Privacy Policy

Last updated: March 20, 2026

1. Introduction

Toma, Inc. (“Toma,” “we,” “our,” or “us”) provides (a) a voice-AI platform and dashboard for automobile dealerships, (b) public web demos at toma.com, and (c) an AI-powered Web Chat widget embedded on participating dealer websites (the “Web Chat”) (collectively, the “Services”).

This Privacy Policy explains how we collect, use, disclose, and protect personal information from: (i) authenticated dealership users such as service advisors, managers, receptionists, and owners (“Dealer Users”); (ii) unauthenticated visitors who browse the Site or try voice/chat demos without creating an account (“Visitors”); and (iii) end-user consumers who interact with the Web Chat on a dealer’s website (“Chat Users”).

By using the Services, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Services.

2. Information We Collect

2.1 Information You Provide Directly

From Dealer Users:

  • Account identifiers: name, business email, phone number, profile picture, username, and hashed password
  • Google OAuth token (if single sign-on is used)
  • Business details: dealership name, address, hours of operation, pricing data, and inventory information

From Chat Users (via the Web Chat):

  • Contact information: name, email address, and phone number, when voluntarily provided
  • Vehicle interest: make, model, year, stock number, or description of the vehicle you are inquiring about
  • Conversation content: the full text of your Web Chat conversation, including any questions, preferences, or information you share
  • Payment and affordability inquiry details: information you provide when requesting payment estimates, such as desired monthly payment, down payment amount, or trade-in details

From Visitors:

  • Contact information submitted via the Site’s contact form or email inquiries
  • Demo interaction content: voice or text inputs during a public demo session

2.2 Information Collected Automatically

When you use the Services (including the Web Chat on a dealer’s website), we may automatically collect:

  • Device and browser information: IP address, device type, operating system, browser type and version, screen resolution, and language preferences
  • Usage data: pages viewed, links clicked, time spent on pages, referring URL, and the dealer website from which you accessed the Web Chat
  • Chat metadata: timestamps, session duration, and interaction patterns within the Web Chat
  • Cookies and similar technologies: as described in Section 7 below

2.3 Information from Third Parties

We may receive information from third-party sources, including dealer management systems (DMS), customer relationship management (CRM) platforms, OEM systems, and data providers that dealers integrate with the Toma platform. This may include vehicle inventory data, customer records (where the dealer has obtained appropriate consent), and transaction history.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing and operating the Services: powering Web Chat conversations, generating AI responses, providing payment and affordability estimates, facilitating dealer follow-up, and delivering chat transcripts and analytics to the applicable dealer
  • Communications: sending you SMS messages or initiating phone calls if you have opted in or requested such communications through the Web Chat; sending appointment reminders, follow-up messages, and service-related notifications
  • Improvement and development: training and improving Toma’s AI models using de-identified and aggregated conversation data; analyzing usage patterns to enhance the Services; and developing new features
  • Dealer operations: sharing Chat User information with the applicable dealer for customer relationship management, sales follow-up, and service operations
  • Security and compliance: detecting and preventing fraud, abuse, or security incidents; enforcing our Terms of Service; and complying with legal obligations
  • Analytics and reporting: generating aggregated, de-identified reports and benchmarks for dealers and for Toma’s internal business purposes

4. How We Share Your Information

We share personal information in the following circumstances:

With the applicable dealer.

When you interact with the Web Chat on a dealer’s website, your contact information, vehicle interest, conversation transcript, and related data are shared with that dealer for the purposes of customer service, sales follow-up, and dealer operations. The dealer is the data controller with respect to personal information collected through the Web Chat on its website. You should review the dealer’s own privacy policy for information about how the dealer processes your data.

With service providers.

We share information with trusted third-party service providers who perform services on our behalf, such as cloud hosting (e.g., AWS), analytics, SMS delivery, telephony, and customer support. These providers are contractually obligated to use your information only for the purposes of providing services to Toma and to maintain appropriate security measures.

With dealer-integrated systems.

For Dealer Users and at the dealer’s direction, we may share information with the dealer’s DMS, CRM, OEM systems, or other integrated platforms to support the dealer’s business operations.

For legal and safety purposes.

We may disclose information if we believe in good faith that disclosure is necessary to: (a) comply with applicable law, regulation, legal process, or governmental request; (b) enforce our Terms of Service; (c) detect, prevent, or address fraud, security, or technical issues; or (d) protect the rights, property, or safety of Toma, our users, or the public.

In connection with corporate transactions.

If Toma is involved in a merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will provide notice if your information becomes subject to a different privacy policy.

Aggregated and de-identified data.

We may share aggregated or de-identified data that cannot reasonably be used to identify you for benchmarking, research, marketing, or other business purposes.

5. SMS and Phone Communications

5.1 Consent

We will only send you SMS text messages or initiate phone calls if you have affirmatively opted in through the Web Chat (for example, by providing your phone number and clicking “Let’s go!” or “Request a call”) or if you have otherwise provided your express consent. Consent is not a condition of any purchase.

5.2 Types of Messages

Messages may include: responses to your Web Chat inquiries continued via SMS, appointment confirmations and reminders, vehicle availability updates, follow-up communications related to your expressed vehicle interest, and service-related notifications.

5.3 Message Frequency and Rates

Message frequency varies based on your interactions. Standard message and data rates from your wireless carrier may apply.

5.4 Opt-Out

You may opt out of SMS messages at any time by replying STOP to any message from Toma. After opting out, you will receive a single confirmation message. To resume messages, text START. You may also contact us at support@toma.com to manage your communication preferences.

5.5 TCPA Compliance

Toma’s SMS and calling practices are designed to comply with the Telephone Consumer Protection Act (TCPA) and applicable state telemarketing and communication laws. Dealers that use the Web Chat are responsible for ensuring that their use complies with all applicable laws and for obtaining any additional consents required under federal, state, or local law.

6. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

  • Web Chat conversations and associated contact information are retained for up to thirty-six (36) months from the date of the interaction, or longer if required by the applicable dealer’s data-retention requirements or applicable law.
  • Dealer User account information is retained for the duration of the dealer’s active subscription and for a reasonable period thereafter for legal and business purposes.
  • Automatically collected data (usage data, cookies) is retained for up to twenty-four (24) months.

After the applicable retention period, personal information is deleted or de-identified in accordance with our data-retention policies.

7. Cookies and Tracking Technologies

The Web Chat and the Site use cookies and similar technologies (such as local storage and pixel tags) for the following purposes:

  • Essential functionality: maintaining your chat session, remembering your preferences, and enabling the Web Chat to function properly.
  • Analytics: understanding how the Web Chat and Site are used, measuring performance, and identifying areas for improvement.
  • Personalization: tailoring the Web Chat experience based on your browsing context (such as the vehicle page you are viewing).

We do not use cookies for cross-site behavioral advertising. You may manage cookie preferences through your browser settings. Disabling cookies may affect the functionality of the Web Chat.

8. Data Security

Toma maintains administrative, technical, and physical safeguards aligned with SOC 2 standards to protect your personal information. These safeguards include:

  • Encryption of data in transit (TLS) and at rest
  • Least-privilege access controls and role-based permissions
  • Continuous security monitoring and incident response procedures
  • Regular security assessments and audits
  • Employee security training and access management

While we take reasonable measures to protect your information, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security.

9. Your Rights and Choices

9.1 California Residents (CCPA/CPRA)

If you are a California resident, you may have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the sources, the purposes, and the categories of third parties with whom we share it.
  • Right to delete: You may request that we delete personal information we have collected from you, subject to certain exceptions.
  • Right to correct: You may request that we correct inaccurate personal information.
  • Right to opt out of sale/sharing: Toma does not sell your personal information. We do not share personal information for cross-context behavioral advertising.
  • Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, please submit a request to support@toma.com. We will verify your identity before processing your request.

9.2 Other State Privacy Rights

Residents of other states with applicable privacy laws (such as Virginia, Colorado, Connecticut, Utah, and others) may have similar rights. Please contact us at support@toma.com to exercise any applicable rights.

10. Children’s Privacy

The Services are not intended for anyone under the age of 13. We do not knowingly collect personal information from children under 13. If you believe that a child under 13 has provided us with personal information through the Web Chat or otherwise, please contact us at support@toma.com and we will promptly delete it.

11. Geographic Scope

Toma’s infrastructure and support teams are located in the United States. The Services are intended for use within the United States. We do not intentionally market to or knowingly collect data from residents of the European Economic Area (EEA) or the United Kingdom. If you are located outside the United States and choose to use the Services, you understand that your information will be transferred to and processed in the United States, where data-protection laws may differ from those in your jurisdiction.

12. Dealer as Data Controller

With respect to personal information collected from Chat Users through the Web Chat embedded on a dealer’s website, the dealer—not Toma—acts as the data controller. Toma processes this personal information on behalf of, and at the direction of, the applicable dealer as a service provider (or “processor”). Dealers are responsible for complying with all applicable data-privacy and data-protection laws, including providing required notices and obtaining required consents from Chat Users. Chat Users should refer to the privacy policy of the applicable dealer to understand how their personal information is processed by the dealer.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will post the revised policy on this page and update the “Last updated” date above. For Dealer Users with active accounts, we may also provide notice by email or in-app notification. Your continued use of the Services after any changes constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy, our data practices, or wish to exercise your privacy rights, please contact us at:

Toma, Inc.

277 Carolina St., San Francisco, CA 94103

support@toma.com

Hand-drawn pencil sketch of a confident man with glasses wearing a collared shirt.
“My time with Toma has been a perfect 10. It saves us so much time across the board.”
Black and white pencil sketch portrait of a bald man wearing a dark shirt, with a neutral expression.
"Toma has been a game changer."
“Phones blow up during recall events or vacation seasons. With Toma, we don’t even feel it anymore.”
Black and white pencil sketch of a smiling woman with shoulder-length hair wearing a blazer.
"Toma keeps my service advisors off the phone and focused on customers in-store."
Black and white pencil sketch of a smiling man with a beard and slicked-back hair wearing a collared shirt.
"The team at Toma has made adopting AI at my dealership easy."
"After turning Toma on and listening to the first few recordings, it felt like we have another member of the team on the phone."

See Toma in action

Experience how Toma can scale your dealership’s operations with a thoughtful AI deployment.
Book a demo