Privacy Policy

This Privacy Policy describes how Marcos ("we," "us," "our," or "the Company") collects, uses, discloses, and protects your personal information when you visit our website at cafemarcos.click, place orders, interact with our services, or otherwise engage with us. Please read this policy carefully to understand our practices regarding your personal data and how we will treat it.

By accessing or using our website and services, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy. If you do not agree with the practices described herein, please discontinue use of our website and services immediately.

We are committed to protecting your privacy and handling your personal data in an open and transparent manner. We comply with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and the Federal Trade Commission (FTC) Act governing unfair or deceptive practices in commerce.

1. About Us

Marcos is a food service business dedicated to providing quality dining experiences to our customers. We operate online ordering, reservation services, and related food service functions through our website.

For all privacy-related inquiries, requests, or concerns, please contact us at the email address listed above. We aim to respond to all privacy inquiries within 30 days of receipt.

2. Information We Collect

We collect several types of information in connection with the operation of our food service business and website. The categories of personal information we collect include the following:

2.1 Personal Identification Information

When you interact with us — whether by placing an order, creating an account, signing up for our newsletter, making a reservation, or contacting us — we may collect personal identification information including but not limited to:

• Full name
• Email address
• Phone number
• Billing and delivery address (street address, city, state, ZIP code)
• Date of birth (where required for age verification or promotional purposes)
• Username and password for account access
• Profile picture or avatar (if voluntarily provided)

2.2 Payment and Financial Information

When you make a purchase through our platform, we collect payment-related information necessary to complete your transaction. This may include:

• Credit or debit card details (processed securely through third-party payment processors)
• Billing address associated with your payment method
• Transaction history and order records
• Gift card or promotional code information

Please note that we do not store your full credit card numbers on our servers. Payment processing is handled by secure, PCI-DSS-compliant third-party payment processors.

2.3 Order and Dietary Information

As a food service provider, we collect information related to your food orders, which may include:

• Items ordered, customizations, and dietary preferences
• Allergy information you voluntarily provide
• Special requests and instructions
• Order history and frequency
• Delivery preferences and saved addresses

2.4 Usage and Technical Data

When you visit our website, we automatically collect certain technical and usage information through cookies, web beacons, pixels, and similar tracking technologies. This data includes:

• IP address and approximate geographic location
• Browser type and version
• Operating system and device type
• Pages visited, links clicked, and time spent on each page
• Referring URL (the website that brought you to ours)
• Search terms used on our website
• Date and time of your visit
• Session duration and frequency of visits

2.5 Device Information

We may collect information about the device you use to access our website, including:

• Device identifiers (such as mobile device ID)
• Hardware model and screen resolution
• Mobile network information
• Installed applications (only where relevant and with your permission)

2.6 Communications and Feedback

When you contact us, leave a review, respond to a survey, or engage with our customer support team, we collect:

• Content of your messages or communications
• Reviews, ratings, and feedback about our food and services
• Customer service records and correspondence
• Social media interactions where you tag or mention us

2.7 Information From Third Parties

We may receive information about you from third-party sources, including:

• Social media platforms (if you log in using a social account or follow our pages)
• Food delivery platforms and aggregators
• Analytics and advertising partners
• Publicly available databases

3. How We Use Your Information

We use the personal information we collect for the following purposes:

3.1 Service Provision and Order Fulfillment

• Processing and fulfilling your food orders
• Managing your account and profile
• Coordinating deliveries and pickups
• Sending order confirmations, receipts, and status updates
• Processing payments and handling refunds or disputes
• Accommodating dietary restrictions and special requests
• Managing table reservations and waitlist requests

3.2 Customer Communication

• Responding to your inquiries, questions, and complaints
• Sending transactional emails and notifications
• Providing customer support and resolving issues
• Notifying you about important changes to our services, menu, or policies

3.3 Marketing and Promotional Activities

• Sending promotional emails, newsletters, and special offers (with your consent)
• Informing you about new menu items, seasonal specials, and events
• Conducting loyalty or rewards program management
• Delivering targeted advertisements based on your preferences and behavior
• Remarketing and retargeting campaigns through third-party platforms

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any marketing email or by contacting us at [email protected].

3.4 Analytics and Service Improvement

• Analyzing website traffic and user behavior to improve user experience
• Understanding customer preferences and food trends
• Testing new features, menu items, and website designs
• Generating aggregated, anonymized reports for internal business analysis
• Monitoring and improving the performance of our website

3.5 Legal Compliance and Safety

• Complying with applicable laws, regulations, and legal processes
• Enforcing our Terms of Service and other agreements
• Detecting, investigating, and preventing fraud, abuse, or security threats
• Protecting the rights, property, and safety of Marcos, our customers, and the public
• Responding to lawful requests from government authorities

3.6 Business Operations

• Managing our internal operations, including accounting and record-keeping
• Conducting internal audits and quality assurance
• Facilitating business transactions such as mergers, acquisitions, or asset sales
• Training staff and improving service quality standards

4. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and personalize content. Cookies are small text files stored on your device when you visit our website.

4.1 Types of Cookies We Use

You can manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. For detailed information about our cookie practices, please review our Cookie Policy, which is available on our website.

5. Sharing Your Information With Third Parties

We do not sell your personal information to third parties for their own marketing purposes. However, we may share your information with trusted third parties under the following circumstances:

5.1 Service Providers and Business Partners

We work with carefully selected third-party companies that provide services on our behalf. These service providers are contractually obligated to protect your data and may only use it for the specific services they perform for us. They include:

• Payment Processors: To securely process credit/debit card transactions
• Delivery Partners: To coordinate and fulfill food delivery orders
• Cloud Hosting Providers: To store and maintain our website and data
• Email Service Providers: To send transactional and marketing emails
• Analytics Providers: Such as Google Analytics to understand website usage
• Customer Support Platforms: To manage customer inquiries and complaints
• Marketing and Advertising Platforms: To manage digital advertising campaigns
• Loyalty Program Administrators: To operate rewards and points systems

5.2 Legal Requirements

We may disclose your personal information if required to do so by law or in response to valid legal requests, including:

• Court orders, subpoenas, or other legal processes
• Requests from law enforcement or government agencies
• Regulatory or compliance requirements under applicable US federal or state law
• To protect the rights, safety, or property of Marcos, our employees, customers, or the public

5.3 Business Transfers

In the event that Marcos undergoes a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of its assets, your personal information may be transferred to the acquiring entity. We will notify you of any such change in ownership or control of your personal data and the choices you may have regarding your information.

5.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so. For example, if you choose to participate in a partner promotion or refer-a-friend program, we may share relevant information with the participating partner.

5.5 Aggregated and Anonymized Data

We may share aggregated, de-identified, or anonymized data with third parties for research, marketing, or business development purposes. Such data cannot reasonably be used to identify any individual person.

6. Data Security

The security of your personal information is extremely important to us. We implement a variety of technical, administrative, and physical security measures designed to protect your data from unauthorized access, alteration, disclosure, or destruction.

6.1 Security Measures

Our security practices include, but are not limited to:

• SSL/TLS Encryption: All data transmitted between your browser and our servers is encrypted using industry-standard Secure Socket Layer (SSL) or Transport Layer Security (TLS) protocols
• Data Encryption at Rest: Sensitive data stored on our servers is encrypted
• Access Controls: We restrict access to personal data to authorized employees, contractors, and service providers who need it to perform their job functions
• Password Hashing: Account passwords are stored using strong, one-way cryptographic hashing algorithms
• Regular Security Audits: We conduct periodic security assessments and vulnerability testing
• PCI-DSS Compliance: Our payment processing systems comply with Payment Card Industry Data Security Standards
• Firewalls and Intrusion Detection: We use network security tools to monitor for suspicious activity
• Employee Training: Our staff receives regular training on data privacy and security best practices

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

7.1 Retention Periods

When personal information is no longer needed for the purposes for which it was collected, we will securely delete or anonymize it in accordance with our data retention schedule.

8. Your Privacy Rights

Depending on your location and applicable law, you may have certain rights regarding your personal information. We are committed to respecting and honoring these rights.

8.1 Rights Available to All US Residents

• Right to Know: You have the right to know what personal information we collect, use, and disclose about you.
• Right to Access: You may request a copy of the personal information we hold about you.
• Right to Correction: You have the right to request correction of inaccurate or incomplete personal information.
• Right to Deletion: You may request that we delete your personal information, subject to certain legal exceptions.
• Right to Opt Out of Marketing: You can opt out of receiving promotional communications at any time.

8.2 Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know (Detailed): The right to request disclosure of the categories and specific pieces of personal information collected about you, the categories of sources, the business purpose for collection, and the categories of third parties with whom we share it.
• Right to Delete: The right to request deletion of personal information collected from you, subject to certain exceptions.
• Right to Correct: The right to request correction of inaccurate personal information that we maintain about you.
• Right to Opt Out of Sale or Sharing: The right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising.
• Right to Limit Use of Sensitive Personal Information: The right to limit our use and disclosure of sensitive personal information (such as health-related dietary information).
• Right to Non-Discrimination: You have the right not to be discriminated against for exercising your CCPA/CPRA rights. We will not deny you services, charge different prices, or provide a different level of service based solely on your exercise of these rights.
• Right to Data Portability: You may request a copy of your personal data in a structured, commonly used, machine-readable format.

8.3 How to Exercise Your Rights

To exercise any of the rights described above, please contact us using one of the following methods:

• Email: [email protected]
• Website: cafemarcos.click

We may need to verify your identity before processing your request. For account holders, we will verify your identity through your account credentials. For non-account holders, we may request additional identifying information. We will respond to verifiable consumer requests within 45 days of receipt. If we require more time, we will inform you of the reason and extension period in writing.

You may designate an authorized agent to submit requests on your behalf. Authorized agents must provide written proof of authorization, and we may verify the agent's authority and your identity before processing any request.

9. Children's Privacy

We are committed to complying with the Children's Online Privacy Protection Act (COPPA) and all applicable laws regarding children's privacy. Our food service platform is designed for adult consumers and is not directed toward minors.

If you are under 18 years of age, please do not use our website or submit any personal information to us. If you are a parent or legal guardian and believe that your child under the age of 18 has provided us with personal information, please contact us immediately at [email protected]. Upon verification, we will take prompt steps to delete such information from our records.

We do not knowingly market our services to minors, and we do not use personal information collected from individuals under 18 for any marketing or commercial purposes.

10. International Data Transfers

Marcos is based in the United States, and we primarily store and process your personal information within the United States. However, due to the global nature of certain third-party service providers we work with (such as cloud hosting, analytics, and marketing platforms), your personal information may be transferred to and processed in countries other than your country of residence.

When we transfer personal data internationally, we take appropriate steps to ensure that your information receives an adequate level of protection, including:

• Entering into data processing agreements with third-party service providers that include appropriate data protection clauses
• Relying on recognized legal transfer mechanisms where applicable
• Ensuring that recipient countries or organizations provide comparable levels of data protection

By using our website and services, you acknowledge and consent to the transfer of your personal information to the United States and potentially to other countries as described in this policy.

11. Third-Party Links and Websites

Our website may contain links to third-party websites, applications, or services, including food delivery platforms, social media networks, and payment gateways. This Privacy Policy applies only to our website and services. We are not responsible for the privacy practices of third-party websites.

We encourage you to read the privacy policies of any third-party websites you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

12. Do Not Track Signals

Some web browsers may transmit "Do Not Track" (DNT) signals to websites. Currently, there is no universally agreed-upon standard for how websites should respond to DNT signals. Our website does not currently respond to DNT browser signals. However, you can use the cookie management options described in Section 4 of this policy to control tracking on our website.

13. How to File a Complaint

If you believe that we have not handled your personal information in accordance with this Privacy Policy or applicable privacy laws, we encourage you to contact us first so we can attempt to resolve the matter directly.

13.1 Contact Us Directly

Please submit your complaint in writing to:

• Email: [email protected]
• Website: cafemarcos.click

We will acknowledge receipt of your complaint within 10 business days and aim to resolve all complaints within 30 days.

13.2 Regulatory Complaints — California Residents

If you are a California resident and are not satisfied with our response to your complaint, you have the right to submit a complaint to the California Privacy Protection Agency (CPPA):

• California Privacy Protection Agency
• Website: cppa.ca.gov
• Address: 2101 Arena Boulevard, Sacramento, CA 95834

13.3 Federal Complaints

For concerns related to deceptive or unfair business practices, you may file a complaint with the Federal Trade Commission (FTC):

• Federal Trade Commission
• Website: ftc.gov
• Phone: 1-877-382-4357
• Address: 600 Pennsylvania Avenue, NW, Washington, DC 20580

14. California "Shine the Light" Law

Under California Civil Code Section 1798.83, California residents who have an established business relationship with us may request information about how we share their personal information with third parties for direct marketing purposes. To make such a request, please contact us at [email protected] with the subject line "Shine the Light Request."

15. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our business practices, legal requirements, or data processing activities. When we make material changes to this policy, we will:

• Update the "Last Updated" date at the top of this page
• Post a prominent notice on our website homepage
• Send an email notification to registered account holders (where required by law)

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our website and services following the posting of changes constitutes your acknowledgment and acceptance of the updated Privacy Policy.

16. Legal Basis for Processing (Applicable US Law)

We process your personal information under the following legal bases as recognized under applicable United States law, including the FTC Act and CCPA/CPRA:

• Contractual Necessity: Processing required to fulfill your food orders and deliver services you have requested
• Legitimate Business Interests: Processing for fraud prevention, security, analytics, and improving our services
• Legal Obligation: Processing required to comply with applicable federal and state laws
• Consent: Processing for marketing communications and non-essential cookies, where you have provided explicit consent

17. Contact Information for Privacy Inquiries

If you have any questions, concerns, or requests regarding this Privacy Policy or our data handling practices, please do not hesitate to reach out to us. We are here to help and committed to addressing your privacy concerns promptly and thoroughly.

This Privacy Policy was last reviewed and updated on June 19, 2026. Marcos reserves the right to amend this policy in accordance with applicable laws and business requirements. All previous versions of this Privacy Policy are superseded by the current version published on our website at cafemarcos.click.