Privacy Policy
Welcome to Tatte. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website tatte-cafe.rest, place an order, interact with our services, or otherwise engage with us. Please read this policy carefully. If you do not agree with the terms of this Privacy Policy, please discontinue use of our website and services.
By accessing or using our website and services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. This policy applies to all users located in the United States and is designed to comply with applicable federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other relevant consumer protection regulations.
1. About Us
Tatte is a food service business operating through our website at tatte-cafe.rest. We are dedicated to providing our customers with an exceptional dining and ordering experience. If you have any questions or concerns about this Privacy Policy or our data practices, please contact us using the information provided below.
2. Information We Collect
We collect several types of information from and about users of our website and services. This includes information you provide to us directly, information collected automatically when you use our services, and information obtained from third parties.
2.1 Personal Information You Provide to Us
When you interact with Tatte — whether by placing an order, creating an account, signing up for our newsletter, or contacting us — you may voluntarily provide us with the following categories of personal information:
- Identity Information: Full name, username, or similar identifiers.
- Contact Information: Email address, mailing address, telephone number, and billing address.
- Payment Information: Credit card numbers, debit card numbers, billing details, and other financial information necessary to process your payment. Note that payment information is processed through secure third-party payment processors and is not stored on our servers in its entirety.
- Order Information: Details about the food items you have ordered, special dietary preferences or restrictions, delivery preferences, and order history.
- Account Credentials: Username and password if you create an account on our platform.
- Communications Data: Any messages, feedback, reviews, or other content you submit to us via contact forms, email, or customer support channels.
- Marketing Preferences: Your preferences for receiving marketing communications and newsletters from us.
2.2 Information Collected Automatically
When you visit our website at tatte-cafe.rest, we and our third-party service providers may automatically collect certain technical and usage information, including:
- Device Information: IP address, browser type and version, operating system and platform, device type (desktop, tablet, mobile), hardware model, and unique device identifiers.
- Usage Data: Pages visited on our website, links clicked, time and date of your visit, time spent on each page, referring URLs, exit pages, and navigation patterns.
- Log Data: Server log files that record activity on our website, including error reports and performance data.
- Location Information: General geographic location inferred from your IP address. We may also collect more precise location data if you grant us permission to do so through your device settings (for example, to provide delivery services).
- Cookie and Tracking Data: Information collected through cookies, web beacons, pixel tags, and similar tracking technologies. Please refer to Section 8 of this policy for more information about our use of cookies.
2.3 Information from Third Parties
We may also receive information about you from third parties, including:
- Social Media Platforms: If you connect your social media account to our services or interact with us on social media, we may receive information consistent with your privacy settings on those platforms.
- Payment Processors: Information necessary to confirm payment and prevent fraud.
- Delivery Partners: Information related to the status and completion of your delivery orders.
- Analytics Providers: Aggregated data about how users interact with our website and services.
- Marketing Partners: Contact information and demographic data used to deliver targeted advertising with your consent where required.
3. How We Use Your Information
We use the personal information we collect for a variety of legitimate business purposes. Below is a detailed explanation of how and why we process your data:
3.1 Service Provision and Order Fulfillment
- To process and fulfill your food orders, including preparing, packaging, and delivering your purchases.
- To manage and maintain your account on our platform.
- To process payments and prevent fraudulent transactions.
- To communicate with you about the status of your orders, including confirmations, updates, and delivery notifications.
- To respond to your inquiries, requests, and customer support needs.
3.2 Analytics and Service Improvement
- To analyze usage patterns, trends, and preferences to better understand how our customers use our website and services.
- To monitor the performance of our website and identify technical issues.
- To develop new features, products, and services based on user feedback and behavior.
- To conduct internal research and development aimed at improving the quality of our food and service offerings.
3.3 Marketing and Communications
- To send you promotional emails, newsletters, special offers, and other marketing communications about our products and services, where you have provided consent or where permitted by applicable law.
- To personalize your experience on our website by displaying content and offers relevant to your preferences and order history.
- To serve targeted advertisements through third-party advertising platforms.
- To conduct surveys and gather feedback about your experience with Tatte.
You may opt out of receiving marketing communications from us at any time by clicking the "unsubscribe" link in any marketing email we send, or by contacting us directly at [email protected].
3.4 Legal and Compliance Purposes
- To comply with applicable laws, regulations, and legal obligations.
- To enforce our Terms of Service and other agreements.
- To protect the rights, property, and safety of Tatte, our customers, and the public.
- To detect, investigate, and prevent fraudulent transactions, abuse, and other illegal activities.
- To respond to legal process, court orders, subpoenas, and lawful requests from governmental authorities.
4. Sharing Your Information with Third Parties
We value your privacy and do not sell, trade, or rent your personal information to unrelated third parties for their own marketing purposes without your explicit consent. However, we may share your information in the following circumstances:
4.1 Service Providers and Business Partners
We engage trusted third-party service providers to help us operate our business and deliver services to you. These providers are granted access to your personal information only to the extent necessary to perform their services and are contractually obligated to maintain the confidentiality and security of your data. Categories of service providers include:
- Payment Processors: Companies that process credit card and other payment transactions on our behalf.
- Delivery Services: Third-party couriers and delivery platforms that fulfill your orders.
- Cloud Hosting Providers: Companies that provide data storage and server infrastructure.
- Analytics Providers: Companies such as Google Analytics that help us analyze website traffic and user behavior.
- Email Marketing Platforms: Services that help us manage and send marketing communications.
- Customer Support Tools: Platforms that facilitate our customer service operations.
- Security and Fraud Prevention Services: Companies that help protect our platform from fraudulent activity.
4.2 Legal Requirements and Protection of Rights
We may disclose your personal information to governmental or regulatory authorities, law enforcement agencies, or other parties where we believe disclosure is necessary to:
- Comply with a legal obligation, court order, or binding governmental request.
- Enforce our Terms of Service or other agreements.
- Protect the rights, property, or safety of Tatte, our users, or the general public.
- Investigate and prevent fraud, security breaches, or other illegal activities.
4.3 Business Transfers
In the event that Tatte undergoes a merger, acquisition, reorganization, sale of assets, or bankruptcy proceedings, your personal information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website if such a transfer occurs and your information becomes subject to a different privacy policy.
4.4 With Your Consent
We may share your information with other third parties when you have given us your explicit consent to do so, such as when you participate in joint promotional programs or opt in to third-party services through our platform.
5. Data Security
We take the security of your personal information seriously and have implemented a range of technical, organizational, and administrative measures designed to protect your data against unauthorized access, loss, destruction, alteration, or disclosure. These measures include:
5.1 Technical Safeguards
- Encryption: We use Secure Sockets Layer (SSL) / Transport Layer Security (TLS) technology to encrypt data transmitted between your browser and our website. Sensitive data such as payment information is encrypted both in transit and at rest.
- Access Controls: We restrict access to personal information to authorized employees, contractors, and service providers who have a legitimate need to access such data to perform their job functions.
- Firewalls and Intrusion Detection: We employ firewalls and intrusion detection systems to protect our network infrastructure.
- Regular Security Assessments: We conduct periodic reviews and assessments of our data security practices to identify and address potential vulnerabilities.
5.2 Organizational Safeguards
- Employee training on data protection and privacy best practices.
- Data minimization principles — we only collect data that is necessary for the stated purposes.
- Contractual obligations imposed on third-party service providers to maintain adequate security standards.
- Incident response procedures to address data breaches promptly and in accordance with applicable law.
While we implement stringent security measures, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security of your information. If you believe your information has been compromised, please contact us immediately at [email protected].
6. Your Privacy Rights
Depending on your location and applicable law, you may have certain rights regarding your personal information. We respect and honor these rights as described below.
6.1 Rights Under the California Consumer Privacy Act (CCPA/CPRA)
If you are a California resident, you have the following rights under the CCPA as amended by the CPRA:
| Right | Description |
|---|---|
| Right to Know | You have the right to request information about the categories and specific pieces of personal information we have collected about you, the purposes for which we use it, and the third parties with whom we share it. |
| Right to Delete | You have the right to request the deletion of personal information we have collected about you, subject to certain legal exceptions. |
| Right to Correct | You have the right to request correction of inaccurate personal information we maintain about you. |
| Right to Opt-Out of Sale/Sharing | You have the right to opt out of the sale or sharing of your personal information with third parties for cross-context behavioral advertising. |
| Right to Limit Use of Sensitive Personal Information | You have the right to limit our use and disclosure of sensitive personal information to what is necessary to provide the requested service. |
| Right to Non-Discrimination | We will not discriminate against you for exercising any of your CCPA/CPRA rights. You will not receive different pricing, quality of service, or level of access because you exercised your privacy rights. |
| Right to Data Portability | You have the right to receive a copy of your personal information in a portable, readily usable format. |
6.2 General Privacy Rights (All U.S. Users)
Regardless of your state of residence, you have the following general privacy rights with respect to your personal information:
- Right of Access: You may request access to the personal information we hold about you.
- Right to Correction: You may request that we correct or update inaccurate or incomplete personal information.
- Right to Deletion: You may request that we delete your personal information, subject to applicable legal obligations.
- Right to Opt-Out of Marketing: You may unsubscribe from marketing communications at any time.
- Right to Withdraw Consent: Where our processing of your data is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out prior to the withdrawal.
6.3 How to Exercise Your Rights
To exercise any of your privacy rights, please submit a verifiable request to us by:
- Emailing us at: [email protected]
We will respond to your verifiable request within 45 days of receipt. If we require additional time (up to an additional 45 days), we will notify you in writing of the extension and the reason for it. We may need to verify your identity before processing your request to protect your security and privacy.
You may also designate an authorized agent to submit requests on your behalf. If you use an authorized agent, we may require written permission and verification of your identity directly.
7. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Our general retention guidelines are as follows:
| Category of Data | Retention Period |
|---|---|
| Account and Registration Information | For the duration of your account plus 3 years after account closure |
| Order and Transaction Records | 7 years (to comply with tax and financial record-keeping obligations) |
| Customer Support Communications | 3 years from the date of the last interaction |
| Marketing Preferences and Consent Records | 3 years from the date of last consent or opt-out |
| Website Usage and Analytics Data | 26 months (in line with standard analytics retention practices) |
| Cookie and Tracking Data | Varies by cookie type (see Section 8) |
| Legal Dispute or Claim-Related Data | Duration of the dispute plus applicable statute of limitations |
Upon expiration of the applicable retention period, we will securely delete or anonymize your personal information so that it can no longer be associated with you.
8. Cookies and Tracking Technologies
Our website tatte-cafe.rest uses cookies and similar tracking technologies (such as web beacons, pixel tags, and local storage) to enhance your browsing experience, analyze website traffic, and deliver relevant content and advertising.
8.1 What Are Cookies?
Cookies are small text files placed on your device by a website when you visit it. They are widely used to make websites function properly and to provide information to the website owners. Some cookies are essential for the operation of our website, while others are used to improve your experience or to help us understand how users interact with our services.
8.2 Types of Cookies We Use
- Strictly Necessary Cookies: These cookies are essential for the basic functionality of our website, such as session management, shopping cart functionality, and security features. These cannot be disabled.
- Performance and Analytics Cookies: These cookies collect anonymous information about how visitors use our website, including which pages are visited most often and how users navigate the site. We use this data to improve the performance and usability of our website.
- Functionality Cookies: These cookies remember your preferences and settings (such as language, location, and previously ordered items) to provide a personalized experience.
- Marketing and Advertising Cookies: These cookies are used to deliver advertisements relevant to your interests. They also limit the number of times you see an ad and help measure the effectiveness of advertising campaigns.
8.3 Managing Cookies
You can control and manage cookies in several ways. Most browsers allow you to refuse or accept cookies, delete existing cookies, and set preferences for certain websites. Please note that disabling certain cookies may affect the functionality of our website and your ability to use certain features. For detailed instructions on how to manage cookies, please refer to your browser's help documentation.
For more detailed information about our use of cookies, please see our full Cookie Policy, available on our website at tatte-cafe.rest.
9. Children's Privacy
Our website and services are intended for use by individuals who are 18 years of age or older. We do not knowingly collect, use, or disclose personal information from children under the age of 13, and we do not direct our services to children.
In compliance with the Children's Online Privacy Protection Act (COPPA) and other applicable laws, if we learn that we have inadvertently collected personal information from a child under the age of 13 without verified parental consent, we will take immediate steps to delete that information from our records.
If you are a parent or guardian and you believe that your child under the age of 13 has provided us with personal information without your consent, please contact us immediately at [email protected] so that we can investigate and take appropriate action.
10. International Data Transfers
Tatte is headquartered in the United States, and our services are primarily directed to users located within the United States. However, some of our third-party service providers and business partners may be located in, or operate from, other countries. As a result, your personal information may be transferred to, stored in, or processed in countries other than the United States.
When we transfer personal information internationally, we take steps to ensure that appropriate safeguards are in place to protect your data and to ensure that such transfers comply with applicable law. These safeguards may include:
- Entering into data processing agreements with our service providers that include appropriate data transfer clauses.
- Transferring data only to countries that have been deemed to provide an adequate level of data protection.
- Implementing contractual, technical, and organizational measures to ensure the security of transferred data.
By using our services, you acknowledge and consent to the potential transfer of your personal information to countries outside of the United States. If you have questions about international data transfers, please contact us at [email protected].
11. Third-Party Links and Services
Our website may contain links to third-party websites, applications, or services that are not owned or controlled by Tatte. This Privacy Policy does not apply to any third-party websites or services. We encourage you to review the privacy policies of any third-party platforms you visit through links on our website, as we have no control over and assume no responsibility for the content, privacy practices, or security of those sites.
We are not responsible for the information collection, use, disclosure, or security practices of any third-party websites or organizations, including payment processors, social media platforms, or analytics providers.
12. Do Not Track Signals
Some web browsers and mobile operating systems include a "Do Not Track" (DNT) feature or setting that you can activate to signal your preference not to have data about your online browsing activities monitored and collected. At this time, there is no uniform technology standard for recognizing and implementing DNT signals. Accordingly, we do not currently respond to browser DNT signals or similar mechanisms.
However, we do offer you other choices regarding data collection and use, as described in this Privacy Policy and our Cookie Policy. California residents may also have additional rights under the California "Shine the Light" law and the California Online Privacy Protection Act (CalOPPA).
13. California Privacy Rights — Additional Disclosures
In addition to the rights described in Section 6 of this Privacy Policy, California residents are entitled to certain additional disclosures under California law, including the CCPA/CPRA, CalOPPA, and the California "Shine the Light" law (California Civil Code Section 1798.83).
13.1 Categories of Personal Information Collected in the Past 12 Months
We have collected the following categories of personal information from California consumers in the past 12 months:
| Category | Examples | Collected |
|---|---|---|
| Identifiers | Name, email address, IP address, device identifiers | Yes |
| Personal Records | Name, address, telephone number, payment information | Yes |
| Commercial Information | Order history, purchase records, food preferences | Yes |
| Internet/Network Activity | Browsing history on our website, search queries, cookies | Yes |
| Geolocation Data | General location from IP address; precise location with consent | Yes |
| Inferences | Preferences inferred from order history and browsing behavior | Yes |
| Sensitive Personal Information | Payment card information processed through secure payment processors | Yes |
13.2 "Shine the Light" Request
California Civil Code Section 1798.83 permits California residents who have an established business relationship with us to request, once per calendar year, information about the categories of personal information (if any) shared with third parties for direct marketing purposes. To make such a request, please contact us at [email protected] with "Shine the Light Request" in the subject line.
14. How to File a Complaint
If you believe that we have not handled your personal information in accordance with this Privacy Policy or applicable law, we encourage you to first contact us directly so that we can address your concerns.
Primary Contact for Privacy Complaints:
Email: [email protected]
Website: tatte-cafe.rest
We will investigate your complaint and endeavor to provide a response within 30 days of receipt. If you are not satisfied with our response, you may have the right to file a complaint with the appropriate regulatory authority.
14.1 Filing a Complaint with Regulatory Authorities
Depending on your location, you may have the right to file a complaint with one or more of the following authorities:
- California Privacy Protection Agency (CPPA): California residents may file complaints with the California Privacy Protection Agency, which is responsible for enforcing the CCPA/CPRA. Visit cppa.ca.gov for more information.
- California Attorney General's Office: You may also report privacy violations to the California Attorney General's Office at oag.ca.gov.
- Federal Trade Commission (FTC): You may file a complaint with the FTC regarding unfair or deceptive trade practices, including violations of privacy representations. Visit ftc.gov or call 1-877-FTC-HELP (1-877-382-4357).
- State Attorney General: Residents of other U.S. states may have the right to file complaints with their respective state Attorney General's office regarding violations of applicable state privacy laws.
15. Changes to This Privacy Policy
We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our data practices, legal requirements, or business operations. When we make material changes to this policy, we will:
- Update the "Last Updated" date at the top of this page.
- Post a prominent notice on our website notifying users of the changes.
- Where required by applicable law, notify you directly via email or other appropriate means.
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website and services following the posting of changes constitutes your acceptance of the updated Privacy Policy.
16. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to reach out to us. We are committed to addressing your privacy concerns promptly and transparently.
Privacy Inquiries — Contact Information
Company Name: Tatte
Email Address: [email protected]
Website: tatte-cafe.rest
When contacting us about a privacy matter, please provide sufficient information to allow us to verify your identity and understand the nature of your request. We will do our best to respond to all inquiries in a timely and thorough manner, in accordance with our legal obligations.