Privacy Policy
Effective May 18, 2026
This Privacy Policy describes how Sagamore Studio LLC (“Sagamore Studio”, “we”, “us”), a Massachusetts limited liability company, collects, uses, and shares information when you use the Toad mobile application and related services (collectively, the “Service”).
Toad is a tool that helps residents avoid street-cleaning tickets and stay aware of parking restrictions on streets they choose to watch. To do that, the Service needs to know where you are and which streets you care about. This policy explains what that looks like in practice.
The short version. We collect the minimum data needed to run the Service: your account identifiers from your sign-in provider, the streets you watch, and your approximate location when you ask the app to find nearby streets. We do not sell your data, and we do not use third-party analytics or tracking beyond what is described below. The free tier shows ads supplied by Google AdMob; the premium tier is ad-free. You can delete your account and all associated data at any time from inside the app.
1. Information we collect
1.1 Information you provide when you create an account
Toad uses Firebase Authentication (operated by Google LLC) to handle sign-in. Depending on which method you use, we receive from Firebase one or more of the following:
- Your email address (email sign-in, Google sign-in, Apple sign-in if you choose to share it).
- Your display name and profile photo URL (Google and Apple sign-in, where provided by you).
- An opaque user identifier from your sign-in provider (Google subject ID, Apple user ID).
- Your phone number (phone sign-in only; this method is currently disabled).
- A Firebase user ID (a random string Firebase assigns to your account).
We do not see or store your password. Email/password authentication is handled entirely by Firebase.
1.2 Location information
When the app is open and you have granted location permission, we use your device’s location for the following purposes:
- To identify the street segment nearest to you (the “yellow card” on the home screen).
- To detect which city you are in during onboarding.
- To reverse-geocode your coordinates into a human-readable address (handled by our backend via the OpenStreetMap Nominatim service).
Location data is sent to our backend only while you have the app open and only when needed to answer one of the requests above. We do not run background location tracking. We do not retain a persistent history of your past locations in your account.
1.3 Watched streets and preferences
The list of street segments you choose to watch, your notification preferences (lead time, per-street toggles, permit alerts), and your subscription tier are stored on our servers and associated with your account so they can sync across devices.
1.4 Device information
To deliver push notifications and enforce per-user limits, we store:
- A random device identifier (UUID) generated locally by the app.
- Your Firebase Cloud Messaging (FCM) push token, when you have notifications enabled.
- Your platform (iOS / Android) and app version.
- Counters for how many times you have refreshed your location today (used to enforce free-tier rate limits).
1.5 Crash and error reports
If the app or our backend crashes or hits an error, we send a report to Sentry (operated by Functional Software, Inc.). Reports include: the type of error, a stack trace, app version, operating system version, and your Firebase user ID (so we can correlate errors across services). They do not include the contents of your watchlist or the streets you have searched.
1.6 Server logs
Our backend records standard request logs (IP address, request path, response code, timestamp). These are retained for a short period for operational reasons (debugging, rate-limit enforcement, abuse prevention) and are not used to build a profile of you.
1.7 Advertising
The free tier of Toad shows ads supplied by Google AdMob (operated by Google LLC). To serve these ads, the Google Mobile Ads SDK embedded in the app collects your device’s advertising identifier (the Android Advertising ID or, on iOS, the IDFA if you allow tracking), coarse device and ad-interaction information, and your IP address. Google uses this to deliver and measure ads and, where you have consented, to personalize them. Where required (for example in the EEA/UK), the app presents a consent prompt before personalized ads are shown; you can decline and still use Toad with non-personalized ads. You can reset or limit your advertising identifier in your device settings. Premium-tier users do not see ads, and no ad identifier is requested for them.
1.8 Information we do not collect
We do not use Google Analytics, Firebase Analytics, the Facebook SDK, or any equivalent analytics tracker. Apart from the Google AdMob advertising use described in Section 1.7, we do not access your contacts, photos, calendar, microphone, camera, or health data. We do not currently use any payment processor; if and when we add subscriptions, the payment-related disclosures in Section 4 will apply.
2. How we use information
We use the information described above to:
- Operate the Service: identify nearby streets, surface upcoming sweeping and permit restrictions, sync your watchlist, send notifications you have opted into.
- Authenticate you when you open the app or call our backend.
- Enforce free-tier and abuse-prevention rate limits.
- Diagnose crashes and operational issues.
- Communicate with you about your account when you contact us for support, or about material changes to the Service (rare).
We do not use your information to train machine-learning models or to sell to third parties. We do not ourselves build advertising profiles; ad serving and any ad personalization are performed by Google AdMob as described in Section 1.7, subject to your consent where required.
3. Service providers we share information with
To run Toad we share limited information with the following service providers, each of which is contractually or by published policy obligated to handle that information for the purpose we specify.
| Provider | Purpose | Information shared |
|---|---|---|
| Google LLC (Firebase Authentication) | Account sign-in, password management | Email, password, OAuth credentials, phone number (if used) |
| Google LLC (Firebase Cloud Messaging) | Push notification delivery | FCM push token, notification payload |
| Functional Software, Inc. (Sentry) | Crash and error reporting | Stack traces, app/OS version, Firebase user ID |
| Google LLC (AdMob) | Serving and measuring ads in the free tier | Advertising identifier, IP address, ad-interaction and coarse device data |
| Hetzner Online GmbH | Hosting our backend and database (Nuremberg, Germany) | All data we store on our backend |
| Cloudflare, Inc. | Proxying Boston open-data queries (no personal data passes through) | None about you personally; only public data queries |
| OpenStreetMap Foundation (Nominatim) | Reverse geocoding latitude/longitude into an address | Latitude and longitude only; no account identifier |
We do not share your information with any party for that party’s own marketing purposes. We do not engage in any “sale” or “sharing” of personal information as those terms are defined under the California Consumer Privacy Act or similar laws.
4. Payments and subscriptions
Toad is free to use. We are building a paid premium tier; when it launches, payments will be processed by a third party (currently planned: Stripe, Inc. for web/in-app web checkout, and/or the Apple App Store and Google Play billing systems for in-app purchases). Payment-card information is handled by those providers and is never sent to or stored on our servers. We will receive a record that you purchased a subscription, the subscription identifier, and your subscription status, but not your card number.
5. Where information is stored and processed
Our backend and database are hosted in Nuremberg, Germany, on Hetzner Cloud. Firebase Authentication and FCM are operated by Google and process data in the United States and other countries where Google operates. Sentry processes error reports in the United States. If you use Toad from outside the country where these services operate, your information will be transferred to and processed in those countries.
6. How long we keep information
- Account data (Firebase Authentication records, watchlist, preferences, devices) is kept while your account exists. When you delete your account, this data is deleted within 30 days (see Section 9).
- Server request logs are kept for up to 30 days.
- Crash and error reports in Sentry are kept for 90 days by default.
- Database backups are retained for up to 14 days; data deleted from the active database may persist in a backup for that period before being overwritten.
- Audit records of subscription grants and revocations, if applicable, are retained as long as we have a legal or tax-record-keeping obligation to do so.
7. Security
We use industry-standard measures to protect the information we hold: encrypted transport (HTTPS / TLS) for all client–server traffic, encryption at rest on our database storage volume, scoped API credentials, principle-of-least-privilege access, and short-lived authentication tokens. No system is perfectly secure; if we become aware of a breach that affects your information, we will notify you as required by law.
8. Your choices and rights
You can, at any time:
- Turn location permission off in your device settings. The yellow card and city-detection features will stop working; the rest of the app continues to function.
- Turn notifications off in your device settings or per-street inside the app.
- Edit your watchlist and preferences from inside the app.
- Delete your account from Settings → Delete account inside the app, or via the process described at heytoad.app/delete-account.
Depending on where you live, you may have additional rights under data-protection laws — for example, the right to access, correct, port, or restrict processing of your information (GDPR), or the right to know, correct, and delete (CCPA / CPRA). To exercise these rights, email us at hello@sagamore.studio. We will respond within the timeframe required by applicable law.
9. Account deletion
Deleting your account from inside the app triggers an immediate call to our backend that:
- Removes your saved-segments rows, devices rows, and preferences from our database.
- Deletes your account from Firebase Authentication.
- Clears the local SQLite cache on the device.
Residual copies may persist in encrypted database backups for up to 14 days before being overwritten on the normal backup-rotation schedule. Crash reports already sent to Sentry continue to live out Sentry’s 90-day retention window; we will purge them earlier on written request.
If you cannot access the app for any reason, see heytoad.app/delete-account for a web-based deletion process.
10. Children
Toad is not directed to children under the age of 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us at hello@sagamore.studio and we will delete it.
11. Changes to this policy
We may update this policy from time to time. When we do, we will update the “Effective” date at the top of this page. Material changes will be announced inside the app or by email at least 14 days before they take effect. Your continued use of the Service after a change becomes effective constitutes acceptance of the revised policy.
12. Contact
Questions, requests, or complaints about this policy or about how we handle your information:
Sagamore Studio LLC
Email: hello@sagamore.studio