Privacy Policy

This Privacy Policy describes how Mod Pizza ("we," "us," "our," or the "Company") collects, uses, discloses, retains, and protects information about you when you visit our website at modpizz.rest, place orders online, interact with our digital services, or otherwise engage with us as a customer or visitor. We are committed to protecting your personal information and your right to privacy in accordance with applicable United States federal and state privacy laws.

Please read this Privacy Policy carefully. If you disagree with the terms described herein, please discontinue use of our website and services. By accessing or using our website, you acknowledge that you have read, understood, and agreed to be bound by this Privacy Policy.

For any questions, concerns, or requests related to your privacy, you may contact us at:

1. Scope and Applicability

This Privacy Policy applies to all personal information collected through our website (modpizz.rest), mobile ordering platforms, loyalty programs, in-store digital interfaces, marketing communications, customer service interactions, and any other services we offer (collectively, the "Services"). This policy applies to all users located within the United States and is specifically designed to comply with:

• The California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) — for California residents
• The Federal Trade Commission Act (FTC Act) — governing unfair or deceptive trade practices related to privacy
• The CAN-SPAM Act — governing commercial electronic communications
• The Children's Online Privacy Protection Act (COPPA) — regarding the privacy of children under 13
• Other applicable federal and state privacy laws in the United States

If you reside outside the United States, please be aware that our Services are directed at users within the United States. Any international data transfers are described in Section 12 of this policy.

2. Information We Collect

We collect various types of information in connection with your use of our Services. The categories of personal information we collect are described below.

2.1 Personal Information You Provide Directly

When you interact with us — whether by creating an account, placing an order, contacting customer support, signing up for our loyalty program, or subscribing to our newsletters — you may provide us with personal information, including:

• Identifiers: Full name, username, email address, mailing address, phone number, and date of birth
• Account Credentials: Username and password for your account
• Payment Information: Credit or debit card numbers, billing address, and other payment details (processed securely through third-party payment processors; we do not store full card numbers)
• Order Information: Food preferences, dietary restrictions, special instructions, delivery addresses, and order history
• Loyalty Program Data: Points balance, reward redemptions, promotional interactions, and participation history
• Communications: Messages, feedback, reviews, survey responses, and customer service correspondence
• Marketing Preferences: Communication preferences, opt-in consents, and promotion interests

2.2 Information Collected Automatically

When you visit our website or use our digital platforms, we automatically collect certain technical and usage information, including:

• Device Information: Device type, operating system, browser type and version, screen resolution, device identifiers, and mobile network information
• Usage Data: Pages visited, links clicked, time spent on pages, referring URLs, exit pages, search queries on our site, and navigation patterns
• IP Address: Your Internet Protocol (IP) address, which may be used to approximate your general geographic location
• Log Data: Server log files, error logs, access times, and diagnostic data
• Location Data: Approximate location derived from your IP address, or precise location if you grant permission through your device settings or browser
• Cookie and Tracking Data: Information collected through cookies, web beacons, pixel tags, and similar tracking technologies (see Section 7 for more details)

2.3 Information Collected From Third Parties

We may receive information about you from third-party sources, including:

• Social Media Platforms: If you connect your social media account (e.g., Facebook, Google, Apple) to our Services or log in using a third-party account, we may receive profile information, email address, and other data permitted by your privacy settings on that platform
• Third-Party Delivery Partners: If you place orders through third-party delivery platforms, we may receive order and contact information to fulfill your request
• Analytics Providers: Aggregated and anonymized data from analytics service providers
• Advertising Partners: Data about your online behavior and interests from advertising networks
• Publicly Available Sources: Information available in public databases or social media profiles

2.4 Sensitive Personal Information

We may collect certain categories of sensitive personal information in limited circumstances, such as dietary restrictions or allergen information that may indicate a health condition. We collect and use such information solely for the purpose of fulfilling your food orders and ensuring your safety. We do not sell or use sensitive personal information for purposes beyond those necessary to provide the requested service.

3. How We Use Your Information

We use the personal information we collect for a variety of business and operational purposes, including:

3.1 Providing and Managing Our Services

• Processing and fulfilling your food orders, whether in-store, online, or through delivery
• Creating and managing your account and loyalty program membership
• Processing payments and managing billing
• Communicating with you about your orders, account status, and service updates
• Providing customer support and responding to your inquiries or complaints
• Verifying your identity and preventing fraudulent activity

3.2 Improving Our Services

• Analyzing how users interact with our website and digital platforms to improve user experience
• Conducting internal research, testing, and development to enhance our products and services
• Monitoring and analyzing trends, usage patterns, and performance metrics
• Identifying and fixing technical issues or bugs

3.3 Marketing and Promotional Communications

• Sending promotional emails, newsletters, special offers, and updates about new menu items or locations — only where you have provided consent or where permitted by law
• Administering loyalty rewards, contests, sweepstakes, and promotional campaigns
• Personalizing marketing content and recommendations based on your preferences and order history
• Serving targeted advertisements on our website and third-party platforms, including through retargeting campaigns

You may opt out of marketing communications at any time by clicking "unsubscribe" in any email we send, adjusting your account preferences, or contacting us at [email protected].

3.4 Legal and Compliance Purposes

• Complying with applicable laws, regulations, and legal obligations
• Responding to lawful requests from government authorities or law enforcement
• Enforcing our Terms of Service and other agreements
• Protecting the rights, property, or safety of Mod Pizza, our customers, or third parties
• Detecting and preventing fraud, security breaches, or other illegal activities

4. Legal Basis for Processing

Under applicable U.S. law, including the FTC Act and CCPA/CPRA, we process your personal information on the following legal grounds:

• Contractual Necessity: Processing necessary to fulfill your orders and provide the Services you request
• Legitimate Interests: Processing necessary for our legitimate business interests, such as fraud prevention, security, analytics, and business improvement
• Consent: Where you have provided explicit consent, such as for marketing communications or the use of non-essential cookies
• Legal Obligation: Processing necessary to comply with applicable laws and regulations

5. Sharing Your Information With Third Parties

We do not sell your personal information in the traditional sense of the word. However, under the CCPA/CPRA's broad definition of "sale" and "sharing," certain data transfers to third-party advertisers may qualify. Please see Section 9 (California Privacy Rights) for information about your rights in this regard. We may share your information with the following categories of third parties:

5.1 Service Providers and Business Partners

We share personal information with trusted third-party service providers who perform functions on our behalf, under contractual obligations to protect your data, including:

5.2 Legal and Regulatory Disclosures

We may disclose your personal information if required to do so by law, or in good faith belief that such disclosure is necessary to:

• Comply with a legal obligation, court order, subpoena, or government request
• Enforce our Terms of Service or other contractual agreements
• Protect and defend the rights or property of Mod Pizza
• Prevent or investigate possible wrongdoing in connection with our Services
• Protect the personal safety of users of our Services or the public

5.3 Business Transfers

In the event of a merger, acquisition, corporate restructuring, sale of assets, bankruptcy, or other business transition, your personal information may be transferred to the successor entity. We will notify you of any such change and provide you with choices about your information in accordance with applicable law.

5.4 Aggregated or Anonymized Data

We may share aggregated, de-identified, or anonymized information that cannot reasonably be used to identify you with third parties for research, marketing, analytics, and other purposes.

6. Data Security

We take the security of your personal information seriously and implement industry-standard technical, administrative, and physical safeguards designed to protect your data against unauthorized access, disclosure, alteration, or destruction. Our security measures include:

• Encryption: All data transmitted between your browser and our servers is encrypted using Secure Socket Layer (SSL) / Transport Layer Security (TLS) technology. Payment information is further protected through PCI-DSS compliant systems.
• Access Controls: Access to personal information is restricted to authorized personnel on a need-to-know basis. All employees with access to personal data are required to maintain strict confidentiality.
• Firewalls and Intrusion Detection: We use firewalls, intrusion detection systems, and other network security measures to protect our infrastructure.
• Regular Security Audits: We conduct periodic security assessments and vulnerability testing to identify and address potential risks.
• Data Minimization: We collect only the personal information necessary for the stated purposes and retain it only as long as needed.
• Vendor Management: We vet third-party service providers for their security practices and require them to maintain appropriate security standards through contractual agreements.

6.1 Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you in accordance with applicable state breach notification laws. We will provide timely notification through email or prominent notice on our website, as required by law, and will cooperate with law enforcement and regulatory authorities as needed.

7. Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, local storage objects, and similar tracking technologies to collect information about your interactions with our website and to improve your experience. By continuing to use our website, you consent to our use of cookies in accordance with this policy.

7.1 Types of Cookies We Use

For detailed information about the specific cookies we use, their duration, and how to manage your preferences, please refer to our Cookie Policy available on our website at modpizz.rest. You can also manage your cookie preferences through your browser settings, though disabling certain cookies may affect the functionality of our website.

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Our general data retention guidelines are as follows:

When personal information is no longer needed for the purposes it was collected, we will securely delete, destroy, or anonymize it in a manner consistent with our data retention policies and applicable legal requirements.

9. Your Privacy Rights

Depending on your state of residence within the United States, you may have specific rights regarding your personal information. We respect these rights and have established processes to help you exercise them.

9.1 Rights Available to All U.S. Residents

• Right to Know: You may request information about the categories and specific pieces of personal information we have collected about you
• Right to Correction: You may request that we correct inaccurate or incomplete personal information we hold about you
• Right to Deletion: You may request that we delete personal information we have collected, subject to certain legal exceptions
• Right to Opt Out of Marketing: You may opt out of receiving marketing communications at any time

9.2 Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know (Expanded): The right to know the categories of personal information collected, the purposes for collection, and whether your information is sold or disclosed to third parties
• Right to Opt Out of Sale or Sharing: The right to opt out of the sale or sharing of your personal information with third parties. You may submit a "Do Not Sell or Share My Personal Information" request by contacting us at [email protected]
• Right to Limit Use of Sensitive Personal Information: The right to limit the use and disclosure of your sensitive personal information to what is necessary to perform the services you requested
• Right to Data Portability: The right to receive your personal information in a portable, commonly used, and machine-readable format
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge you different prices, or provide a different quality of service based solely on the exercise of your privacy rights
• Right to Correct Inaccurate Information: The right to request correction of inaccurate personal information we maintain about you

9.3 How to Submit a Privacy Rights Request

To exercise any of the rights described above, you may:

• Send an email to [email protected] with the subject line "Privacy Rights Request"
• Visit our website at modpizz.rest and use the contact form

We will verify your identity before processing your request. For account holders, we may verify your identity through your account credentials. For non-account holders, we may request additional information to confirm your identity. We will respond to verified requests within 45 days of receipt. If we require additional time, we will notify you within the initial 45-day period and may take up to an additional 45 days, for a maximum of 90 days total. You may authorize an agent to submit a request on your behalf, provided the agent submits proof of your authorization.

10. Children's Privacy

Our Services are not directed to individuals under the age of 13, and we do not knowingly collect personal information from children under 13 years of age. If you are under 13 years old, please do not use our Services or provide any personal information to us.

In compliance with the Children's Online Privacy Protection Act (COPPA), if we discover that we have inadvertently collected personal information from a child under 13 without verifiable parental consent, we will take immediate steps to delete that information from our records.

Additionally, while our food Services are open to all ages in a physical setting, our online ordering and account registration features are intended for individuals who are at least 18 years of age, or at least 13 years of age with verifiable parental or guardian consent. We encourage parents and guardians to monitor their children's online activities and to contact us at [email protected] if they believe their child has provided personal information to us without authorization.

11. Do Not Track Signals

Some web browsers may transmit "Do Not Track" (DNT) signals to websites. Currently, there is no universally accepted standard for how websites should respond to DNT signals. As a result, our website does not currently respond to DNT browser signals. However, you may disable certain tracking by managing your browser's cookie settings or using the opt-out mechanisms described in our Cookie Policy.

We support the principles behind DNT and are committed to providing you with meaningful privacy choices through the tools described in this Privacy Policy.

12. International Data Transfers

Our Services are primarily intended for users located within the United States. Our servers, systems, and operations are based in the United States. If you access our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where privacy laws may differ from those in your country of residence.

By using our Services, you consent to the transfer of your personal information to the United States. We will take reasonable steps to ensure that any international data transfers comply with applicable legal requirements and that appropriate safeguards are in place to protect your personal information in accordance with this Privacy Policy.

If you are located in a jurisdiction with specific international data transfer requirements (such as the European Economic Area or the United Kingdom), and you have questions about how your data is handled, please contact us at [email protected].

13. Third-Party Links and Services

Our website may contain links to third-party websites, applications, or services that are not operated or controlled by Mod Pizza. These third-party platforms have their own privacy policies, and we are not responsible for their privacy practices or content. We encourage you to review the privacy policies of any third-party sites you visit.

The inclusion of a link to a third-party website does not constitute an endorsement of that site or its privacy practices by Mod Pizza.

14. Marketing Communications and Opt-Out

We may send you promotional emails, text messages (SMS), push notifications, and other marketing communications about our menu items, special offers, loyalty rewards, and new locations. We will only contact you for marketing purposes with your consent, or where permitted by applicable law.

14.1 Email Marketing

If you wish to unsubscribe from our email marketing communications, you may do so by clicking the "Unsubscribe" link at the bottom of any marketing email we send you, or by contacting us at [email protected]. Please note that even if you opt out of marketing emails, we may still send you transactional emails related to your orders, account, or other service-related matters.

14.2 SMS/Text Message Marketing

If you have opted into SMS marketing, you may opt out at any time by replying "STOP" to any text message we send you, or by contacting us at [email protected]. Standard message and data rates may apply.

14.3 Push Notifications

You may disable push notifications at any time through your device or browser settings.

15. Filing a Complaint With a Data Protection Authority

If you believe that we have violated your privacy rights or have not addressed your concerns satisfactorily, you have the right to file a complaint with the appropriate regulatory authority. In the United States, the following authorities may be relevant:

15.1 Federal Trade Commission (FTC)

The FTC is the primary federal agency responsible for consumer protection and enforcement of privacy-related laws. You may file a complaint with the FTC at:

• Website: www.ftc.gov/complaint
• Phone: 1-877-382-4357
• Address: Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, D.C. 20580

15.2 California Privacy Protection Agency (CPPA) — For California Residents

If you are a California resident and believe your rights under the CCPA/CPRA have been violated, you may file a complaint with the California Privacy Protection Agency:

• Website: cppa.ca.gov
• Address: California Privacy Protection Agency, 2101 Arena Blvd, Sacramento, CA 95834

15.3 State Attorneys General

You may also contact your state's Attorney General's office to report privacy violations. Most states have consumer protection divisions that handle privacy-related complaints. We encourage you to contact us first at [email protected] so that we have the opportunity to address your concerns directly before you escalate the matter to a regulatory authority.

16. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, legal requirements, or technological developments. When we make material changes to this policy, we will:

• Update the "Last Updated" date at the top of this page
• Post the revised policy on our website at modpizz.rest
• Send you an email notification (if we have your email address) for significant changes
• Display a prominent notice on our website for a reasonable period following the update

Your continued use of our Services after we post the revised Privacy Policy constitutes your acceptance of the changes. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

17. Contact Us

If you have any questions, comments, or concerns about this Privacy Policy, the way we handle your personal information, or if you wish to exercise your privacy rights, please contact us using the information below:

We are committed to resolving any privacy concerns you may have. We will make every effort to respond to your inquiry within 45 business days of receipt. For urgent matters, we recommend sending an email to [email protected] with "URGENT – Privacy Matter" in the subject line.