Privacy Policy

Last updated: April 30, 2025

Toma, Inc. (“Toma,” “we,” “our”) provides a voice-AI platform and public web demos at https://www.toma.com.
This Privacy Policy explains how we collect, use, and share information from:

  • Authenticated dealership users: service advisors, managers, receptionists, and owners who log in to the Toma platform; and
  • Unauthenticated visitors: anyone who browses our site or tries our voice / chat demos without creating an account.

By accessing the platform or our demos, you acknowledge this Policy.

1. Information We Collect

We collect information about you when you use the Services. This includes:

  • Account Identifiers: name, business email, phone number, profile picture, username & hashed password, Google OAuth token (if used)
  • Business Details: dealership name, address, hours, pricing or inventory data used to configure the AI
  • Usage & Interaction Data: call audio, call transcriptions, in-app actions, support tickets, log files
  • Demo Inputs: email (if entered), voice recording, text you type or speak in demo widgets
  • Device / Technical Data: IP address, browser type, pages visited, cookies & similar analytics IDs

2. How We Use Information

We use the information above to:

  1. Provide & improve the Services: authenticate you, route calls, generate transcripts, personalize responses, and refine our product features (we do not train public AI models on Customer Data without explicit written permission).
  2. Analytics: understand feature adoption, troubleshoot issues, and enhance user experience through tools such as Google Analytics and Mixpanel.
  3. Security & Abuse Prevention: detect fraud, secure accounts, and investigate misuse.
  4. Marketing & Communication: send product updates, newsletters, or promotional messages (you can unsubscribe anytime).
  5. Legal & Compliance: meet legal obligations, enforce our Terms, and protect rights, property, or safety.

3. Cookies & Similar Technologies

We use first-party and third-party cookies, pixels, and local storage to:

  • keep you signed in;
  • remember preferences;
  • measure site traffic and campaign effectiveness; and
  • show relevant Toma ads on other sites.

Most browsers let you delete or block cookies; doing so may limit some functionality.

4. How We Share Information

We never sell personal information. We disclose it only as follows:

  • Service Providers: cloud hosting (e.g., AWS), email delivery, analytics, telephony, and similar vendors that process data strictly under our instructions and in accordance with this Policy;
  • Dealer-Integrated Vendors: DMS, CRM, or OEM systems that a dealership already uses and explicitly connects to Toma;
  • Professional Advisers: accountants, auditors, insurers, and legal counsel who need the data to provide their services and are bound by confidentiality obligations;
  • Legal or Safety Requirements: to comply with law, valid court orders, or government requests; to enforce our agreements; or to protect rights, property, or safety of Toma, our users, or others;
  • Corporate Transactions: if we (i) explore or complete a merger, financing, acquisition, due-diligence process, restructuring, bankruptcy, or sale of all or part of our business or assets, personal data may be shared with and transferred to the parties involved (including prospective buyers and their advisers) and will remain subject to this Policy or a successor policy of equal or greater protection;
  • Aggregated / De-Identified Data: data that cannot reasonably identify you may be shared publicly for analytics, benchmarking, or research.

5. Data Retention

  • Account & Business Data: While the account is active plus 12 months, then deleted or archived unless otherwise required.
  • Call Audio, Demo Recordings, Transcripts & Text: Stored indefinitely unless you request deletion; we honor verified deletion requests within 30 days.
  • Logs & Analytics: Up to 3 months, then aggregated or deleted.

6. Your Choices & Rights

  • Update or Delete Account Data: Dealership users can contact support@toma.com to correct or delete profile details.
  • Opt-Out of Marketing Emails: click “unsubscribe” in any message.
  • Request Deletion of Call Recordings or Demo Inputs: email support@toma.com with sufficient detail to locate the data.
  • California Residents: you may have rights of access, deletion, and non-discrimination under the California Consumer Privacy Act (CCPA). Submit requests to support@toma.com or the address below.

    • 7. Security

    We follow administrative, technical, and physical safeguards aligned with SOC 2 standards (see https://trust.toma.com), including encryption in transit, least-privilege access controls, and continuous monitoring. No security program is perfect; we cannot guarantee absolute security.

    8. International Users

    Toma’s infrastructure and support teams are located in the United States, and we do not intentionally market to or store data from residents of the European Economic Area or United Kingdom.

    9. Children

    Toma is not intended for anyone under 13 years old. We do not knowingly collect personal data from children. If you believe a child has provided us information, contact support@toma.com and we will delete it.

    10. Changes to This Policy

    We may update this Privacy Policy from time to time. Material changes will be posted on this page with a revised “Last updated” date, and we may notify active account holders by email or in-app message.

    11. Contact Us

    Questions or requests?

    Toma, Inc.
    680 Indiana St. #502
    San Francisco, CA 94107
    Email: support@toma.com