Privacy Policy

01 Who we are

“Toastmanagers,” “we,” “us,” and “our” refer to the team that operates the website and service at toastmanagers.com. For privacy questions, contact us at managerstoast@gmail.com.

For most personal information stored about your club’s members, your club is the data controller and Toastmanagers acts as a data processor on the club’s behalf. For account-level information (your login, billing, etc.), Toastmanagers is the controller.

02 What we collect

Category	Examples	Source
Account info	First and last name, email address, password (stored as a salted hash — never in plain text)	You provide it at signup
Club & member info	Club name, member roster, role assignments, attendance, speech titles, evaluations, Pathways progress, meeting notes, schedule preferences	You and your club’s administrators
Communications	Messages you send us (support email), feedback, bug reports	You contact us
Usage data	Pages visited, features used, approximate timing, browser type, device type, IP-derived approximate location, referring URL	Collected automatically when you use the Service
Cookies & tokens	Session/auth cookies, “remember me” tokens, password-reset tokens, CSRF tokens	Set by us during normal use
Email delivery metadata	Whether reminders or password-reset emails were delivered, opened, or bounced	Our email provider

What we don’t collect: we don’t ask for or store payment information, government IDs, biometric data, or device microphone/camera content. Toastmanagers doesn’t record audio or video from your meetings.

03 Why we use it

We use the information above to:

Create and secure your account, and log you in.
Run your club workspace — schedules, agendas, role assignments, Pathways tracking, member statistics.
Send transactional emails such as role reminders (7-day, 1-day, same-day), password resets, invite links, and important account or service notices.
Provide PDF agendas, exports, and printable materials when you request them.
Diagnose problems, fix bugs, prevent fraud and abuse, and keep the Service secure.
Understand which features are useful so we can improve the product (in aggregate, not by spying on individual users).
Reply to your support requests and feedback.
Comply with legal obligations and enforce our Terms of Service.

We do not use Your Content to train third-party AI models, and we do not sell or rent personal information.

04 Legal bases (EEA / UK users)

If you’re in the European Economic Area or the United Kingdom, we rely on the following legal bases under the GDPR:

Contract: to provide the Service you signed up for (e.g., logging you in, running your club workspace, sending transactional emails).
Legitimate interests: to keep the Service secure, prevent abuse, debug issues, and improve the product. We balance these against your privacy rights.
Consent: for optional marketing emails, optional analytics where required, or anything else you explicitly opt in to. You can withdraw consent at any time.
Legal obligation: to comply with applicable law.

05 When we share information

We share information only in these limited situations:

With your club: information you add to a club workspace (your name, role assignments, attendance, speech titles, Pathways progress, etc.) is visible to other members and administrators of that club.
Service providers: with vendors who help us run the Service under written contracts that limit their use of the data — for example, hosting providers, database providers, transactional email providers, and error-monitoring services.
Legal requirements: when we believe in good faith that disclosure is required by law, court order, or to protect our rights, your safety, or the safety of others.
Business transfers: if Toastmanagers is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred — but it will remain subject to a privacy policy at least as protective as this one. We’ll notify you of any change in control.
With your direction or consent: any other sharing you specifically ask us to do.

We do not sell, rent, or trade your personal information to data brokers, advertisers, or any other third party.

06 Cookies & analytics

We use a small number of cookies and similar technologies:

Strictly necessary: session and authentication cookies, CSRF tokens, and a “remember me” token if you choose it. Without these, the Service can’t function.
Preferences: things like your last-used dashboard view or theme.
Analytics: we use Google Analytics to understand aggregate usage patterns (e.g., how many people viewed the landing page, which features get used). We’ve configured it to anonymize IP addresses where supported and we don’t use it for cross-site advertising. You can opt out site-wide using the Google Analytics Opt-Out Browser Add-on, by enabling “Do Not Track” in your browser, or by using a tracker-blocking extension.

You can also clear or block cookies in your browser settings, but doing so may sign you out and break some features.

07 Email communications

We send a few different kinds of email:

Transactional: account and security emails (signup confirmation, password reset, invite links) and the meeting reminders you and your club have configured (7-day, 1-day, same-day). These are required to operate the Service.
Product updates: occasional notices about meaningful new features, changes that affect your account, or downtime. You can opt out of these without losing transactional emails.
Tips & best practices: if you opt in at signup, we may send you the occasional best-practices email for running your club. You can unsubscribe at any time using the link in the email or by emailing us.

08 How long we keep data

We keep your information for as long as your account is active and as long as needed to provide the Service. When you delete your account, we delete or anonymize personal information associated with you, except where we need to retain it to:

Comply with legal, tax, or accounting obligations.
Resolve disputes or enforce our agreements.
Maintain backups for a limited rolling window (typically up to 30 days) before they’re overwritten.
Preserve aggregate, de-identified usage statistics that can’t be linked back to you.

Inactive accounts may be deleted after a long period of inactivity. We’ll send a warning email before doing so.

09 Security

We take reasonable technical and organizational measures to protect your information, including:

HTTPS / TLS encryption for all traffic between you and our servers.
Passwords stored as salted, one-way hashes (we cannot recover or read your password).
Time-limited, single-use tokens for password resets and invites.
Access controls so only authorized personnel can administer the Service.
Regular updates to our underlying frameworks and dependencies.

No system is perfectly secure. If you ever believe your account or our service has been compromised, please email managerstoast@gmail.com right away.

10 Your rights & choices

Depending on where you live, you may have rights to:

Access the personal information we hold about you.
Correct information that is inaccurate or incomplete (most of this you can edit yourself in your account settings).
Delete your account and associated personal information.
Export a copy of your information in a portable format.
Object to or restrict certain processing.
Withdraw consent where we rely on consent.
Lodge a complaint with your local data-protection authority.

You can exercise most of these rights from your account settings, or by emailing managerstoast@gmail.com. We’ll respond within the timeframe required by applicable law (and usually much sooner). We won’t discriminate against you for exercising any of these rights.

Are you a club member, not an administrator? Information you provide through a club workspace is controlled by that club. Please contact your club’s administrator first; we’ll help if needed.

11 Children

Toastmanagers is intended for adults and clubs running adult Toastmasters programs. The Service is not directed to children under 13, and we don’t knowingly collect personal information from anyone under 13. If you believe a child has provided us with information, please email managerstoast@gmail.com and we’ll delete it.

12 International transfers

Toastmanagers operates from the United States, and the service providers we use may also be located in the United States or other countries. If you access the Service from outside the United States, your information will be transferred to and processed in the United States (and potentially other countries) where data-protection laws may differ from those of your country.

Where required, we use appropriate safeguards (such as the European Commission’s Standard Contractual Clauses) for international transfers of personal data from the EEA, UK, or Switzerland.

13 Notice to California residents

If you’re a California resident, the California Consumer Privacy Act (CCPA / CPRA) gives you specific rights, including the right to know what personal information we’ve collected about you, to delete it, to correct it, and to opt out of any “sale” or “sharing” of personal information.

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. The categories of personal information we collect are described in the “What we collect” section above. To exercise any CCPA right, email managerstoast@gmail.com from the address associated with your account. We’ll verify your identity before responding.

14 Changes to this policy

We may update this Privacy Policy from time to time. If we make a material change, we’ll let you know in the app or by email and update the “Last updated” date above. Older versions will be available on request.

15 Contact

Questions, concerns, or privacy requests? Email us at managerstoast@gmail.com. A real person reads every message.

Contents