Toast Security Principles

Credit Card Safety

When you purchase a paid Toast subscription, your credit card data is not transmitted through nor stored on our systems. Instead, we depend on Stripe, a company dedicated to this task. Stripe is certified to PCI Service Provider Level 1, the most stringent level of certification available. Stripe’s security information is available online.

Authentication Security

Authentication Options

We offer our own local sign-in as well as Google, Apple & Facebook Authentication services.

Secure Credential Storage

Toast follows secure credential storage best practices by never storing passwords in a human-readable format, and only as of the result of a salted, one-way hash.

API Security & Authentication

Our API is SSL-only and you must be a verified user to make API requests.

Network Security

All access to the Toast network is restricted to HTTPS encrypted connections. Firewalls, best-in-class router technology Intrusion Detection and/or Prevention technologies (IDS/IPS) are implemented by our hosting provider, which monitor and/or block malicious traffic and network attacks.

Network Access

Access to users' data is only possible via encrypted connections according to industry best-practices HTTPS and Secure Sockets Layer (SSL). Additionally, unique (per user/per device) and regularly updated security tokens are used to ensure even higher safety of personal information.

Extension Security

All Toast extensions communicate with the server only through an encrypted connection to API. Extensions never send any information to Toast's servers without user action.

Any data collection is not done by extension unless requested by the user. Even when the data collection is requested by the user in order to save a folder or do any other action that requires information from browser/web page Toast only collects the least amount of data possible to provide access to the desired functionality.

Toast extensions never:

• track users' web activity
• save browsing history
• read user's web page contents (passwords, form fields, links... nothing)

Finally, Toast is only available for download through official browsers' web stores and Apple Mac App Store, which means each extension version is diligently checked by Apple, Google, Opera & Firefox employees before being allowed to be distributed through corresponding store.

Employee Access

User’s private information (such as passwords) is encrypted at rest. Passwords are never stored in the database in plaintext and are not readable by staff.

No Toast staff will access your data unless required for support reasons.

When working a support issue we do our best to respect your privacy as much as possible, we only access the minimum data needed to resolve your issue. Finally, it’s worth noting that Toast’s staff is quite small, limiting the number of individuals who would support you.

Datacenter security

Toast is hosted with industry-leading Ukrainian hosting provider Hostpro. Toast servers are located in the United States. All production, physical security, power, and internet connectivity is monitored by Hostpro and their datacenter partners.

Availability & Uptime

Hostpro (Toast’s hosting provider) provides 99.9% uptime, publicly available status page, and maintenance notifications.

Toast development and updates are always done on the separate environments and well checked before release. The release of updates does not take more than a few minutes usually and should not create any noticeable issues for our users.

Contact Us

Have a question or concern? Please email us at dotoast.com@gmail.com.