Privacy Policy

Toasted (“we,” “our,” or “us”) operates the Toasted Tanz iOS application and the toastedtanz.com website. This Privacy Policy describes how we collect, use, and protect information when you use our services.

Artist accounts: Name, email address, phone number, business name, profile photo, Stripe Connect account data (processed by Stripe).

Client data (collected on behalf of artists): First name, last name, phone number, email address (optional), appointment history, payment method tokens (stored by Stripe, never on our servers).

SMS data: Message content sent through the Toasted platform, phone numbers, SMS consent records.

Usage data: App usage, device type, crash reports.

• To operate and provide the Toasted platform
• To facilitate appointment booking and client communication
• To process payments through Stripe
• To send SMS messages through Twilio on behalf of artists (only with client SMS consent on file)
• To send transactional notifications (booking confirmations, reminders)
• To improve and maintain the service

Supabase — database and authentication infrastructure. Data stored in Supabase’s US-based servers. See supabase.com/privacy.

Stripe — payment processing. Payment card data is handled entirely by Stripe and never stored on Toasted servers. See stripe.com/privacy.

Twilio — SMS delivery. Phone numbers and message content are transmitted through Twilio to deliver SMS messages. See twilio.com/legal/privacy.

Apple — iOS platform and optional Sign in with Apple authentication. See apple.com/legal/privacy.

Clients must provide explicit SMS consent before any SMS messages are sent. Consent is recorded with a timestamp. Clients may opt out at any time by replying STOP to any message. Standard message and data rates may apply.

Artist account data is retained while your account is active and for 90 days after cancellation.

Client data is retained as long as the artist account is active.

You may request deletion of your data by contacting us at toastedtanz@protonmail.com.

We use industry-standard security practices including encrypted connections (TLS), row-level security on our database, and access controls. Payment data is handled entirely by Stripe and is never stored on our infrastructure.

Toasted is not directed at children under 13. We do not knowingly collect personal information from children under 13.

You may request access to, correction of, or deletion of your personal data at any time. Contact us at toastedtanz@protonmail.com.

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy at this URL and updating the “Last updated” date.

Questions about this policy? Email us at toastedtanz@protonmail.com.