Privacy Policy
This Privacy Policy explains how Zupas ("we," "us," or "our") collects, uses, discloses, and safeguards your personal information when you visit our website at zupascafe.click, place orders, use our services, or otherwise interact with us. Please read this policy carefully. By accessing or using our website and services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy.
We are committed to protecting your privacy and handling your personal data with transparency and integrity. This policy is designed to comply with applicable United States privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other applicable federal and state privacy regulations.
1. About Us
Zupas is a food service business operating in the United States. We provide customers with delicious food options through our website and physical locations. Our commitment to quality extends beyond our food — we are equally committed to protecting the privacy and security of our customers' personal information.
| Company Name | Zupas |
|---|---|
| Website | zupascafe.click |
| Email Address | [email protected] |
| Country of Operation | United States |
2. Information We Collect
We collect various types of information in connection with your use of our website and services. The categories of personal information we may collect include:
2.1 Personal Identification Information
When you create an account, place an order, sign up for our newsletter, participate in a promotion, or otherwise interact with us, we may collect:
- Full name
- Email address
- Phone number
- Mailing address and delivery address
- Date of birth (for age verification purposes)
- Username and password for account access
- Profile photo (if voluntarily provided)
2.2 Payment and Financial Information
When you make a purchase through our website or mobile platform, we collect payment-related information, which may include:
- Credit or debit card details (processed through secure third-party payment processors)
- Billing address
- Transaction history and order details
- Gift card numbers or promotional codes used
Please note that we do not directly store complete credit card numbers on our servers. Payment processing is handled by PCI-DSS-compliant third-party processors.
2.3 Order and Transaction Information
We collect information related to your orders and transactions, including:
- Items ordered, customizations, and special instructions
- Order dates and times
- Delivery or pickup preferences
- Order history and frequency
- Loyalty points and reward redemptions
2.4 Usage Data and Technical Information
When you visit our website at zupascafe.click, we automatically collect certain technical and usage information, including:
- IP address and approximate geographic location
- Browser type and version
- Operating system and device type
- Referring URLs and exit pages
- Pages viewed, links clicked, and time spent on pages
- Search queries entered on our website
- Session duration and frequency of visits
2.5 Cookie and Tracking Data
We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about your browsing behavior on our website. This data helps us improve your experience, analyze site traffic, and deliver personalized content. For detailed information about our cookie practices, please refer to Section 9 of this Privacy Policy.
2.6 Communications Data
If you contact us by email, through our website contact form, by phone, or through social media, we may collect and retain:
- The content of your messages and correspondence
- Customer service records and call logs
- Feedback, reviews, and survey responses
- Social media handles and public profile information
2.7 Location Information
With your permission, we may collect precise or approximate location data to help you find our nearest location, process delivery orders, or provide location-based offers and promotions. You can disable location services through your device settings at any time.
2.8 Information from Third Parties
We may receive information about you from third-party sources, such as:
- Social media platforms when you connect your account or interact with our social media pages
- Third-party delivery service partners
- Analytics and advertising service providers
- Publicly available databases
3. How We Use Your Information
We use the personal information we collect for a variety of purposes related to operating our business and providing our services. Specifically, we may use your information for the following purposes:
3.1 Service Provision and Order Fulfillment
- To process and fulfill your food orders and transactions
- To create and manage your customer account
- To arrange delivery or pickup of your orders
- To process payments and issue receipts
- To manage loyalty programs and reward points
- To respond to your inquiries, complaints, and requests
3.2 Communication and Customer Service
- To send you order confirmations, updates, and status notifications
- To respond to your questions and provide customer support
- To notify you of changes to our menu, hours, policies, or services
- To send important administrative messages about your account
3.3 Marketing and Promotional Activities
- To send you promotional emails, newsletters, and special offers (where you have consented or as otherwise permitted by law)
- To personalize marketing communications based on your preferences and order history
- To conduct contests, promotions, and surveys
- To display targeted advertising on our website or third-party platforms
- To analyze the effectiveness of our marketing campaigns
You may opt out of receiving marketing communications at any time by clicking the "unsubscribe" link in any promotional email or by contacting us at [email protected].
3.4 Analytics and Business Improvement
- To monitor and analyze website traffic, usage patterns, and user behavior
- To improve our website functionality, menu offerings, and overall customer experience
- To conduct market research and develop new products and services
- To measure customer satisfaction and identify areas for improvement
3.5 Legal Compliance and Safety
- To comply with applicable laws, regulations, and legal processes
- To enforce our Terms of Service and other agreements
- To detect, investigate, and prevent fraudulent transactions and other illegal activities
- To protect the rights, property, and safety of Zupas, our customers, and others
- To respond to lawful requests from public and government authorities
3.6 Operational and Administrative Purposes
- To maintain and improve our IT systems and website security
- To manage our business relationships with service providers and partners
- To conduct internal audits and business analysis
- To verify your identity and prevent unauthorized access
4. Legal Basis for Processing
Under applicable U.S. privacy laws, including the CCPA/CPRA, we process your personal information based on the following grounds:
- Contract Performance: Processing necessary to fulfill your orders and provide the services you have requested.
- Legitimate Business Interests: Processing for purposes such as fraud prevention, security, business analytics, and improving our services.
- Legal Obligation: Processing required to comply with applicable laws and regulations.
- Consent: Where you have provided explicit consent, such as for receiving marketing communications or enabling location services.
5. Sharing Your Information with Third Parties
We do not sell, rent, or trade your personal information to third parties for their independent marketing purposes. However, we may share your information in the following circumstances:
5.1 Service Providers and Business Partners
We may share your personal information with trusted third-party service providers who assist us in operating our business, including:
- Payment Processors: To securely process your payment transactions
- Delivery Partners: To fulfill delivery orders
- Email and Marketing Platforms: To manage and deliver communications
- Analytics Providers: To analyze website traffic and user behavior (e.g., Google Analytics)
- Cloud Hosting Providers: To store and process data securely
- Customer Support Tools: To manage customer service interactions
- IT Security Services: To protect against fraud and cyber threats
All third-party service providers are required to maintain the confidentiality of your personal information and are prohibited from using it for purposes other than providing services to us.
5.2 Legal Requirements and Law Enforcement
We may disclose your personal information if we believe in good faith that such disclosure is necessary to:
- Comply with a legal obligation, court order, or government request
- Enforce our Terms of Service or protect our legal rights
- Prevent or investigate potential wrongdoing in connection with our services
- Protect the personal safety of our customers, employees, or the public
- Respond to a lawful request by public authorities, including to meet national security or law enforcement requirements
5.3 Business Transfers
In the event that Zupas undergoes a merger, acquisition, sale of assets, bankruptcy, or other business transition, your personal information may be transferred to the acquiring entity as part of that transaction. We will notify you via email or a prominent notice on our website before your personal information is transferred and becomes subject to a different privacy policy.
5.4 With Your Consent
We may share your personal information with additional third parties when you have given us your explicit consent to do so.
5.5 Aggregated and De-Identified Data
We may share aggregated or de-identified information that cannot reasonably be used to identify you with third parties for research, marketing, analytics, and other purposes.
6. Data Security
We take the security of your personal information seriously and implement a range of technical, administrative, and physical safeguards to protect it from unauthorized access, disclosure, alteration, or destruction.
6.1 Security Measures
Our security measures include:
- Encryption: We use Secure Socket Layer (SSL) / Transport Layer Security (TLS) technology to encrypt data transmitted between your browser and our website.
- Access Controls: Access to personal data is restricted to authorized personnel who need it to perform their job functions.
- Secure Payment Processing: Payment information is processed using PCI-DSS-compliant third-party processors.
- Firewalls and Intrusion Detection: We use firewall protection and intrusion detection systems to monitor for unauthorized access.
- Regular Security Audits: We conduct regular security assessments and vulnerability testing of our systems.
- Employee Training: Our employees receive training on data privacy and security best practices.
- Incident Response Procedures: We have established procedures to respond to and manage data security incidents.
6.2 Data Breach Notification
In the event of a data breach that is likely to affect your rights and freedoms, we will notify affected individuals and relevant authorities as required by applicable law, including the FTC Act requirements and applicable state data breach notification laws. Notifications will be sent via email or through a prominent notice on our website.
6.3 Your Responsibility
While we take significant steps to protect your information, no security system is impenetrable. You are responsible for maintaining the confidentiality of your account password and for any activities that occur under your account. Please notify us immediately at [email protected] if you suspect any unauthorized access to your account.
7. Your Privacy Rights
Depending on your state of residence, you may have certain rights regarding your personal information. We are committed to honoring these rights in accordance with applicable law.
7.1 Rights Under the California Consumer Privacy Act (CCPA/CPRA)
If you are a California resident, you have the following rights under the CCPA as amended by the CPRA:
- Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the sources from which it was collected, the purposes for which it is used, and the categories of third parties with whom it is shared.
- Right to Delete: You have the right to request that we delete the personal information we have collected from you, subject to certain exceptions.
- Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you.
- Right to Opt-Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising purposes. We do not sell personal information, but you may opt out of sharing for targeted advertising purposes.
- Right to Limit Use of Sensitive Personal Information: You have the right to limit our use of sensitive personal information to what is necessary to provide our services.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you services, charge you different prices, or provide you with a different level of service because you exercised your rights.
- Right to Data Portability: You have the right to receive your personal information in a portable, readily usable format.
7.2 General Privacy Rights (All U.S. Users)
Regardless of your state of residence, you may exercise the following rights:
- Access and Review: You may access and review the personal information associated with your account at any time by logging into your account settings.
- Correction: You may update or correct inaccurate information in your account profile.
- Deletion: You may request deletion of your account and associated personal information.
- Opt-Out of Marketing: You may unsubscribe from marketing emails at any time.
- Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time.
7.3 How to Exercise Your Rights
To exercise any of the rights described in this section, please submit a request by:
- Email: [email protected]
- Website: Through the contact form available at zupascafe.click
We will respond to your request within 45 days of receipt. If we need more time, we will notify you and may extend the response period by an additional 45 days as permitted by applicable law. We may need to verify your identity before processing your request.
You may designate an authorized agent to submit a request on your behalf. If you use an authorized agent, we may require verification of the agent's authority and proof of your identity.
8. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The specific retention periods we apply include:
| Category of Data | Retention Period |
|---|---|
| Account and profile information | Duration of your account plus 3 years after account deletion |
| Order and transaction history | 7 years (for financial and tax compliance purposes) |
| Payment records | 7 years (as required by financial regulations) |
| Marketing preferences and consent records | 3 years from last interaction |
| Customer service communications | 3 years from resolution |
| Website usage and analytics data | 26 months (in anonymized/aggregated form thereafter) |
| Cookie data | Varies by cookie type (session to 2 years) |
| Legal and compliance records | As required by applicable law (typically 7-10 years) |
After the applicable retention period expires, we will securely delete or anonymize your personal information in accordance with our data retention policy. In some cases, we may retain certain information for longer periods if required by law or if we have a legitimate business reason to do so (such as ongoing legal disputes).
9. Cookie Policy
Our website at zupascafe.click uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and support our marketing efforts.
9.1 What Are Cookies?
Cookies are small text files placed on your device when you visit our website. They allow the website to recognize your device and remember certain information about your visit, such as your preferences and login status.
9.2 Types of Cookies We Use
- Strictly Necessary Cookies: Essential for the website to function properly. These cannot be disabled.
- Performance and Analytics Cookies: Help us understand how visitors use our website so we can improve performance and user experience.
- Functional Cookies: Remember your preferences and settings to provide a more personalized experience.
- Marketing and Targeting Cookies: Used to deliver relevant advertisements and track the effectiveness of our marketing campaigns.
9.3 Managing Cookies
You can manage your cookie preferences through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or set preferences for specific websites. Please note that disabling certain cookies may affect the functionality of our website. For more detailed information about our cookie practices, please contact us at [email protected].
9.4 Do Not Track
Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want to be tracked. Currently, our website does not respond to DNT signals, as there is no uniform standard for how DNT should be interpreted. However, you can use cookie management tools described above to limit tracking.
10. Children's Privacy
Our website and services are intended for individuals who are 18 years of age or older. We do not knowingly collect, use, or disclose personal information from children under the age of 13, as defined by the Children's Online Privacy Protection Act (COPPA), or from individuals under 18 without parental consent.
If we become aware that we have inadvertently collected personal information from a child under 13, or from a minor without appropriate consent, we will take immediate steps to delete such information from our records. If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at [email protected].
We encourage parents and guardians to monitor their children's online activities and to help enforce this policy by instructing their children never to provide personal information through our website without parental permission.
11. International Data Transfers
Zupas is based in the United States and primarily operates within the United States. However, some of our third-party service providers may be located in other countries, and your personal information may be processed or stored outside of the United States.
When we transfer personal information internationally, we ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable law. These safeguards may include:
- Data processing agreements with third-party service providers that include appropriate data protection obligations
- Ensuring that recipient countries provide an adequate level of data protection
- Use of standard contractual clauses or other lawful transfer mechanisms
By using our website and services, you acknowledge and consent to the potential transfer of your personal information to countries outside the United States, where data protection laws may differ from those in your jurisdiction.
12. Third-Party Websites and Links
Our website may contain links to third-party websites, applications, or services that are not owned or controlled by Zupas. This Privacy Policy applies only to our website at zupascafe.click and the services we provide. We are not responsible for the privacy practices of third-party websites and encourage you to review their privacy policies before providing any personal information.
Third-party services that may be integrated into our website or services include, but are not limited to, payment processors, social media platforms, delivery partners, and analytics providers. Each of these services operates under their own privacy policies and terms of service.
13. Marketing Communications and Opt-Out
From time to time, we may send you promotional emails, newsletters, special offers, and other marketing communications about our products, services, and promotions. We will only send you marketing communications with your consent or where we have a legitimate interest to do so under applicable law.
13.1 How to Opt Out
You may opt out of receiving marketing communications from us at any time by:
- Clicking the "unsubscribe" or "opt-out" link at the bottom of any promotional email
- Logging into your account and updating your communication preferences
- Contacting us directly at [email protected] with your opt-out request
Please note that even if you opt out of marketing communications, we may still send you non-promotional messages, such as order confirmations, account notifications, and important service updates.
14. How to File a Complaint
If you have concerns about how we handle your personal information and are not satisfied with our response, you have the right to file a complaint with the appropriate regulatory authority.
14.1 Filing a Complaint with the FTC
The Federal Trade Commission (FTC) oversees consumer protection and privacy matters at the federal level. You may file a complaint with the FTC at:
Website: www.ftc.gov/complaint
Phone: 1-877-FTC-HELP (1-877-382-4357)
Address: 600 Pennsylvania Avenue NW, Washington, DC 20580
14.2 Filing a Complaint with the California Privacy Protection Agency (CPPA)
If you are a California resident and believe your CCPA/CPRA rights have been violated, you may file a complaint with the California Privacy Protection Agency:
Website: cppa.ca.gov
Address: 2101 Arena Blvd., Sacramento, CA 95834
14.3 State Attorneys General
You may also file a complaint with your state's Attorney General office, which may have jurisdiction over privacy and consumer protection matters in your state.
14.4 Contact Us First
We encourage you to contact us first before filing a formal complaint with any regulatory authority. We are committed to resolving privacy concerns promptly and fairly. Please reach out to us at [email protected], and we will make every effort to address your concerns within a reasonable timeframe.
15. Sensitive Personal Information
We generally do not seek to collect sensitive personal information from our customers. Under the CPRA, sensitive personal information includes data such as Social Security numbers, financial account information, precise geolocation data, health information, and racial or ethnic origin. To the extent we collect any sensitive personal information (such as precise location data for delivery purposes), we use such information solely for the purpose for which it was collected and as otherwise permitted by law. You have the right to limit our use of sensitive personal information to providing our services.
16. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our business practices, legal requirements, or the ways we process personal information. When we make significant changes to this policy, we will:
- Post the updated Privacy Policy on our website at zupascafe.click
- Update the "Last Updated" date at the top of this policy
- Send you an email notification if the changes materially affect your rights (where we have your email address)
- Display a prominent notice on our website for a reasonable period following significant updates
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our website and services after any changes to this policy constitutes your acceptance of the updated terms.
17. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please do not hesitate to contact us. We are committed to addressing your privacy inquiries promptly and transparently.
Privacy Contact Information
| Company | Zupas |
|---|---|
| [email protected] | |
| Website | zupascafe.click |
When contacting us regarding a privacy request or complaint, please include your full name, email address, and a detailed description of your request or concern so that we can respond to you as efficiently as possible. We will endeavor to respond to all legitimate privacy inquiries within 45 days.