PRIVACY POLICY

Effective Date:  1 March 2025 

Takeout Pantry ("we," "us," or "our") values your privacy and is committed to safeguarding the personal information you provide when using our platform, which includes our website, mobile applications, and all associated services for customers, chefs/restaurants, and delivery drivers.

We recognize the importance of privacy and data security and ensure that our practices align with globally recognized standards, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant privacy frameworks. We understand that data privacy is critical to maintaining your trust and have implemented robust technical, administrative, and organizational measures to protect your information from unauthorized access, misuse, loss, or disclosure.

This Privacy Policy provides transparency regarding:

• The types of data we collect and process

• Our legal basis for processing personal data

• How we use, store, and share your information

• Your rights under GDPR, CCPA, and other privacy laws

• Security measures to ensure data protection

By accessing or using our services, you acknowledge and agree to the data practices outlined in this Privacy Policy. We encourage you to carefully review this policy to understand how your data is handled and what measures you can take to manage your privacy preferences effectively.

1. SCOPE OF POLICY

This Privacy Policy applies to all users who engage with the Takeout Pantry platform, including but not limited to:

1. Customers: Individuals who place orders for food and beverages using our website, mobile application, or any other digital interface provided by Takeout Pantry. Customers may provide personal information such as their name, address, phone number, and payment details, which are necessary for order processing and service
2. Chefs/Restaurants: Businesses and individual chefs who manage menus, accept customer orders, and prepare food for delivery or pickup. These entities may have access to customer order details but are required to adhere to data protection regulations to ensure confidentiality and limited data usage.
3. Delivery Drivers: Independent contractors or employed couriers who handle the transportation and delivery of orders to customers. Delivery personnel receive necessary order and location details to fulfill their services and are contractually obligated to maintain the privacy and security of customer data.
4. Visitors & Non-Registered Users: Individuals who browse the Takeout Pantry platform withoutcreating an Some data, such as cookies and analytics, may be collected to improve platform functionality and user experience.

By accessing or using our services, all users, including but not limited to those listed above, explicitly acknowledge and agree to be bound by the provisions of this Privacy Policy. This document has been structured to ensure compliance with international privacy regulations, including GDPR, CCPA, and otherjurisdiction-specific laws, offering clear guidelines on how data is collected, processed, and protected.

Additionally, this Privacy Policy applies to all interactions and engagements with Takeout Pantry, whether through direct transactions, communications, or the use of any feature within the platform. Users who do not agree with the terms outlined herein should discontinue their use of our services.

2. INFORMATION WE COLLECT

We collect various types of information to provide, improve, and secure our services. The categories of data we collect include:

a. Information You Provide:

1. Personal details: Includes your full name, email address, phone number, delivery address, and payment information necessary for processing transactions. This information allows us to fulfill your orders, communicate updates, and maintain your account settings.
2. Order details: Covers user preferences, dietary restrictions, and specific instructions for food preparation or delivery. This enables us to personalize your experience and ensure that your preferences are met.

• Customer support interactions: Encompasses any queries, complaints, or feedback you provide through customer service channels, helping us resolve issues and enhance service experience.

b. Information Collected Automatically:

1. Technical Data: Captures IP address, device type, operating system, browser version, and geographic location (if enabled by the user). This data helps us optimize platform functionality and security.
2. Usage Data: Logs user interaction on the platform, such as visited pages, features used, and preferences. We use cookies, web beacons, and similar tracking technologies to collect and analyzethis information for usability improvements and enhanced user experience.

c. Sensitive Information:

1. Payment details: Processed securely through encryption and in compliance with PCI DSS standardsto prevent fraud and ensure safe We do not store

full payment details but may retain tokenized versions for security and refund processing.

1. Identity verification: When legally required, we may request verification details such as government-issued ID to prevent fraudulent activity or comply with age restrictions for specific products.

d. Information from Third Parties:

1. Transaction validation: Data received from payment processors to confirm successful payments and ensure security.
2. Service fulfillment: Restaurants and delivery drivers may share necessary order updates, such as estimated delivery times and special requests, to enhance operational efficiency.

• Marketing and analytics: We may obtain anonymized or aggregated data from marketing partners, advertising networks, and analytics providers to improve our service offerings and promotional campaigns.

All collected information is subject to strict access controls and is only retained for as long as necessary tofulfill the purposes outlined in this policy. If users have concerns regarding data retention or processing, they may contact our Data Protection Officer for further clarification.

3. HOW WE USE YOUR INFORMATION

We process your personal information for specific purposes, ensuring compliance with GDPR, CCPA, and other applicable data protection laws. Each processing activity is based on a clear legal justification, as outlined below:

a. Service Provision & Performance (Legal Basis: Contractual Necessity)

To deliver core services, we process personal data to ensure seamless order placement, secure transactions, and efficient delivery.

1. Order Fulfillment: We collect and process necessary details to facilitate transactions, verify payments, and coordinate deliveries.
2. User Account Management: Your saved addresses, order history, and preferences help personalize your experience and streamline future orders.

• Customer Support: We use your data to respond to inquiries, resolve disputes, and enhance service quality through multiple support channels.

1. Operational Notifications: Real-time updates about order status, delivery tracking, and account activity are sent via email, SMS, or in-app notifications.

b. Platform Improvement & Personalization (Legal Basis: Legitimate Interest)

We analyze usage patterns and behavioral data to optimize platform functionality and enhance user experience.

1. User Experience Optimization: We track navigation behavior and interactions to improve usability and system performance.
2. Personalized Recommendations: Order history and browsing activity allow us to suggest relevant meal options and promotions.

• Feature Development: Data insights help refine existing functionalities and introduce new platform features based on user feedback.

1. Performance Monitoring: We use analytics tools to detect system inefficiencies, troubleshoot issues, and enhance security.

c. Security & Legal Compliance (Legal Basis: Legitimate Interest & Legal Obligation)

We take necessary precautions to protect user data, prevent fraud, and meet regulatory requirements.

1. Fraud Prevention & Risk Management: Transaction monitoring helps detect unauthorized activities, fraudulent behavior, and security risks.
2. Data Security Measures: Encryption, multi-factor authentication (MFA), and regular security audits protect against unauthorized access and data breaches.

• Regulatory Compliance: We store and process data in accordance with GDPR, CCPA, and other applicable laws.

1. Legal Disclosures: Where required by law, we may disclose personal data in response to valid legal requests, subpoenas, or law enforcement inquiries.

d. Marketing & Communication (Legal Basis: Consent)

We process marketing-related data only with user consent, ensuring full control over preferences.

1. Promotional Content: Users who opt in receive exclusive offers, promotions, and announcements tailored to their interests.
2. Personalized Advertising: We use non-sensitive behavioral data to display targeted ads within the platform and through third-party advertising networks.

• Marketing Preferences: Users can manage opt-in/out settings at any time via account preferences.

1. Customer Engagement & Feedback: Periodic surveys and research initiatives help us improve services based on user insights.

All personal data is subject to strict access controls, and we do not share information with third parties fordirect marketing purposes without explicit consent. If you have questions or concerns about how we use your information, please contact our Data Protection Officer at .

4. COOKIES AND TRACKING TECHNOLOGIES

Takeout Pantry uses cookies and similar tracking mechanisms to enhance user experience, optimize platform performance, and ensure compliance with privacy regulations. Our use of cookies and tracking technologies is categorized as follows:

a. Essential Cookies and Functional Tracking:

1. These cookies are necessary for the basic functionality of our platform, including account login authentication, order placement, and secure payment processing.
2. They allow for seamless navigation, session continuity, and real-time order

b. Performance and Analytical Cookies:

1. These cookies collect aggregated data on user interactions, including page visits, clickstream data, and usage frequency.
2. We use these insights to analyze user behavior, identify service improvements, and optimize platform navigation.

c. Personalization and Advertising Cookies:

1. These cookies help customize user experience by remembering preferences, such as saved addresses and past orders.
2. They enable personalized recommendations and facilitate targeted advertisements based on user behavior.

d. Third-Party Tracking Technologies:

1. Our platform integrates analytics and advertising services from third-party providers to enhance marketing strategies and measure ad effectiveness.
2. These third parties may collect anonymized data for audience insights and content personalization, in compliance with applicable regulations.

Managing Your Preferences:

• Cookie Settings: Users can manage cookie preferences through their browser settings, allowing them to block or delete cookies.
• Opt-Out Mechanisms: Users can opt out of behavioral advertising and analytics tracking through designated account settings and industry-standard opt-out tools.
• Do Not Track Requests: Takeout Pantry respects Do Not Track (DNT) signals where legally required and provides users with additional privacy control options where applicable.

By continuing to use our platform, users consent to the use of cookies and tracking technologies in accordance with this Privacy Policy. Users may modify their preferences at any time by accessing the platform’s cookie management settings.

5. LEGAL BASIS FOR DATA PROCESSING

Takeout Pantry processes personal data in compliance with General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable privacy laws. Each processing activity is conducted under a specific legal basis, as outlined below:

a. Contractual Necessity

Certain data processing activities are necessary to fulfill contractual obligations and provide users with services, including:

1. Order Processing & Fulfillment: Using customer details (e.g., name, contact information, delivery address, and payment details) to process orders, facilitate deliveries, and provide transaction confirmations.
2. User Account Management: Managing user accounts, preferences, and transaction history.

• Customer Support & Dispute Resolution: Handling service inquiries, resolving complaints, and processing refunds.

1. Operational Notifications: Sending essential updates, including order confirmations, delivery tracking, and account-related alerts.

b. User Consent

Where required by law, we obtain explicit consent before collecting or processing personal data. Usersmay withdraw consent at any time via their account settings or by contacting our Data Protection Officer. The following activities require consent:

1. Marketing & Promotions: Sending promotional emails, special offers, and loyalty
2. Personalized Advertising: Displaying targeted ads and recommendations based on user preferences and behavior.

• Optional Analytics & Tracking: Using cookies and other tracking technologies for non-essential purposes, such as personalizing the user experience.

c. Legitimate Interests

We process certain types of personal data based on legitimate business interests, ensuring that such processing does not override user rights. This includes:

1. Fraud Prevention & Security: Monitoring accounts, detecting suspicious transactions, and preventing unauthorized access.
2. Platform Performance & Optimization: Using analytics to improve system functionality, enhance navigation, and develop new features.

• Customer Feedback & Surveys: Collecting insights to refine services and tailor offerings to user preferences. Users may object to processing based on legitimate interests, subject to applicable legal conditions.

d. Legal Compliance

We process personal data to comply with legal and regulatory obligations, including:

1. GDPR (General Data Protection Regulation): Protecting the rights of European users, including access, deletion, and portability of their data.
2. CCPA (California Consumer Privacy Act): Granting California residents rights to access, correct, or delete their personal data and opt out of data sales.

• COPPA (Children’s Online Privacy Protection Act): Prohibiting the collection of data from children under 13 and ensuring compliance with child data protection

1. PCI DSS (Payment Card Industry Data Security Standard): Implementing security protocols to safeguard payment information and prevent fraud.
2. Law Enforcement & Regulatory Compliance: Responding to legal requests, subpoenas, and other regulatory obligations where necessary.

6. USER RIGHTS UNDER GDPR & CCPA

Users are entitled to specific rights regarding their personal data under the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). These rights include:

a. Access & Correction Rights:

1. Users have the right to request access to their personal data that we

1. Users may request corrections or updates to any inaccurate or incomplete personal information.

• Requests for access and corrections will be processed within legally required

b. Data Deletion Requests:

1. Users may request deletion of their personal data and account, subject to legal and regulatory retention requirements.
2. Certain data may be retained for compliance with tax, legal, fraud prevention, or contractual obligations.

• Once a request is fulfilled, we will notify the user regarding data deletion

c. Opt-Out Options:

1. Users have the right to opt out of marketing emails, promotional communications, and targeted advertising.
2. Users can disable tracking technologies, such as cookies, through their browser settings or account preferences.

• Consent withdrawal can be initiated at any time for optional data processing

d. Data Portability:

1. Users have the right to request a structured, commonly used, and machine- readable format of their data.
2. This allows users to transfer their data to another service provider if

• Requests for data portability will be fulfilled within the legally required

e. Right to Appeal & Complaint Resolution:

1. If a data request is denied, users have the right to appeal the decision within 30 days of receiving the response.
2. Users can request a review of their appeal through our Data Protection

• If users are unsatisfied with the resolution, they have the right to escalate their complaint to relevant regulatory authorities, such as the Data Protection Commission (EU) or the California Privacy Protection Agency (CPPA).

f. Non-Discrimination Rights:

1. Users exercising their data privacy rights will not be discriminated against, denied services, or subjected to any unfair treatment.
2. We ensure that opting out of marketing communications or requesting data deletion does not impact users’ ability to access core services.

g. How to Submit Requests:

1. Users may submit requests regarding their rights through our Privacy Request Form, accessible via their account settings.
2. Requests can also be emailed to our Data Protection Officer at

. We will verify identity before processing any request to ensure data security.

7. DATA SECURITY MEASURES

Takeout Pantry is committed to protecting user data through advanced security protocols, regulatory compliance, and proactive risk management. We implement stringent technical, administrative, and organizational measures to prevent unauthorized access, alteration, disclosure, or destruction of user information.

a. Encryption & Secure Data Storage

We use AES-256 encryption for data at rest and TLS encryption for data in transit to safeguard sensitive information. Payment transactions are securely processed in compliance with PCI DSS (Payment Card Industry Data Security Standard). Cryptographic controls, regular security updates, and automated threatdetection systems further protect user data.

b. Access Controls & Authentication

To restrict unauthorized access, we enforce role-based access controls (RBAC), ensuring that only designated personnel can access sensitive data. Multi-factor authentication (MFA) is required foradministrative access, and all account activities are logged for audit and compliance tracking.

c. Network & Infrastructure Security

Our platform operates on ISO 27001-certified cloud infrastructure, safeguarded by firewalls, intrusion detection systems (IDS), anti-malware protections, and real-time monitoring tools. We conduct regularpenetration testing, vulnerability assessments, and security audits to ensure continuous compliance with global cybersecurity standards.

d. Incident Response & Breach Notification

Takeout Pantry has a dedicated security response team that proactively monitors for threats and takes immediate action in case of a data breach. Users will be notified as follows:

1. Within 72 hours if required under GDPR (General Data Protection Regulation).

1. Immediately if the breach involves 500+ California residents, in accordance with CCPA (California Consumer Privacy Act).

• As per other applicable state and national breach notification We work closely with regulatory bodies and law enforcement to investigate, mitigate, and remediate security incidents.

e. Data Retention & Secure Disposal

User data is retained only as long as necessary to fulfill legal, operational, and contractual obligations. Below are our industry-standard retention periods:

1. Order history & transaction records – Retained for 7 years (industry standard for regulatory compliance, tax, and dispute resolution).

1. Payment details – Tokenized and deleted immediately after transaction completion, unless requiredfor refunds, chargebacks, or fraud prevention, in which case data is retained for 180 days.

• Inactive user accounts – Retained for 2 years from last activity before automatic deletion, unless legally required otherwise.

1. Customer support records – Retained for 3 years to improve service interactions and resolve disputes.
2. Marketing data & preferences – Retained for 2 years from the last interaction, or immediately upon user request to opt-out.
3. Log files & security records – Retained for 12 months to monitor system security and compliance.

Upon reaching the retention period, all data is permanently erased using NIST 800-88 compliant data sanitization techniques to ensure secure disposal.

f. Compliance with Global Security Standards

Takeout Pantry adheres to the highest security and compliance standards, including:

1. GDPR (General Data Protection Regulation) – Covers data processing, user rights, and breach notifications.
2. CCPA (California Consumer Privacy Act) – Includes consumer data protection and disclosure rights.

• PCI DSS (Payment Card Industry Data Security Standard) – Ensures secure payment processing.

1. ISO 27001 & SOC 2 – Enforces industry-leading security

1. HIPAA (Health Insurance Portability and Accountability Act) – Applied where health-related data is involved.

We conduct annual third-party security assessments, continuous monitoring, and penetration testing to uphold these security standards.

By implementing these robust security measures, Takeout Pantry ensures data confidentiality,integrity, and availability, reinforcing user trust and regulatory compliance.

8. INTERNATIONAL DATA TRANSFERS

a. Standard Contractual Clauses (SCCs)

We comply with European Commission-approved Standard Contractual Clauses (SCCs) for cross-border data transfers, ensuring that personal data transferred outside the European Economic Area(EEA) receives an adequate level of protection.

b. Data Storage Locations

User data is securely stored within data centers located in the United States and Europe, ensuring compliance with GDPR and other applicable regulations.

c. Additional Safeguards

In cases where data is transferred to jurisdictions that do not provide an adequate level of data protection, we implement supplementary measures such as encryption, access controls, and strictcontractual obligations with third-party service providers to maintain data security.

d. Legal Justification for Transfers

Data transfers are conducted in accordance with Article 46 of GDPR, ensuring that users' rights andprotections remain intact regardless of where the data is processed.

9. JURISDICTION-SPECIFIC DISCLOSURES

Takeout Pantry complies with applicable data protection laws based on user location. This section outlines region-specific rights and obligations.

a. European Users (GDPR Compliance)

For users in the European Economic Area (EEA), Takeout Pantry processes personal data under the General Data Protection Regulation (GDPR), ensuring:

1. Legal Basis for Processing: Data is processed under GDPR-defined bases, such as contractual necessity, consent, or legitimate interest (Articles 6 & 9).
2. User Rights: Users may access, correct, delete, restrict processing, and request data portability at any time.

• Objection & Automated Decision-Making: Users can object to data processing based on legitimate interests and opt out of automated profiling that affects

1. Complaints: Users may file complaints with their local Data Protection Authority (DPA) if they believe their privacy rights have been violated.

b. California Users (CCPA & CPRA Compliance)

For users in California, Takeout Pantry complies with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), granting:

1. Right to Know & Access: Users can request details about what personal data is collected, used, and shared.
2. Right to Deletion: Users may request deletion of their personal information, subject to legal and business requirements.

• Right to Opt-Out: Users can opt out of the sale or sharing of personal data through our Do Not Sell or Share My Personal Information page.

1. Right to Correct: Users can request that inaccurate personal information be
2. Non-Discrimination: Users will not be denied service, charged higher fees, or penalized for exercising their privacy rights.

c. Other Regional Privacy Laws

Takeout Pantry ensures compliance with additional international privacy regulations, including:

1. United Kingdom (UK GDPR): Personal data is processed in accordance with UK GDPR, enforced by the Information Commissioner’s Office (ICO).

1. Canada (PIPEDA Compliance): Data processing aligns with the Personal Information Protection and Electronic Documents Act (PIPEDA), ensuring transparency and user rights.

• Australia (APPs Compliance): Takeout Pantry complies with the Australian Privacy Act 1988,providing users with data access, correction, and control

1. Other Jurisdictions: We comply with relevant national and state privacy laws where our users reside.

By adhering to regional privacy frameworks, Takeout Pantry upholds global data protection standards while ensuring users have control over their personal information.

10. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy periodically to reflect changes in legal requirements, industry best practices, or modifications to our services. Any significant updates will be communicated to users through email notifications or platform alerts before they take effect.

By continuing to use our services after changes to this Privacy Policy have been implemented, you acknowledge and accept the revised terms. If you do not agree with the changes, you should discontinue use of our services and contact us regarding any concerns.