Privacy Policy

Effective Date: June 25, 2026 | Last Updated: June 25, 2026

Important Notice: This Privacy Policy describes how Tatte ("we," "us," or "our") collects, uses, shares, and protects your personal information when you visit our website at tattebakerycafe.rest, use our services, or interact with us in any capacity. Please read this policy carefully before using our services.

1. Introduction and Our Commitment to Privacy

Welcome to Tatte. We are a food service business operating in the United States and we are deeply committed to protecting the privacy and security of our customers, website visitors, and all individuals who interact with our brand. This Privacy Policy has been prepared in accordance with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other relevant consumer protection regulations.

We believe that privacy is a fundamental right, and we have structured our data practices to reflect transparency, accountability, and respect for your personal information. By accessing or using our website at tattebakerycafe.rest, placing an order, subscribing to our newsletter, or otherwise engaging with our services, you acknowledge that you have read, understood, and agree to the terms outlined in this Privacy Policy.

If you do not agree with any part of this Privacy Policy, we ask that you discontinue use of our website and services and contact us at [email protected] if you have any questions or concerns before doing so.

2. About Us — Contact Information

This Privacy Policy applies to the following entity:

Company Name	Tatte
Business Type	Food Service / Bakery Cafe
Website	tattebakerycafe.rest
Email Address	[email protected]
Country of Operation	United States

For all privacy-related inquiries, requests, or complaints, please contact our Privacy Team directly at [email protected]. We are committed to responding to all legitimate privacy inquiries within a reasonable timeframe, typically within 30 days of receipt.

3. Information We Collect

We collect various types of information in connection with the operation of our business and the services we provide. The categories of information we collect are described in detail below.

3.1 Personal Information You Provide to Us

When you voluntarily interact with our website or services, you may provide us with personal information including, but not limited to:

Identity Information: Your first name, last name, username, or similar identifiers.
Contact Information: Email address, telephone number, billing address, delivery address, and other contact details.
Account Information: Login credentials such as username and password (stored in encrypted form), account preferences, and profile information.
Order and Transaction Data: Details about food orders, purchases, transaction history, order preferences, dietary requirements or restrictions you voluntarily share, and payment-related information.
Payment Information: Credit or debit card details, billing address, and other financial information necessary to process your transactions. Note that full payment card details are processed by our third-party payment processors and are not stored on our servers.
Communication Data: Any information you provide when contacting our customer service team, completing feedback forms, submitting inquiries, or participating in surveys or promotions.
Marketing Preferences: Your preferences in receiving marketing communications from us and your communication preferences.
Loyalty Program Data: If you participate in any loyalty or rewards programs we operate, we collect data related to your participation, point accumulation, and redemption history.

3.2 Information Collected Automatically

When you access our website at tattebakerycafe.rest, we and our third-party service providers automatically collect certain information about your device and browsing activities, including:

Device Information: Your device type, operating system and version, browser type and version, device identifiers, screen resolution, and hardware configuration.
Usage Data: Pages viewed on our website, the time and date of your visit, time spent on individual pages, links clicked, referring URLs, search queries entered on our site, and other clickstream data.
IP Address and Location Data: Your Internet Protocol (IP) address, which may be used to approximate your geographic location (city, state, or country level).
Cookie and Tracking Data: Information collected through cookies, web beacons, pixel tags, and similar tracking technologies. Please refer to Section 9 of this Privacy Policy for more information about our use of cookies.
Log Data: Server log files that record information about your interaction with our website, including access times, error logs, and technical details about your connection.

3.3 Information Collected from Third Parties

We may also receive information about you from third-party sources, including:

Social Media Platforms: If you connect your social media account to our services or interact with our social media pages, we may receive certain profile information from those platforms in accordance with your privacy settings on those platforms.
Analytics Providers: Third-party analytics services may provide us with aggregated or de-identified information about website traffic and user behavior.
Advertising Partners: Our advertising partners may share information with us about your interaction with their services as relevant to our advertising activities.
Food Delivery Platforms: If you order through third-party food delivery services or platforms, those services may share certain order-related information with us.
Review Platforms: Information you post publicly on review platforms or sites about our products and services.

4. How We Use Your Information

We use the personal information we collect for a variety of purposes, all of which are intended to provide you with an excellent experience and to operate our business effectively and lawfully. Specifically, we use your information for the following purposes:

4.1 Service Provision and Order Fulfillment

To process your food orders and manage transactions, including billing and delivery.
To create and manage your customer account.
To provide customer support and respond to your inquiries, complaints, or requests.
To send you order confirmations, receipts, and updates about your orders.
To administer loyalty programs and promotional offers you have signed up for.
To manage reservations or any table booking services we may offer.

4.2 Analytics and Service Improvement

To analyze how visitors use our website in order to improve the design, content, and functionality of our online presence.
To understand customer preferences and trends so we can improve our menu offerings and services.
To conduct research, testing, and development of new products and features.
To monitor and address technical issues, bugs, and security vulnerabilities on our website.
To generate internal reports about website traffic and user behavior patterns.

4.3 Marketing and Communications

To send you marketing emails, newsletters, promotional offers, and information about new menu items or special events, but only where you have opted in to receive such communications or where we have a legitimate interest in doing so under applicable law.
To display targeted advertisements on our website or through third-party advertising networks, based on your interests and browsing behavior.
To invite you to participate in surveys, contests, or promotional activities.
To personalize your experience on our website by displaying content and offers most relevant to your preferences and past interactions with us.

4.4 Legal Compliance and Safety

To comply with applicable federal, state, and local laws, regulations, and legal obligations.
To respond to lawful requests from public authorities, including law enforcement agencies and regulatory bodies.
To enforce our Terms of Service and other applicable agreements.
To detect, prevent, and address fraudulent activity, security threats, and other potentially illegal or harmful activities.
To protect the rights, property, and safety of Tatte, our customers, and the general public.

5. Sharing Your Information with Third Parties

We do not sell your personal information to third parties for monetary compensation. However, we may share your information in certain circumstances, as described below.

5.1 Service Providers and Business Partners

We engage trusted third-party service providers to assist us in operating our business and delivering services to you. These service providers are granted access to your personal information only to the extent necessary to perform their functions and are contractually required to maintain the confidentiality and security of your data. Categories of service providers include:

Payment Processors: Companies that process credit and debit card transactions on our behalf (e.g., Stripe, Square, or similar processors).
Website Hosting and Technology Providers: Companies that provide web hosting, content delivery, cloud storage, and related technology infrastructure.
Analytics Providers: Services such as Google Analytics that help us understand website traffic and user behavior.
Email and Marketing Service Providers: Platforms used to send marketing communications and manage email lists.
Customer Support Tools: Software platforms used to manage customer service inquiries and interactions.
Food Delivery Partners: Third-party delivery services that fulfill orders placed through our platforms.
Advertising Networks: Partners who assist with serving targeted advertisements on our behalf.

5.2 Legal Requirements and Law Enforcement

We may disclose your personal information if we believe in good faith that such disclosure is necessary to:

Comply with a legal obligation, court order, subpoena, or other lawful governmental request.
Enforce our Terms of Service or other applicable agreements.
Protect and defend our rights or property, or the rights and property of our users.
Prevent or investigate possible wrongdoing in connection with our services.
Protect the personal safety of users of our services or the general public.

5.3 Business Transfers

In the event that Tatte undergoes a merger, acquisition, sale of assets, reorganization, or similar corporate transaction, your personal information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website before your personal information is transferred and becomes subject to a different privacy policy.

5.4 Aggregated and De-Identified Data

We may share aggregated, anonymized, or de-identified data with third parties for research, marketing, analytics, and other business purposes. Such data cannot reasonably be used to identify you personally and is not subject to this Privacy Policy.

6. Data Security

The security of your personal information is of paramount importance to us. We have implemented a comprehensive set of administrative, technical, and physical security measures designed to protect your personal information from unauthorized access, disclosure, alteration, loss, or destruction.

6.1 Security Measures We Employ

Encryption: We use industry-standard Secure Sockets Layer (SSL) / Transport Layer Security (TLS) encryption for data transmitted between your browser and our servers. Sensitive data such as passwords is stored in encrypted or hashed form.
Access Controls: Access to personal information is restricted to authorized personnel who have a legitimate business need to access such data. All employees and contractors with access to personal information are required to maintain strict confidentiality.
Secure Payment Processing: We use PCI DSS-compliant payment processors to handle credit and debit card transactions, meaning your full card details are never stored on our systems.
Regular Security Audits: We conduct periodic reviews of our security practices, vulnerability assessments, and system audits to identify and address potential risks.
Incident Response: We maintain an incident response plan to address potential data breaches promptly and to notify affected individuals and relevant authorities in accordance with applicable legal requirements.
Data Minimization: We collect and retain only the personal information that is necessary for the purposes described in this Privacy Policy.

Please Note: While we take every reasonable precaution to protect your information, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your data, and you provide personal information to us at your own risk. We encourage you to use strong, unique passwords and to protect your account credentials.

7. Your Privacy Rights

Depending on your location within the United States, you may have specific rights regarding your personal information. We honor and facilitate the exercise of these rights in accordance with applicable law.

7.1 Rights Available to All U.S. Residents

Right to Know: You have the right to know what personal information we have collected about you, the purposes for which it is used, and the categories of third parties with whom it is shared.
Right to Access: You may request a copy of the personal information we hold about you.
Right to Correction: You have the right to request that we correct inaccurate or incomplete personal information we hold about you.
Right to Deletion: You may request that we delete your personal information, subject to certain exceptions permitted by law (such as where we are required to retain information for legal compliance purposes).
Right to Opt-Out of Marketing: You may opt out of receiving marketing communications from us at any time by using the unsubscribe link in any marketing email we send you or by contacting us directly at [email protected].

7.2 Additional Rights for California Residents (CCPA/CPRA)

If you are a resident of California, you are entitled to additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

Right to Know (Specific Information): You may request detailed information about the specific pieces of personal information we have collected about you over the past 12 months.
Right to Delete: You may request the deletion of personal information we have collected from you, subject to certain exceptions.
Right to Correct: You may request that we correct inaccurate personal information we maintain about you.
Right to Opt-Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising purposes. To exercise this right, please contact us at [email protected].
Right to Limit Use of Sensitive Personal Information: You may request that we limit our use and disclosure of sensitive personal information to what is strictly necessary to provide the services you have requested.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge you a different price, provide you with a different quality of service, or suggest that you will receive a different level of service as a result of exercising your privacy rights.
Authorized Agent: California residents may designate an authorized agent to submit privacy rights requests on their behalf, subject to verification requirements.

7.3 How to Submit a Privacy Rights Request

To exercise any of the privacy rights described above, please contact us through one of the following channels:

Email: [email protected]

When submitting a request, please provide sufficient information to allow us to verify your identity and locate your personal information in our systems. We may ask you to provide additional verification information to protect the security of your personal data. We will respond to verifiable consumer requests within 45 days of receipt, with the possibility of a one-time extension of an additional 45 days where reasonably necessary, subject to any applicable legal requirements.

7.4 Data Portability

Where technically feasible and required by applicable law, you have the right to receive a copy of your personal information in a structured, commonly used, and machine-readable format, and to transmit that data to another controller. To submit a data portability request, please contact us at [email protected].

8. Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, to comply with our legal obligations, to resolve disputes, and to enforce our agreements. The specific retention periods vary depending on the type of data and the purpose for which it was collected:

Category of Data	Typical Retention Period	Basis for Retention
Customer Account Information	Duration of account plus 3 years after account closure	Service provision, legal compliance
Order and Transaction Records	7 years from date of transaction	Financial and tax law obligations
Marketing and Communication Preferences	Until opt-out, then 1 year for compliance records	Consent management, legal compliance
Website Usage and Analytics Data	Up to 26 months	Business analytics and improvement
Customer Service Communications	3 years from date of communication	Quality assurance, dispute resolution
Cookie and Tracking Data	Session to 2 years (varies by cookie type)	Website functionality, analytics
Legal and Compliance Records	As required by applicable law, typically 7+ years	Legal obligation

Upon expiration of the applicable retention period, we will securely delete or anonymize your personal information in accordance with our data destruction procedures. Where deletion is not immediately possible (for example, because your information is stored in backup archives), we will securely isolate your information and protect it from further processing until deletion is possible.

9. Cookie Policy Overview

Our website at tattebakerycafe.rest uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and support our marketing activities. A cookie is a small text file that is placed on your device when you visit our website.

9.1 Types of Cookies We Use

Strictly Necessary Cookies: These cookies are essential for the operation of our website and cannot be disabled. They allow you to navigate our site and use its features, such as accessing secure areas and maintaining your shopping cart.
Performance and Analytics Cookies: These cookies collect information about how visitors use our website, such as which pages are visited most frequently and whether error messages are received. We use this information to improve our website's performance.
Functionality Cookies: These cookies allow our website to remember choices you make (such as your language preference or region) and provide enhanced, personalized features.
Targeting and Advertising Cookies: These cookies are used to deliver advertisements relevant to your interests. They also limit how often you see an ad and help measure the effectiveness of our advertising campaigns.

9.2 Managing Your Cookie Preferences

You can control and manage cookies through your browser settings. Most browsers allow you to refuse cookies, accept only certain types of cookies, or delete cookies that have already been set. Please note that disabling certain cookies may affect the functionality of our website and your ability to use some of our features.

For more detailed information about the cookies we use and how to manage your preferences, please refer to our full Cookie Policy, which is available on our website. You may also opt out of certain analytics cookies by visiting the relevant opt-out pages, such as the Google Analytics Opt-out Browser Add-on.

10. Children's Privacy

Our website and services are intended for use by individuals who are 18 years of age or older. We do not knowingly collect, use, or disclose personal information from children under the age of 18. Our services are not directed at children, and we do not market our website to individuals under 18.

If you are under the age of 18, please do not use our website or provide any personal information to us. If you are a parent or legal guardian and you believe that your child under the age of 18 has provided personal information to us without your consent, please contact us immediately at [email protected]. Upon verification of such a report, we will take prompt steps to delete the child's information from our systems.

We comply with applicable provisions of the Children's Online Privacy Protection Act (COPPA) to the extent they apply to our business. If you have concerns about the privacy of a minor in connection with our services, please do not hesitate to reach out to our Privacy Team.

11. International Data Transfers

Tatte is based in the United States and primarily operates within the United States. The personal information we collect is stored and processed on servers located in the United States. If you access our website from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your home country.

By using our website and services from outside the United States, you consent to the transfer of your personal information to the United States and acknowledge that such processing will be subject to U.S. law, including the provisions of this Privacy Policy.

Where we transfer personal information internationally, we take steps to ensure that appropriate safeguards are in place to protect your information and that such transfers comply with applicable legal requirements. If you have questions about international data transfers, please contact us at [email protected].

12. Third-Party Websites and Links

Our website may contain links to third-party websites, including social media platforms, review sites, food delivery services, and other partners. This Privacy Policy applies only to our website and services at tattebakerycafe.rest. We have no control over and are not responsible for the privacy practices or content of any third-party websites. We encourage you to review the privacy policies of any third-party websites you visit before providing any personal information to those sites.

The presence of a link to a third-party website on our site does not constitute an endorsement of that website's privacy practices or content. Your interactions with those third-party sites are governed solely by their own terms and privacy policies.

13. Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activities tracked. At this time, our website does not currently respond to browser DNT signals, as there is no uniform industry standard for recognizing and implementing DNT requests. We will continue to monitor developments in this area and update our practices if a uniform standard is established.

You may, however, use the cookie management and opt-out options described in Section 9 of this Privacy Policy to control certain tracking technologies.

14. How to File a Complaint

If you have concerns about how we handle your personal information and you are not satisfied with our response, you have the right to file a complaint with the appropriate regulatory authority.

14.1 Contacting Us First

We encourage you to contact us in the first instance so that we have an opportunity to address your concerns directly. Please reach out to our Privacy Team at:

Email: [email protected]
Website: tattebakerycafe.rest

We will acknowledge your complaint promptly and aim to provide a substantive response within 30 days.

14.2 Regulatory Complaints — California Residents

If you are a California resident and believe we have violated your rights under the CCPA/CPRA, you may file a complaint with:

California Privacy Protection Agency (CPPA): cppa.ca.gov
California Attorney General's Office: oag.ca.gov/privacy

14.3 Federal Regulatory Body

Regardless of your state of residence, you may also file a complaint with the Federal Trade Commission (FTC) regarding unfair or deceptive trade practices related to privacy:

Federal Trade Commission (FTC): ftc.gov/complaint or call 1-877-FTC-HELP (1-877-382-4357)

15. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our business practices, legal requirements, or the services we offer. When we make material changes to this Privacy Policy, we will notify you by:

Posting the updated Privacy Policy on our website at tattebakerycafe.rest with a new "Last Updated" date at the top of the page.
Sending an email notification to the email address associated with your account, where we have such information and where required by law.
Displaying a prominent notice on our website homepage for a reasonable period of time following the update.

Your continued use of our website and services following the posting of an updated Privacy Policy constitutes your acceptance of the revised policy. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal information.

If you disagree with any changes to this Privacy Policy, you should discontinue your use of our website and services and contact us at [email protected].

16. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the United States and applicable state laws. Any disputes arising in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of competent jurisdiction in the United States.

For California residents, this Privacy Policy is further subject to the requirements of the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), effective January 1, 2023, and the regulations promulgated thereunder by the California Privacy Protection Agency.

17. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or our data practices, please do not hesitate to contact our Privacy Team. We are here to help and are committed to addressing your privacy concerns promptly and professionally.

Company	Tatte
Email	[email protected]
Website	tattebakerycafe.rest

Privacy Policy Version: 1.0

Effective Date: June 25, 2026

Last Updated: June 25, 2026