Privacy Policy
Effective Date: July 3, 2026 | Last Updated: July 3, 2026
1. Introduction and Who We Are
Welcome to Tatte ("we," "us," "our," or the "Company"). We are a food service business operating in the United States, dedicated to providing exceptional dining experiences to our valued customers. We are committed to protecting your privacy and handling your personal information with transparency, integrity, and respect.
This Privacy Policy applies to all information collected through our website located at sweet-tatte.rest, our online ordering platforms, mobile applications (if applicable), and any related services, sales, marketing, or events (collectively referred to as the "Services").
By accessing or using our Services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please discontinue use of our Services immediately.
Our contact details for all privacy-related inquiries are as follows:
| Company Name | Tatte |
|---|---|
| Address | United States |
| [email protected] | |
| Website | sweet-tatte.rest |
2. Information We Collect
We collect various types of information in connection with your use of our Services. The categories of personal information we collect are described below.
2.1 Personal Information You Provide Directly
When you interact with us — whether by placing an online order, creating an account, signing up for our newsletter, making a reservation, or contacting our customer support — you may voluntarily provide us with the following personal information:
- Identity Information: Full name, username, or similar identifier.
- Contact Information: Email address, telephone number, billing address, delivery address, and other contact details.
- Payment Information: Credit or debit card details, bank account information, billing address, and other financial data necessary to process your transactions. Please note that payment card details are processed securely by our third-party payment processors and are not stored directly on our servers.
- Account Credentials: Username and password if you create an account with us.
- Dietary and Food Preferences: Any dietary restrictions, allergies, or food preferences you choose to share with us to enhance your dining experience.
- Order History: Details of your previous orders, including items purchased, prices, and special instructions.
- Communications: Any messages, feedback, reviews, survey responses, or complaints you submit to us.
- Marketing Preferences: Your preferences for receiving marketing communications from us.
2.2 Usage Data and Technical Information
When you visit our website or use our online Services, we automatically collect certain technical information about your device and how you interact with our platform:
- Device Information: IP address, browser type and version, operating system, device identifiers, screen resolution, and hardware model.
- Usage Information: Pages visited, links clicked, time spent on pages, referring URLs, exit pages, and browsing patterns on our website.
- Log Data: Server logs, error reports, and activity logs automatically generated by our systems.
- Location Data: General geographic location derived from your IP address, or precise location data if you grant us permission through your device settings (for features such as finding nearby locations or delivery services).
- Session Data: Information about your session, including the date and time of your visit, session duration, and session identifiers.
2.3 Cookie and Tracking Technology Data
We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about your browsing activities on our website. For more detailed information about how we use these technologies, please refer to our Cookie usage section below (Section 8) and our separate Cookie Policy.
2.4 Information from Third Parties
We may receive information about you from third-party sources, including:
- Payment Processors: Confirmation of payment status and transaction identifiers from our payment service providers.
- Delivery Partners: Delivery status updates and logistics information from third-party delivery companies we partner with.
- Social Media Platforms: If you choose to connect your social media account or use social login features, we may receive basic profile information such as your name, email address, and profile picture from platforms such as Facebook or Google.
- Analytics Providers: Aggregated or de-identified data from analytics services that help us understand website performance and user behavior.
- Marketing Partners: Information to help us serve more relevant advertisements and communications.
3. How We Use Your Information
We use the information we collect for a variety of purposes, all aimed at providing you with the best possible food service experience and operating our business lawfully and effectively. Specifically, we use your personal information for the following purposes:
3.1 Providing and Managing Our Services
- Processing and fulfilling your food orders, including preparing your order and arranging delivery or pickup.
- Creating and managing your customer account.
- Processing payments and preventing fraudulent transactions.
- Managing reservations and table bookings.
- Sending order confirmations, receipts, and status updates.
- Providing customer support and responding to your inquiries, complaints, and feedback.
- Accommodating your dietary preferences and allergen requirements for food safety purposes.
3.2 Analytics and Service Improvement
- Analyzing usage patterns and trends to improve our website's functionality and user experience.
- Understanding which menu items and features are most popular.
- Conducting market research and customer satisfaction surveys.
- Troubleshooting technical issues and improving the reliability of our Services.
- Developing new products, services, and features based on customer behavior and feedback.
3.3 Marketing and Communications
- Sending you promotional emails, newsletters, and special offers if you have consented to receiving such communications.
- Personalizing marketing messages and offers based on your order history and preferences.
- Running loyalty programs and promotional campaigns.
- Delivering targeted advertisements on our website and third-party platforms (where permitted by applicable law).
- You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any marketing email or by contacting us at [email protected].
3.4 Legal Compliance and Business Operations
- Complying with applicable laws, regulations, and legal obligations in the United States, including tax reporting and food safety regulations.
- Enforcing our Terms of Service and other agreements.
- Protecting the rights, property, and safety of Tatte, our customers, and the public.
- Responding to legal requests, court orders, and regulatory investigations.
- Maintaining accurate business records for accounting and auditing purposes.
- Detecting, preventing, and addressing fraud, security breaches, and other harmful activities.
4. Legal Basis for Processing Your Information
As a business operating in the United States, we process your personal information under the following legal bases, consistent with applicable federal and state laws including the Federal Trade Commission Act (FTC Act), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other applicable state privacy laws:
- Contractual Necessity: Processing is necessary to fulfill our contract with you — for example, to process your food orders and deliver our services.
- Legitimate Business Interests: We process certain information to pursue our legitimate business interests, such as improving our services, preventing fraud, and maintaining the security of our platform, provided these interests are not overridden by your rights.
- Consent: Where required by law, we rely on your explicit consent to process your personal information, such as for marketing communications or optional data collection.
- Legal Obligation: We process certain information to comply with applicable laws and regulations, such as tax laws, food safety regulations, and legal reporting requirements.
5. Sharing Your Information with Third Parties
We do not sell your personal information to third parties. However, we may share your information with certain trusted third parties in the following circumstances:
5.1 Service Providers and Business Partners
We engage third-party companies and individuals to perform services on our behalf. These service providers are contractually obligated to use your information only as necessary to provide services to us and in accordance with this Privacy Policy. Categories of service providers include:
- Payment Processors: Companies that process credit card payments and other financial transactions securely on our behalf.
- Delivery and Logistics Partners: Third-party delivery services that fulfill food delivery orders.
- Cloud Hosting and IT Services: Providers that host our website, store data, and maintain our technical infrastructure.
- Analytics Providers: Services such as Google Analytics that help us understand website usage (data shared is typically aggregated or anonymized).
- Email Marketing Platforms: Services that manage our email communications and newsletters.
- Customer Support Tools: Software platforms that help us manage and respond to customer inquiries.
- Advertising Networks: Partners that help us deliver targeted advertisements, subject to your consent preferences.
5.2 Legal Requirements and Law Enforcement
We may disclose your personal information if required to do so by law or in response to valid legal requests, including:
- Compliance with a subpoena, court order, or other legal process.
- Requests from government or regulatory authorities.
- When disclosure is necessary to protect the safety of our customers, employees, or the public.
- To enforce our legal rights, investigate potential violations of our policies, or defend against legal claims.
- In connection with investigations of suspected fraud or other illegal activities.
5.3 Business Transfers
In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or part of our assets, your personal information may be transferred to the acquiring entity or successor company. We will notify you via email or a prominent notice on our website if such a transfer occurs and your information becomes subject to a different privacy policy.
5.4 With Your Consent
We may share your personal information with other third parties when you have given your explicit consent for us to do so.
6. Data Security
We take the security of your personal information seriously and implement a range of technical, administrative, and physical safeguards designed to protect your data from unauthorized access, disclosure, alteration, or destruction. Our security measures include:
- Encryption: We use industry-standard SSL/TLS encryption to protect data transmitted between your browser and our servers. Payment information is encrypted using secure protocols.
- Access Controls: Access to personal information is restricted to authorized personnel who require it to perform their job functions. We enforce strong password policies and multi-factor authentication where appropriate.
- Secure Data Storage: Personal information is stored on secure servers with appropriate firewalls and security configurations.
- Regular Security Assessments: We conduct periodic security reviews and vulnerability assessments of our systems.
- Employee Training: Our staff members receive training on data protection best practices and our privacy obligations.
- Incident Response: We maintain procedures for detecting, reporting, and responding to data security incidents, including breach notification procedures in compliance with applicable US state laws.
7. Your Privacy Rights
Depending on your location within the United States, you may have certain rights with respect to your personal information. We are committed to honoring these rights in accordance with applicable laws, including the California Consumer Privacy Act (CCPA/CPRA) for California residents, and similar privacy laws in other states.
7.1 Right to Know and Access
You have the right to request that we disclose what personal information we collect, use, disclose, and sell about you. Specifically, you may request:
- The categories of personal information we have collected about you.
- The categories of sources from which your personal information is collected.
- The business or commercial purpose for collecting your personal information.
- The categories of third parties with whom we share your personal information.
- The specific pieces of personal information we have collected about you (data portability).
7.2 Right to Correction
You have the right to request that we correct inaccurate personal information we hold about you, taking into account the nature of the information and the purposes for which it is processed.
7.3 Right to Deletion
You have the right to request that we delete your personal information, subject to certain exceptions such as where we are required to retain data for legal compliance, fraud prevention, or to complete a transaction you have requested.
7.4 Right to Data Portability
Where technically feasible, you have the right to receive a copy of your personal information in a structured, commonly used, and machine-readable format, and to transmit that information to another organization.
7.5 Right to Opt Out of Sale or Sharing
Under the CCPA/CPRA, California residents have the right to opt out of the sale or sharing of their personal information. As stated above, we do not sell personal information. If this practice changes, we will update this Privacy Policy and provide an opt-out mechanism.
7.6 Right to Non-Discrimination
We will not discriminate against you for exercising any of your privacy rights. This means we will not deny you goods or services, charge different prices, provide a different level of quality, or suggest that you will receive a different level of service as a result of exercising your rights.
7.7 Right to Limit Use of Sensitive Personal Information
Under the CPRA, California residents have the right to limit the use and disclosure of sensitive personal information to what is necessary to perform the services requested.
7.8 How to Exercise Your Rights
To exercise any of the privacy rights described above, please submit a verifiable request to us by:
- Email: [email protected]
- Website: sweet-tatte.rest
We will verify your identity before processing your request. We will respond to verifiable consumer requests within 45 days, with the possibility of one 45-day extension when reasonably necessary. We may ask you to provide information to verify your identity, such as your name, email address, and order information. We cannot respond to your request or provide you with personal information if we cannot verify your identity.
You may designate an authorized agent to make a request on your behalf. If you use an authorized agent, we may require proof of written authorization or power of attorney.
8. Cookie Usage
Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and deliver personalized content and advertising. Cookies are small text files that are placed on your device when you visit a website.
8.1 Types of Cookies We Use
- Strictly Necessary Cookies: These cookies are essential for the website to function properly. They enable core functionality such as security, network management, and account access. These cookies cannot be disabled.
- Performance and Analytics Cookies: These cookies collect information about how visitors use our website, such as which pages are visited most frequently. We use this information to improve our website. These cookies do not collect personally identifiable information.
- Functional Cookies: These cookies allow the website to remember your preferences, such as your location, language settings, and saved cart items, to provide a more personalized experience.
- Targeting and Advertising Cookies: These cookies are used to deliver advertisements more relevant to you and your interests. They also limit the number of times you see an advertisement and help us measure the effectiveness of advertising campaigns.
8.2 Managing Your Cookie Preferences
You can control and manage cookies through your browser settings. Most browsers allow you to refuse all or some cookies, or to alert you when websites set or access cookies. Please note that disabling certain cookies may affect the functionality of our website and your ability to use certain features, such as online ordering. For full details on how we use cookies, please review our separate Cookie Policy available on our website.
9. Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. The specific retention periods we apply are as follows:
| Type of Data | Retention Period | Reason |
|---|---|---|
| Customer Account Information | Duration of account plus 3 years after closure | Legal compliance and dispute resolution |
| Order and Transaction Records | 7 years from transaction date | Tax and financial record-keeping requirements |
| Payment Information | Retained by payment processors per their policies; we retain transaction IDs only | Fraud prevention and compliance |
| Marketing Preferences and Communications | Until you opt out, plus 2 years | Compliance with marketing regulations |
| Customer Support Correspondence | 3 years from date of last communication | Quality assurance and dispute resolution |
| Website Usage and Analytics Data | Up to 26 months | Analytics and service improvement |
| Cookie and Tracking Data | Varies by cookie type (session to 2 years) | Website functionality and analytics |
| Dietary and Allergen Information | Duration of account plus 1 year | Food safety compliance |
When personal information is no longer required, we securely delete or anonymize it. In some circumstances, we may anonymize your personal information so that it can no longer be associated with you, in which case it may be used without further notice to you.
10. Children's Privacy
Our Services are intended for use by individuals who are 18 years of age or older. We do not knowingly collect, solicit, or process personal information from children under the age of 18.
In compliance with the Children's Online Privacy Protection Act (COPPA) and other applicable laws, if we learn that we have inadvertently collected personal information from a child under 18 years of age without parental consent, we will take immediate steps to delete that information from our records.
If you are a parent or guardian and believe that your child under the age of 18 has provided us with personal information, please contact us immediately at [email protected] so that we can investigate and take appropriate action, including deletion of any such information.
11. International Data Transfers
Tatte is a food service business based in the United States. Our primary operations, data processing activities, and servers are located within the United States. If you are accessing our Services from outside the United States, please be aware that your personal information will be transferred to and processed in the United States.
The United States may not have data protection laws that are considered equivalent to those in your home country. By using our Services, you consent to the transfer of your information to the United States and its processing in accordance with this Privacy Policy.
When we transfer personal information internationally, we take appropriate safeguards to ensure that your information remains protected, including:
- Entering into appropriate data transfer agreements with receiving parties.
- Ensuring that our service providers maintain adequate security standards.
- Implementing contractual protections consistent with applicable law.
12. California Privacy Rights (CCPA/CPRA)
If you are a resident of California, you are entitled to specific additional rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). These rights include all those described in Section 7 of this Privacy Policy, as well as the following:
12.1 "Shine the Light" Law
California Civil Code Section 1798.83 permits California residents who are our customers to request certain information regarding our disclosure of personal information to third parties for those third parties' direct marketing purposes. To make such a request, please contact us at [email protected].
12.2 Categories of Personal Information Collected
In the preceding 12 months, we have collected personal information falling into the following categories as defined by the CCPA:
- Identifiers (name, email address, IP address, account name)
- Personal information categories listed in the California Customer Records statute (name, telephone number, payment card information)
- Commercial information (order history, products purchased)
- Internet or other electronic network activity information (browsing history on our website)
- Geolocation data (approximate location)
- Inferences drawn from other personal information (customer preferences)
12.3 Do Not Track Signals
Some browsers offer a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. Our website does not currently respond to DNT signals. We will update this policy if our practices change.
13. Other State Privacy Rights
Residents of certain other US states may have additional privacy rights under their respective state laws, including but not limited to:
- Virginia: Virginia Consumer Data Protection Act (VCDPA)
- Colorado: Colorado Privacy Act (CPA)
- Connecticut: Connecticut Data Privacy Act (CTDPA)
- Utah: Utah Consumer Privacy Act (UCPA)
- Texas: Texas Data Privacy and Security Act (TDPSA)
If you are a resident of any of these states and wish to exercise your privacy rights, please contact us using the information provided in this Privacy Policy. We will respond to your request in accordance with the applicable state law.
14. Third-Party Websites and Links
Our website may contain links to third-party websites, applications, or services that are not owned or controlled by Tatte. This Privacy Policy applies only to our Services and does not extend to any third-party websites or platforms. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
We strongly encourage you to review the privacy policy of every website you visit. The inclusion of a link on our website does not imply endorsement by Tatte of the linked site or any association with its operators.
15. Changes to This Privacy Policy
We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, legal requirements, or business operations. When we make material changes, we will:
- Update the "Last Updated" date at the top of this Privacy Policy.
- Post the updated Privacy Policy on our website at sweet-tatte.rest.
- Send an email notification to registered account holders for significant changes.
- Display a prominent notice on our website when material changes are made.
Your continued use of our Services after the effective date of the revised Privacy Policy constitutes your acceptance of the updated terms. If you do not agree to the updated Privacy Policy, please stop using our Services and contact us to request deletion of your account and personal data.
16. How to File a Complaint
If you have concerns about how we handle your personal information and are not satisfied with our response, you have the right to file a complaint with the appropriate data protection or consumer protection authority.
16.1 Complaints to the Federal Trade Commission (FTC)
The Federal Trade Commission (FTC) is the primary federal agency responsible for protecting consumers from unfair or deceptive practices in commerce, including privacy violations. You may file a complaint with the FTC through the following channels:
- Online: reportfraud.ftc.gov
- Phone: 1-877-FTC-HELP (1-877-382-4357)
- Mail: Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580
16.2 Complaints to the California Privacy Protection Agency (CPPA)
If you are a California resident, you may submit complaints to the California Privacy Protection Agency (CPPA), which enforces the CCPA/CPRA:
- Online: cppa.ca.gov
- Email: [email protected]
16.3 State Attorney General Offices
Residents of various US states may also file privacy complaints with their respective state Attorney General offices, which may have authority to investigate privacy violations under state consumer protection and data privacy laws.
16.4 Internal Complaint Resolution
Before filing a complaint with a regulatory authority, we encourage you to contact us directly so that we can attempt to resolve your concerns. We take all privacy complaints seriously and will respond promptly:
- Email: [email protected]
- Website: sweet-tatte.rest
17. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal information, please do not hesitate to reach out to us. We are committed to addressing your inquiries promptly and transparently.
Company: Tatte
Address: United States
Email: [email protected]
Website: sweet-tatte.rest
Response Time: We aim to respond to all privacy-related inquiries within 10 business days, and to verifiable consumer rights requests within 45 days as required by applicable law.
This Privacy Policy was last updated on July 3, 2026. © 2026 Tatte. All rights reserved.