Privacy Policy

Last updated: September 18, 2025

Summary: When you generate a roast/toast, your selected photo and prompt are sent securely to our server (“proxy”) and then to our AI model provider to create the result. We do not sell your data. We minimize what we store (e.g., purchase receipts, short-lived logs).

1) Who we are

Toast2Roast (“T2R”, “we”, “us”) is an entertainment app that creates humorous roasts and warm toasts from user-provided images and prompts.

2) What we collect

• Content you provide: photos you select, optional text prompts/captions, persona choices, and intensity settings used to generate output.
• Technical & device info: device model/OS, app version, timestamps, language/locale, coarse region, and network diagnostics to operate and protect the service.
• Purchase & entitlement data: Google/Apple purchase tokens, product IDs, and expiration/renewal status to unlock features and restore purchases.
• Diagnostics (automatic/optional): crash/performance logs from Apple/Google or analytics providers to improve stability.
• Website data: standard web logs (IP, user agent, pages) and any info you submit via email or forms.

3) How your data is processed

Generation flow: When you tap generate, the app transmits your selected image and prompt to our server (“proxy”), which forwards them to our AI model provider(s) to produce the roast/toast image or text. The result is returned to your device.

• We do not train our own models on your content.
• Where available, we configure providers to not use your content for their model training.
• Encrypted transport (HTTPS/TLS) is used between app, proxy, and model provider.
• Our proxy may perform light validation: rate limiting, file type/size checks, and safety filtering.

4) What we store & retention

• Images & prompts: Not persisted on our servers after generation completes. Temporary processing/cache copies are short-lived and auto-cleared. Error logs may include minimal metadata (e.g., file type, size, request ID) retained up to 30 days.
• Generated results: Saved outputs reside on your device only if you choose to save/export. We don’t keep server copies.
• Purchases: Entitlement records (product ID, receipt token, expiration) are retained as long as needed to provide and audit access.
• Diagnostics: Crash/perf logs are retained per platform/provider defaults and operational needs.

5) Sharing & third parties

We share only what’s necessary to operate the app:

• AI model provider(s): to generate your output (receives your image/prompt and necessary metadata).
• App stores (Google/Apple): for payments, purchase verification, and subscriptions.
• Hosting/CDN & security services: to run our proxy/API and mitigate abuse.
• Analytics/diagnostics: crashes and performance (no data selling).
• Legal: when required by law or to protect rights, safety, and integrity of our services.

We do not sell personal data and do not share data for cross-context behavioral advertising.

6) Your choices & controls

• Save/export: Save generated images to your device at your discretion; delete them anytime from your gallery.
• Limit analytics: Use OS settings to limit identifiers and crash reporting where supported.
• Manage purchases: Cancel/manage subscriptions in your Apple App Store or Google Play settings; use “Restore Purchases” in-app.

7) Security

We use reasonable technical and organizational measures to protect information. No system is 100% secure, but we minimize risk by limiting collection and retention.

8) Children’s privacy

Toast2Roast is not directed to children under 13. We do not knowingly collect personal data from children. If you believe your child has provided information, contact us for removal.

9) International use

If you use T2R outside the U.S., related processing may occur in the U.S. and other regions where our providers operate, consistent with their policies.

10) Changes

We may update this policy to reflect app changes or legal requirements. The “Last updated” date shows the latest version.

Google Play — Data Safety Summary

How we declare data in Google Play Console’s Data Safety form:

Data collected

• Photos & videos Collected — user selects a photo to process.
• User-generated content (text prompts/persona/slider) Collected — to generate output.
• Everything else (personal info, contacts, precise location, device ID, etc.) — Not collected.

Data shared

Google defines “shared” as sent to a third party. Because we transmit to an AI provider for processing, we declare:

• Photos & videos — Shared with AI provider for app functionality.
• Prompts & persona selections — Shared with AI provider for app functionality.

Security & deletion

• Encrypted in transit — Yes (HTTPS/TLS).
• User deletion — Yes (we do not persist content server-side; user controls saved images on device; uninstall removes local data).

Purpose

• App functionality — ✅ Yes.
• Analytics / Advertising / Personalization — ❌ No.

Required vs optional

• Photos — Optional (only when generating).
• Prompts — Optional (defaults/persona can be used).

Apple App Store — App Privacy

Data Linked to You

None (no accounts; no linking to identity).

Data Not Linked to You

• Photos & Videos — Purpose: App functionality; Shared: Yes (AI model provider); Retention: temporary processing only.
• User Content (Prompts/Persona/Slider) — Purpose: App functionality; Shared: Yes; Retention: temporary processing only.

Other categories

No collection: Contacts, Location, Financial Info, Device ID, or other identifiers.

Usage Purpose Flags

• App Functionality ✅
• Analytics ❌
• Developer’s Advertising/Marketing ❌
• Third-party Advertising ❌

Tracking

The app does not track users across other apps or websites.

Optional vs Required

• Photos — Optional (only when generating).
• Prompts — Optional (defaults possible).

Contact

Email: support@toast2roast.com