Privacy Policy

Effective Date: June 4, 2026  |  Last Updated: June 4, 2026

1. Introduction and Who We Are

Welcome to Cabana Taco. We are a food service business operating in the United States, committed to providing our customers with delicious food and an outstanding dining and ordering experience. We understand that your privacy is important, and we take our responsibility to protect your personal information seriously.

This Privacy Policy applies to all information collected through our website located at cabana-taco.top, as well as any related services, online ordering platforms, promotional activities, loyalty programs, and other interactions you may have with us (collectively referred to as our "Services").

Throughout this document, "personal information" or "personal data" refers to any information that identifies, relates to, describes, or could reasonably be linked to you as an individual.

Our contact information for privacy-related inquiries is:

• Business Name: Cabana Taco
• Email: [email protected]
• Website: cabana-taco.top

2. Applicable Laws and Regulatory Framework

As a business operating in the United States, we comply with all applicable federal and state privacy laws, including but not limited to:

• The Federal Trade Commission Act (FTC Act): We adhere to the FTC's standards for unfair or deceptive acts and practices, which include maintaining truthful representations about our data practices.
• The California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA): To the extent applicable, we honor the rights of California residents under these laws, including the right to know, the right to delete, the right to opt-out of the sale or sharing of personal information, and the right to non-discrimination.
• CAN-SPAM Act: All marketing communications we send comply with the requirements of the CAN-SPAM Act.
• Children's Online Privacy Protection Act (COPPA): We do not knowingly collect personal information from children under the age of 13 without verifiable parental consent.
• Any other applicable state or local privacy regulations in the jurisdiction where we operate.

3. Information We Collect

We collect various types of information in connection with the Services we provide. The categories of personal information we may collect include:

3.1 Personal Identification Information

When you create an account, place an order, make a reservation, sign up for our newsletter, participate in promotions, or contact us directly, we may collect:

• Full name
• Email address
• Phone number
• Mailing or delivery address
• Date of birth (when required for age verification or birthday promotions)
• Username and password (for account holders)
• Profile photograph (if you choose to provide one)

3.2 Payment and Financial Information

When you place an order or make a purchase through our website, we collect payment-related information. However, please note that full payment card details (such as complete credit or debit card numbers) are processed directly by our trusted third-party payment processors and are not stored on our servers. We may retain limited transaction information, such as:

• Last four digits of payment card
• Billing address
• Transaction ID and amount
• Date and time of transaction

3.3 Order and Dietary Information

As a food service business, we collect information related to your food orders and preferences, which may include:

• Food items ordered and customization preferences
• Dietary restrictions or allergies you disclose to us
• Order history and frequency
• Special instructions or requests
• Favorite menu items and preferences

3.4 Usage and Technical Data

When you visit our website, we automatically collect certain technical information through cookies, web beacons, and similar tracking technologies, including:

• IP address
• Browser type and version
• Operating system and device type
• Referring website URLs
• Pages visited on our website
• Time and date of visits
• Time spent on individual pages
• Links clicked and interactions performed
• Search queries entered on our website

3.5 Location Data

With your permission, we may collect your precise or approximate geographic location data to facilitate delivery services, help you find the nearest Cabana Taco location, or provide location-based promotions. You may disable location tracking through your device settings at any time.

3.6 Communications Data

When you contact us via email, phone, contact forms, or social media, we collect and retain records of those communications, including:

• Content of messages sent to us
• Customer service inquiries and responses
• Feedback, reviews, and survey responses
• Social media messages and interactions

3.7 Marketing and Preference Data

We collect information about your marketing preferences and interactions with our promotional content, such as:

• Email open rates and click-through data
• Promotional offers redeemed
• Loyalty program participation and points balance
• Opt-in and opt-out preferences for communications

3.8 Information from Third Parties

We may also receive information about you from third-party sources, including:

• Third-party food delivery platforms and aggregators
• Social media platforms (when you interact with our social media pages)
• Analytics providers
• Advertising partners
• Review platforms

4. How We Use Your Information

We use the personal information we collect for a variety of legitimate business purposes. Specifically, we use your information to:

4.1 Provide and Manage Our Services

• Process and fulfill your food orders, whether for pickup, delivery, or dine-in
• Create and manage your customer account
• Process payments and send receipts and invoices
• Coordinate delivery logistics
• Administer reservations and catering requests
• Address dietary restrictions and allergen requirements you have communicated to us

4.2 Customer Service and Communications

• Respond to your inquiries, complaints, and feedback
• Send order confirmations and status updates
• Notify you of changes to your orders, our menu, or our policies
• Provide technical support

4.3 Marketing and Promotional Activities

• Send you promotional emails, newsletters, and special offers (with your consent or where otherwise permitted by law)
• Administer contests, sweepstakes, and loyalty reward programs
• Personalize your experience on our website and tailor promotions to your interests
• Display targeted advertising through our advertising partners

4.4 Analytics and Service Improvement

• Analyze usage trends and patterns to improve our website and app functionality
• Conduct market research and analyze customer preferences
• Evaluate the effectiveness of our marketing campaigns
• Develop new menu items and improve existing offerings based on customer feedback
• Optimize our ordering and delivery processes

4.5 Legal Compliance and Safety

• Comply with applicable laws, regulations, and legal obligations
• Respond to lawful requests from government authorities or law enforcement
• Detect, prevent, and investigate fraud, security breaches, and other potentially illegal activities
• Protect the rights, property, and safety of Cabana Taco, our customers, and the public
• Enforce our Terms of Service and other applicable agreements

5. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience and help us understand how visitors use our site. A cookie is a small text file placed on your device when you visit a website.

5.1 Types of Cookies We Use

5.2 Managing Your Cookie Preferences

You can control and manage cookies in several ways:

• Browser Settings: Most web browsers allow you to refuse or delete cookies through their settings menus. Please consult your browser's help documentation for specific instructions.
• Opt-Out Tools: You may opt out of interest-based advertising through the Digital Advertising Alliance's opt-out tool at www.aboutads.info/choices or the Network Advertising Initiative at www.networkadvertising.org/choices.
• Cookie Consent Banner: When you first visit our website, you will be presented with a cookie consent banner that allows you to accept or decline non-essential cookies.

Please note that disabling certain cookies may affect the functionality of our website and your ability to place orders or access certain features.

6. Sharing Your Information with Third Parties

We do not sell your personal information to third parties for their own direct marketing purposes without your explicit consent. However, we may share your information with certain third parties in the following circumstances:

6.1 Service Providers and Business Partners

We work with trusted third-party service providers who assist us in operating our business. These providers may have access to your personal information only to the extent necessary to perform their services on our behalf and are contractually bound to protect your information. Categories of service providers include:

• Payment Processors: To securely process your payment transactions
• Delivery Partners: To coordinate and fulfill food delivery orders
• Email and SMS Marketing Platforms: To send you promotional communications and transactional messages
• Analytics Providers: Such as Google Analytics, to help us understand website traffic and user behavior
• Cloud Hosting and IT Services: To store and manage our data securely
• Customer Support Software: To manage customer service inquiries and communications
• Advertising Networks: To serve targeted advertisements on our behalf across the web

6.2 Third-Party Food Delivery Platforms

If you place an order through a third-party food delivery platform (such as DoorDash, Uber Eats, Grubhub, or similar services), those platforms operate under their own privacy policies, and we encourage you to review them. We may receive certain information from such platforms related to orders placed for our food items.

6.3 Legal Requirements and Law Enforcement

We may disclose your personal information if required to do so by law or in good faith belief that such disclosure is necessary to:

• Comply with a legal obligation, court order, or subpoena
• Cooperate with a government or law enforcement investigation
• Protect and defend the rights or property of Cabana Taco
• Prevent or investigate possible wrongdoing in connection with our Services
• Protect the personal safety of users of our Services or the public

6.4 Business Transfers

In the event that Cabana Taco undergoes a merger, acquisition, reorganization, sale of assets, or bankruptcy proceeding, your personal information may be transferred to the successor entity as part of that transaction. We will notify you via prominent notice on our website or by email if such a transfer occurs and your information becomes subject to a different privacy policy.

6.5 With Your Consent

We may share your information with other third parties when you have given us explicit consent to do so, such as when participating in co-branded promotions or referral programs.

7. Data Security

We take the security of your personal information seriously and implement a range of technical, administrative, and physical safeguards designed to protect your data from unauthorized access, disclosure, alteration, and destruction.

7.1 Security Measures We Employ

• Encryption: Our website uses Secure Socket Layer (SSL) / Transport Layer Security (TLS) encryption to protect data transmitted between your browser and our servers.
• Secure Payment Processing: All payment transactions are processed through PCI DSS-compliant payment processors. We do not store full credit card numbers on our systems.
• Access Controls: Access to personal information is restricted to authorized personnel who need the information to perform their job functions.
• Regular Security Assessments: We conduct periodic reviews and assessments of our security practices and systems.
• Employee Training: Our staff receives training on data privacy and security best practices.
• Data Minimization: We collect only the minimum amount of personal information necessary for the purposes described in this policy.

7.2 Data Breach Response

In the event of a data breach that may compromise your personal information, we will notify affected individuals and relevant authorities as required by applicable law. We will take prompt steps to investigate and mitigate the breach and will communicate transparently about what information was affected and what steps you can take to protect yourself.

8. Your Privacy Rights

Depending on your location and applicable law, you may have certain rights regarding your personal information. We are committed to honoring these rights and will respond to valid requests within the timeframes required by law.

8.1 Rights Available to All Users

• Right to Access: You may request a copy of the personal information we hold about you.
• Right to Correction: You may request that we correct inaccurate or incomplete personal information we hold about you.
• Right to Deletion: You may request that we delete your personal information, subject to certain legal exceptions (such as where we need to retain information to comply with legal obligations).
• Right to Opt-Out of Marketing: You may opt out of receiving marketing communications from us at any time by clicking the "unsubscribe" link in any marketing email or by contacting us directly at [email protected].
• Right to Withdraw Consent: Where we rely on your consent to process your information, you may withdraw that consent at any time without affecting the lawfulness of processing done prior to withdrawal.

8.2 Additional Rights for California Residents (CCPA/CPRA)

If you are a resident of California, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: You have the right to request disclosure of the categories of personal information we have collected about you, the purposes for which it was collected, and the categories of third parties with whom we have shared it.
• Right to Data Portability: You have the right to receive your personal information in a portable and readily usable format.
• Right to Opt-Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising. To exercise this right, please contact us at [email protected] or look for the "Do Not Sell or Share My Personal Information" option on our website.
• Right to Limit Use of Sensitive Personal Information: You have the right to limit our use of sensitive personal information (such as precise geolocation or health information) to what is necessary to provide requested services.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge you different prices, or provide a different quality of service because you exercised your privacy rights.
• Authorized Agent: You may designate an authorized agent to submit privacy requests on your behalf. We may require verification of your identity and confirmation that the agent is authorized to act on your behalf.

8.3 How to Submit a Privacy Rights Request

To exercise any of your privacy rights, please contact us by:

• Email: [email protected] (please include "Privacy Rights Request" in the subject line)
• Website: cabana-taco.top (via our contact form)

We will acknowledge receipt of your request within 10 business days and respond to your request within 45 days. If we require additional time (up to 90 days total), we will inform you of the reason and the extension period in writing. We may need to verify your identity before processing your request to protect your security.

9. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

When personal information is no longer needed, we will securely delete, destroy, or anonymize it in accordance with our data retention and disposal procedures.

10. Children's Privacy

Cabana Taco's Services are not directed to, and we do not knowingly collect personal information from, children under the age of 13. Our online ordering and account registration services are intended for users who are at least 13 years of age. Certain promotions or services may be restricted to users aged 18 and over.

If you are a parent or guardian and believe that your child under the age of 13 has provided us with personal information without your consent, please contact us immediately at [email protected]. We will take prompt steps to delete such information from our records upon verification.

We comply with the Children's Online Privacy Protection Act (COPPA). If we become aware that we have collected personal information from a child under 13 without verifiable parental consent, we will delete that information as quickly as possible.

11. International Data Transfers

Cabana Taco is a United States-based business and primarily processes and stores data within the United States. However, some of our third-party service providers may be located in or operate from other countries, which means that your personal information may be transferred to, stored in, and processed in countries outside the United States.

If you are visiting our website from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located and our central database is operated. Data protection laws in the United States may differ from those in your country of residence.

When we transfer personal information internationally, we take steps to ensure that appropriate safeguards are in place to protect your information in accordance with applicable law, including entering into standard contractual clauses or relying on other approved transfer mechanisms where required.

By using our Services, you consent to the transfer of your information to the United States and other countries in accordance with this Privacy Policy.

12. Third-Party Links and Services

Our website may contain links to third-party websites, applications, or services, including social media platforms, third-party delivery apps, and review sites. This Privacy Policy applies only to information collected by Cabana Taco through our own Services. We are not responsible for the privacy practices of third-party websites or services, and we encourage you to review the privacy policies of any third-party platforms you visit or use.

We are not liable for the content, privacy practices, or security measures of external websites, even if those websites are accessible through links on our website.

13. Do Not Track Signals

Some web browsers offer a "Do Not Track" (DNT) feature that signals websites not to track your online activities. Currently, there is no universally accepted standard for how websites should respond to DNT signals. At this time, our website does not respond to DNT signals from browsers. However, you can manage your tracking preferences through our cookie consent tool and browser settings as described in Section 5 of this policy.

We will continue to monitor developments in DNT standards and may update our practices as industry standards evolve.

14. Marketing Communications

With your consent or where otherwise permitted by applicable law, we may use your contact information to send you promotional materials, including:

• Email newsletters featuring new menu items, seasonal specials, and promotions
• SMS/text message alerts about exclusive deals and order updates (where you have opted in)
• Personalized offers based on your order history and preferences
• Loyalty program updates and reward notifications

14.1 Opting Out of Marketing

You can opt out of receiving marketing communications from us at any time by:

• Clicking the "unsubscribe" link in any marketing email we send
• Replying "STOP" to any SMS marketing message
• Contacting us directly at [email protected]
• Updating your communication preferences in your account settings

Please note that even if you opt out of marketing communications, we will still send you transactional and service-related messages (such as order confirmations, receipts, and important notices about your account).

15. How to File a Complaint

If you believe that we have violated your privacy rights or handled your personal information in a manner inconsistent with this Privacy Policy or applicable law, we encourage you to contact us first so that we may address your concerns.

15.1 Internal Complaint Process

To file a privacy complaint with us, please:

1. Send a detailed description of your complaint to [email protected] with the subject line "Privacy Complaint."
2. Include your full name, contact information, and a clear description of the issue.
3. We will acknowledge your complaint within 10 business days and aim to resolve it within 45 days.

15.2 Regulatory Complaints

If you are not satisfied with our response, you may have the right to file a complaint with relevant data protection or consumer protection authorities:

• Federal Trade Commission (FTC): U.S. consumers can file complaints about deceptive or unfair business practices, including privacy violations, at www.ftc.gov/complaint or by calling 1-877-382-4357.
• California Privacy Protection Agency (CPPA): California residents may file complaints with the California Privacy Protection Agency at cppa.ca.gov.
• California Attorney General: California residents may also submit complaints to the California Attorney General's office at oag.ca.gov/privacy.
• State Attorney General: Residents of other states may contact their state's Attorney General's office for privacy-related complaints.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes to this policy, we will:

• Post the updated Privacy Policy on our website at cabana-taco.top
• Update the "Last Updated" date at the top of this policy
• Notify you by email (if we have your email address on file) when changes are material
• In some cases, request your renewed consent to the updated terms

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our Services after any changes to this Privacy Policy constitutes your acceptance of the updated terms.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please do not hesitate to contact us. We are committed to addressing your privacy concerns in a timely and transparent manner.

We aim to respond to all privacy-related inquiries within 10 business days. For urgent matters related to a potential data breach or serious privacy concern, please mark your correspondence as "Urgent" to ensure prompt attention.