Privacy Policy

toda.cash ("we," "us," or "our") operates the toda.cash platform, which allows individuals and small businesses to accept payments via a personal payment page. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.

1. Information We Collect

Account information: When you create an account, we collect your email address and password (stored securely via Supabase Auth). If you sign in with Google, we receive your name and email from Google.

Profile information: Information you voluntarily add to your payment page, including your display name, profile photo, payment handles (Venmo, Cash App, PayPal), and social media links.

Payment information: Card payment processing is handled entirely by Stripe. We do not store card numbers or sensitive payment data. For card payments, Stripe shares limited transaction data with us (amount, date, last 4 digits of card).

Usage data: We collect anonymized data about how visitors interact with payment pages, including page views and scan counts, to provide analytics to merchants.

Device and log data: We may collect standard server log information such as IP addresses and browser type when you access our service.

2. How We Use Your Information

• To create and manage your toda.cash account and payment page
• To process payments via Stripe and display your payment handles
• To provide dashboard analytics on your page performance
• To send transactional emails (account confirmation, password reset)
• To improve and maintain the toda.cash platform
• To comply with legal obligations

We do not sell your personal information to third parties.

3. Third-Party Services

We rely on the following third-party services to operate toda.cash. Each has their own privacy policy:

• Stripe — payment processing and merchant onboarding (stripe.com/privacy)
• Supabase — database and authentication (supabase.com/privacy)
• Netlify — website hosting (netlify.com/privacy)
• Google — optional OAuth sign-in (policies.google.com/privacy)
• Resend — transactional email delivery (resend.com/privacy)

Venmo, Cash App, and PayPal are independent services. Payments made through those platforms are subject to their own terms. We do not receive transaction data from these providers.

4. Data Retention

We retain your account and profile data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where we are required to retain it for legal or tax compliance purposes. Stripe retains payment records independently per their own policies.

5. Your Rights

You have the right to:

• Access the personal data we hold about you
• Correct inaccurate information in your account
• Request deletion of your account and associated data
• Export your data in a portable format

To exercise any of these rights, email us at support@toda.cash.

6. Cookies

toda.cash uses essential cookies required to keep you logged in and to maintain session state. We do not use advertising or tracking cookies. We do not use third-party analytics platforms (e.g., Google Analytics).

7. Children's Privacy

toda.cash is not directed to children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

8. Security

We use industry-standard security practices including encrypted connections (HTTPS), secure authentication via Supabase, and row-level security on our database. No system is completely secure, and we cannot guarantee absolute security of your data.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the date at the top of this page. Continued use of toda.cash after changes constitutes acceptance of the updated policy.

10. Contact

Questions about this Privacy Policy? Contact us at support@toda.cash.