Privacy Policy

Scope

This Privacy Policy applies to ToastLedger websites, apps, and APIs used for private event coordination and guest media uploads in the United States.

By using ToastLedger, you acknowledge the data practices described here.

Information We Collect

Account and identity data, including name, email address, session identifiers, and invitation details.

Event data, including event title, location, agenda details, RSVP responses, guest-list attributes, and event access settings.

Media and moderation data, including uploaded photos and videos, timestamps, uploader identifiers, moderation actions, reports, and block decisions.

Operational and security data, including IP address, device and browser metadata, request logs, and abuse-prevention telemetry.

How We Use Information

To operate private events, authenticate users, collect guest content, and enforce owner-configured upload windows and access controls.

To moderate content, investigate abuse, prevent fraud, and maintain service integrity.

To send account and operational notifications such as sign-in links, sync status, and owner alerts.

Cloud Destinations and Third Parties

When an owner links a destination provider (for example Google Photos), ToastLedger syncs approved event media using owner-authorized tokens.

Guests do not receive owner cloud credentials.

We use third-party processors for infrastructure and communication, including Cloudflare and Resend, and only share data necessary to provide the service.

Retention

Event owners can configure retention windows. Unless a shorter policy is set, event media and related records may be retained for operational, moderation, and audit needs.

We recommend a default retention window of 180 days after event close for production use, with shorter periods available for sensitive events.

Backups and logs may persist for limited periods required for reliability and security.

Children and Minors

ToastLedger is intended for users age 13 and older.

Event owners are responsible for obtaining any required parental or guardian permissions for minors participating in an event.

CCPA and U.S. Privacy Rights

Eligible California residents may request access, correction, or deletion of personal information subject to legal exceptions.

ToastLedger does not sell personal information as traditionally defined under CCPA.

Privacy requests can be submitted through in-product request flows or by contacting privacy@toastledger.com.

Security

We use reasonable technical and organizational safeguards designed to protect data in transit and at rest.

No system is completely risk-free, and users should protect account access and report suspected misuse promptly.

Changes to This Policy

We may update this Privacy Policy from time to time.

Material changes will be reflected by updating the effective date and, where appropriate, by additional notice.

Contact

For privacy questions or requests, contact privacy@toastledger.com.