Privacy Policy

This Privacy Policy describes how Tatte ("we," "us," or "our") collects, uses, discloses, and safeguards your personal information when you visit our website at bakery-tatte.rest, place orders, interact with our services, or otherwise engage with us. Please read this policy carefully. By using our website or services, you acknowledge that you have read and understood this Privacy Policy.

We are committed to protecting your privacy and handling your personal data in an open and transparent manner. This Privacy Policy is designed to comply with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and the Federal Trade Commission Act (FTC Act), among other applicable regulations.

1. About Us

Tatte is a food business operating in the United States. We operate the website bakery-tatte.rest and provide food-related products and services to our customers. We act as the data controller for the personal information collected through our website and related services.

2. Information We Collect

We collect various types of information in connection with the services we provide. The categories of personal information we may collect include the following:

2.1 Personal Identification Information

When you interact with our website, create an account, place an order, or contact us, we may collect personally identifiable information, including but not limited to:

• Full name
• Email address
• Phone number
• Billing and shipping address
• Date of birth (where applicable, for age verification or promotional purposes)
• Username and password (for registered accounts)
• Payment information (processed securely through third-party payment processors)
• Dietary preferences or restrictions (if voluntarily provided)

2.2 Transaction and Order Data

When you place an order with us, we collect information related to your purchase, including:

• Order history and details
• Items purchased or browsed
• Order value and payment method type
• Delivery preferences and instructions
• Customer service communications related to orders

2.3 Usage and Analytics Data

When you visit our website, we automatically collect certain technical information about your browsing activity. This may include:

• IP address
• Browser type and version
• Operating system
• Pages visited and time spent on each page
• Referring URLs (the website you came from before visiting ours)
• Search queries made on our website
• Clickstream data
• Time and date of visits
• Session duration

2.4 Device Information

We may collect information about the device you use to access our website, including:

• Device type (desktop, mobile, tablet)
• Device identifiers
• Mobile network information
• Screen resolution and display settings
• Hardware model

2.5 Cookie and Tracking Technology Data

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about your interactions with our website. For a comprehensive explanation of how we use cookies, please refer to the Cookie Policy section below and our dedicated Cookie Policy page.

2.6 Communications Data

If you contact us via email, phone, or contact forms, we may retain records of that communication, including:

• Content of messages sent to us
• Email correspondence
• Feedback and survey responses
• Reviews and testimonials (if submitted)

2.7 Marketing Preferences

We collect information about your marketing preferences, including whether you have opted in or out of receiving promotional communications from us, and your response to our marketing materials.

2.8 Information from Third Parties

We may receive information about you from third parties, including:

• Social media platforms (if you interact with our social media pages or use social login features)
• Third-party delivery platforms or partners
• Analytics service providers
• Advertising partners
• Payment processors confirming successful transactions

3. How We Use Your Information

We use the personal information we collect for various legitimate business purposes. The specific ways in which we use your information include:

3.1 Service Provision and Order Fulfillment

• Processing and fulfilling your food orders
• Managing your account and providing customer support
• Arranging delivery or pickup of products
• Communicating with you about your orders and providing order confirmations
• Processing payments and refunds
• Resolving disputes and troubleshooting problems

3.2 Website Operations and Improvement

• Operating and maintaining our website and digital services
• Improving website functionality, user experience, and content
• Conducting internal research and analytics
• Diagnosing technical problems and monitoring system performance
• Developing new features, products, and services

3.3 Marketing and Promotional Communications

• Sending you promotional emails, newsletters, and special offers (where you have consented or where permitted by law)
• Personalizing marketing content based on your preferences and order history
• Conducting customer surveys and gathering feedback
• Displaying targeted advertisements on our website and third-party platforms
• Running loyalty programs or promotional campaigns

You have the right to opt out of marketing communications at any time. See Your Rights below for more details.

3.4 Legal Compliance and Safety

• Complying with applicable laws, regulations, and legal processes
• Enforcing our Terms of Service and other agreements
• Detecting and preventing fraud, unauthorized activities, and security breaches
• Protecting the rights, property, and safety of Tatte, our customers, and the public
• Responding to legal requests from law enforcement or government authorities

3.5 Analytics and Business Intelligence

• Understanding how customers use our website and services
• Analyzing purchasing trends and customer preferences
• Measuring the effectiveness of our marketing campaigns
• Generating aggregated, anonymized reports for business purposes

4. How We Share Your Information

We do not sell, rent, or trade your personal information to unaffiliated third parties for their own marketing purposes. However, we may share your information in the following circumstances:

4.1 Service Providers and Business Partners

We work with trusted third-party service providers who assist us in operating our business and providing services to you. These service providers may have access to your personal information only to the extent necessary to perform their functions and are obligated to maintain the confidentiality and security of your data. Such service providers include:

• Payment processors – to securely process financial transactions
• Delivery and logistics partners – to fulfill food delivery orders
• Email marketing platforms – to send promotional and transactional communications
• Analytics providers – such as Google Analytics, to understand website usage
• Cloud hosting and IT service providers – to store and manage data securely
• Customer support platforms – to manage customer service inquiries
• Advertising networks – to display relevant advertisements

4.2 Legal Requirements

We may disclose your personal information if we are required to do so by law or in response to valid legal processes, including:

• Court orders, subpoenas, or other judicial processes
• Requests from law enforcement agencies or regulatory authorities
• To comply with federal, state, or local laws and regulations
• To protect our legal rights and interests in litigation

4.3 Business Transfers

In the event of a merger, acquisition, sale of assets, restructuring, or other corporate transaction, your personal information may be transferred as part of that transaction. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.

4.4 Protection of Rights

We may disclose your information when we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Tatte, our customers, employees, or others, including for the purpose of fraud prevention and credit risk reduction.

4.5 Aggregated and De-Identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you with third parties for research, marketing, analytics, or other purposes.

5. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your experience, analyze traffic, and support our marketing activities. Cookies are small text files stored on your device when you visit our website.

5.1 Types of Cookies We Use

5.2 Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to refuse or accept cookies, delete existing cookies, and set preferences for certain websites. Please note that disabling certain cookies may affect the functionality of our website. For more detailed information about the cookies we use and your options, please refer to our full Cookie Policy.

5.3 Do Not Track Signals

Some browsers offer a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. Currently, our website does not respond to DNT signals. However, you may opt out of certain tracking as described in this policy and our Cookie Policy.

6. Data Security

We take the security of your personal information seriously and implement a variety of technical, administrative, and physical security measures designed to protect your information from unauthorized access, use, alteration, or disclosure.

6.1 Security Measures We Implement

• Encryption: We use Secure Socket Layer (SSL) / Transport Layer Security (TLS) encryption to protect data transmitted between your browser and our servers.
• Access Controls: Access to personal information is restricted to authorized personnel who have a legitimate business need to access it.
• Secure Payment Processing: We do not store full credit card numbers on our servers. All payment transactions are processed through PCI-DSS compliant third-party payment processors.
• Regular Security Audits: We conduct regular reviews and assessments of our information security practices.
• Employee Training: Our staff receives training on data protection and privacy best practices.
• Incident Response: We have procedures in place to detect, respond to, and notify affected individuals in the event of a data breach, as required by applicable law.

6.2 Limitations of Security

Despite our best efforts, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your personal information. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately at [email protected].

7. Your Privacy Rights

Depending on your location and applicable law, you may have various rights regarding your personal information. We are committed to honoring these rights in accordance with applicable United States privacy laws.

7.1 Rights Under the California Consumer Privacy Act (CCPA/CPRA)

If you are a California resident, you have the following rights under the CCPA as amended by the CPRA:

• Right to Know: You have the right to request that we disclose what personal information we collect, use, disclose, and sell about you.
• Right to Delete: You have the right to request the deletion of personal information we have collected from you, subject to certain exceptions.
• Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising.
• Right to Limit Use of Sensitive Personal Information: You have the right to limit our use and disclosure of sensitive personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.
• Right to Data Portability: You may request a copy of your personal information in a portable and readily usable format.

7.2 General Privacy Rights (All Users)

Regardless of your location, we provide all users with the following rights:

• Right to Access: You may request access to the personal information we hold about you.
• Right to Correction: You may request that we update or correct inaccurate information.
• Right to Deletion: You may request deletion of your personal data where we no longer have a legitimate reason to retain it.
• Right to Opt-Out of Marketing: You may opt out of receiving marketing communications at any time by clicking the "unsubscribe" link in our emails or by contacting us directly.
• Right to Withdraw Consent: Where processing is based on your consent, you may withdraw that consent at any time.

7.3 How to Exercise Your Rights

To exercise any of your privacy rights, please contact us using the information below:

We will respond to your request within 45 days as required under CCPA/CPRA. In complex cases, we may extend this period by an additional 45 days with notice. We may need to verify your identity before fulfilling your request. You may also designate an authorized agent to submit a request on your behalf.

8. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

8.1 Retention Periods

When personal information is no longer needed, we securely delete or anonymize it in accordance with our data retention and disposal procedures.

9. Children's Privacy

Our website and services are intended for individuals who are 18 years of age or older. We do not knowingly collect, solicit, or maintain personal information from children under the age of 13, and we do not direct our services to children.

In compliance with the Children's Online Privacy Protection Act (COPPA), if we become aware that we have inadvertently collected personal information from a child under the age of 13 without verifiable parental consent, we will take immediate steps to delete that information from our records.

If you are a parent or guardian and believe that your child under 13 has provided us with personal information, please contact us immediately at [email protected] so that we can take appropriate action.

We also comply with applicable state laws regarding the privacy of minors. We do not knowingly sell or share personal information of consumers under the age of 16 without affirmative opt-in consent, as required under the CCPA/CPRA.

10. International Data Transfers

Tatte is based in the United States, and we process and store data primarily within the United States. If you access our website or services from outside the United States, please be aware that your personal information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your home country.

By using our website and services from outside the United States, you acknowledge that your personal information may be processed in the United States in accordance with this Privacy Policy.

Where we transfer personal information internationally, we take steps to ensure that appropriate safeguards are in place to protect your information, which may include contractual protections and compliance with applicable data transfer mechanisms.

11. Third-Party Links and Services

Our website may contain links to third-party websites, services, or applications that are not operated or controlled by us. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services before providing your personal information.

We are not responsible for the privacy practices or the content of third-party websites, and we make no representations or warranties about the privacy practices of such third parties.

12. Your Marketing Choices

We may use your personal information to send you promotional communications about our products, services, special offers, and events. You have choices about how we use your information for marketing purposes.

12.1 Email Marketing

You can opt out of receiving promotional emails by:

• Clicking the "Unsubscribe" link in any promotional email we send you
• Contacting us at [email protected] with the subject line "Unsubscribe"

Please note that even if you opt out of marketing emails, we may still send you transactional and service-related emails (such as order confirmations and account notifications).

12.2 SMS/Text Marketing

If you have opted in to receive SMS marketing from us, you may opt out at any time by replying "STOP" to any of our text messages or by contacting us at [email protected].

12.3 Targeted Advertising

You can opt out of certain targeted advertising by adjusting your cookie preferences or through industry opt-out tools such as the Digital Advertising Alliance (DAA) opt-out mechanism.

13. California-Specific Disclosures

In addition to the rights described in Section 7, California residents have the following specific rights and disclosures under California law:

13.1 Categories of Personal Information Collected

In the past 12 months, we have collected the following categories of personal information from California consumers, as defined under CCPA/CPRA:

• Identifiers (name, email address, IP address)
• Commercial information (products purchased, purchase history)
• Internet or other electronic network activity information (browsing history, search history)
• Geolocation data (derived from IP address)
• Inferences drawn from personal information to create a profile

13.2 Do Not Sell or Share My Personal Information

California residents have the right to opt out of the sale or sharing of their personal information. To exercise this right, please contact us at [email protected] or visit our website at bakery-tatte.rest.

13.3 Shine the Light Law

California Civil Code Section 1798.83 (the "Shine the Light" law) permits California residents to request information about our disclosure of personal information to third parties for their direct marketing purposes during the preceding calendar year. To make such a request, please contact us at [email protected].

14. How to File a Complaint

If you believe we have violated your privacy rights or applicable data protection laws, we encourage you to contact us first so we can address your concerns.

14.1 Regulatory Complaints

If you are not satisfied with our response, you have the right to file a complaint with the relevant regulatory authority:

• Federal Trade Commission (FTC): The FTC enforces federal consumer protection and privacy laws. You may file a complaint at ftc.gov/complaint or by calling 1-877-FTC-HELP (1-877-382-4357).
• California Privacy Protection Agency (CPPA): California residents may file a complaint with the CPPA at cppa.ca.gov regarding violations of CCPA/CPRA.
• State Attorney General: You may also file a complaint with your state's Attorney General's office regarding consumer privacy violations.

15. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, legal requirements, or business operations. When we make material changes, we will:

• Update the "Last Updated" date at the top of this Privacy Policy
• Post the revised Privacy Policy on our website at bakery-tatte.rest
• Where required by law or where changes are material, notify you by email or through a prominent notice on our website

Your continued use of our website and services after the effective date of any changes constitutes your acknowledgment of the revised Privacy Policy. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please do not hesitate to contact our privacy team:

We are committed to working with you to resolve any privacy concerns. Our team will respond to your inquiry within 45 days of receipt, or sooner where required by applicable law.