests to complete surveys & provide feedback.

We may also use the information we collect to:

  • Perform and facilitate customer credit checks and financing;
  • Protect our rights or property, or the security or integrity of our Services;
  • Enforce the Terms of Service or other applicable agreements or policies;
  • verify your identity;
  • Protect us, users of our Services or the public from harm or potentially prohibited or illegal activities.
  • Investigate, detect, and prevent fraud, security breaches; or
  • Comply with any applicable law, regulation, legal process, or governmental request.

Information We Share

We may share the information we collect:

  • With any of our parent, subsidiary, or affiliate companies, agents, and business partners for the purposes outlined above;
  • With third parties to provide, maintain, and improve our Services, including service providers who access information about you to perform services on our behalf, such as:
    • hosting and database services,
    • payment processors,
    • identity verification services,
    • mail, e-mail, and text messaging services,
    • providers of analytics, data processing, order fulfillment, product delivery, user data management, and customer support services, and
    • marketing, research, and survey services.
  • In connection with, or during the negotiation of, any merger, sale of company stock or assets, financing, acquisition, divestiture, or dissolution of all or a portion of our business;
  • If we believe it is necessary to:
    • protect our rights or property, or the security or integrity of our Services;
    • enforce the terms of the Terms of Service or other applicable agreements or policies;
    • verify your identity;
    • protect us, users of our Services, or the public from harm or potentially prohibited or illegal activities.
    • investigate, detect, and prevent fraud, security breaches; or
    • comply with any applicable law, regulation, legal process, or governmental request.
  • For other purposes after obtaining your consent.

We may share the information we collect with our customers whom you patronize.  Customers may use this information to contact you directly about their own products and services, promotions, customer rewards programs, and requests to complete surveys and provide feedback.

We also may share aggregated information with third parties that does not specifically identify you or any individual user of our Services.

Your Choices

You have choices with respect to your information.

Your Account and Personal Information

We generally retain information about you only as long as reasonably necessary to provide you the Services.  We may retain archived copies of information about you for a period of time that is consistent with applicable law, or as we believe is reasonably necessary to:

  • comply with applicable law, regulation, legal process, or governmental request;
  • prevent fraud;
  • collect fees owed;
  • resolve disputes;
  • address problems with our Services;
  • assist with investigations;
  • enforce our Terms of Service or other applicable agreements or policies; or
  • take any other actions consistent with applicable law.

If you have an account, you may access, change, or correct your personal account information at any time by logging into your account.  Otherwise, if you believe that we have information about you that should be changed or corrected, you may make the request to us using the contact details below.  We may need to verify your identity before changing or correcting your information.

However, due to legal, contractual, and technical restrictions, we may not be able to make the change or correction.  For example,

  • If we received the information about you from one of our customers, we may be legally and contractually required to refer your request to that customer;
  • In the event of legal action or dispute, we may be prohibited from altering any information; or
  • We maintain regular backups and archives of our data, and changing archived data may be impracticable.

Opt-Out of Communications From Us

To the extent possible, we will ensure that e-mail or text communications we send you will contain instructions on how to "opt-out" of receiving future communications.  In addition, if at any time you wish not to receive any future communications, or you wish to have your name deleted from our mailing lists, please contact us as indicated below.

Cookies

Most web and mobile device browsers are set to automatically accept cookies by default. However, you can change your browser settings to prevent automatic acceptance of cookies, or to notify you each time a cookie is set.

You also can learn more about cookies by visiting http://www.allaboutcookies.org, which includes additional useful information on cookies and how to block cookies on different types of browsers and mobile devices. Please note, however, that by blocking or deleting cookies used in the Services, you may not be able to use, or take full advantage of the Services.

Do Not Track

Do Not Track (“DNT”) is an optional browser setting that allows you to express your preferences regarding tracking across websites. We currently do not respond to DNT signals. We may continue to collect information in the manner described in this Privacy Policy from web browsers that have enabled DNT signals or similar mechanisms.

State Privacy Rights

Some state laws may provide additional rights and protections for your information and privacy.  We make every effort to comply with those state law requirements.

California law permits residents of California to request certain details about information we disclose to third parties for direct marketing purposes. If you are a California resident and would like to request this information, please contact us at the address listed below. 

Security

We work hard to maintain the security, reliability, accuracy, and completeness of our Services and the information we hold.  In particular, we:

  • Implement administrative, technical, and physical safeguards, to protect your information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction;
  • Encrypt many of our Services industry-standard technologies (e.g., SSL, SHA-512, RSA-256);
  • Comply with the Payment Card Industry Data Security Standard (PCI DSS);
  • Review our information collection, storage, and processing practices, including physical security measures, to guard against unauthorized access to systems;
  • Restrict access to personal information to employees, contractors and agents who need to know that information to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations; and
  • Only use third-party service providers to store and transmit personal information in compliance with this Policy, who agree to appropriate confidentiality and security measures, and if necessary, undergo industry-recognized independent third party data security audits.

Nevertheless, we cannot guarantee that internet or e-mail transmissions are fully secure or error free.  In particular, e-mail or messages sent to or from our Services may not be secure.  Therefore, you should take special care in deciding what information you send to us.  Please keep this in mind when disclosing any Personal Data to Toast via the Internet.

Links to Other Services

This Privacy Policy only applies to our Services.  While using the Service, you may be directed through links to third party websites or services.  For example, you may be linked to:

  • Our social media sites;
  • Our customer’s websites;
  • Partner websites; or
  • A third-party authentication site (for example, if you use Google, Facebook, or an OAuth service to log into our Services).

We are not responsible for the privacy practices and policies of those third party websites or services.  If you use or visit those third party services, you are responsible for reviewing and understanding their terms and conditions.  The inclusion of any website link does not imply Our approval, endorsement, or recommendation, and we expressly disclaim any liability for these third party services. 

Contact

If you have questions or comments about our privacy policy, please email us at info@toasttab, with "Privacy Policy" in the subject line or contact us at:

Toast, Inc.
401 Park Drive, Suite 801
Boston, MA 02215


Effective as of May 1, 2017