Privacy Policy

Welcome to Punch Pizza. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website pizzapunchs.digital, place an order, subscribe to our newsletters, or otherwise interact with our services. Please read this policy carefully. If you do not agree with the terms of this Privacy Policy, please discontinue use of our website and services.

This Privacy Policy applies to all users located in the United States. Where applicable, we comply with the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and all other applicable federal and state privacy laws.

1. Who We Are

Punch Pizza is a food service business operating in the United States. We operate the website located at pizzapunchs.digital and provide online ordering, delivery, pickup, loyalty programs, and related food services to our customers.

For all privacy-related inquiries, requests, or complaints, please contact us using the details above or refer to the Contact Us section at the end of this policy.

2. Information We Collect

We collect several types of information from and about users of our website and services. The categories of information we may collect include the following:

2.1 Personal Identification Information

When you create an account, place an order, contact us, or sign up for marketing communications, we may collect:

• Full name
• Email address
• Phone number
• Billing and shipping/delivery address
• Date of birth (where required for age verification or promotional purposes)
• Username and password for your account
• Profile picture (if uploaded voluntarily)

2.2 Payment and Transaction Information

When you make a purchase through our website or app, we collect:

• Credit card or debit card details (processed securely through our payment processors; we do not store full card numbers)
• Billing address
• Order history, items purchased, and transaction amounts
• Gift card or promo code usage

All payment transactions are encrypted and handled by PCI-DSS compliant third-party payment processors.

2.3 Usage and Behavioral Data

When you browse our website, we automatically collect certain usage data, including:

• Pages visited, links clicked, and time spent on each page
• Search terms used on our website
• Items added to your cart or wishlist
• Order frequency and preferences
• Referring URLs and exit pages
• Interaction with promotional emails or notifications (open rates, click-through rates)

2.4 Device and Technical Information

We automatically collect technical information about the device and browser you use to access our services:

• IP address
• Browser type and version
• Operating system and device type (desktop, mobile, tablet)
• Screen resolution and display settings
• Device identifiers (for mobile apps)
• Time zone and language settings
• Internet service provider (ISP)

2.5 Location Data

With your permission, we may collect precise or approximate geolocation data from your device to provide delivery services, show nearby restaurant locations, or offer location-based promotions. You can disable location access at any time through your device settings.

2.6 Communications Data

If you contact us via email, phone, online chat, or social media, we may collect and retain:

• The content of your messages and correspondence
• Your contact details provided in the communication
• Notes and records of our interactions with you
• Customer service tickets and resolution records

2.7 Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, local storage objects, and similar tracking technologies to collect information about your browsing behavior on our website. For detailed information about our use of cookies and how to manage your preferences, please refer to Section 8 (Cookie Policy) of this document.

2.8 Information from Third Parties

We may receive information about you from third parties, including:

• Social media platforms (if you log in using Facebook, Google, or Apple Sign-In)
• Food delivery partner platforms (e.g., DoorDash, Uber Eats, Grubhub)
• Marketing analytics providers
• Publicly available sources
• Advertising and data enrichment partners

3. How We Use Your Information

We use the information we collect for a variety of business and operational purposes. Specifically, we use your data to:

3.1 Provide and Manage Our Services

• Process and fulfill your food orders (online or in-person)
• Manage your account and login credentials
• Coordinate delivery logistics and provide estimated arrival times
• Send order confirmations, receipts, and shipping/delivery updates
• Manage loyalty points, rewards, and promotional offers
• Handle returns, refunds, and complaints

3.2 Communicate With You

• Respond to your questions, feedback, and support requests
• Send transactional emails and notifications related to your orders
• Send newsletters, promotional offers, and menu updates (with your consent)
• Notify you of changes to our policies, terms, or services

3.3 Analytics and Service Improvement

• Analyze user behavior to improve website functionality and user experience
• Understand order trends, popular menu items, and customer preferences
• Conduct surveys, market research, and A/B testing
• Diagnose technical problems and fix bugs
• Develop new features, products, and services

3.4 Marketing and Advertising

• Display personalized advertisements based on your browsing and order history
• Deliver targeted promotions and discount codes
• Retarget users who have visited our website through third-party advertising platforms
• Measure the effectiveness of our marketing campaigns

You may opt out of marketing communications at any time by clicking the "Unsubscribe" link in any promotional email, or by contacting us at [email protected].

3.5 Legal Compliance and Safety

• Comply with applicable federal and state laws and regulations
• Respond to legal process, court orders, or government requests
• Detect, prevent, and investigate fraud, unauthorized access, and security incidents
• Enforce our Terms of Service and other agreements
• Protect the rights, property, and safety of Punch Pizza, our users, and the public

4. Legal Basis for Processing

In the United States, we process your personal information based on the following legal justifications:

• Contractual Necessity: Processing is necessary to fulfill your orders and deliver our services to you.
• Consent: Where you have given us explicit consent, such as for marketing emails or location tracking.
• Legitimate Interests: Processing is necessary for our legitimate business interests, such as fraud prevention, analytics, and website security, provided those interests do not override your fundamental rights.
• Legal Obligation: Processing is required for us to comply with applicable laws and regulations.

5. Sharing Your Information With Third Parties

We do not sell, rent, or trade your personal information to third parties for their own independent marketing purposes. However, we may share your information with trusted third parties under the following circumstances:

5.1 Service Providers and Vendors

We engage third-party service providers to assist in operating our business. These may include:

• Payment Processors: To securely handle transactions (e.g., Stripe, Square, PayPal)
• Delivery Partners: Third-party delivery services (e.g., DoorDash, Uber Eats) who receive necessary order and address information
• Email and SMS Marketing Platforms: To send you newsletters and promotional messages
• Analytics Providers: Such as Google Analytics to understand website usage patterns
• Customer Support Platforms: Tools used to manage customer service interactions
• Cloud Hosting Providers: To store and process data securely

All service providers are contractually obligated to use your information only for the purposes for which it was shared and to maintain adequate security measures.

5.2 Business Transfers

In the event of a merger, acquisition, sale of assets, or bankruptcy, your personal information may be transferred to a successor entity. We will notify you via email and/or prominent notice on our website of any such change and any choices you may have regarding your information.

5.3 Legal Authorities

We may disclose your information to government authorities, law enforcement agencies, or other third parties when:

• Required to do so by applicable law or legal process
• We receive a valid court order, subpoena, or government request
• We believe disclosure is necessary to prevent imminent harm or illegal activity
• Necessary to protect the legal rights of Punch Pizza

5.4 Advertising and Analytics Partners

We may share anonymized or aggregated data with advertising partners (such as Meta Pixel or Google Ads) to measure campaign performance and show relevant ads. Where this involves sharing personal identifiers, we will obtain your consent or provide you with an opt-out mechanism.

5.5 With Your Consent

We may share your information with any other party where you have given us your explicit consent to do so.

6. Data Security

Protecting your personal information is a top priority for Punch Pizza. We implement a comprehensive set of technical, organizational, and administrative security measures designed to protect your data from unauthorized access, disclosure, alteration, and destruction.

6.1 Technical Safeguards

• All data transmitted between your browser and our website is encrypted using SSL/TLS encryption (HTTPS)
• Payment data is handled by PCI-DSS compliant payment processors; we never store full credit card numbers on our servers
• Databases are protected with access controls, firewalls, and intrusion detection systems
• Regular security vulnerability scanning and penetration testing
• Data is backed up regularly and stored in secure, redundant environments

6.2 Organizational Safeguards

• Access to personal data is limited to authorized employees and contractors on a need-to-know basis
• Staff are trained on data privacy and security best practices
• We maintain an internal data breach response plan
• Third-party vendors undergo security assessments before engagement

6.3 Limitations

Despite our best efforts, no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. In the event of a data breach that affects your rights and freedoms, we will notify affected users and, where required, the appropriate authorities in accordance with applicable law.

7. Your Privacy Rights

Depending on your state of residence, you may have specific rights regarding your personal information. We are committed to honoring these rights for all our users across the United States.

7.1 California Residents — CCPA/CPRA Rights

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: You have the right to request disclosure of what personal information we have collected about you, the sources from which it was collected, the business purpose for collecting it, and the categories of third parties with whom it has been shared.
• Right to Delete: You have the right to request deletion of personal information we have collected from you, subject to certain exceptions.
• Right to Correct: You have the right to request correction of inaccurate personal information we maintain about you.
• Right to Opt Out of Sale or Sharing: You have the right to opt out of the "sale" or "sharing" of your personal information for cross-context behavioral advertising. We do not sell personal information for monetary consideration, but to the extent our use of advertising cookies constitutes "sharing," you may opt out via our cookie preferences.
• Right to Limit Use of Sensitive Personal Information: You have the right to limit our use of sensitive personal information (such as precise geolocation) to what is necessary to provide services.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

7.2 General Privacy Rights (All U.S. Users)

• Right to Access: Request a copy of the personal data we hold about you.
• Right to Correction: Ask us to correct inaccurate or incomplete information.
• Right to Deletion: Request that we delete your personal data, subject to applicable legal retention requirements.
• Right to Data Portability: Request that we provide your data in a structured, commonly used, machine-readable format.
• Right to Withdraw Consent: Where we process your data based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
• Right to Opt Out of Marketing: Unsubscribe from promotional communications at any time.

7.3 How to Exercise Your Rights

To exercise any of the rights listed above, please submit a verifiable consumer request by:

• Emailing us at: [email protected]
• Visiting our website: pizzapunchs.digital

We will respond to your request within 45 days of receipt. If we require additional time, we will notify you of the extension and reason within the initial 45-day period. We may need to verify your identity before fulfilling your request to protect your security.

8. Cookie Policy

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, personalize content, and serve targeted advertisements.

8.1 Types of Cookies We Use

8.2 Managing Cookie Preferences

You can manage or disable cookies through your browser settings at any time. Note that disabling certain cookies may impact the functionality of our website. You may also adjust your preferences using our cookie consent banner when you first visit the site. For California residents, you may opt out of advertising cookies by clicking the "Do Not Sell or Share My Personal Information" link on our website.

9. Data Retention

We retain your personal information only for as long as is necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law.

When data is no longer needed for its original purpose and there is no legal obligation to retain it, we will securely delete or anonymize it.

10. Children's Privacy

Our website and services are intended for use by individuals who are 18 years of age or older. We do not knowingly collect, process, or retain personal information from children under the age of 13 in accordance with the Children's Online Privacy Protection Act (COPPA).

If you are under 18 years of age, please do not use our website or provide any personal information to us. If we become aware that we have inadvertently collected personal information from a child under 13, we will take immediate steps to delete that information from our systems.

Parents or guardians who believe their child has provided us with personal information may contact us at [email protected] to request deletion of such information.

11. International Data Transfers

Punch Pizza is based in the United States, and your personal information is primarily stored and processed within the United States. However, some of our third-party service providers may operate in, or transfer data to, other countries.

If we transfer personal data internationally, we take steps to ensure that appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable U.S. law. Such safeguards may include:

• Standard contractual clauses approved by relevant regulatory authorities
• Data processing agreements with binding privacy and security obligations
• Transfers only to countries deemed to provide adequate levels of data protection

By using our website and services, you acknowledge and consent to the transfer, storage, and processing of your information in the United States and potentially in other countries.

12. Third-Party Links and Services

Our website may contain links to third-party websites, social media platforms, and delivery services. Once you leave our website and access a third-party site, this Privacy Policy no longer applies. We encourage you to review the privacy policies of any third-party websites or services you visit.

We are not responsible for the privacy practices, content, or security of third-party websites. The inclusion of any link does not imply our endorsement of the third-party site.

13. Do Not Track Signals

Some web browsers have a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activities tracked. Currently, there is no universally accepted standard for responding to DNT signals. As such, our website does not currently respond to DNT browser signals. However, California residents may use the opt-out rights described in Section 7 of this policy.

14. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page
• Notify you via email (if we have your email address on file) or by placing a prominent notice on our website
• In cases of significant changes, seek your renewed consent where required by law

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our services after the posting of changes constitutes your acknowledgment and acceptance of the updated policy.

15. How to File a Complaint

If you believe we have violated your privacy rights or failed to comply with applicable privacy laws, we encourage you to contact us first so we can attempt to resolve your concern directly.

15.1 Contact Punch Pizza Directly

Email: [email protected]
Website: pizzapunchs.digital

We will acknowledge your complaint within 5 business days and aim to resolve it within 30 business days.

15.2 File a Complaint with a Regulatory Authority

If you are not satisfied with our response, you have the right to file a complaint with the appropriate data protection authority:

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to reach out to us. We are committed to addressing your inquiries promptly and transparently.