Please read this Policy carefully. You agree and consent to this Policy by using the Services.
If you are using the Services on behalf of a company, organization, government, or other legal entity, your use certifies to us that an authorized person from your organization has accepted this Policy on your behalf, and that you are authorized to use the Services.
Our Services are not targeted or directed at children under the age of 13, and we do not knowingly collect personal information from children under the age of 13.
Information We Collect
We collect information from a variety of sources.
Information You Provide
We collect information from and about you if you create an account (either directly with us or through our customer websites), and as part of our identity verification process. This information may include personally identifiable information, such as your name, address, phone number, email address, username, and password.
We collect information about you when you complete a transaction using our Services, such as an online order from one of our customers. Transaction information includes:
- Your account and identify information;
- Billing and delivery information, including credit card / payment details;
- Details about the transaction (amount, goods/services ordered, customer name, time and date, etc.).
We also collect information about you when you contact us, such as when you:
- Contact us with questions or feedback regarding our Services,
- Purchase or register a Service, or
- Respond to one of our surveys.
Information We Collect When You Access Our Services
We collect information about the Services you use and how you use them. This information includes:
- Log Files and Device Information
- Log files include information such as your IP address, browser type, the referring domain, pages visited, and search terms. We may also collect information about the device you use to connect to our services, including your device type (e.g., mobile, tablet, desktop/laptop), browser, and operating system.
- Google Analytics
Information We Receive From Other Sources
We receive and store information, which may include information about you, from a variety of other sources.
We receive information from our customers, which may contain information about you. Examples of customer information we may receive includes:
- Employee information, which may include personally identifiable information (name, address, birthdate, etc.), and other information such as wage rates, salaries, and hours worked;
- Menu items and prices;
- Order and transaction information, including net sales, discounts, and voids;
We may also receive information about you from third parties. For example, we may receive information about you from:
- third-party identity verification and authentication services;
- credit bureaus such as Experian and Transunion;
- credit card companies such as Visa, MasterCard, American Express, and Discover;
- Social media platforms & providers such as Facebook, Google, etc.;
- mailing list providers; and
- publicly available sources.
How We Use Information We Collect
We may use the information we receive to:
- Provide, operate, maintain, test, and improve the Services;
- Provide and create documentation, training, and professional services related to the Services;
- Fulfill our legal and contractual obligations;
- Process transactions and use transaction data to create user order histories and profiles; and
- Create and deliver analytics and data aggregation, including de-identified comparative analytics for our own, or our customer’s sales and quality improvement purposes.
Examples of ways we use the information for the reasons described above include:
- Implementing controls to ensure that users with accounts only see the information they are authorized to see;
- Monitoring our systems to ensure that they are working as intended and to detect and fix errors;
- Accessing log information to investigate problems or unauthorized use; and
- Analyzing data and usage patterns to improve the Services and make them easier to use.
We may use the information we collect to contact you via e-mail, SMS / text, or via in-App notifications. For example, we may send you:
- Transaction & order confirmations, cancellations, status updates, and receipts;
- News, information, and updates about the Services or your account;
- Promotions & marketing information about and from us or our Customers; and
- Requests to complete surveys & provide feedback.
We may also use the information we collect to:
- Perform and facilitate customer credit checks and financing;
- Protect our rights or property, or the security or integrity of our Services;
- Enforce the Terms of Service or other applicable agreements or policies;
- verify your identity;
- Protect us, users of our Services or the public from harm or potentially prohibited or illegal activities.
- Investigate, detect, and prevent fraud, security breaches; or
- Comply with any applicable law, regulation, legal process, or governmental request.
Information We Share
We may share the information we collect:
- With any of our parent, subsidiary, or affiliate companies, agents, and business partners for the purposes outlined above;
- With third parties to provide, maintain, and improve our Services, including service providers who access information about you to perform services on our behalf, such as:
- hosting and database services,
- payment processors,
- identity verification services,
- mail, e-mail, and text messaging services,
- providers of analytics, data processing, order fulfillment, product delivery, user data management, and customer support services, and
- marketing, research, and survey services.
- In connection with, or during the negotiation of, any merger, sale of company stock or assets, financing, acquisition, divestiture, or dissolution of all or a portion of our business;
- If we believe it is necessary to:
- protect our rights or property, or the security or integrity of our Services;
- enforce the terms of the Terms of Service or other applicable agreements or policies;
- verify your identity;
- protect us, users of our Services, or the public from harm or potentially prohibited or illegal activities.
- investigate, detect, and prevent fraud, security breaches; or
- comply with any applicable law, regulation, legal process, or governmental request.
- For other purposes after obtaining your consent.
We may share the information we collect with our customers whom you patronize. Customers may use this information to contact you directly about their own products and services, promotions, customer rewards programs, and requests to complete surveys and provide feedback.
We also may share aggregated information with third parties that does not specifically identify you or any individual user of our Services.
You have choices with respect to your information.
Your Account and Personal Information
We generally retain information about you only as long as reasonably necessary to provide you the Services. We may retain archived copies of information about you for a period of time that is consistent with applicable law, or as we believe is reasonably necessary to:
- comply with applicable law, regulation, legal process, or governmental request;
- prevent fraud;
- collect fees owed;
- resolve disputes;
- address problems with our Services;
- assist with investigations;
- enforce our Terms of Service or other applicable agreements or policies; or
- take any other actions consistent with applicable law.
If you have an account, you may access, change, or correct your personal account information at any time by logging into your account. Otherwise, if you believe that we have information about you that should be changed or corrected, you may make the request to us using the contact details below. We may need to verify your identity before changing or correcting your information.
However, due to legal, contractual, and technical restrictions, we may not be able to make the change or correction. For example,
- If we received the information about you from one of our customers, we may be legally and contractually required to refer your request to that customer;
- In the event of legal action or dispute, we may be prohibited from altering any information; or
- We maintain regular backups and archives of our data, and changing archived data may be impracticable.
Opt-Out of Communications From Us
To the extent possible, we will ensure that e-mail or text communications we send you will contain instructions on how to "opt-out" of receiving future communications. In addition, if at any time you wish not to receive any future communications, or you wish to have your name deleted from our mailing lists, please contact us as indicated below.
Most web and mobile device browsers are set to automatically accept cookies by default. However, you can change your browser settings to prevent automatic acceptance of cookies, or to notify you each time a cookie is set.
You also can learn more about cookies by visiting http://www.allaboutcookies.org, which includes additional useful information on cookies and how to block cookies on different types of browsers and mobile devices. Please note, however, that by blocking or deleting cookies used in the Services, you may not be able to use, or take full advantage of the Services.
Do Not Track
State Privacy Rights
Some state laws may provide additional rights and protections for your information and privacy. We make every effort to comply with those state law requirements.
California law permits residents of California to request certain details about information we disclose to third parties for direct marketing purposes. If you are a California resident and would like to request this information, please contact us at the address listed below.
We work hard to maintain the security, reliability, accuracy, and completeness of our Services and the information we hold. In particular, we:
- Implement administrative, technical, and physical safeguards, to protect your information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction;
- Encrypt many of our Services industry-standard technologies (e.g., SSL, SHA-512, RSA-256);
- Comply with the Payment Card Industry Data Security Standard (PCI DSS);
- Review our information collection, storage, and processing practices, including physical security measures, to guard against unauthorized access to systems;
- Restrict access to personal information to employees, contractors and agents who need to know that information to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations; and
- Only use third-party service providers to store and transmit personal information in compliance with this Policy, who agree to appropriate confidentiality and security measures, and if necessary, undergo industry-recognized independent third party data security audits.
Nevertheless, we cannot guarantee that internet or e-mail transmissions are fully secure or error free. In particular, e-mail or messages sent to or from our Services may not be secure. Therefore, you should take special care in deciding what information you send to us. Please keep this in mind when disclosing any Personal Data to Toast via the Internet.
Links to Other Services
- Our social media sites;
- Our customer’s websites;
- Partner websites; or
- A third-party authentication site (for example, if you use Google, Facebook, or an OAuth service to log into our Services).
We are not responsible for the privacy practices and policies of those third party websites or services. If you use or visit those third party services, you are responsible for reviewing and understanding their terms and conditions. The inclusion of any website link does not imply Our approval, endorsement, or recommendation, and we expressly disclaim any liability for these third party services.
401 Park Drive, Suite 801
Boston, MA 02215
Effective as of May 1, 2017