Privacy Policy

Welcome to Tatte. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website tattebakerycafe.click, make purchases, interact with our services, or otherwise engage with us. Please read this policy carefully. If you disagree with its terms, please discontinue use of our site and services.

This Privacy Policy applies to all information collected through our website (tattebakerycafe.click), as well as any related services, sales, marketing, or events (collectively referred to as the "Services").

1. Who We Are

Tatte is a food business operating in the United States. We operate the website tattebakerycafe.click and provide food-related products and services to our customers. For the purposes of this Privacy Policy, "we," "us," and "our" refer to Tatte.

2. Applicable Laws and Regulations

As a business operating in the United States, we are subject to various federal and state privacy laws, including but not limited to:

• The Federal Trade Commission Act (FTC Act), which governs unfair or deceptive practices in commerce, including those relating to privacy and data security.
• The California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), which provide California residents with specific rights regarding their personal information.
• The Children's Online Privacy Protection Act (COPPA), which restricts the collection of personal information from children under the age of 13.
• The CAN-SPAM Act, which governs commercial email communications.
• Other applicable state privacy laws, including those in Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and Texas (TDPSA) where applicable.

We are committed to full compliance with all applicable privacy regulations and continuously review our practices to ensure ongoing compliance as laws evolve.

3. Information We Collect

We collect several types of information from and about users of our Services, including information you provide directly to us, information collected automatically, and information from third parties.

3.1 Personal Information You Provide Directly

When you interact with our Services, you may voluntarily provide us with personal information, including:

• Contact Information: Your name, email address, mailing address, telephone number, and other similar contact data.
• Account Information: Username, password, and other credentials used to create or access an account with us.
• Payment Information: Credit or debit card numbers, billing address, and other financial data necessary to process your transactions. Note that we do not store full payment card details — these are processed through secure, third-party payment processors.
• Order Information: Details about the products and services you order, including your food preferences, dietary restrictions, and special requests.
• Communication Data: Any information you include in messages, feedback forms, customer service inquiries, surveys, reviews, or other communications you send to us.
• Loyalty Program Data: If you participate in any loyalty or rewards programs, we collect information related to your participation, including points earned and redeemed.
• Marketing Preferences: Your preferences for receiving marketing communications from us and our third-party partners.

3.2 Usage Data Collected Automatically

When you use our website and Services, certain information is automatically collected, including:

• Log and Usage Data: IP address, browser type and version, operating system, referring URLs, pages visited, time spent on pages, links clicked, and similar browsing behavior.
• Device Information: Information about the device you use to access our Services, including hardware model, operating system and version, unique device identifiers, and mobile network information.
• Location Data: General geographic location based on your IP address. With your permission, we may also collect precise geolocation data from your mobile device.
• Transaction Data: Details about purchases made through our website, including items ordered, order frequency, and transaction amounts.
• Communication Metadata: Data about how and when you interact with our emails, such as open rates and link clicks.

3.3 Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about your interactions with our website. This information helps us improve the functionality and user experience of our Services, and to deliver relevant advertising. For more detailed information about our cookie practices, please refer to Section 9 (Cookie Policy) of this document.

3.4 Information from Third Parties

We may receive information about you from third-party sources, including:

• Social Media Platforms: If you connect your social media accounts to our Services or interact with our social media pages, we may receive information from those platforms.
• Analytics Providers: Companies that provide data analytics services and help us understand how our website is used.
• Marketing Partners: Partners who help us reach potential customers and refine our advertising efforts.
• Review Platforms: Third-party review sites where customers leave public feedback about our products and services.
• Payment Processors: Information from payment processors to confirm transaction success or flag potential fraud.

4. How We Use Your Information

We use the information we collect for a variety of legitimate business purposes, including:

4.1 Providing and Improving Our Services

• Processing and fulfilling your food orders and transactions.
• Creating and managing your account.
• Providing customer support and responding to your inquiries.
• Personalizing your experience on our website and with our Services.
• Improving the design, content, and functionality of our website.
• Developing new products, services, and features.
• Managing our loyalty and rewards programs.

4.2 Communications

• Sending you transactional emails and notifications related to your orders, account activity, and customer service interactions.
• Sending you marketing and promotional communications about our products, special offers, seasonal menus, and events — where you have consented or where we have a legitimate interest to do so.
• Responding to your comments, questions, and feedback.
• Sending administrative information, such as updates to our terms and policies.

4.3 Analytics and Research

• Monitoring and analyzing usage patterns and trends to understand how users interact with our Services.
• Conducting market research and analyzing customer preferences to improve our food offerings.
• Generating aggregated and anonymized statistical data for internal and external reporting purposes.

4.4 Marketing and Advertising

• Delivering targeted advertising based on your interests and browsing behavior, both on our website and on third-party platforms.
• Measuring the effectiveness of our marketing campaigns.
• Retargeting users who have previously visited our website.

4.5 Legal and Compliance Purposes

• Complying with applicable laws, regulations, and legal obligations.
• Enforcing our Terms of Service and other agreements.
• Detecting, preventing, and addressing fraud, security incidents, and other illegal or unauthorized activities.
• Protecting the rights, property, and safety of Tatte, our customers, and the public.
• Responding to lawful requests from government authorities and law enforcement.

5. How We Share Your Information

We may share your personal information in certain circumstances. We do not sell your personal information to third parties for their own marketing purposes. We may share your data as follows:

5.1 Service Providers

We engage trusted third-party companies and individuals to perform services on our behalf. These service providers have access to your personal information only as necessary to perform their functions and are contractually obligated not to disclose or use it for any other purpose. Our service providers include:

• Payment processing companies
• Order fulfillment and delivery services
• Email and marketing communications platforms
• Website hosting and cloud infrastructure providers
• Analytics and data processing companies
• Customer relationship management (CRM) software providers
• Fraud detection and cybersecurity services

5.2 Business Transfers

If Tatte is involved in a merger, acquisition, asset sale, financing, or other business transaction, your personal information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website before your personal information is transferred and becomes subject to a different privacy policy.

5.3 Legal Requirements

We may disclose your personal information if required to do so by law or in response to valid requests by public authorities (such as a court or government agency), including to:

• Comply with a legal obligation, subpoena, or court order.
• Protect and defend the rights or property of Tatte.
• Prevent or investigate possible wrongdoing in connection with our Services.
• Protect the personal safety of users of the Services or the public.
• Protect against legal liability.

5.4 With Your Consent

We may share your personal information with third parties when you have given us your explicit consent to do so, such as when you choose to participate in joint promotions or partner offers.

5.5 Aggregated and Anonymized Data

We may share aggregated or anonymized information that does not directly identify you with third parties for research, marketing, analytics, and other purposes.

6. Data Security

We take the security of your personal information seriously and implement a variety of technical, administrative, and physical security measures to protect your data from unauthorized access, disclosure, alteration, and destruction. These measures include:

• Encryption: We use Secure Socket Layer (SSL) / Transport Layer Security (TLS) technology to encrypt data transmitted between your browser and our servers. Sensitive data, such as payment information, is encrypted both in transit and at rest.
• Access Controls: Access to personal data is restricted to authorized employees and service providers who have a legitimate need to access it for the purposes outlined in this policy. All authorized personnel are subject to confidentiality obligations.
• Regular Security Assessments: We conduct periodic security reviews, vulnerability assessments, and penetration testing to identify and address potential weaknesses in our systems.
• Data Minimization: We collect only the personal information that is necessary for the purposes described in this policy.
• Incident Response: We maintain an incident response plan to address any data security breaches promptly and effectively. In the event of a breach that affects your personal information, we will notify you in accordance with applicable law.
• Secure Payment Processing: Payment card information is processed through PCI-DSS compliant payment processors. We do not store raw payment card numbers on our servers.

7. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information. We respect and honor these rights to the fullest extent required by applicable law.

7.1 Rights for All Users

• Right to Access: You have the right to request information about the personal data we hold about you, including the categories of data, the purposes for which it is used, and with whom it is shared.
• Right to Correction: You have the right to request that we correct inaccurate or incomplete personal information about you.
• Right to Deletion: You may request that we delete your personal information, subject to certain exceptions (such as where we are required by law to retain it, or where it is necessary for the performance of a contract).
• Right to Opt-Out of Marketing: You may opt out of receiving marketing communications from us at any time by clicking the "unsubscribe" link in any marketing email or by contacting us directly.
• Right to Data Portability: Where technically feasible, you may request that we provide your personal data in a structured, commonly used, machine-readable format.

7.2 Additional Rights for California Residents (CCPA/CPRA)

If you are a resident of California, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: You have the right to know what personal information we have collected about you, the categories of sources from which it was collected, the business or commercial purpose for collecting it, and the categories of third parties with whom we share it.
• Right to Delete: You have the right to request deletion of personal information we have collected from you, subject to certain exceptions.
• Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale or Sharing: You have the right to direct us not to sell or share your personal information with third parties. We do not sell personal information as defined under the CCPA/CPRA.
• Right to Limit Use of Sensitive Personal Information: You have the right to limit our use and disclosure of sensitive personal information to only what is necessary to perform the services you requested.
• Right to Non-Discrimination: You have the right not to be discriminated against for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge you different prices, or provide a different level or quality of services as a result of exercising your rights.

7.3 How to Exercise Your Rights

To exercise any of your privacy rights, please contact us using the following methods:

• Email: [email protected]
• Website: tattebakerycafe.click

We will respond to your request within 45 days of receipt. If we need more time (up to an additional 45 days), we will inform you of the reason and the extension in writing. We may need to verify your identity before fulfilling your request. We will not charge a fee for processing your request unless your request is excessive, repetitive, or manifestly unfounded.

8. Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. The specific retention periods depend on the type of data and the purpose for which it is used:

When personal information is no longer needed for the purpose for which it was collected, we will securely delete or anonymize it. In some cases, we may be required to retain certain data for longer periods due to legal obligations, regulatory requirements, or ongoing legal proceedings.

9. Cookie Policy

We use cookies and similar tracking technologies to enhance your experience on our website. This section provides a summary of our cookie practices.

9.1 What Are Cookies?

Cookies are small text files that are placed on your computer or mobile device when you visit a website. They are widely used to make websites work more efficiently and to provide information to website owners.

9.2 Types of Cookies We Use

• Strictly Necessary Cookies: These cookies are essential for the operation of our website. They enable core functions such as security, network management, and account access. You cannot opt out of these cookies.
• Performance and Analytics Cookies: These cookies collect information about how visitors use our website, such as which pages they visit most often and whether they receive error messages. We use this data to improve our website's performance. These cookies are set by us or by trusted third-party services like Google Analytics.
• Functionality Cookies: These cookies allow our website to remember choices you make (such as your language preference, region, or login details) to provide a more personalized experience.
• Targeting and Advertising Cookies: These cookies are used to deliver advertising content relevant to you and your interests. They are also used to limit the number of times you see an advertisement and to measure the effectiveness of advertising campaigns. They are usually placed by advertising networks with our permission.

9.3 Managing Your Cookie Preferences

Most web browsers allow you to control cookies through browser settings. You can typically set your browser to refuse all cookies, accept only certain types, or alert you when a cookie is being sent. Please note that disabling certain cookies may affect the functionality of our website. To learn more about managing cookies, visit www.allaboutcookies.org.

For more detailed information about the cookies we use, please contact us at [email protected].

10. Children's Privacy

Our Services are intended for use by individuals who are at least 18 years of age. We do not knowingly collect personal information from children under the age of 18. If you are under 18, please do not use our Services or provide us with any personal information.

If we learn that we have inadvertently collected personal information from a child under the age of 18, we will take immediate steps to delete such information from our records. If you are a parent or guardian and you believe that your child has provided us with personal information without your consent, please contact us immediately at [email protected] so that we can take appropriate action.

In compliance with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect, use, or disclose personal information from children under the age of 13 without verifiable parental consent. If you have reason to believe that a child under 13 has provided personal information to us, please contact us, and we will delete that information promptly.

11. International Data Transfers

Tatte is based in the United States, and our Services are primarily intended for users within the United States. However, if you access our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States.

The United States may not offer the same level of data protection as your home country. By using our Services and providing us with your personal information, you consent to the transfer of your information to the United States and the processing of your data in accordance with this Privacy Policy.

Where we transfer personal information internationally, we take steps to ensure that appropriate safeguards are in place to protect your personal information and to ensure that the transfer complies with applicable privacy laws. These safeguards may include contractual protections and adherence to recognized data transfer frameworks.

12. Third-Party Links and Services

Our website may contain links to third-party websites, plug-ins, and applications (such as social media platforms, review sites, or partner services). Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies or practices.

We encourage you to read the privacy policy of every website you visit. The inclusion of a link on our website does not imply our endorsement or any association with those third parties.

13. Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals websites that you do not want your online activity tracked. Currently, there is no universally accepted standard for how websites should respond to DNT signals. As a result, our website does not currently respond to DNT browser signals. We will continue to monitor developments in this area and update our practices accordingly if a uniform standard is established.

14. Email Marketing and Communications

With your consent, we may send you marketing emails about our food products, seasonal offerings, special promotions, loyalty program updates, and other news about Tatte. These communications are governed by the CAN-SPAM Act and other applicable laws.

14.1 Your Marketing Communication Rights

• You have the right to opt out of receiving marketing emails from us at any time.
• Every marketing email we send includes a clear and easy-to-use "unsubscribe" link.
• You may also opt out by contacting us directly at [email protected] with the subject line "Unsubscribe."
• After you opt out, we will process your request within 10 business days, as required by law.
• Please note that even if you opt out of marketing communications, you may still receive transactional and administrative emails related to your account and orders.

15. How to File a Complaint with a Data Protection Authority

If you are a California resident and believe that we have not handled your personal information in accordance with the CCPA/CPRA, you have the right to file a complaint with the California Privacy Protection Agency (CPPA).

You may also file a complaint with the Federal Trade Commission (FTC) if you believe we have engaged in unfair or deceptive practices:

We strongly encourage you to contact us first at [email protected] before filing a complaint with any regulatory authority, as we are committed to resolving privacy concerns directly and promptly.

Residents of other states with applicable privacy laws (Virginia, Colorado, Connecticut, Texas, etc.) may also have the right to appeal our decisions regarding your privacy rights requests and, if necessary, to file a complaint with the relevant state attorney general's office.

16. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time and for any reason. We will notify you of any material changes by:

• Updating the "Last Updated" date at the top of this Privacy Policy.
• Sending an email notification to the email address associated with your account (for material changes).
• Posting a prominent notice on our website.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our Services after any changes to this Privacy Policy will constitute your acknowledgment of the changes and your consent to be subject to the updated policy.

If you object to any changes to this Privacy Policy, you may close your account and discontinue use of our Services. However, for data that we have already collected, the version of this Privacy Policy that was in effect at the time of collection will continue to apply unless you request otherwise.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please do not hesitate to contact our privacy team. We are committed to addressing your concerns promptly and transparently.

We aim to respond to all privacy-related inquiries within 30 days of receipt. For California residents submitting verifiable consumer requests, we will respond within 45 days, with the possibility of a 45-day extension where reasonably necessary.