Privacy Policy

Toast ("we," "us," or "our") operates the Toast event photo and video sharing platform at toastphotos.app. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.

By using Toast, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our services.

Information You Provide Directly

• Account information: When you create a host or event planner account, we collect your name, email address, and password (or Google account credentials if you sign in with Google). Planner accounts may also include business name and contact details.
• Event information: Event names, dates, descriptions, and customization settings you provide when creating an event.
• Photos and videos: Images and video files uploaded by you or your event guests through the platform. Photos may be compressed client-side before upload to improve performance.
• Guest names: Optional display names guests may provide when uploading content.
• Payment information: When you purchase a paid tier or planner credit pack, payment details are collected and processed by our payment provider, Polar.sh. We do not store your full credit card number on our servers.

Information Collected Automatically

• Device information: Browser type, operating system, and device type.
• Usage data: Pages visited, features used, and interaction patterns.
• IP address: Collected for security and fraud prevention purposes.
• Analytics data: If you consent to analytics cookies, we may collect additional usage data through third-party analytics services (such as Google Analytics), including page views, session duration, referral sources, and general geographic location.

Guest (Anonymous) Data

Guests do not need to create an account to upload content. Guest sessions are authenticated anonymously via Firebase Authentication. This process may collect limited technical data such as device identifiers and session tokens to maintain your upload session. No email or password is required from guests.

We use the information we collect to:

• Provide, maintain, and improve our services.
• Enable photo and video sharing between event hosts and their guests.
• Process account registration and authentication.
• Process payments and manage pricing tiers.
• Export your content to third-party services (such as Google Drive) at your request.
• Send service-related communications, including welcome emails, event invitations, and storage expiry reminders.
• Detect, prevent, and address technical issues or abuse.
• Comply with legal obligations.

Toast offers an optional Google Drive export feature that allows hosts to save their event photos and videos directly to Google Drive. When you connect your Google Drive account:

• We request the drive.file scope, which only allows Toast to access files and folders that Toast itself creates. We cannot see, modify, or delete any other files in your Google Drive.
• We store an encrypted OAuth refresh token so you don't need to re-authorize each session.
• Content is transferred from our storage directly to a dedicated "Toast" folder in your Google Drive.
• You can disconnect Google Drive at any time from your dashboard, which revokes our access.

Toast's use of Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

• Photos and videos are stored on Cloudflare R2, a secure cloud storage service with encryption at rest.
• Image processing: Photos may be compressed in your browser before upload to improve performance. On our servers, we may convert image formats (e.g., HEIC to JPEG) and generate thumbnails for gallery display. The original content is preserved alongside any processed versions.
• Account data and event metadata are stored in Google Firebase/Firestore with industry-standard security.
• Authentication is handled by Firebase Authentication with secure token management.
• Payments are processed by Polar.sh. We do not store full payment card details on our servers.
• All data is transmitted over HTTPS/TLS encrypted connections.

Data retention depends on your pricing tier:

• Free tier: Photos and event data are stored for 30 days from the date of your event.
• Paid tiers: Photos, videos, and event data are stored for 12 months from the date of your event.

After the retention period, content is permanently deleted from our servers. We recommend exporting your photos and videos before the retention period ends. Account information is retained as long as you maintain an active account.

We do not sell, trade, or rent your personal information. We may share information only in the following circumstances:

• With event participants: Photos and videos uploaded to an event are visible to anyone with the event's gallery link or QR code, as configured by the host.
• Event planners: If an event planner created your event, they may have access to event metadata and content until the event is handed off to you.
• Service providers: We use third-party services to operate our platform. These providers only process data as necessary to provide their services:
  • Cloudflare (content storage and delivery)
  • Google Firebase (authentication and database)
  • Vercel (hosting)
  • Polar.sh (payment processing)
  • Resend (transactional emails)
  • Google Analytics (website analytics, with your consent)
• Legal requirements: We may disclose information if required by law, court order, or governmental regulation.

Essential Cookies

Toast uses essential cookies and local storage to maintain your authentication session and remember your preferences. These are strictly necessary for the Service to function and cannot be disabled. Firebase Authentication may set session-related cookies as part of this.

Analytics

We may use third-party analytics services such as Google Analytics to understand how visitors use our platform. These services may collect information such as pages visited, time spent on pages, referring URLs, and general geographic location. This data is aggregated and anonymized and is used solely to improve the Service. Analytics cookies are only set after you provide consent via our cookie banner.

Advertising

We may in the future use third-party advertising or remarketing cookies to display relevant content to you on other platforms. If we do, these cookies will only be set with your explicit consent via our cookie banner.

Your Cookie Choices

When you first visit Toast, you will be presented with a cookie consent banner that allows you to accept or reject non-essential cookies. You can change your cookie preferences at any time from the footer of any page. If you reject non-essential cookies, only strictly necessary cookies will be used and the Service will continue to function normally. You can also configure your browser to block or delete cookies, though this may affect certain features.

Depending on your location, you may have the following rights regarding your personal information:

• Access the personal information we hold about you.
• Request correction of inaccurate information.
• Request deletion of your account and associated data.
• Export your photos and videos at any time.
• Disconnect third-party integrations (such as Google Drive).
• Withdraw consent for data processing where consent is the legal basis.

For Canadian Residents

Toast complies with the Personal Information Protection and Electronic Documents Act (PIPEDA). You have the right to access, correct, and request deletion of your personal information. We will respond to access requests within 30 days.

For European Residents (GDPR)

If you are located in the European Economic Area, you have additional rights including the right to data portability, the right to restrict processing, and the right to lodge a complaint with a supervisory authority.

For California Residents (CCPA)

California residents have the right to know what personal information is collected, request deletion, and opt out of the sale of personal information. We do not sell your personal information.

To exercise any of these rights, please contact us at the email address below.

Toast is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us so we can delete it.

Toast is operated from Canada. Your information may be transferred to and processed in countries other than your own, including Canada and the United States, where our service providers operate. By using Toast, you consent to the transfer of your information to these countries, which may have different data protection laws than your jurisdiction.

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of Toast after any changes constitutes acceptance of the updated policy.

Toast is committed to making our platform accessible to all users. We strive to conform to the Web Content Accessibility Guidelines (WCAG) 2.1 Level AA standards. If you encounter any accessibility barriers or have difficulty accessing your personal information through our platform, please contact us so we can assist you.

If you have any questions about this Privacy Policy, please contact us at:

support@toastphotos.app