Privacy Policy

Effective Date: January 14, 2025

Last Updated: December 1, 2025

Your Privacy Rights

We do NOT sell your personal information. Stacktown ("we," "our," or "us") is committed to protecting your privacy and giving you control over your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information.

Annual Review: We review and update this policy at least annually to ensure continued compliance with privacy laws.

1. Introduction

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access or use our website or services. By using our website, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

2. Information We Collect

We collect information that you provide directly to us, information we collect automatically when you use our services, and information from third-party sources. Below are the categories of personal information we have collected in the last 12 months:

A. Personal Information You Provide (Last 12 Months)

Category	Examples	Collected?
Identifiers	Name, email address, phone number, company name	✓ Yes
Financial Information	Credit card number, billing address (processed by third-party payment processors)	✓ Yes
Commercial Information	Purchase history, service preferences	✓ Yes
Internet Activity	Browsing history, interaction with website	✓ Yes
Geolocation Data	IP address, approximate location	✓ Yes
Professional Information	Job title, industry, business details	✓ Yes
Sensitive Personal Information	Social security number, driver's license, health data	✗ No

B. Categories of Sources

We collect personal information from the following sources:

Directly from you: Contact forms, service registrations, email communications, phone calls
Automatically: Cookies, web beacons, log files, analytics tools (with your consent where required)
Third-party sources: Payment processors, analytics providers (Google Analytics), social media platforms (if you choose to connect)
Publicly available sources: Business directories, professional networking sites

C. Automatic Information Collection

When you visit our website, we automatically collect certain information including:

IP address and device identifiers
Browser type and version
Operating system
Referring/exit pages and URLs
Pages viewed and time spent on pages
Date and time stamps of visits

3. How We Use Your Information

We use the information we collect for the following business purposes:

Business Purposes:

Service Delivery: Provide, operate, and maintain our services
Transaction Processing: Process payments and send transaction-related communications
Customer Support: Respond to inquiries, questions, and provide technical support
Communication: Send service updates, security alerts, and administrative messages
Marketing: Send promotional content about products, services, and events (with opt-out available)
Analytics: Monitor and analyze usage trends to improve our services
Security: Detect, prevent, and address technical issues, fraud, and security vulnerabilities
Legal Compliance: Comply with legal obligations and enforce our terms

Retention Periods by Category:

Data Category	Retention Period
Account Information	Duration of account + 3 years
Transaction Records	7 years (tax/legal requirements)
Marketing Communications	Until opt-out or 2 years of inactivity
Analytics Data	26 months (Google Analytics default)
Support Inquiries	3 years after resolution

4. Disclosure of Your Information

We do NOT sell your personal information to third parties. We may share your information in the following circumstances:

Categories of Third Parties We Share With:

Service Providers: Payment processors (Stripe, PayPal), email service providers, hosting providers, analytics services (Google Analytics)
Business Partners: Partners who assist in delivering services you requested
Legal Authorities: When required by law, court order, or government request
Business Transfers: In connection with a merger, acquisition, or sale of assets
With Your Consent: Any other third party with your explicit permission

Important: We require all third parties to respect the security of your personal data and treat it in accordance with applicable law. We only permit them to process your data for specified purposes and in accordance with our instructions.

5. Data Security

We implement appropriate technical and organizational security measures designed to protect your personal information, including:

SSL/TLS encryption for data transmission
Encrypted storage of sensitive information
Access controls and authentication mechanisms
Regular security audits and monitoring
Employee training on data protection
Secure third-party service provider agreements

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

6. Your Privacy Rights

Depending on your location and applicable law, you may have the following rights regarding your personal information:

Under GDPR (EEA Residents):

Right to Access: Request copies of your personal data
Right to Rectification: Request correction of inaccurate data
Right to Erasure: Request deletion of your personal data ("right to be forgotten")
Right to Restriction: Request restriction of processing your data
Right to Data Portability: Receive your data in a structured, machine-readable format
Right to Object: Object to processing of your personal data
Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)

Under CCPA/CPRA (California Residents):

Right to Know: Request disclosure of personal information collected, used, or sold
Right to Delete: Request deletion of personal information
Right to Opt-Out: Opt-out of the sale or sharing of personal information (we do not sell)
Right to Correction: Request correction of inaccurate personal information
Right to Limit Use: Limit use of sensitive personal information
Right to Non-Discrimination: Not be discriminated against for exercising your rights

7. How to Exercise Your Privacy Rights

Step-by-Step Process for Verifiable Consumer Requests:

Step 1: Submit Your Request

Use our website contact form
Email us through the contact information on our website
Specify which right you wish to exercise

Step 2: Identity Verification

To protect your privacy, we must verify your identity. You will be asked to provide:

Name and email address used with our services
Additional information to match our records (last transaction date, service plan, etc.)
For sensitive requests, we may require additional verification

Step 3: Request Processing

We will acknowledge receipt within 10 business days
We will respond to your request within 45 days (may extend to 90 days if complex)
If we cannot fulfill your request, we will explain why

Authorized Agent Requests:

You may designate an authorized agent to submit requests on your behalf. The agent must provide:

Written authorization signed by you
Proof of their identity
Verification that they are registered with the California Secretary of State (if applicable)

We may still require you to verify your identity directly and confirm you authorized the agent.

Response Timeline:

Acknowledgment: Within 10 business days of receipt
Response: Within 45 days (may extend to 90 days for complex requests with notice)
Urgent Requests: Security-related requests prioritized

No Fees: We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded.

8. Do Not Sell or Share My Personal Information

We do NOT sell or share your personal information for monetary consideration or cross-context behavioral advertising.

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have the right to opt-out of the sale or sharing of their personal information. Since we do not engage in these practices, there is no need to opt-out.

If our practices change in the future, we will update this policy and provide California residents with a clear "Do Not Sell or Share My Personal Information" link on our homepage as required by law.

9. Third-Party Websites and Services

Our website may contain links to third-party websites, services, or applications not operated by us. We are not responsible for the privacy practices or content of these third-party sites. We strongly encourage you to review the privacy policies of any third-party sites you visit. This Privacy Policy applies only to information collected by our website and services.

10. Children's Privacy

Our services are not directed to individuals under the age of 18 (or 16 in the EEA). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information as quickly as possible.

11. California Privacy Rights (CCPA/CPRA)

California residents have additional privacy rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Shine the Light Law:

California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

Non-Discrimination:

We will not discriminate against you for exercising your CCPA/CPRA rights. This means we will not:

Deny goods or services to you
Charge different prices or rates, including through discounts or penalties
Provide a different level or quality of goods or services
Suggest that you will receive different pricing or quality of services

12. International Data Transfers

Your information may be transferred to and maintained on servers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ from those in your jurisdiction.

If you are located outside the United States and choose to provide information to us, we transfer your personal information to the United States and process it there. By using our services, you consent to this transfer and processing.

13. SMS/Text Message Communications

Stacktown and its client businesses (including Catzen Coffee) may offer SMS/text message notifications for reservation confirmations, appointment reminders, and service-related communications. This section explains how we handle SMS communications.

Program Details:

Program Name: Catzen Coffee Reservation Alerts
Message Types: Reservation confirmations, appointment reminders (24 hours and 2 hours before visit), important updates about your reservation, waitlist notifications
Message Frequency: Up to 3 messages per reservation. Frequency varies based on your reservation activity.

Costs:

Message and data rates may apply. Please contact your mobile carrier for details about your text messaging plan. Carriers are not liable for delayed or undelivered messages.

How to Opt-Out (STOP):

You can opt out of SMS messages at any time by replying STOP to any message you receive. After opting out, you will receive a one-time confirmation message and no further texts. You may also opt out during the reservation process by not checking the SMS notification checkbox.

How to Get Help (HELP):

For assistance with SMS messages, reply HELP to any message you receive, or contact us through our website contact form.

Consent:

By checking the SMS notification checkbox during the booking process, you expressly consent to receive automated transactional text messages at the phone number provided. Consent to receive SMS messages is not required as a condition of purchase or service. You can complete a reservation without opting in to SMS notifications.

Data Usage:

We do not sell, rent, or share your phone number with third parties for marketing purposes. Your phone number is used solely for reservation-related communications through our SMS service provider (Brevo). Phone numbers are retained only as long as necessary for reservation management and in accordance with the retention periods specified in Section 3 of this policy.

14. Changes to This Privacy Policy

We reserve the right to update or change this Privacy Policy at any time. When we make material changes:

We will update the "Last Updated" date at the top of this policy
We will notify you by email (if you have provided one) or through a prominent notice on our website
We may request your renewed consent for material changes affecting how we process your data
We review this policy annually as required by CCPA

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

15. Contact Us

If you have questions, comments, or concerns about this Privacy Policy or wish to exercise your privacy rights, please contact us:

Through our website contact form
Subject line: "Privacy Rights Request" or "Privacy Inquiry"
Include: Your name, email, nature of request, and any relevant details

We will respond to your inquiry within 30 days (or as required by applicable law). For CCPA requests, we will respond within 45 days with possibility of 45-day extension for complex requests.

✓ Our Commitment to Your Privacy

We take your privacy seriously and are committed to protecting your personal information. We will always be transparent about what data we collect, why we collect it, and how we use it. You have control over your data, and we respect your rights to access, correct, or delete it at any time.