Privacy Policy

2. Information We Collect

2.1 Information You Provide

• Personal Identification Information: Name, email address, phone number, delivery and billing addresses
• Account Information: Username, password, order history, favorite items, and account preferences
• Payment Information: Credit/debit card details, payment method preferences (stored securely through encrypted third-party payment processors)
• Food Service Specific Data:
  • Dietary preferences and restrictions (vegetarian, vegan, gluten-free, etc.)
  • Allergen information you provide for safety purposes
  • Special dietary requirements (halal, kosher, organic preferences)
  • Order customizations and special instructions
  • Table reservation details and party size preferences
  • Catering event information and requirements
  • Loyalty program participation and rewards data
• Communication Data: Contact form submissions, customer service inquiries, reviews, and feedback
• Marketing Preferences: Email subscription choices, promotional preferences, and communication settings

2.2 Automatically Collected Information

• Device Information: IP address, browser type and version, operating system, device identifiers
• Usage Data: Pages visited, time spent on site, click patterns, search queries, referring websites
• Location Data: Approximate location based on IP address for delivery service availability
• Cookie Data: Session identifiers, user preferences, shopping cart contents, authentication tokens
• Performance Data: Website load times, error reports, feature usage statistics

2.3 Information from Third Parties

• Social Media: Profile information if you connect social media accounts or use social login features
• Payment Processors: Transaction verification and fraud prevention data from payment service providers
• Delivery Partners: Delivery status updates and location information during order fulfillment
• Marketing Partners: Campaign performance data and aggregated demographic insights
• Review Platforms: Public reviews and ratings you post about our services

3. How We Use Your Information

3.1 Service Provision

• Order Processing: Fulfilling food orders, processing payments, coordinating delivery and pickup
• Account Management: Creating and maintaining user accounts, authentication, and security
• Customer Support: Responding to inquiries, resolving issues, and providing assistance
• Quality Improvement: Analyzing service performance and optimizing our operations
• Safety Compliance: Ensuring food safety through allergen tracking and dietary requirement management

3.2 Communication

• Order Updates: Confirmation emails, preparation status, delivery notifications
• Account Notifications: Security alerts, account changes, password resets
• Important Notices: Service updates, policy changes, safety alerts
• Marketing Communications: Promotional offers, new menu items, special events (only with your explicit consent)
• Loyalty Programs: Rewards updates, point balances, special member offers

3.3 Marketing and Analytics

• Personalized Experience: Customizing website content, recommending menu items based on preferences
• Traffic Analysis: Understanding website usage patterns and popular content
• Campaign Effectiveness: Measuring marketing performance and return on investment
• Market Research: Developing new menu items and services based on customer preferences
• Trend Analysis: Identifying food trends and seasonal preferences

3.4 Legal Compliance

• Legal Obligations: Complying with applicable laws, regulations, and legal processes
• Fraud Prevention: Detecting and preventing fraudulent activities and security threats
• Rights Protection: Protecting our rights, property, safety, and that of our customers and employees
• Dispute Resolution: Resolving conflicts, investigating complaints, and legal proceedings

4. Information Sharing and Disclosure

4.1 Service Providers

• Payment Processors: Secure handling of financial transactions (Stripe, PayPal, etc.)
• Delivery Services: Third-party delivery partners for order fulfillment
• Cloud Storage: Secure data storage and backup services (AWS, Google Cloud)
• Email Services: Marketing and transactional email platforms (Mailchimp, SendGrid)
• Analytics Tools: Website and app performance analysis (Google Analytics, Hotjar)
• Customer Support: Help desk and chat support platforms

4.2 Legal Requirements

• Court orders, subpoenas, and other legal processes
• Compliance with applicable laws and regulations
• Protection of rights, property, and safety
• Emergency situations requiring immediate disclosure

4.3 Business Transfers

• Mergers, acquisitions, or sale of business assets
• Customer notification will be provided before any transfer
• New ownership must comply with this privacy policy or notify you of changes

4.4 With Your Consent

• Any other purposes with your explicit consent
• Social media sharing when you choose to connect accounts
• Third-party integrations you specifically request

5. Data Security

5.1 Technical Measures

• Encryption: SSL/TLS encryption for all data transmission between your device and our servers
• Secure Storage: AES-256 encryption for sensitive data at rest
• Access Controls: Multi-factor authentication and role-based access limitations
• Monitoring: 24/7 security monitoring and intrusion detection systems
• Backups: Regular secure data backups with encryption and access controls
• Firewalls: Advanced firewall systems and network security protocols

5.2 Organizational Measures

• Employee Training: Regular security awareness training for all staff members
• Access Policies: Strict data access policies with principle of least privilege
• Confidentiality Agreements: All employees and contractors sign data protection agreements
• Incident Response: Comprehensive security incident response and recovery procedures
• Security Audits: Regular third-party security assessments and penetration testing

5.3 Your Responsibilities

• Strong Passwords: Use unique, complex passwords for your account
• Account Security: Never share your login credentials with others
• Public Computers: Always log out when using shared or public devices
• Suspicious Activity: Report any unauthorized account access immediately
• Software Updates: Keep your devices and browsers updated with security patches

6. Cookies and Tracking Technologies

Tracking Technologies Used

• Google Analytics: Website traffic analysis and user behavior insights
• Facebook Pixel: Social media advertising effectiveness measurement
• Web Beacons: Email open rates and engagement tracking
• Local Storage: Browser-based data storage for improved user experience
• Session Storage: Temporary data storage for current browsing session

Cookie Management: You can control cookies through your browser settings to accept, reject, or delete cookies. Please note that disabling certain cookies may affect website functionality and your user experience.

7. Your Rights (GDPR/CCPA Compliance)

• 7.1 Right of Access: Request to view all personal data we hold about you
• 7.2 Right to Rectification: Request correction of inaccurate or incomplete personal data
• 7.3 Right to Erasure (Right to be Forgotten): Request deletion of your personal data
• 7.4 Right to Restrict Processing: Request limitation on how we use your data
• 7.5 Right to Data Portability: Receive your data in a machine-readable format
• 7.6 Right to Object: Object to processing, especially for marketing purposes
• 7.7 Right Against Automated Decision-Making: Request human review of automated decisions

8. Children's Privacy

Our services are not intended for children under the age of 16. We do not knowingly collect personal information from children under 16 without parental consent.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. We will take steps to remove such information from our systems promptly.

9. International Data Transfers

9.1 Protection Measures

• EU-Japan adequacy decisions for compliant countries
• Standard Contractual Clauses (SCCs) for international transfers
• Binding Corporate Rules for intra-group transfers
• Appropriate technical and organizational security measures
• Regular compliance audits and assessments

9.2 Transfer Destinations

• United States: Cloud storage and data processing services
• European Union: Analytics and marketing services
• Other Countries: As needed for service provision with appropriate safeguards

10. Data Retention Periods

Safe Data Disposal

• Complete electronic deletion using industry-standard methods (overwriting, degaussing)
• Physical destruction of paper records through secure shredding
• Verification that data is unrecoverable after disposal
• Maintenance of disposal records for compliance purposes

11. Third-Party Links

Our website may contain links to external websites operated by third parties. We are not responsible for the privacy practices or content of these external sites.

We encourage you to review the privacy policies of any third-party websites before providing personal information. Your interactions with third-party sites are governed by their respective privacy policies, not ours.

12. Policy Changes

12.1 Change Notification Methods

• Prominent notice on our website homepage
• Email notification to registered users
• Pop-up notification upon login
• Explicit consent request for significant changes affecting your rights

12.2 Staying Informed

• The most current version is always available on our website
• Check the "Last Updated" date at the top of this policy
• Continued use of our services constitutes acceptance of policy changes
• You may discontinue using our services if you disagree with changes

14. Withdrawal of Consent

14.1 Marketing Consent Withdrawal

• Email Unsubscribe: Click the unsubscribe link in any marketing email
• Account Settings: Update your communication preferences in your user account
• Customer Support: Contact us directly to opt out of all marketing communications
• Phone: Call us during business hours to update your preferences

14.2 Account Deletion Process

1. Log into your account and go to Account Settings
2. Select "Delete Account" option
3. Confirm your identity through email verification
4. Review what data will be retained for legal compliance
5. Confirm deletion request
6. Receive confirmation email within 24 hours

Note: Some information may be retained as required by law for tax, legal, and regulatory purposes even after account deletion.