Privacy Policy

This Privacy Policy describes how Zupas ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you visit our website at zupas-cafe.rest, place orders, use our services, or otherwise interact with us. Please read this policy carefully to understand our practices regarding your personal data and how we will treat it.

By accessing or using our website and services, you acknowledge that you have read, understood, and agree to the collection and use of your information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our services.

We are committed to protecting your privacy and handling your personal information with transparency and respect. This Privacy Policy is designed to comply with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other applicable privacy regulations.

1. Information We Collect

We collect several types of information from and about users of our website and services. The categories of personal information we collect include, but are not limited to, the following:

1.1 Personal Identification Information

When you interact with us — whether by placing an order, creating an account, signing up for our newsletter, making a reservation, or contacting our customer support — we may collect personally identifiable information such as:

  • Full name
  • Email address
  • Phone number
  • Mailing or billing address
  • Date of birth (where relevant for age verification or promotional purposes)
  • Username and password (for registered accounts)
  • Payment information, including credit or debit card numbers, billing details, and transaction records (processed securely through third-party payment processors)
  • Dietary preferences, food allergies, or special requests you voluntarily provide

1.2 Order and Transaction Information

When you place an order through our website or participate in our loyalty program, we collect information related to the transaction, including:

  • Items ordered, quantities, and pricing
  • Order history and purchase frequency
  • Delivery address and delivery preferences
  • Payment method and transaction identifiers
  • Pickup or delivery scheduling information
  • Discount codes, gift card numbers, or loyalty points used

1.3 Usage Data and Technical Information

When you visit our website at zupas-cafe.rest, we automatically collect certain technical information about your device and browsing activity, including:

  • Internet Protocol (IP) address
  • Browser type and version
  • Operating system and device type
  • Pages visited on our website and time spent on each page
  • Referring URLs (the website you came from before visiting ours)
  • Links clicked and features used
  • Date and time of your visit
  • Search queries made on our website
  • Error logs and crash reports

1.4 Cookie and Tracking Data

We use cookies, web beacons, pixel tags, local storage, and similar tracking technologies to enhance your experience on our website. These tools allow us to recognize you across visits, remember your preferences, and understand how you use our services. For detailed information about our use of cookies and your choices regarding tracking technologies, please refer to the Cookie Policy section of this document.

1.5 Communications and Feedback

We collect information you provide when you:

  • Contact our customer service team via email, phone, or online chat
  • Submit feedback, reviews, or ratings about our food and services
  • Respond to surveys or promotions
  • Participate in our social media pages or tag us in posts
  • Submit complaints or inquiries

1.6 Location Data

With your permission, we may collect precise geolocation data from your mobile device or computer to help you find the nearest Zupas location, provide accurate delivery estimates, or personalize your experience based on your region.

1.7 Information From Third Parties

We may also receive personal information about you from third-party sources, including:

  • Social media platforms if you connect your social media account or interact with our pages
  • Third-party food delivery platforms and online ordering services
  • Advertising partners and analytics providers
  • Publicly available sources

2. How We Use Your Information

We use the personal information we collect for a variety of business and operational purposes. The primary purposes for which we use your information are:

2.1 Service Provision and Order Fulfillment

  • Processing and fulfilling your food orders, whether for dine-in, takeout, or delivery
  • Managing your customer account and loyalty program membership
  • Sending order confirmations, receipts, and status updates
  • Processing payments and preventing fraudulent transactions
  • Responding to your inquiries, complaints, and customer service requests
  • Accommodating dietary preferences and special requests you have shared with us

2.2 Business Operations and Improvement

  • Improving our menu offerings, website functionality, and overall customer experience
  • Conducting internal research, analytics, and data analysis
  • Monitoring and analyzing usage patterns and trends on our website
  • Diagnosing technical problems and maintaining the security of our platform
  • Training our staff and quality assurance purposes
  • Planning new locations, services, or product lines based on demand

2.3 Marketing and Promotional Communications

  • Sending you newsletters, promotional emails, and special offers (with your consent where required by law)
  • Personalizing the content and advertisements you see based on your interests and order history
  • Notifying you about loyalty program rewards, points, and exclusive deals
  • Running contests, sweepstakes, or promotional campaigns
  • Retargeting you with relevant advertisements on third-party platforms

You may opt out of marketing communications at any time by following the unsubscribe instructions in any email we send or by contacting us at [email protected].

2.4 Legal and Compliance Purposes

  • Complying with applicable federal, state, and local laws and regulations
  • Enforcing our Terms of Service and other legal agreements
  • Responding to lawful requests from government authorities or law enforcement
  • Protecting our legal rights and interests in disputes
  • Preventing fraud, abuse, and violations of our policies

3. How We Share Your Information

We do not sell your personal information to third parties for monetary compensation. However, we may share your information with certain trusted parties under the following circumstances:

3.1 Service Providers and Business Partners

We engage third-party vendors and service providers who perform services on our behalf. These parties have access to your personal information only as necessary to perform their functions and are contractually obligated to maintain its confidentiality. These service providers may include:

  • Payment processors and financial institutions
  • Delivery and logistics partners
  • Email marketing and communication platforms
  • Website hosting and cloud infrastructure providers
  • Analytics and data intelligence services
  • Customer relationship management (CRM) software providers
  • Advertising networks and retargeting platforms
  • Fraud detection and cybersecurity services

3.2 Legal Requirements and Law Enforcement

We may disclose your personal information when required to do so by law or in the good-faith belief that such action is necessary to:

  • Comply with a legal obligation, court order, or government request
  • Protect and defend our rights or property
  • Prevent or investigate possible wrongdoing in connection with our services
  • Protect the personal safety of users of our services or the public
  • Protect against legal liability

3.3 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your personal information may be transferred as part of the business transaction. We will notify you via email or a prominent notice on our website of any change in ownership or use of your personal information, as well as any choices you may have regarding your information.

3.4 With Your Consent

We may share your information with other third parties when you have given us your explicit consent to do so, such as when you choose to connect a third-party app or service with your Zupas account.

3.5 Aggregated and Anonymized Data

We may share aggregated, de-identified, or anonymized information that cannot reasonably be used to identify you with third parties for industry research, analytics, marketing, or other purposes.

4. Cookie Policy and Tracking Technologies

4.1 What Are Cookies?

Cookies are small text files placed on your device when you visit a website. They allow the website to recognize your device on subsequent visits, remember your preferences, and provide a personalized experience.

4.2 Types of Cookies We Use

Cookie Type Purpose Duration
Strictly Necessary Enable core website functionality such as shopping cart, login sessions, and security features Session / Short-term
Performance & Analytics Help us understand how visitors interact with our website (e.g., Google Analytics) Up to 2 years
Functional Remember your preferences such as language, location, and past orders Up to 1 year
Targeting / Advertising Deliver relevant advertisements based on your interests and browsing behavior Up to 1 year

4.3 Managing Your Cookie Preferences

You can control and manage cookies in several ways. Most browsers allow you to refuse or delete cookies through their settings. Please note that disabling certain cookies may affect the functionality of our website. You may also opt out of interest-based advertising by visiting the Network Advertising Initiative opt-out page or the Digital Advertising Alliance opt-out page.

5. Data Security

We take the security of your personal information seriously and implement a variety of technical, administrative, and physical safeguards designed to protect your information from unauthorized access, disclosure, alteration, or destruction. Our security measures include:

  • Encryption: All data transmitted between your browser and our website is protected using Secure Socket Layer (SSL) or Transport Layer Security (TLS) encryption protocols.
  • Secure Payment Processing: We do not store full payment card numbers. All payment transactions are processed through PCI DSS-compliant payment processors.
  • Access Controls: Access to your personal information is restricted to authorized employees and contractors who need it to perform their job functions, and they are bound by confidentiality obligations.
  • Regular Security Audits: We conduct periodic reviews of our data collection, storage, and processing practices to identify and address potential vulnerabilities.
  • Incident Response: We maintain a data breach response plan to address any security incidents promptly and notify affected individuals as required by applicable law.
  • Firewalls and Intrusion Detection: We deploy firewalls, intrusion detection systems, and other technical measures to protect our systems from unauthorized access.

Despite our efforts, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. You are responsible for maintaining the confidentiality of your account credentials and for any activity occurring under your account.

6. Your Privacy Rights

Depending on your location, you may have certain rights with respect to your personal information. We are committed to honoring these rights in accordance with applicable law.

6.1 Rights for All Users

  • Right to Access: You have the right to request a copy of the personal information we hold about you.
  • Right to Correction: You have the right to request that we correct any inaccurate or incomplete personal information we hold about you.
  • Right to Deletion: You have the right to request that we delete your personal information, subject to certain exceptions (such as where we are required to retain the data by law).
  • Right to Opt Out of Marketing: You can opt out of receiving promotional communications from us at any time.

6.2 California Residents — CCPA/CPRA Rights

If you are a resident of California, you have additional rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), including:

  • Right to Know: You have the right to know what personal information we have collected about you, the categories of sources from which it was collected, the business or commercial purpose for collecting it, the categories of third parties with whom we share it, and the specific pieces of personal information we have collected about you.
  • Right to Delete: You have the right to request deletion of personal information we have collected from you, subject to certain exceptions.
  • Right to Correct: You have the right to request correction of inaccurate personal information we maintain about you.
  • Right to Opt Out of Sale or Sharing: You have the right to opt out of the sale of your personal information or the sharing of your personal information for cross-context behavioral advertising purposes.
  • Right to Limit Use of Sensitive Personal Information: You have the right to limit our use and disclosure of sensitive personal information to certain permitted purposes.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge you different prices, or provide a different level of quality because you exercised your rights.
  • Right to Data Portability: You have the right to receive the personal information you have provided to us in a portable, usable format.

To exercise your California privacy rights, please submit a verifiable consumer request to us using the contact information provided in the "Contact Us" section below. We will verify your identity before processing your request and will respond within 45 days as required by the CCPA/CPRA. In some cases, we may extend this period by an additional 45 days when reasonably necessary, with prior notice.

You may designate an authorized agent to submit a request on your behalf. The authorized agent must provide proof of authorization, and we may require you to verify your identity directly with us.

6.3 Submitting Privacy Rights Requests

To submit any privacy rights request, please contact us at:

Please include your full name, email address, and a description of your request. We will need to verify your identity before processing your request.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The specific retention periods we apply vary depending on the type of information and the purpose for which it was collected:

Data Category Retention Period Basis
Account and registration data Duration of account + 3 years after closure Contractual and legal obligations
Order and transaction records 7 years Tax and financial regulatory requirements
Customer communications and support records 3 years Legitimate business interest
Marketing preferences and opt-out records 5 years Legal compliance and audit trail
Website usage and analytics data Up to 26 months Analytics and service improvement
Payment information As required by PCI DSS (generally not retained after processing) Security and fraud prevention
Legal hold or dispute-related data Duration of dispute + applicable statute of limitations Legal defense and compliance

When we no longer have a legitimate purpose for retaining your personal information, we will securely delete, anonymize, or destroy it in accordance with our data retention and disposal procedures.

8. Children's Privacy

Our website and services are not directed to children under the age of 18, and we do not knowingly collect, use, or disclose personal information from children under 18. If you are under 18 years of age, please do not use our website or provide any personal information to us.

If we become aware that we have inadvertently collected personal information from a child under the age of 18, we will take immediate steps to delete such information from our records. If you are a parent or guardian and believe that your child under the age of 18 has provided personal information to us without your consent, please contact us immediately at [email protected] so that we can take appropriate action.

We comply with the Children's Online Privacy Protection Act (COPPA), which prohibits the collection of personal information from children under the age of 13 without verifiable parental consent. We have no intention of targeting or collecting information from any minors.

9. International Data Transfers

Zupas is based in the United States, and the personal information we collect is primarily stored and processed within the United States. However, as we use cloud-based service providers and technology partners who may be located in other countries, your personal information may be transferred to, stored, or processed in countries outside of the United States.

When we transfer personal information internationally, we ensure that appropriate safeguards are in place to protect your information in accordance with applicable law. These safeguards may include:

  • Entering into data processing agreements with our service providers that include standard contractual clauses or other approved transfer mechanisms
  • Ensuring that receiving countries provide an adequate level of data protection
  • Implementing technical and organizational security measures to protect transferred data

By using our website and services, you acknowledge that your personal information may be transferred to and processed in the United States and other countries, which may have different data protection laws than those in your home country. We take appropriate steps to ensure that your information remains protected regardless of where it is processed.

10. Third-Party Links and Services

Our website may contain links to third-party websites, applications, or services that are not operated by us. These may include social media platforms, delivery partners, or other food service applications. When you click on a third-party link, you will be directed to that third party's site.

We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. Our Privacy Policy applies only to information collected through our own website and services at zupas-cafe.rest.

11. Do Not Track Signals

Some web browsers offer a "Do Not Track" (DNT) feature that sends a signal to websites you visit indicating that you do not want your online activities tracked. Currently, there is no universal standard for how websites should respond to DNT signals, and our website does not respond to DNT signals at this time. However, you can manage your cookie preferences and opt out of certain tracking as described in the Cookie section of this policy.

12. FTC Act Compliance

In accordance with the Federal Trade Commission Act (FTC Act), we are committed to fair information practices and transparency in how we handle your personal information. We do not engage in deceptive or unfair practices with respect to consumer data. Our privacy and data handling practices are consistent with the standards established and enforced by the Federal Trade Commission (FTC) for commercial entities operating in the United States.

If you believe that we have engaged in any unfair or deceptive practice regarding your personal information, you have the right to file a complaint with the Federal Trade Commission at www.ftc.gov/complaint or by calling 1-877-FTC-HELP (1-877-382-4357).

13. Filing a Privacy Complaint

If you have concerns about how we handle your personal information and are not satisfied with our response, you have the right to file a complaint with the appropriate regulatory authority. Depending on your location and the nature of your complaint, the following avenues may be available to you:

13.1 Federal Trade Commission (FTC)

For general consumer privacy complaints related to businesses operating in the United States:

  • Website: www.ftc.gov/complaint
  • Phone: 1-877-FTC-HELP (1-877-382-4357)
  • Address: Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580

13.2 California Privacy Protection Agency (CPPA)

For California residents who wish to exercise their rights under the CCPA/CPRA or file a complaint related to California privacy law:

13.3 State Attorney General Offices

You may also file a complaint with your state's Attorney General office if you believe your privacy rights have been violated under state law. Most state Attorney General offices have consumer protection divisions that handle privacy-related complaints.

Before filing a complaint with any regulatory authority, we encourage you to contact us directly at [email protected] so that we have an opportunity to address your concerns.

14. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or for any other reason. When we make material changes to this Privacy Policy, we will notify you by:

  • Posting the updated policy on our website at zupas-cafe.rest with a new "Last Updated" date
  • Sending an email notification to registered users (where feasible)
  • Displaying a prominent notice on our website for a reasonable period after the change

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website and services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. If you do not agree with the updated policy, you should discontinue your use of our services and contact us to request deletion of your personal information.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please do not hesitate to contact us. We are committed to addressing your inquiries in a timely and transparent manner.

Privacy Contact Information
Company: Zupas
Website: zupas-cafe.rest
Email: [email protected]
Subject Line: Privacy Policy Inquiry / Privacy Rights Request

When contacting us for privacy-related matters, please include your full name, contact information, the nature of your request or concern, and any relevant details that will help us respond to you efficiently. We will make every effort to respond to your inquiry within 30 days of receipt, and within 45 days for formal privacy rights requests as required under applicable law.

For urgent matters or sensitive privacy concerns, we recommend contacting us directly by email at [email protected] with "URGENT PRIVACY MATTER" in the subject line.