Privacy Policy

This Privacy Policy describes how Zupas ("we," "us," or "our") collects, uses, discloses, and safeguards your personal information when you visit our website at zupas-food.click, place orders, use our services, or otherwise interact with us. Please read this policy carefully. By accessing or using our website and services, you acknowledge that you have read and understood this Privacy Policy.

We are committed to protecting your privacy and handling your personal data in an open and transparent manner. This Privacy Policy has been drafted in accordance with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and the Federal Trade Commission Act (FTC Act), among other applicable regulations.

1. About Us

Zupas is a food service business operating through our website zupas-food.click. We provide food-related services, including but not limited to online ordering, menu browsing, customer accounts, and related offerings to customers across the United States.

For any questions, concerns, or requests regarding your privacy or this Privacy Policy, please contact us using the information provided in the "Contact Us" section at the end of this document.

2. Scope of This Privacy Policy

This Privacy Policy applies to all personal information we collect in connection with:

• Your use of our website at zupas-food.click
• Online orders, reservations, or food service requests made through our platform
• Communications with us via email, telephone, or online contact forms
• Your subscription to our newsletter, promotional offers, or loyalty programs
• Your participation in surveys, contests, or promotional activities
• Any other interaction between you and Zupas

This Privacy Policy does not apply to third-party websites, applications, or services that may be linked from our website. We encourage you to review the privacy policies of those third parties independently.

3. Information We Collect

We collect various types of information to operate our business, provide services to you, and improve your experience. The categories of personal information we collect include:

3.1 Personal Identification Information

When you create an account, place an order, or contact us, we may collect:

• Full name
• Email address
• Phone number
• Billing and shipping address (including street address, city, state, ZIP code)
• Username and password (for registered account holders)
• Date of birth (for age verification and promotional purposes)

3.2 Payment and Financial Information

To process your orders and transactions, we collect:

• Credit or debit card numbers (last four digits retained; full numbers processed by our payment processors)
• Billing address associated with your payment method
• Transaction history and order records

Please note that complete payment card details are handled exclusively by our PCI-DSS compliant third-party payment processors, and we do not store your full card details on our servers.

3.3 Order and Transaction Information

We collect details about your food orders, including:

• Items ordered, quantities, customizations, and special instructions
• Order date, time, and delivery preferences
• Order history and frequency
• Dietary preferences or restrictions you choose to share with us

3.4 Usage Data and Technical Information

When you access our website, we automatically collect certain technical and usage data, including:

• IP address
• Browser type and version
• Operating system and device type
• Pages visited, links clicked, and navigation patterns
• Time and date of your visit, and duration on pages
• Referring URLs (the website you visited before arriving at ours)
• Search queries entered on our website

3.5 Location Data

With your consent, we may collect precise or approximate geolocation data from your device to:

• Identify nearby restaurant locations or service areas
• Facilitate delivery services to your location
• Provide location-specific promotions or offers

You may disable location services at any time through your device settings, though this may limit certain features of our service.

3.6 Cookie and Tracking Data

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about your interactions with our website. For full details on the cookies we use and your choices, please refer to our Cookie Policy section below and any separate Cookie Policy document available on our website.

3.7 Communications Data

If you contact us for customer support, submit feedback, or participate in surveys or promotions, we collect:

• The content of your messages, emails, or calls
• Records of correspondence
• Survey responses and feedback

3.8 Sensitive Personal Information

In limited circumstances, we may collect sensitive personal information such as dietary restrictions or food allergy information that you voluntarily provide when placing orders. We use this information solely for the purpose of fulfilling your order and ensuring your safety. We do not use sensitive personal information for advertising or marketing profiling purposes beyond what is permitted by applicable law.

3.9 Information from Third Parties

We may receive information about you from third parties, including:

• Social media platforms, if you choose to connect your social media account to our services or log in using social media credentials
• Third-party food delivery platforms and aggregators
• Analytics and advertising partners
• Publicly available sources

4. How We Use Your Information

We use the personal information we collect for a variety of business and operational purposes, including:

4.1 Service Provision and Order Fulfillment

• Processing and fulfilling your food orders and delivery requests
• Managing your account and profile
• Sending order confirmations, receipts, and status updates
• Facilitating payment processing and fraud prevention
• Accommodating special dietary requests or food allergy accommodations

4.2 Customer Support and Communications

• Responding to your inquiries, complaints, and requests
• Providing customer service and technical support
• Sending important service-related notices and updates

4.3 Marketing and Promotional Communications

• Sending you newsletters, special offers, and promotional materials (with your consent where required)
• Informing you about new menu items, seasonal specials, and events
• Personalizing your experience and presenting tailored offers based on your order history and preferences
• Conducting loyalty program administration

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any marketing email or by contacting us at [email protected].

4.4 Analytics and Service Improvement

• Analyzing usage patterns and website traffic to improve our website and services
• Understanding customer preferences and behavior to enhance our menu offerings
• Conducting internal research, development, and quality assurance
• Monitoring and improving website performance and security

4.5 Legal Compliance and Safety

• Complying with applicable laws, regulations, and legal obligations
• Responding to lawful requests from government authorities or law enforcement
• Enforcing our Terms of Service and other policies
• Protecting the rights, property, and safety of Zupas, our customers, and the public
• Detecting, preventing, and investigating fraud, security breaches, and other illegal activities

4.6 Business Operations

• Managing our business relationships with vendors, partners, and service providers
• Carrying out audits and business evaluations
• Planning and executing corporate transactions such as mergers, acquisitions, or asset sales

5. Sharing Your Information with Third Parties

We do not sell your personal information to third parties for their own marketing purposes. However, we may share your information with the following categories of third parties under specific circumstances:

5.1 Service Providers and Business Partners

We engage trusted third-party companies and individuals to perform services on our behalf. These may include:

• Payment processors — to securely handle credit and debit card transactions
• Delivery service partners — to fulfill food delivery orders
• Cloud hosting and IT providers — to host and operate our website and databases
• Email marketing platforms — to manage and send promotional communications
• Analytics providers — such as Google Analytics, to analyze website traffic and behavior
• Customer support tools — to manage support tickets and communications

These service providers are contractually obligated to use your information only as directed by us and in accordance with this Privacy Policy. They are not permitted to use your personal data for their own independent purposes.

5.2 Legal Requirements and Law Enforcement

We may disclose your personal information if we believe in good faith that such disclosure is necessary to:

• Comply with a legal obligation, subpoena, court order, or governmental request
• Enforce our Terms of Service or other applicable agreements
• Protect and defend our legal rights or property
• Prevent or investigate possible wrongdoing or fraud
• Protect the personal safety of our users or the general public

5.3 Business Transfers

In the event that Zupas is involved in a merger, acquisition, sale of assets, financing, reorganization, or insolvency proceeding, your personal information may be transferred to a successor or affiliated entity. We will notify you via email and/or a prominent notice on our website before your information is transferred and becomes subject to a different privacy policy.

5.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so, such as when you participate in joint promotions or partner offers.

5.5 Aggregated and De-Identified Data

We may share aggregated or de-identified information that does not directly identify you with third parties for research, analytics, marketing, or other business purposes.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and deliver personalized content and advertisements. The types of cookies we use include:

6.1 Types of Cookies

• Essential Cookies: Necessary for the website to function properly, including session management, shopping cart functionality, and security features.
• Analytical/Performance Cookies: Allow us to understand how visitors interact with our website by collecting information anonymously. We use tools such as Google Analytics for this purpose.
• Functional Cookies: Remember your preferences and settings, such as language, location, and saved items.
• Marketing/Advertising Cookies: Track your online activity to deliver more relevant advertising and measure the effectiveness of our campaigns.

6.2 Managing Your Cookie Preferences

You have the right to accept or decline non-essential cookies. You can manage your cookie preferences through:

• Our cookie consent banner displayed on your first visit
• Your browser settings — most browsers allow you to block or delete cookies
• Third-party opt-out tools such as the Network Advertising Initiative opt-out page

Please note that disabling certain cookies may affect the functionality of our website. For more detailed information, please refer to our full Cookie Policy available on our website.

7. Data Security

We take the security of your personal information seriously and implement a range of technical, administrative, and physical safeguards to protect your data from unauthorized access, disclosure, alteration, or destruction. Our security measures include:

• SSL/TLS Encryption: All data transmitted between your browser and our website is encrypted using Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols.
• Secure Payment Processing: Payment card information is processed through PCI-DSS compliant payment gateways. We do not store full card details on our systems.
• Access Controls: Access to personal information is restricted to authorized employees and service providers who need it to perform their functions.
• Regular Security Audits: We conduct regular security assessments and vulnerability testing of our systems.
• Data Minimization: We collect only the information necessary for the purposes outlined in this Privacy Policy.
• Employee Training: Our staff receive regular training on data protection and privacy best practices.

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Our general retention guidelines are as follows:

After the applicable retention period expires, we will securely delete or anonymize your personal information. If you request deletion of your data, we will comply subject to any legal obligations that require us to retain certain records.

9. Your Privacy Rights

Depending on your state of residence within the United States, you may have the following rights with respect to your personal information. We are committed to honoring these rights in compliance with applicable federal and state laws.

9.1 Rights for All Users

• Right to Know/Access: You have the right to request information about the personal data we hold about you, including the categories of data collected, the purposes for which it is used, and the third parties with whom it is shared.
• Right to Correction: You have the right to request that we correct inaccurate or incomplete personal information we hold about you.
• Right to Deletion: You may request that we delete your personal information, subject to certain exceptions (such as legal compliance or order fulfillment obligations).
• Right to Opt-Out of Marketing: You may opt out of receiving marketing communications from us at any time.

9.2 California Residents — CCPA/CPRA Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), effective January 1, 2023:

• Right to Know: The right to request disclosure of the specific pieces of personal information we have collected about you.
• Right to Delete: The right to request deletion of personal information we have collected, subject to exceptions.
• Right to Correct: The right to request correction of inaccurate personal information.
• Right to Opt-Out of Sale or Sharing: The right to opt out of the "sale" or "sharing" of your personal information for cross-context behavioral advertising. We do not sell personal information for monetary consideration, but we may share it for targeted advertising. You may exercise this right by contacting us.
• Right to Limit Use of Sensitive Personal Information: The right to limit our use of sensitive personal information to what is necessary to perform the services you requested.
• Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your CCPA/CPRA privacy rights. We will not deny you services, charge you different prices, or provide a different level of quality based on your exercise of privacy rights.
• Right to Data Portability: The right to receive your personal information in a portable, readily usable format.

To exercise your California privacy rights, please submit a verifiable consumer request to us at [email protected]. We will respond to verifiable requests within 45 days, with an optional 45-day extension when necessary, as permitted by law.

9.3 How to Exercise Your Rights

To exercise any of the privacy rights described above, you may contact us by:

• Email: [email protected]

We may need to verify your identity before processing your request. We will not charge a fee for processing your request unless it is excessive or repetitive. We will notify you if a fee applies before completing your request.

You may designate an authorized agent to submit requests on your behalf. The authorized agent must provide written proof of authorization, and we may verify the request directly with you.

10. Children's Privacy

Our website, services, and food ordering platform are not directed to children under the age of 18. We do not knowingly collect, solicit, or process personal information from anyone under 18 years of age. If you are under 18, please do not use our website or submit any personal information to us.

If we become aware that we have inadvertently collected personal information from a child under 18 without verifiable parental consent, we will take immediate steps to delete that information from our records. If you believe we have collected information from a child under 18, please contact us immediately at [email protected].

We comply with the Children's Online Privacy Protection Act (COPPA) and all applicable federal and state laws regarding children's privacy. Parents or guardians who believe their child has provided us with personal information should contact us so we can take appropriate action.

11. International Data Transfers

Zupas is based in the United States, and our primary data processing activities occur within the United States. However, some of our service providers and technology partners may be located in other countries, and your personal information may be transferred to, stored, or processed in countries outside of the United States.

When we transfer personal information internationally, we take appropriate steps to ensure that such transfers comply with applicable privacy laws and that adequate protections are in place for your data. These protections may include:

• Contractual agreements with data processors that include appropriate data protection clauses
• Reliance on service providers that adhere to recognized privacy frameworks
• Technical and organizational security measures to protect data during transfer

By using our website and services, you acknowledge that your information may be transferred to and processed in the United States and other jurisdictions that may have data protection laws that differ from those in your country of residence.

12. Third-Party Links and Services

Our website may contain links to third-party websites, social media platforms, and services that are not operated or controlled by Zupas. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party websites you visit.

We are not responsible for the content, privacy practices, or security measures of third-party websites, even if they are linked from our website. The inclusion of a link does not imply our endorsement of the third party's privacy practices.

13. Social Media and Third-Party Integrations

Our website may include social media features, such as the Facebook Like button, Instagram share buttons, and other social media widgets. These features may collect your IP address, the page you are visiting, and may set a cookie to enable the feature to function properly. Social media features and widgets are operated by third parties and are governed by their respective privacy policies. We recommend reviewing the privacy policies of these third-party social media platforms.

If you choose to log into our website using social media credentials (such as "Login with Google" or "Login with Facebook"), we may receive certain profile information from your social media account, such as your name and email address, as permitted by your privacy settings on that platform.

14. Email Marketing and Communications

With your consent, we may send you promotional emails about our food offerings, special deals, seasonal menus, and events. Each marketing email we send will include a clear unsubscribe link at the bottom. You can opt out of receiving marketing emails at any time by:

• Clicking the "Unsubscribe" link at the bottom of any marketing email
• Contacting us at [email protected] with your request

Please note that even if you opt out of marketing communications, we may still send you transactional or service-related messages (such as order confirmations, receipts, and important account notices) as these are necessary for the provision of our services.

We comply with the CAN-SPAM Act and all applicable anti-spam regulations. Our marketing emails will always clearly identify us as the sender, include our contact information, and provide a straightforward opt-out mechanism.

15. Do Not Track Signals

Some web browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activities tracked. Currently, there is no universally accepted standard for how websites should respond to DNT signals. Our website does not currently respond to browser DNT signals. However, you can manage your cookie and tracking preferences through the options described in our Cookie section above.

16. Filing Complaints

If you believe your privacy rights have been violated, we encourage you to contact us first so that we can attempt to resolve your concern. Please reach out to us at:

• Email: [email protected]

If you are a California resident and are not satisfied with our response, you also have the right to file a complaint with:

• California Privacy Protection Agency (CPPA)
  2101 Arena Boulevard, Sacramento, CA 95834
  Website: cppa.ca.gov

For general consumer protection complaints in the United States, you may also contact:

• Federal Trade Commission (FTC)
  600 Pennsylvania Avenue NW, Washington, DC 20580
  Website: ftc.gov
  Consumer Helpline: 1-877-FTC-HELP (1-877-382-4357)

Residents of other states may have rights to file complaints with their respective state attorney general's office or designated data protection authority.

17. Changes to This Privacy Policy

We reserve the right to update, modify, or revise this Privacy Policy at any time to reflect changes in our business practices, technology, legal requirements, or other factors. When we make material changes to this Privacy Policy, we will:

• Update the "Last Updated" date at the top of this page
• Post a prominent notice on our website informing you of the changes
• Where required by law, notify you directly via email

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information. Your continued use of our website and services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

18. Legal Basis and Applicable Law

This Privacy Policy is governed by and construed in accordance with the laws of the United States. Our privacy practices are designed to comply with:

• The Federal Trade Commission Act (FTC Act) — which governs unfair or deceptive trade practices, including privacy violations
• The California Consumer Privacy Act (CCPA) and its amendment, the California Privacy Rights Act (CPRA), for California residents
• The Children's Online Privacy Protection Act (COPPA)
• The CAN-SPAM Act — for commercial email communications
• The Electronic Communications Privacy Act (ECPA)
• Any other applicable state or federal privacy laws

19. Contact Us

If you have any questions, comments, or concerns about this Privacy Policy or our data practices, or if you wish to exercise any of your privacy rights, please do not hesitate to contact us:

We are committed to addressing your concerns promptly and transparently. We aim to respond to all privacy-related inquiries within 30 business days of receipt. For verifiable consumer requests under CCPA/CPRA, we will respond within the timeframes mandated by applicable law.