Privacy Policy

Short version: we collect what ToastUp needs, never sell your data, and keep the fine print readable.

📅Last updated:May 3, 2026

1. What We Collect

We collect only what's strictly necessary:

  • Account data: name, email, hashed password
  • Billing data: handled by Stripe — we never store card numbers
  • Usage data: anonymized impression/click counts on your toasts
  • Technical data: IP (anonymized after 30 days), user-agent, referrer

2. How We Use It

  • To deliver and maintain the service
  • To send transactional emails (receipts, password resets)
  • To send optional product updates (unsubscribe any time)
  • To prevent fraud and abuse

3. Cookies

We use essential cookies only: session token, CSRF protection, theme preference, and a small local storage flag that remembers when you've seen our cookie notice.

You may see a simple informational banner explaining this on your first visit. Because these cookies are required to keep ToastUp secure and working, there is no separate opt-out for them. We do NOT use tracking cookies, third-party ad pixels, or Facebook/Google analytics.

4. Sharing

We share data only with processors required to run ToastUp or integrations you explicitly enable:

  • Stripe — payment processing
  • Hetzner / Cloudflare — hosting & CDN
  • Zapier — optional lead forwarding, only when you connect a Zapier webhook and enable it for a toast

If you enable Zapier for lead capture, ToastUp sends the submitted email or phone number plus toast details, website domain, page URL, visitor id and timestamp to the Zapier Catch Hook you configured.

We never sell, rent, or share your data with advertisers.

5. Your Rights (GDPR)

If you're in the EU/UK/Switzerland, you have the right to:

  • Access a copy of your data
  • Rectify incorrect data
  • Delete your account and associated data
  • Export data in machine-readable format
  • Object to any non-essential processing

Email privacy@toastup.co. Response within 30 days.

6. Billing & Responsibility

Billing is processed by Stripe. We do not store card numbers, but we may store Stripe customer, subscription, plan, price, status, and billing event identifiers needed to operate paid plans.

Purchasing a paid plan does not create any privacy-related right to a refund. Paid plans are non-refundable as described in our Terms of Service. Cancellation stops future renewals but does not refund payments already made.

You are responsible for the personal data you collect through ToastUp, including lead emails or phone numbers, visitor data, toast content, and any data you send to third-party integrations such as Zapier. You are also responsible for any damage, loss, claim, penalty, complaint, or other consequence caused by your collection, configuration, use, export, or forwarding of that data.

7. Contact Us

ToastUp is operated by DMALABS XYZ.

Email: hello@toastup.co

Privacy: privacy@toastup.co

TL;DR — We don't sell your data. Paid plans are non-refundable. You are responsible for data you collect, export, or send to integrations.