Privacy Policy

Effective Date: June 6, 2026  |  Last Updated: June 6, 2026

At Tatte, we are deeply committed to protecting your privacy and safeguarding your personal information. This Privacy Policy explains in detail how we collect, use, disclose, store, and protect your personal data when you visit our website at tatte-cafe.click, place orders, participate in loyalty programs, or otherwise interact with our services. Please read this policy carefully to understand our practices regarding your personal information and how we will treat it.

By accessing or using our website and services, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of our website and services immediately.

This Privacy Policy is governed by applicable United States federal and state privacy laws, including but not limited to the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other applicable consumer protection regulations.

1. About Us

Tatte is a food and beverage business operating in the United States. We provide café and dining services including in-person dining, online ordering, catering, and related food and beverage offerings. Our contact information is as follows:

Company Name Tatte
Email Address [email protected]
Website tatte-cafe.click
Location United States

For all privacy-related inquiries, requests, or complaints, please contact us using the information above. We designate our email address [email protected] as the primary point of contact for privacy matters.

2. Scope of This Privacy Policy

This Privacy Policy applies to all personal information collected by Tatte through the following channels:

  • Our website at tatte-cafe.click and any related subdomains
  • Online ordering platforms and third-party delivery integrations associated with Tatte
  • Email communications, newsletters, and marketing messages
  • Loyalty and rewards programs
  • In-store digital touchpoints such as kiosks, Wi-Fi sign-ins, or digital receipts
  • Social media interactions where we are identified as the data controller
  • Customer service communications by phone, email, or chat
  • Catering inquiry forms and event booking services

This policy does not apply to the practices of third-party websites, applications, or services that may be linked to from our website. We encourage you to review the privacy policies of any third parties whose services you use.

3. Information We Collect

We collect various categories of personal information depending on how you interact with us. Below is a detailed breakdown of the types of data we may collect.

3.1 Personal Identification Information

When you create an account, place an order, sign up for our newsletter, or contact us, we may collect:

  • Full name
  • Email address
  • Phone number
  • Mailing and delivery address
  • Date of birth (for age verification or birthday promotions)
  • Username and password for account access
  • Profile photo or avatar (if voluntarily uploaded)

3.2 Payment and Transaction Information

When you make a purchase or place an order, we or our third-party payment processors may collect:

  • Credit or debit card information (processed securely through PCI-DSS compliant payment processors)
  • Billing address
  • Transaction history and order details
  • Payment confirmation records
  • Gift card or promotional code usage

Please note that we do not store full payment card numbers directly on our servers. Payment card data is handled by trusted, industry-compliant third-party payment processors.

3.3 Usage and Behavioral Data

As you navigate and use our website and digital services, we automatically collect certain technical and behavioral information, including:

  • Pages visited, time spent on each page, and navigation paths
  • Search queries entered on our website
  • Products or menu items viewed, added to cart, or ordered
  • Frequency of visits and returning visitor status
  • Links clicked and buttons interacted with
  • Referring website or source URL

3.4 Device and Technical Information

We automatically collect information about the device and technology you use to access our website, including:

  • IP address
  • Browser type and version
  • Operating system and version
  • Device type (desktop, mobile, tablet)
  • Screen resolution and device identifiers
  • Time zone and language settings
  • Internet service provider

3.5 Location Data

With your permission, we may collect approximate or precise geolocation data to help you find the nearest Tatte location, estimate delivery times, or personalize your experience. You may disable location services through your browser or device settings at any time.

3.6 Communications Data

If you contact us by email, phone, or through a contact form, we collect and retain records of those communications, including your name, contact details, and the content of the communication, in order to respond to your inquiries and improve our services.

3.7 Loyalty Program and Preferences Data

If you enroll in our loyalty or rewards program, we collect data related to your participation, including points earned, rewards redeemed, preferred items, and participation history. We may also collect your stated preferences regarding dietary needs, allergens, or favorite menu items.

3.8 Information from Third Parties

We may receive information about you from third-party sources, such as:

  • Third-party food delivery platforms (e.g., DoorDash, Uber Eats, Grubhub)
  • Social media platforms if you interact with our pages or use social login features
  • Analytics providers and advertising partners
  • Publicly available sources, where permitted by applicable law

4. How We Use Your Information

We use the personal information we collect for the following lawful purposes:

4.1 Service Provision and Order Fulfillment

  • Processing and fulfilling your food orders, whether in-store, online, or via delivery
  • Managing your account and providing customer support
  • Communicating with you about your orders, transactions, and account status
  • Sending order confirmations, receipts, and delivery updates
  • Processing payments and preventing fraudulent transactions

4.2 Analytics and Service Improvement

  • Analyzing how customers use our website and services to improve functionality
  • Conducting internal research and development to improve menu offerings and user experience
  • Monitoring website performance and resolving technical issues
  • Understanding customer preferences and dining trends

4.3 Marketing and Communications

  • Sending you promotional emails, newsletters, and special offers with your consent
  • Providing personalized recommendations based on your order history and preferences
  • Running loyalty programs, contests, giveaways, and promotional campaigns
  • Remarketing to you through digital advertising platforms where permitted by law

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any email we send, or by contacting us at [email protected]. Opting out of marketing communications will not affect transactional communications related to your orders or account.

4.4 Legal Compliance and Safety

  • Complying with applicable federal and state laws and regulations
  • Responding to legal processes, subpoenas, court orders, or governmental requests
  • Protecting the rights, property, and safety of Tatte, our customers, and the public
  • Detecting, preventing, and addressing fraud, security breaches, or other illegal activities
  • Enforcing our Terms of Service and other applicable agreements

4.5 Business Operations

  • Maintaining accurate business records
  • Training staff and improving customer service quality
  • Facilitating potential business transfers, mergers, or acquisitions

5. Cookies and Tracking Technologies

Our website uses cookies, web beacons, pixel tags, local storage, and similar tracking technologies to collect information about your browsing activity and enhance your experience on our website.

5.1 Types of Cookies We Use

  • Essential Cookies: Necessary for the website to function properly, including session management, shopping cart functionality, and security features. These cannot be disabled without affecting website performance.
  • Analytics Cookies: Used to understand how visitors interact with our website, including pages visited, time spent, and navigation behavior. We use tools such as Google Analytics for this purpose.
  • Marketing and Advertising Cookies: Used to deliver targeted advertising based on your interests and browsing behavior, and to measure the effectiveness of our marketing campaigns.
  • Preference Cookies: Used to remember your settings, preferences, and personalization choices, such as language preferences and saved addresses.

5.2 Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to refuse, delete, or receive notifications when cookies are set. However, disabling certain cookies may impact the functionality of our website. For more detailed information about the specific cookies we use and how to manage them, please refer to our Cookie Policy, available on our website.

You may also opt out of interest-based advertising through the Digital Advertising Alliance's opt-out tool at optout.aboutads.info or the Network Advertising Initiative at optout.networkadvertising.org.

6. Sharing Your Information with Third Parties

We do not sell your personal information to third parties. However, we may share your information in the following circumstances:

6.1 Service Providers and Business Partners

We share personal information with trusted third-party service providers who assist us in operating our business, subject to confidentiality obligations and data processing agreements. These include:

  • Payment processors (e.g., Stripe, Square) for secure transaction processing
  • Food delivery platforms (e.g., DoorDash, Uber Eats) when you order through those channels
  • Email marketing platforms for sending newsletters and promotional communications
  • Analytics providers such as Google Analytics for website performance analysis
  • Cloud hosting and IT infrastructure providers
  • Customer relationship management (CRM) software providers
  • Loyalty program technology providers
  • Catering and event management partners

6.2 Legal Requirements and Law Enforcement

We may disclose your personal information when required to do so by law, or in response to a valid legal request, including:

  • Compliance with a subpoena, court order, or legal process
  • Requests from law enforcement or government agencies
  • Situations where we believe disclosure is necessary to protect public safety, prevent fraud, or enforce our legal rights

6.3 Business Transfers

In the event of a merger, acquisition, sale of business assets, financing, or restructuring, your personal information may be transferred as part of that transaction. We will notify you of any such change via email or a prominent notice on our website prior to your personal information being transferred and becoming subject to a different privacy policy.

6.4 With Your Consent

We may share your information with other parties when you have provided explicit consent for us to do so, such as participation in co-branded promotions or partnerships.

7. Data Security

Tatte takes the security of your personal information seriously. We implement a range of technical, administrative, and physical security measures designed to protect your information from unauthorized access, disclosure, alteration, or destruction. Our security practices include:

  • SSL/TLS encryption for all data transmitted between your browser and our website
  • Secure, encrypted storage of sensitive personal data
  • Payment card data handled exclusively by PCI-DSS compliant processors
  • Access controls limiting employee access to personal information on a need-to-know basis
  • Regular security assessments and vulnerability testing
  • Employee training on data privacy and security best practices
  • Multi-factor authentication for internal systems where applicable
  • Incident response procedures for data security breaches

Despite our best efforts, no method of data transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you in accordance with applicable law.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Our general retention practices are as follows:

Data Category Retention Period
Account and profile information Duration of account plus 3 years after account closure
Order and transaction records 7 years for tax and accounting compliance
Marketing communications data Until you unsubscribe or withdraw consent, plus 1 year
Customer service communications 3 years from the date of communication
Website usage and analytics data 26 months (standard Google Analytics retention)
Cookie and device data Up to 13 months depending on cookie type
Loyalty program data Duration of loyalty membership plus 2 years

After the applicable retention period expires, we will securely delete or anonymize your personal information so that it can no longer be associated with you. Where deletion is not immediately possible (such as when data is stored in backup systems), we will securely isolate the data and protect it from further processing until deletion is possible.

9. Your Privacy Rights

Depending on your state of residence within the United States, you may have a range of rights regarding your personal information. We are committed to honoring these rights in accordance with applicable law.

9.1 Rights Under the California Consumer Privacy Act (CCPA/CPRA)

If you are a California resident, you have the following rights under the CCPA as amended by the CPRA:

  • Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the purposes for which it is used, and the categories of third parties with whom it is shared.
  • Right to Delete: You have the right to request deletion of personal information we have collected from you, subject to certain exceptions.
  • Right to Correct: You have the right to request correction of inaccurate personal information we maintain about you.
  • Right to Opt-Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising. Note: We do not sell personal information. However, you may opt out of sharing for advertising purposes.
  • Right to Limit Use of Sensitive Personal Information: You have the right to limit our use of sensitive personal information to uses necessary to provide our services.
  • Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your CCPA/CPRA rights. We will not deny you goods or services, charge you different prices, or provide a different level of service because you exercised your privacy rights.

9.2 General Privacy Rights for All US Residents

Regardless of your state of residence, we provide the following rights to all our customers:

  • Right to Access: You may request access to the personal information we hold about you.
  • Right to Correction: You may request that we correct any inaccurate or incomplete personal information.
  • Right to Deletion: You may request deletion of your personal data, subject to our legal obligations to retain certain records.
  • Right to Data Portability: Where technically feasible, you may request a copy of your personal information in a structured, machine-readable format.
  • Right to Withdraw Consent: Where our processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal.
  • Right to Opt Out of Marketing: You may opt out of receiving marketing communications at any time.

9.3 How to Exercise Your Rights

To exercise any of your privacy rights, please contact us using the following methods:

When submitting a request, please include sufficient information to allow us to verify your identity, such as your full name, email address, and account information. We will respond to your request within 45 days of receipt. If additional time is required, we will notify you within the initial 45-day period. We will not charge a fee for processing your request unless it is excessive, repetitive, or clearly unfounded.

You may authorize an agent to submit a privacy rights request on your behalf. Authorized agents must provide written authorization signed by you, and we may require you to verify your own identity directly with us.

10. Children's Privacy

Our website and services are intended for individuals who are 18 years of age or older. We do not knowingly collect, solicit, or process personal information from children under the age of 13, in accordance with the Children's Online Privacy Protection Act (COPPA), or individuals under 18 for the purposes of marketing, loyalty programs, or account creation without parental consent.

If you are under 18 years of age, please do not use our website, create an account, or submit any personal information to us. If we become aware that we have inadvertently collected personal information from a child under the age of 13, we will take immediate steps to delete that information from our records.

If you are a parent or guardian and believe that your child under 13 has provided us with personal information, please contact us immediately at [email protected] and we will take appropriate action.

11. International Data Transfers

Tatte is based in the United States and primarily operates within the United States. However, some of our third-party service providers, including cloud hosting providers, analytics platforms, and software vendors, may be located in or process data in other countries. As a result, your personal information may be transferred to and processed in countries outside of the United States.

When we transfer data internationally, we take steps to ensure that appropriate safeguards are in place to protect your personal information and that any transfer complies with applicable laws. These safeguards may include:

  • Entering into data processing agreements with third-party vendors that incorporate standard contractual clauses or equivalent protections
  • Ensuring that third-party service providers implement adequate security measures
  • Transferring data only to countries or organizations that provide an adequate level of protection

By using our website and services, you acknowledge and consent to the transfer of your personal information to the United States and, where applicable, to other countries where our service providers operate.

12. Third-Party Links and Services

Our website may contain links to third-party websites, applications, and services, including social media platforms, food delivery apps, and payment gateways. These third-party services operate independently of Tatte and have their own privacy policies. We are not responsible for the privacy practices or content of any third-party services.

We encourage you to review the privacy policies of any third-party services you access through links on our website. Your interactions with third-party platforms are governed solely by their respective terms of service and privacy policies, not by this Privacy Policy.

13. Do Not Track Signals

Some web browsers allow users to enable a "Do Not Track" (DNT) signal, which communicates to websites that the user does not wish to be tracked. Currently, there is no universally accepted standard for how websites should respond to DNT signals. Our website does not currently respond to DNT browser signals. However, you may use the cookie management tools and opt-out options described in Section 5 of this policy to control tracking technologies.

14. Your California Privacy Rights — Shine the Light Law

California Civil Code Section 1798.83 (the "Shine the Light" law) permits California residents to request information about the categories of personal information we disclose to third parties for their direct marketing purposes, and the names and addresses of such third parties. If you are a California resident and wish to make such a request, please contact us at [email protected]. We will respond within 30 days of receipt of your request.

15. Filing Complaints

If you believe that we have violated your privacy rights or have any concerns about our data handling practices, we encourage you to contact us first so that we may address your concerns directly.

15.1 Contact Us

Please send your complaint or concern to:

We will acknowledge receipt of your complaint within 5 business days and endeavor to resolve the matter within 30 days.

15.2 Regulatory Authorities

If you are not satisfied with our response to your privacy complaint, you may have the right to file a complaint with a relevant regulatory authority, depending on your state of residence:

  • California Residents: You may file a complaint with the California Privacy Protection Agency (CPPA) at cppa.ca.gov, or with the California Attorney General at oag.ca.gov.
  • All US Residents: You may file a complaint with the Federal Trade Commission (FTC) at reportfraud.ftc.gov for unfair or deceptive trade practices related to privacy.
  • State Attorneys General: Residents of states with their own consumer protection laws may also contact their state Attorney General's office for guidance on filing a privacy complaint.

16. Changes to This Privacy Policy

We reserve the right to update, modify, or replace this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes to this policy, we will:

  • Update the "Last Updated" date at the top of this page
  • Notify you by email if we have your contact information on file and the change is significant
  • Post a prominent notice on our website for a reasonable period following the change

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website and services after we post changes to this Privacy Policy constitutes your acceptance of those changes.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us:

Tatte

Email: [email protected]

Website: tatte-cafe.click

Location: United States

We are committed to resolving any privacy concerns you may have in a timely, transparent, and respectful manner. Our team takes all privacy inquiries seriously, and we will do our best to address your questions and concerns as quickly as possible.

Thank you for trusting Tatte with your personal information. We value your relationship with us and are dedicated to protecting your privacy and providing you with an excellent and secure experience.

This Privacy Policy was last updated on June 6, 2026. All provisions of this Privacy Policy are subject to applicable United States federal and state laws, including the CCPA/CPRA, COPPA, and the FTC Act.