Privacy Policy

Effective Date: July 18, 2026  |  Last Updated: July 18, 2026

Welcome to Tatte. We are deeply committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website bakerytatte.rest, place orders, sign up for loyalty programs, subscribe to our newsletter, or otherwise interact with us. Please read this policy carefully. If you disagree with its terms, please discontinue use of our website and services.

This Privacy Policy applies to all personal information processed by Tatte in connection with our bakery and food services, whether provided online through bakerytatte.rest or offline through our physical locations and customer interactions. By using our website or services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy.

1. About Us

Tatte is a food and bakery business operating in the United States. We are dedicated to providing exceptional baked goods, food products, and dining experiences to our valued customers. We take your privacy seriously and are committed to being transparent about how we handle your personal data in accordance with applicable United States federal and state privacy laws.

Company Name Tatte
Website bakerytatte.rest
Email Address [email protected]
Location United States

2. Legal Framework

As a business operating in the United States, Tatte complies with applicable federal and state privacy laws, including but not limited to:

  • The Federal Trade Commission Act (FTC Act), which prohibits unfair or deceptive practices in commerce, including misrepresentation of privacy practices.
  • The California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), which grants California residents specific rights regarding their personal information.
  • The CAN-SPAM Act, governing commercial electronic communications.
  • The Children's Online Privacy Protection Act (COPPA), protecting the privacy of children under the age of 13.
  • Applicable state consumer protection laws and food service regulations.
  • The Electronic Communications Privacy Act (ECPA).

If you are a California resident, additional rights and disclosures apply to you as described in Section 10 of this Privacy Policy.

3. Information We Collect

We collect various types of information in connection with the services we provide. The categories of information we collect include:

3.1 Personal Information You Provide Directly

When you interact with us — whether placing an order, creating an account, signing up for our loyalty program, subscribing to our newsletter, or contacting our customer support — you may voluntarily provide us with the following types of personal information:

  • Identity Information: Your first and last name, username, or similar identifier.
  • Contact Information: Email address, telephone number, billing address, delivery address, and any other address details necessary for fulfilling your orders.
  • Account Credentials: Username, password (stored in encrypted form), and security question answers when you create an account with us.
  • Order and Transaction Information: Details about the products you purchase, order history, special dietary preferences or requests, gift card information, and purchase amounts.
  • Payment Information: Credit card numbers, debit card numbers, and other payment details. Please note that full payment card data is processed by our secure, PCI-DSS-compliant payment processors, and we do not store full payment card numbers on our systems.
  • Loyalty Program Information: Participation records, reward points balance, redemption history, and preferences associated with our loyalty programs.
  • Communications: Any feedback, reviews, comments, or correspondence you send us through our website, email, or social media channels.
  • Marketing Preferences: Your preferences regarding receiving marketing communications from us and your communication channel preferences.
  • Dietary and Food Preferences: Any food allergies, dietary restrictions, or preferences you share with us so we can better serve you.

3.2 Information Collected Automatically

When you visit our website bakerytatte.rest, we automatically collect certain technical information through cookies, web beacons, pixel tags, and similar tracking technologies:

  • Device Information: IP address, device type, device operating system, browser type and version, screen resolution, and unique device identifiers.
  • Usage Data: Pages you visit on our website, time and date of your visit, time spent on each page, links clicked, referring URLs, search terms used on our site, and your browsing path through our website.
  • Location Data: General geographic location inferred from your IP address (such as city and state level). We do not collect precise GPS location without your explicit consent.
  • Cookie Data: Information stored in cookies and similar technologies on your device, including session cookies, preference cookies, and analytics cookies (see Section 8 for more details on our cookie practices).
  • Log Data: Server log files that record your interactions with our website, including error reports and performance data.

3.3 Information from Third Parties

We may receive information about you from third-party sources, which we may combine with information we have already collected about you:

  • Social Media Platforms: If you choose to connect your social media accounts (such as Facebook, Instagram, or Google) to our website or use social login features, we may receive profile information such as your name, email address, and profile picture from those platforms, subject to your privacy settings on those platforms.
  • Delivery Partners: If you place orders through third-party delivery platforms or food aggregators, we may receive order-related information necessary to fulfill your order.
  • Analytics Providers: We may receive aggregated or pseudonymized information from analytics services to better understand website traffic and customer behavior patterns.
  • Payment Processors: Our payment processors may share limited transaction confirmation data with us to reconcile payments and prevent fraud.
  • Publicly Available Sources: We may collect information from publicly available sources such as public social media posts that mention our brand, for purposes of customer feedback and service improvement.

4. How We Use Your Information

We use the personal information we collect for a variety of legitimate business purposes. We will only use your personal information when we have a lawful basis to do so under applicable law. The purposes for which we use your information include:

4.1 Providing and Managing Our Services

  • Processing and fulfilling your food orders, both online and in-store.
  • Managing your customer account and loyalty program membership.
  • Processing payments and managing billing and invoicing.
  • Arranging delivery or collection of orders.
  • Communicating with you about your orders, including order confirmations, updates, and receipts.
  • Responding to your customer service inquiries, complaints, and feedback.
  • Accommodating your dietary preferences, allergies, and special requests.

4.2 Improving Our Services and Operations

  • Analyzing usage patterns on our website to improve user experience and interface design.
  • Conducting internal research and analytics to understand customer preferences and improve our menu offerings and service quality.
  • Monitoring and improving the performance, security, and reliability of our website and systems.
  • Developing new products, features, and service offerings based on customer feedback and behavior data.
  • Training our staff and improving operational efficiency.

4.3 Marketing and Communications

  • Sending you promotional emails, newsletters, and offers about our products and services, where you have provided consent or where permitted by applicable law.
  • Personalizing our communications and marketing materials based on your purchase history and preferences.
  • Running loyalty programs, contests, sweepstakes, and promotional campaigns.
  • Displaying targeted advertisements on our website and third-party platforms.
  • Sending push notifications if you have downloaded our mobile application and consented to receive them.
  • Conducting customer satisfaction surveys and requesting reviews of our products and services.

4.4 Legal and Compliance Purposes

  • Complying with applicable laws, regulations, and legal obligations.
  • Responding to lawful requests from public authorities, courts, and government agencies.
  • Enforcing our Terms of Service and other agreements.
  • Detecting, investigating, and preventing fraudulent transactions, security incidents, and other illegal activities.
  • Protecting the rights, property, and safety of Tatte, our customers, and the public.
  • Maintaining records required by food safety regulations and applicable business laws.

5. Sharing Your Information with Third Parties

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. However, we do share your information with carefully selected third parties in certain circumstances as described below:

5.1 Service Providers and Business Partners

We share personal information with trusted third-party service providers who assist us in operating our business and providing our services. These service providers are contractually obligated to use your information only for the purposes for which we disclose it and to maintain appropriate security measures. Such service providers include:

  • Payment Processors: To process credit/debit card payments and other financial transactions securely.
  • Delivery Service Providers: To fulfill food delivery orders placed through our platform.
  • IT and Hosting Providers: To host our website, manage our databases, and provide cloud computing services.
  • Email and Marketing Service Providers: To send marketing emails, newsletters, and transactional communications.
  • Analytics Providers: Such as Google Analytics, to help us understand website traffic and user behavior.
  • Customer Support Platforms: To manage and respond to customer inquiries and complaints.
  • Loyalty Program Administrators: To manage customer rewards and loyalty point systems.
  • Advertising Networks: To display relevant advertisements on our website and other platforms.
  • Fraud Prevention Services: To detect and prevent fraudulent transactions and account takeovers.

5.2 Legal Requirements and Law Enforcement

We may disclose your personal information to government authorities, law enforcement agencies, courts, or other third parties when we believe disclosure is necessary or required:

  • To comply with applicable laws, regulations, or legal processes, including valid subpoenas, court orders, or government demands.
  • To enforce our Terms of Service or other legal agreements.
  • To protect the rights, property, safety, or security of Tatte, our employees, customers, or the public.
  • In connection with investigations of suspected illegal activity or fraud.

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, sale of substantially all assets, or other business combination involving Tatte, your personal information may be transferred to the acquiring entity or successor organization as part of the transaction. We will notify you via email and/or a prominent notice on our website of any such change in ownership and choices you may have regarding your personal information.

5.4 With Your Consent

We may share your information with additional third parties when we have obtained your explicit consent to do so, such as when you participate in co-branded promotions or partner loyalty programs.

6. Data Security

Protecting your personal information is a top priority for Tatte. We implement a variety of technical, administrative, and physical security measures designed to protect your personal information from unauthorized access, disclosure, alteration, destruction, or misuse.

Our security measures include:

  • Encryption: We use Secure Socket Layer (SSL) and Transport Layer Security (TLS) technology to encrypt data transmitted between your browser and our servers. Payment information is transmitted using industry-standard encryption protocols.
  • Access Controls: Access to personal information within our organization is restricted to employees and contractors who need that information to perform their job functions. All personnel with access to personal data are bound by confidentiality obligations.
  • Password Security: Account passwords are stored using strong, industry-standard cryptographic hashing algorithms. We never store passwords in plain text.
  • PCI-DSS Compliance: Our payment processing systems comply with the Payment Card Industry Data Security Standard (PCI-DSS) to ensure secure handling of payment card information.
  • Regular Security Assessments: We conduct regular security audits and vulnerability assessments to identify and address potential security weaknesses in our systems.
  • Incident Response: We maintain an incident response plan to promptly address any actual or suspected data security breaches, including notifying affected individuals as required by applicable law.
  • Vendor Security: We require all third-party service providers who handle personal information on our behalf to maintain appropriate security standards and contractual data protection obligations.
  • Physical Security: Our physical facilities maintain appropriate access controls to protect servers and other hardware containing personal data.
Important Notice: While we take all reasonable steps to protect your personal information, no method of data transmission or storage is 100% secure. We cannot guarantee the absolute security of your data. If you suspect unauthorized access to your account, please contact us immediately at [email protected].

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements. The specific retention periods vary depending on the type of data and the purpose for which it was collected:

Type of Data Retention Period
Customer Account Information Duration of account plus 3 years after account closure
Order and Transaction Records 7 years (for tax and accounting purposes)
Payment Processing Records As required by PCI-DSS and applicable law (typically 5-7 years)
Marketing Consent Records Until consent is withdrawn, plus 3 years
Customer Communications and Support Tickets 3 years from date of last communication
Website Analytics Data 26 months from collection
Cookie Data As specified in our Cookie Policy (session to 24 months)
Legal Compliance Records As required by applicable law

When personal information is no longer needed for the purposes for which it was collected, or when required retention periods have elapsed, we will securely delete, anonymize, or destroy the information in accordance with our data disposal procedures. In some circumstances, we may anonymize your personal information so that it can no longer be associated with you, in which case we may use such anonymized information without further notice.

8. Cookies and Tracking Technologies

Our website bakerytatte.rest uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and deliver personalized content and advertising. Cookies are small text files that are stored on your device when you visit our website.

8.1 Types of Cookies We Use

  • Strictly Necessary Cookies: These cookies are essential for the functioning of our website and cannot be switched off in our systems. They are usually set in response to actions made by you, such as setting your privacy preferences, logging in, or filling in forms, or placing orders.
  • Performance and Analytics Cookies: These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our website. They help us understand which pages are the most and least popular and see how visitors move around the site.
  • Functional Cookies: These cookies enable the website to provide enhanced functionality and personalization, such as remembering your preferences, language settings, or items in your shopping cart.
  • Targeting and Advertising Cookies: These cookies may be set through our website by our advertising partners. They may be used to build a profile of your interests and show you relevant advertisements on other sites.

8.2 Managing Cookies

You have the right to choose whether to accept or decline cookies. You can manage your cookie preferences through our cookie consent banner when you first visit our website. You can also control cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website and your user experience.

For more detailed information about the specific cookies we use, their purposes, and how to manage them, please refer to our Cookie Policy.

9. Your Privacy Rights

Depending on your location and applicable law, you may have certain rights regarding your personal information. We are committed to honoring these rights and making it easy for you to exercise them.

9.1 General Privacy Rights (All Users)

  • Right to Access: You have the right to request a copy of the personal information we hold about you and information about how we use it.
  • Right to Correction: You have the right to request that we correct any inaccurate or incomplete personal information we hold about you.
  • Right to Deletion: You have the right to request that we delete your personal information, subject to certain exceptions (such as where we are required by law to retain the information).
  • Right to Opt-Out of Marketing: You have the right to opt out of receiving marketing communications from us at any time. You can do this by clicking the "unsubscribe" link in any marketing email we send you or by contacting us directly.
  • Right to Data Portability: Where technically feasible and legally required, you have the right to receive a copy of your personal information in a structured, commonly used, and machine-readable format.
  • Right to Withdraw Consent: Where we rely on your consent to process your personal information, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.

9.2 How to Exercise Your Rights

To exercise any of your privacy rights, please submit a request to us by:

We will respond to your request within 30 days of receipt. In some cases, such as for complex requests, we may need up to 60 days to respond, and we will notify you if this is the case. We may need to verify your identity before processing your request to protect your privacy and security. We will not discriminate against you for exercising your privacy rights.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). This section supplements the general information in our Privacy Policy and applies specifically to California residents.

10.1 Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information from California residents:

  • Identifiers (name, email address, IP address, account username)
  • Personal information categories listed in the California Customer Records statute (address, telephone number, payment card information)
  • Commercial information (products purchased, purchase history, loyalty program data)
  • Internet or other electronic network activity information (browsing history on our website, search history)
  • Geolocation data (general location derived from IP address)
  • Inferences drawn from the above to create a profile about consumer preferences
  • Sensitive personal information (food allergies and dietary restrictions, where voluntarily provided)

10.2 Your CCPA/CPRA Rights

California residents have the right to:

  • Know: The categories and specific pieces of personal information we collect, use, disclose, and sell or share.
  • Delete: Request deletion of your personal information, subject to certain exceptions.
  • Correct: Request correction of inaccurate personal information.
  • Opt-Out of Sale or Sharing: Opt out of the sale or sharing of your personal information for cross-context behavioral advertising. We do not sell personal information in the traditional sense but may share certain data with advertising partners. California residents may opt out by clicking the "Do Not Sell or Share My Personal Information" link on our website.
  • Limit Use of Sensitive Personal Information: Limit the use and disclosure of sensitive personal information to necessary purposes.
  • Non-Discrimination: Not be discriminated against for exercising your CCPA/CPRA rights.

To submit a CCPA/CPRA rights request, please contact us at [email protected]. We will respond to verifiable consumer requests within 45 days, extendable by an additional 45 days when reasonably necessary.

11. Children's Privacy

Age Restriction: Our website and services are not intended for individuals under the age of 18 years old.

Tatte does not knowingly collect, use, or disclose personal information from children under the age of 18. Our website, online ordering system, loyalty programs, and marketing activities are directed at adults only. If you are under 18 years of age, please do not use our website, create an account, or submit any personal information to us.

We comply with the Children's Online Privacy Protection Act (COPPA), which prohibits the collection of personal information from children under the age of 13 without verifiable parental consent. If we become aware that we have inadvertently collected personal information from a child under 13 without appropriate parental consent, we will take immediate steps to delete that information from our records.

If you are a parent or guardian and believe that your child under 18 has provided personal information to us without your consent, please contact us immediately at [email protected] so that we can take appropriate action.

12. International Data Transfers

Tatte is based in the United States, and your personal information is primarily collected, processed, and stored in the United States. However, some of our service providers and technology partners may be located in other countries and may process or store your data outside of the United States.

When your personal information is transferred outside of the United States to countries that may not have data protection laws equivalent to those in your jurisdiction, we take steps to ensure that appropriate safeguards are in place to protect your information. These safeguards may include:

  • Data processing agreements with our service providers that include appropriate data protection provisions.
  • Standard contractual clauses or other approved transfer mechanisms where applicable.
  • Ensuring that recipient countries or organizations provide an adequate level of data protection.

By using our website and services, you acknowledge that your personal information may be transferred to and processed in the United States and other countries where our service providers operate.

13. Third-Party Websites and Links

Our website bakerytatte.rest may contain links to third-party websites, applications, and services, including social media platforms, delivery partners, and payment processors. This Privacy Policy does not apply to the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party sites or services you visit or use.

We are not responsible for the privacy practices, content, or security of any third-party websites, even if you access them through links on our website. The inclusion of a link on our website does not imply our endorsement of the linked site or its privacy practices.

14. Marketing Communications and Opt-Out

With your consent or as permitted by applicable law, we may send you marketing communications about our products, services, promotions, and events. You may opt out of receiving marketing communications from us at any time by:

  • Clicking the "unsubscribe" or "opt-out" link at the bottom of any marketing email we send you.
  • Updating your communication preferences in your account settings on our website.
  • Contacting us directly at [email protected] and requesting to be removed from our marketing lists.

Please note that even if you opt out of marketing communications, we may still send you transactional or service-related communications that are necessary for the management of your account or fulfillment of your orders (such as order confirmations, receipts, and important account notifications).

We comply with the CAN-SPAM Act requirements for all commercial email communications, including clearly identifying our communications as commercial in nature and including our postal address and a valid opt-out mechanism in all marketing emails.

15. How to File a Complaint

If you have concerns about our privacy practices or believe that we have not complied with this Privacy Policy or applicable privacy law, we encourage you to contact us first so that we can address your concerns directly.

If you are not satisfied with our response, you may have the right to file a complaint with relevant regulatory authorities:

  • Federal Trade Commission (FTC): The FTC enforces federal consumer protection laws. You can file a complaint with the FTC at reportfraud.ftc.gov or by calling 1-877-FTC-HELP (1-877-382-4357).
  • California Privacy Protection Agency (CPPA): California residents may file complaints with the California Privacy Protection Agency, which enforces the CCPA/CPRA. Visit cppa.ca.gov for more information.
  • State Attorney General: You may also contact the Attorney General of your state if you believe your state's privacy laws have been violated.

16. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, technologies, legal requirements, or for other business reasons. When we make material changes to this Privacy Policy, we will:

  • Post the updated Privacy Policy on our website at bakerytatte.rest with a new effective date.
  • Notify registered users by email, where we have your email address and the changes are material.
  • Display a notice on our website homepage for a reasonable period following significant updates.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website and services after any changes to this Privacy Policy constitutes your acknowledgment of the revised terms.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please do not hesitate to contact us. We are committed to addressing your privacy inquiries promptly and transparently.

Privacy Inquiries — Contact Information
Company Tatte
Website bakerytatte.rest
Email [email protected]
Country United States

When contacting us about a privacy matter, please include sufficient information to help us identify your account and understand the nature of your request, including your full name, email address associated with your account, and a description of your inquiry or request. We will endeavor to respond to all legitimate privacy-related inquiries within 30 days of receipt.

Effective Date: This Privacy Policy is effective as of July 18, 2026.
Last Updated: July 18, 2026