Privacy Policy

Effective Date: June 12, 2026 | Last Updated: June 12, 2026

Welcome to Tatte. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website bakery-tatte.digital, make a purchase, or otherwise interact with our services. Please read this policy carefully. If you disagree with its terms, please discontinue use of our site immediately.

This Privacy Policy applies to all users of bakery-tatte.digital and any related services, sales, marketing, or events. By accessing or using our website, you acknowledge that you have read, understood, and agree to be bound by all the terms described herein.

1. About Us

Tatte is a food business based in the United States. We operate through our website bakery-tatte.digital and offer food-related products and services to customers across the country. For all privacy-related matters, you may contact us using the following details:

Business Name	Tatte
Website	bakery-tatte.digital
Email	[email protected]
Country	United States

2. Information We Collect

We collect various types of information in connection with your use of our website, your orders, and your communications with us. The categories of personal information we may collect include the following:

2.1 Personal Information You Provide Directly

When you visit our site, create an account, place an order, subscribe to our newsletter, fill out a contact form, or otherwise communicate with us, you may provide us with personal information, including but not limited to:

Identification Information: Full name, username, and profile photo (if applicable).
Contact Information: Email address, mailing address, phone number.
Account Credentials: Password and security question answers (stored in encrypted form).
Order and Transaction Information: Products ordered, quantities, billing and shipping addresses, and payment method details (note: full payment card data is processed by our secure third-party payment processors and not stored by us).
Communications: Messages, feedback, reviews, and any other content you submit to us directly.
Dietary and Food Preferences: Any preferences or allergen information you voluntarily share with us to customize your food orders.

2.2 Information We Collect Automatically

When you browse or interact with our website, we automatically collect certain technical and usage information, including:

Device Information: IP address, browser type and version, operating system, device identifiers, and screen resolution.
Usage Data: Pages viewed, links clicked, time spent on pages, referring URL, and navigation paths through our website.
Log Data: Server logs that record requests made to our servers, error logs, and timestamps of interactions.
Location Data: General geographic location inferred from your IP address. We do not collect precise GPS location unless you explicitly grant permission.
Performance Data: Website loading times, crash reports, and other diagnostic information.

2.3 Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar tracking technologies to enhance your experience on our website. Cookies are small data files placed on your device that help us remember your preferences, recognize returning visitors, and analyze site traffic. Please refer to our dedicated Cookie Policy for detailed information about the cookies we use, their purposes, and how you can manage your preferences.

In brief, the types of cookies we may use include:

Strictly Necessary Cookies: Required for the website to function properly (e.g., shopping cart, login sessions).
Performance and Analytics Cookies: Help us understand how visitors interact with our website (e.g., Google Analytics).
Functional Cookies: Remember your preferences such as language and region.
Marketing and Targeting Cookies: Used to deliver relevant advertisements and promotions.

2.4 Information From Third Parties

We may receive information about you from third parties such as:

Social media platforms if you choose to log in or interact with us through them.
Analytics providers who help us understand our audience.
Payment processors who confirm successful transactions.
Delivery and logistics partners who provide fulfillment updates.
Marketing partners and advertising networks.

3. How We Use Your Information

We use the information we collect for a variety of legitimate business purposes, all in compliance with applicable U.S. law, including the California Consumer Privacy Act (CCPA/CPRA) where applicable, and the Federal Trade Commission (FTC) Act:

3.1 Service Provision and Order Fulfillment

To process your orders, payments, and deliver products or services you have requested.
To manage your account and provide customer support.
To send you order confirmations, invoices, shipping updates, and other transactional communications.
To accommodate dietary preferences or allergen information you share with us.
To comply with legal obligations related to food safety and consumer protection.

3.2 Analytics and Website Improvement

To analyze how users interact with our website so we can improve functionality and user experience.
To monitor website performance, identify technical issues, and fix errors.
To understand which products and content are most popular with our customers.
To conduct internal research and develop new products or services.

3.3 Marketing and Communications

To send you promotional emails, newsletters, special offers, and updates about Tatte — only where you have consented or where permitted by law.
To personalize your experience by recommending products or content based on your preferences.
To run contests, sweepstakes, and loyalty programs.
To send you surveys or request reviews and feedback.
You may opt out of marketing communications at any time by clicking the "unsubscribe" link in our emails or contacting us at [email protected].

3.4 Legal and Safety Purposes

To comply with applicable laws, regulations, and legal processes.
To detect, prevent, and respond to fraud, security incidents, or other potentially harmful activities.
To enforce our Terms of Service and other agreements.
To protect the rights, property, and safety of Tatte, our users, and the public.

4. Legal Basis for Processing (Where Applicable)

For users located in states with specific data privacy laws (such as California under CCPA/CPRA), we rely on the following legal bases for processing your personal information:

Performance of a Contract: Processing is necessary to fulfill your orders and deliver services you have requested.
Legitimate Interests: We process data for fraud prevention, security, and improving our services, where these interests are not overridden by your rights.
Legal Obligation: Processing required to comply with applicable law.
Consent: For marketing communications and certain cookies, where you have given explicit consent. You may withdraw consent at any time.

5. Sharing Your Information With Third Parties

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. However, we may share your information in the following circumstances:

5.1 Service Providers and Business Partners

We share information with trusted third-party vendors and service providers who assist us in operating our business, including:

Payment Processors: To securely handle payment transactions (e.g., Stripe, Square, or similar processors).
Shipping and Delivery Partners: To fulfill and deliver your orders.
Email and Marketing Platforms: To send transactional and promotional communications.
Analytics Providers: Such as Google Analytics, to help us understand how our website is used.
Cloud Hosting and IT Services: For secure data storage and website infrastructure.
Customer Support Tools: To manage communications and inquiries.

All service providers are contractually obligated to use your information only for the purposes we specify and to maintain appropriate security standards.

5.2 Legal Requirements and Law Enforcement

We may disclose your personal information if required to do so by law or in the good-faith belief that such action is necessary to:

Comply with a legal obligation, court order, or government request.
Protect and defend the rights or property of Tatte.
Prevent or investigate possible wrongdoing in connection with our services.
Protect the personal safety of users or the public.

5.3 Business Transfers

In the event of a merger, acquisition, sale of assets, restructuring, or other business transition, your personal information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website before your information is transferred and becomes subject to a different privacy policy.

5.4 With Your Consent

We may share your information with other third parties when you have given us your explicit consent to do so.

6. Data Security

Protecting your personal information is a top priority for Tatte. We implement a combination of technical, administrative, and physical safeguards designed to protect your data from unauthorized access, use, alteration, and disclosure, including:

Encryption: All data transmitted between your browser and our servers is protected using SSL/TLS encryption (HTTPS).
Access Controls: Access to personal data is restricted to authorized personnel who need it to perform their job functions.
Password Hashing: Account passwords are stored using industry-standard cryptographic hashing algorithms and are never stored in plain text.
Regular Security Audits: We periodically review and test our systems and security practices.
PCI DSS Compliance: Payment processing is handled by PCI DSS-compliant third-party processors; we do not store full payment card details on our servers.
Incident Response: We have procedures in place to detect, report, and respond to data security incidents in a timely manner.

Important Notice: While we take every reasonable precaution to protect your data, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security and encourage you to use strong passwords and protect your account credentials.

7. Your Privacy Rights

Depending on your location within the United States, you may have specific rights regarding your personal information. In particular, if you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) grant you the following rights:

7.1 Right to Know and Access

You have the right to request that we disclose to you:

The categories of personal information we have collected about you.
The categories of sources from which we collected your personal information.
The business or commercial purpose for collecting your information.
The categories of third parties with whom we share your personal information.
The specific pieces of personal information we have collected about you.

7.2 Right to Correction

You have the right to request that we correct inaccurate personal information we hold about you. Once we receive your verified request, we will use commercially reasonable efforts to correct your information.

7.3 Right to Deletion

You have the right to request the deletion of personal information we have collected from you, subject to certain exceptions (such as where we need to retain your information to complete a transaction, comply with a legal obligation, or for fraud prevention purposes).

7.4 Right to Data Portability

You may request that we provide you with a copy of your personal information in a structured, commonly used, and machine-readable format, where technically feasible.

7.5 Right to Opt Out of Sale or Sharing

Under the CCPA/CPRA, you have the right to opt out of the "sale" or "sharing" of your personal information for cross-context behavioral advertising. We do not sell your personal information as traditionally defined. However, if you wish to opt out of any data sharing practices that may qualify under CCPA/CPRA, please contact us at [email protected].

7.6 Right to Limit Use of Sensitive Personal Information

If we collect sensitive personal information (such as precise geolocation or financial account details), you have the right to limit our use and disclosure of such information to what is reasonably necessary to provide services.

7.7 Right to Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. This means we will not deny you goods or services, charge you different prices, provide a different quality of service, or suggest you will receive a different quality of service as a result of exercising your rights.

7.8 How to Submit a Privacy Rights Request

To exercise any of the rights described above, please contact us at:

Email: [email protected]
Website: bakery-tatte.digital

We will respond to verified requests within 45 days as required by the CCPA/CPRA. If we need additional time, we will notify you of the extension. We may need to verify your identity before processing your request to protect your information from unauthorized access.

7.9 Authorized Agents

California residents may designate an authorized agent to submit privacy rights requests on their behalf. The authorized agent must provide written authorization signed by you, and we may contact you directly to verify your identity and confirm the request.

8. Cookie Usage

Our website uses cookies and similar tracking technologies to provide a better user experience, analyze website traffic, and deliver relevant marketing. A cookie is a small text file stored on your device when you visit a website.

We use the following types of cookies:

Essential Cookies: Necessary for the website to function and cannot be switched off in our systems.
Analytics Cookies: Allow us to count visits and traffic sources to measure and improve site performance.
Functional Cookies: Enable enhanced functionality and personalization.
Advertising Cookies: Used to make advertising messages more relevant to you.

You can manage your cookie preferences through your browser settings or through our cookie consent tool. Note that disabling certain cookies may affect the functionality of our website.

For more detailed information, please read our full Cookie Policy.

9. Data Retention

We retain your personal information only for as long as is necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specific retention periods include:

Type of Data	Retention Period
Account Information	Duration of account, plus 3 years after closure
Order and Transaction Records	7 years (for tax and legal compliance)
Marketing Preferences and Opt-Outs	Until you withdraw consent or request deletion
Customer Support Communications	3 years from the date of last interaction
Website Usage and Analytics Data	Up to 26 months (anonymized after 14 months)
Cookie Data	As specified in our Cookie Policy (typically 30 days to 2 years)
Security and Fraud Logs	Up to 5 years

When personal data is no longer required, we securely delete or anonymize it in accordance with our data retention schedules and applicable legal requirements.

10. Children's Privacy

Age Restriction — 18 Years and Older Only: Our website and services are intended exclusively for individuals who are 18 years of age or older. We do not knowingly collect, use, or disclose personal information from anyone under the age of 18.

Tatte's website and services are not directed at, marketed to, or intended for children under the age of 18. We do not knowingly solicit or collect personal information from minors. If we become aware that we have inadvertently collected personal information from a user who is under 18 years of age without verifiable parental consent, we will take immediate steps to delete such information from our records.

If you are a parent or guardian and you believe your child has provided us with personal information without your consent, please contact us immediately at [email protected]. We comply with the Children's Online Privacy Protection Act (COPPA) and will respond promptly to such requests.

11. International Data Transfers

Tatte is based in the United States, and your personal information is primarily collected and processed within the United States. However, some of our third-party service providers may be located in or operate from other countries. When we transfer your personal information outside the United States, we take steps to ensure that appropriate safeguards are in place to protect your information and that such transfers comply with applicable law.

These safeguards may include:

Entering into data processing agreements with our service providers that include standard contractual clauses or equivalent protections.
Ensuring that third-party processors located in other countries provide an adequate level of data protection.
Obtaining your consent for specific transfers where required.

By using our website and services, you acknowledge and consent to the transfer of your personal information to countries outside your country of residence, where applicable data protection laws may differ.

12. Third-Party Websites and Links

Our website may contain links to third-party websites, platforms, or services that are not operated by Tatte. We have no control over the content, privacy policies, or practices of any third-party sites. We strongly encourage you to review the privacy policy of every website you visit. We are not responsible for the privacy practices or the content of third-party websites.

This Privacy Policy applies solely to information collected by our website, bakery-tatte.digital.

13. Social Media and Third-Party Features

Our website may include social media features, such as the Facebook Like button, Instagram share links, or other interactive mini-programs. These features may collect information such as your IP address, the page you are visiting, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our website. Your interactions with these features are governed by the privacy policies of the companies providing them. We encourage you to review those policies independently.

14. Email Marketing and Opt-Out Rights

If you have subscribed to our email newsletter or marketing communications, we will send you updates about our products, promotions, seasonal menus, events, and special offers. You can opt out of these communications at any time by:

Clicking the "Unsubscribe" link at the bottom of any marketing email you receive from us.
Sending an email to [email protected] with "Unsubscribe" in the subject line.

Please note that even if you opt out of marketing communications, you will still receive transactional emails related to any orders you place, account changes, or other service-related communications as these are necessary to fulfill our contractual obligations to you.

We comply fully with the CAN-SPAM Act of 2003 and will process your opt-out request within 10 business days.

15. Do Not Track Signals

Some browsers offer a "Do Not Track" (DNT) feature that signals to websites that you do not want to have your online activity tracked. Currently, our website does not respond to browser DNT signals as there is no consistent industry standard for how to interpret and respond to such signals. However, you can manage your tracking preferences through our cookie consent tool and through your browser settings.

16. California-Specific Privacy Disclosures

If you are a California resident, the California Consumer Privacy Act of 2018 (CCPA) and the California Privacy Rights Act of 2020 (CPRA) provide you with specific rights regarding your personal information. In addition to the rights described in Section 7 of this policy, California residents should note the following:

Shine the Light Law (Cal. Civ. Code § 1798.83): California residents may request information about our disclosure of personal information to third parties for direct marketing purposes. To make such a request, please contact us at [email protected].
Categories of Personal Information Collected: As described in Section 2, we collect identifiers, commercial information, internet/electronic activity data, and inferences drawn from this information.
Business Purposes for Collection: As described in Section 3, we collect information for service provision, analytics, security, and marketing.
No Sale of Personal Data: We do not sell personal information to third parties for monetary consideration.

17. Filing Complaints With Regulatory Authorities

If you believe that we have not complied with applicable privacy laws in handling your personal information, you have the right to file a complaint with the relevant regulatory authority.

17.1 California Residents

California residents may file a complaint with the California Privacy Protection Agency (CPPA) or the California Attorney General's Office:

California Privacy Protection Agency: cppa.ca.gov
California Attorney General: oag.ca.gov/privacy/ccpa

17.2 Federal Level

For matters involving unfair or deceptive practices under the FTC Act, consumers may contact the Federal Trade Commission (FTC):

FTC Complaint Center: ftc.gov/complaint
FTC Website: ftc.gov

17.3 Contact Us First

We encourage you to contact us first before filing a complaint with a regulatory authority. We take all privacy concerns seriously and will work diligently to resolve your issue promptly and fairly. Please reach out to us at:

Email: [email protected]
Website: bakery-tatte.digital

18. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, applicable law, or our services. When we make material changes to this policy, we will:

Post the updated Privacy Policy on this page with a revised "Last Updated" date.
Notify you by email (if you have provided your email address) or by displaying a prominent notice on our website.
Where required by law, obtain your consent to material changes.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website after the posting of changes constitutes your acceptance of the updated Privacy Policy.

19. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact our privacy team:

Business Name	Tatte
Email Address	[email protected]
Website	bakery-tatte.digital
Country	United States

We will acknowledge your inquiry within 5 business days and will aim to fully resolve your concern within 30 days, or within the timescales required by applicable law where shorter periods apply.

Privacy Policy — Document Information

Business: Tatte | Website: bakery-tatte.digital

Effective Date: June 12, 2026

Applicable Law: CCPA/CPRA (California), COPPA, CAN-SPAM Act, FTC Act (United States)