Privacy Policy

This Privacy Policy explains what information we collect, how we use it, and the choices you have. It applies to our website, our services, and any direct communications we send you. By using our services you agree to the practices described here.

1. Who We Are

We are a small, independent meal-prep and catering business based in Texas. When this policy says "we," "us," or "our," it refers to the business named on this site.

2. Information We Collect

Information You Give Us

• Account details — name, email, phone number, password (stored as a one-way hash; we never see your plaintext password).
• Delivery + billing addresses — for fulfillment and address verification.
• Dietary + allergy notes — only what you choose to share so we can accommodate.
• Order content — meals selected, quantities, sizes, special instructions.
• Communications — emails or messages you send us, including catering inquiries and customer support.
• Marketing preferences — your SMS and email opt-in choices.

Information Collected Automatically

• Device + browser info — IP address, browser type, device type, time zone, and pages visited (for analytics + error tracking).
• Cookies + session storage — used to keep you logged in, remember your dark/light theme preference, and keep your cart contents while you shop.
• Sign-in fingerprints — a hash of your browser + truncated IP, used only to detect new-device sign-ins and alert you to potential account compromise.

Payment Information

We never see or store your full credit card number. Payments are handled by Stripe, who collects card details directly from you and returns to us only a tokenized reference, the last four digits, and the brand of the card (Visa, Mastercard, etc.) — enough to display "•••• 4242" on your receipt and refund you if needed.

3. How We Use Your Information

• Take and fulfill your orders.
• Communicate about your order — confirmation, status updates, delivery alerts.
• Provide customer support and respond to your messages.
• Operate loyalty rewards, store credit, and the referral program.
• Send marketing emails or texts only when you opt in (you can opt out at any time — see Section 6).
• Detect and prevent fraud, abuse of promotions, and unauthorized account access.
• Improve our menu, operations, and the website itself.
• Comply with legal obligations (tax, accounting, food-safety records).

4. Service Providers We Share With

We share only the minimum information needed for each provider to do its job. We don't sell your personal information.

• Stripe — payment processing. They receive your card details, billing address, and order amount.
• SendGrid — sending transactional and marketing emails. They receive your email address, name, and email content.
• Twilio — sending SMS messages (order updates, marketing if you opted in). They receive your phone number and message content.
• Vercel — website + database hosting. They process all data needed to run the site.
• Google Maps — geocoding addresses to verify delivery zones and showing maps. They receive the address you enter.
• Sentry — automatic error tracking. They receive limited diagnostic data when something on the site breaks (URL, error message, your user id where applicable).
• Vercel Analytics + Speed Insights — anonymous traffic + performance metrics. No personal info is included.
• QuickBooks — accounting + bookkeeping (when configured). Order, payment, and customer-name data flows here for our financial records.

We may also share information when required by law (e.g., a valid subpoena), to enforce our Terms, or to protect the safety of our customers, employees, or business.

5. How Long We Keep Your Information

• Account info — kept while your account is active. After account closure, we keep limited records as required for tax, accounting, and legal compliance (typically 7 years for financial records).
• Order history — kept indefinitely so you can reorder favorites, but you can request deletion (see Section 7).
• Marketing logs — opt-out records are kept indefinitely so we don't accidentally email or text you again after you unsubscribe.
• Error + diagnostic data — typically purged within 90 days.

6. Marketing Communications

• Email marketing. When you opt in to our newsletter or "weekly menu drops" email, we send you marketing emails. Every marketing email contains an unsubscribe link at the bottom. Transactional emails (order confirmations, delivery updates) cannot be opted out of while you have an active order.
• SMS marketing. We send marketing texts only when you specifically opt in to "all messages" — opting in only to order updates excludes you from marketing. Reply STOP to any text to opt out, HELP for help. Standard message and data rates apply.

You can update your communication preferences at any time in your account settings or by contacting us.

7. Your Rights

You have the right to:

• Access the personal information we hold about you.
• Correct inaccurate information through your account settings or by contacting us.
• Delete your account and most associated data. We may retain a minimum amount needed for legal/accounting compliance.
• Export your order history and account data in a machine-readable format.
• Opt out of marketing communications at any time.

To make a request, email us using the address printed on your order confirmation, or contact us through the contact form. We'll respond within 30 days.

If you are a California resident, the California Consumer Privacy Act gives you additional rights — including the right to know what categories of information we've collected about you in the past 12 months and the right to opt out of "sale" of personal information. We don't sell personal information; you can still exercise the right-to-know above by contacting us.

8. Cookies & Tracking

We use a small number of cookies and equivalent storage to make the site work:

• Authentication cookie — keeps you logged in. Required to use account features.
• Cart storage — your cart contents while you shop, stored in your browser only.
• Theme preference — dark or light mode, stored in your browser only.
• Analytics + performance — anonymous metrics from Vercel Analytics + Speed Insights to help us understand site usage.

We do not use advertising cookies, retargeting pixels, or social-media tracking cookies. Disabling cookies in your browser will break login and checkout but is your right.

9. Children's Privacy

Our services are not directed to children under 13, and we do not knowingly collect personal information from anyone under 13. If you believe a child has provided us information, contact us and we'll delete it.

10. Security

We protect your information with industry-standard measures — HTTPS encryption in transit, password hashing (we never store plaintext passwords), tokenized payment processing through Stripe, and access controls on internal admin tools. No system is 100% secure, however, and you are responsible for keeping your account password confidential.

If we ever discover a breach affecting your information, we will notify you in accordance with applicable law.

11. Links to Other Sites

Our site may contain links to other businesses (delivery zones, social media, recipe blogs). Their privacy practices are their own — we recommend reviewing the privacy policy of any site before sharing information with them.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We'll bump the "Last updated" date above. Material changes will be communicated by email or a banner on the site. Your continued use of the services after changes take effect constitutes acceptance.

13. Contact Us

For privacy questions, data-access requests, or to opt out of marketing, contact us through the contact form or at the email address printed on your order confirmation. Mail can be sent to the business address listed on our contact page.