Free 16oz Juice on tap for new app members* Get Rewards

Privacy Policy


TOASTIQUE PRIVACY POLICY

Last updated: May 7, 2026

 

1. Who We Are

This Privacy Policy ("Policy") describes how Toastique Holdings, LLC, an Arizona limited liability company with a principal place of business at 764 Maine Avenue SW, Washington, D.C. 20024 ("Toastique," "we," "our," or "us"), collects, uses, discloses, and protects personal information when you visit toastique.com or any other website, application, or online service operated by Toastique that links to this Policy (together, the "Site"), interact with our marketing communications, place orders, participate in our loyalty or referral programs, or otherwise engage with us (the "Services").

Toastique cafés are independently owned and operated by franchisees. When you visit a Toastique café in person, the franchisee at that location is the operator and may handle your information under its own practices for in-store activities. This Policy applies to data Toastique Holdings, LLC collects through the Site and Services.

2. Scope of This Policy

This Policy applies to information we collect through the Site and Services. It does not apply to:

  • Third-party websites, applications, or services that the Site links to (each has its own privacy practices).

  • Information collected by independent franchisees about transactions or visits at their cafés (other than data flowing to Toastique through the Site).

  • Job applicants — please see our separate Applicant Privacy Notice.

3. Personal Information We Collect

We have collected the following categories of personal information from consumers within the last 12 months. The categories track those defined under the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA"), and similar state laws.

Category (CCPA)

Examples

Collected?

A. Identifiers

Name, postal address, email address, phone number, account username, IP address, device identifier, online identifier, cookie ID

Yes

B. Customer Records (Cal. Civ. Code § 1798.80(e))

Billing address, shipping address, payment-card last four digits, order history

Yes

C. Protected Classifications

Age range (18+ self-attestation at sign-up), where required for age-gated promotions

Limited

D. Commercial Information

Products ordered, transaction history, gift cards purchased or redeemed, loyalty points

Yes

E. Biometric Information

None

No

F. Internet/Network Activity

Browsing history on the Site, referring pages, click data, search queries on the Site, interaction with advertisements and emails, device and browser type

Yes

G. Geolocation

Approximate location derived from IP address; precise location only if you opt in (e.g., to find the nearest café)

Yes (approximate); only with consent (precise)

H. Audio/Visual

Photos or video you submit (e.g., user-generated content tagged @toastique); recordings of customer-service calls where notice is provided

Limited

I. Professional/Employment

Information submitted via franchise inquiry forms (collected separately under §15)

Yes (franchise inquiries only)

J. Education

None

No

K. Inferences

Profiles derived from the above to predict preferences, characteristics, and propensity to purchase

Yes

L. Sensitive Personal Information

Account credentials (username + password); precise geolocation; payment-card information processed by our payment provider; contents of your communications with us not directed to us (e.g., chat content)

Yes — see §6

4. Sources of Personal Information

We collect personal information from the following sources:

  • Directly from you when you create an account, place an order, sign up for emails or SMS, redeem an offer, enter a promotion, contact customer service, complete a survey, apply for a franchise, or otherwise communicate with us.

  • Automatically through cookies and similar technologies when you use the Site, open or click on emails, or interact with our advertisements (see §10).

  • From service providers and partners including our e-commerce platform (Shopify), payment processor (Shopify Payments / Shop Pay), email and SMS platform (Klaviyo), online-ordering vendor, fraud-prevention vendors, advertising partners (Meta, TikTok, LinkedIn, Google, The Trade Desk), and analytics providers (Google Analytics 4, Shopify Analytics, Hotjar where used).

  • From franchisees when you have transacted at a café and the franchisee shares limited data with us for loyalty, marketing, or operational purposes consistent with this Policy.

  • From publicly available sources or data partners (e.g., demographic data appended to your record for marketing).

5. How and Why We Use Personal Information

We process personal information for the following business and commercial purposes:

  • Operate, secure, and improve the Site and Services, including bug fixes, fraud prevention, and platform integrity.

  • Process orders, payments, gift-card transactions, loyalty rewards, and customer-service requests.

  • Communicate with you about your account, orders, contests, surveys, recalls, and changes to our policies (transactional messages).

  • Send marketing communications by email, SMS, push, or postal mail where permitted, including newsletters, new-product announcements, and promotions. You can opt out at any time (see §11).

  • Personalize content and offers, including identifying nearby cafés and recommending menu items.

  • Conduct analytics, market research, and measurement, including measuring the effectiveness of our advertising.

  • Engage in cross-context behavioral advertising (sometimes called "targeted advertising") on platforms such as Meta, TikTok, LinkedIn, Google, and The Trade Desk, subject to your right to opt out (see §11).

  • Operate the Toastique Loyalty Program and any referral program. We treat the data you provide for these programs as the basis of a "financial incentive" — see §17.

  • Operate, evaluate, and award franchise opportunities for those who submit franchise inquiries.

  • Comply with legal obligations, enforce our Terms & Conditions, defend legal claims, respond to lawful requests, and protect rights, safety, and property.

  • Carry out a corporate transaction (e.g., merger, financing, sale, reorganization, or asset transfer) in which information may be transferred subject to appropriate safeguards.

6. Sensitive Personal Information

We collect a limited amount of sensitive personal information as identified in §3, Category L. We do not use or disclose sensitive personal information for purposes other than those permitted under Cal. Civ. Code § 1798.121 — namely (i) to perform the services or provide the goods you reasonably request, (ii) to detect and respond to security incidents and fraud, (iii) to ensure physical safety, (iv) for short-term, transient use such as displaying ads in your current session, (v) to perform services on behalf of Toastique such as maintaining accounts, processing orders and payments, and providing customer service, and (vi) to verify the quality or safety of products and services. You may request that we limit our use of sensitive personal information to those permitted purposes by visiting our Your Privacy Choices page.

7. How We Disclose Personal Information

In the last 12 months, we have disclosed personal information for the business and commercial purposes described in §5 to the categories of recipients below. The named vendors are illustrative and current as of the Effective Date.

Category of Recipient

Examples (named)

Categories of PI shared

E-commerce platform & payments

Shopify, Inc.; Shop Pay; Shopify Audiences; Stripe (where applicable)

A, B, D, F, L (payment data tokenized)

Online ordering & POS partners

Toast, Inc.; Olo, Inc.; ChowNow; DoorDash; or other vendor used at a given café

A, B, D, F, G

Email & SMS marketing

Klaviyo, Inc.; Twilio (SMS gateway, where used)

A, D, F, K

Analytics & measurement

Google Analytics 4; Google Tag Manager; Shopify Analytics; Hotjar (where used)

A, F, G, K

Advertising partners

Meta Platforms, Inc. (Facebook/Instagram); TikTok; LinkedIn; The Trade Desk; Google Ads

A, F, G, K

Fraud prevention & security

Shopify Risk; Cloudflare; reCAPTCHA

A, F

Customer service & feedback

Helpdesk and survey vendors used by Toastique or its franchisees

A, B, D, H

Franchisees

Independent operators of Toastique cafés in the U.S.

A, B, D (limited and only to support service)

Professional advisers

Counsel, auditors, accountants, insurers, consultants

As reasonably needed

Government / law-enforcement

In response to valid legal process or to protect rights, safety, and property

As legally required

Successor entities

A buyer, investor, or successor in a merger, acquisition, financing, or sale of all or part of our business

All categories, with appropriate notice and safeguards

8. "Sale" and "Sharing" of Personal Information

Some of the disclosures we make for advertising purposes — particularly those described in §5 (cross-context behavioral advertising) and §7 (Advertising partners) — may be considered a "sale" or "sharing" of personal information under California, Colorado, Connecticut, Texas, Virginia, Oregon, and other state privacy laws, even when no money changes hands. We do not sell or share personal information for monetary compensation.

The categories of personal information we have "sold" or "shared" in the past 12 months for cross-context behavioral advertising include Categories A (Identifiers) and F (Internet/Network Activity), and inferences (Category K) derived from them. Recipients are the Advertising partners listed in §7.

We do not sell or share the personal information of consumers under the age of 16 unless we have actual knowledge and have obtained the affirmative authorization required by law.

You can opt out of the sale or sharing of your personal information, and the use of personal information for cross-context behavioral advertising or "targeted advertising," at any time. See §11.

9. Retention

We retain personal information only as long as reasonably necessary for the purposes for which it was collected, to comply with our legal, regulatory, and contractual obligations, and to enforce our agreements. The retention periods below are illustrative; we may retain information longer where we have a documented legal basis (such as an active dispute, litigation hold, or audit obligation).

Category

Retention period

Criteria

Account profile and order history

7 years after last order or account closure

Tax, audit, warranty, and chargeback windows

Payment data

Tokenized; raw card data not stored. Payment processor retains per its policies.

PCI-DSS; chargeback window

Marketing list (email/SMS subscribers)

Until you unsubscribe + 12 months for suppression-list integrity

CAN-SPAM, TCPA, GDPR

Loyalty program data

Duration of membership + 24 months

Operate program; resolve disputes

Cookies and online identifiers

13 months maximum (default); session cookies expire when the browser closes

CNIL/IAB guidance, advertising standards

Customer-service correspondence

5 years from last interaction

Defend legal claims; product safety

Franchise inquiries

7 years from inquiry

FTC Franchise Rule; state franchise laws

Server logs and security telemetry

24 months

Security incident investigation

Rights-request records

24 months from completion

Demonstrate compliance with privacy laws

10. Cookies, Pixels, and Similar Technologies

We and our partners use cookies, pixels, web beacons, software development kits, browser local storage, server logs, and similar tracking technologies (collectively, "Cookies") to operate the Site, to remember your preferences, to measure performance, and to deliver advertising. We classify Cookies into four categories:

  • Strictly Necessary. Required to operate the Site (e.g., shopping cart, security tokens, fraud prevention). These cannot be turned off.

  • Functional. Remember preferences such as language and selected café.

  • Analytics. Help us understand how the Site performs (Google Analytics 4, Shopify Analytics, Hotjar where used).

  • Marketing / Advertising. Used to deliver advertising on third-party sites and to measure its effectiveness — Meta Pixel, TikTok Pixel, LinkedIn Insight Tag, The Trade Desk tag, Google Ads tags, Shopify Audiences, and Klaviyo tracking.

You can manage Cookies at any time using our cookie banner ("Cookie Preferences" link in the footer of every page). For categories other than Strictly Necessary, we do not load Cookies until you affirmatively consent. If your browser sends a Global Privacy Control ("GPC") signal, we treat that as a request to opt out of "sale" and "sharing" of personal information, including for targeted advertising, and we will apply that preference to the device and browser used.

11. Your Privacy Rights and How to Exercise Them

Depending on where you live, you may have some or all of the following rights:

  • Right to know / access — request the categories or specific pieces of personal information we hold about you.

  • Right to delete — request that we delete personal information we have collected from you, subject to exceptions.

  • Right to correct — request correction of inaccurate personal information.

  • Right to portability — receive personal information in a portable, readily usable format.

  • Right to opt out of sale or sharing, and of cross-context behavioral / targeted advertising. Use our Your Privacy Choices page or send a GPC signal.

  • Right to limit use and disclosure of sensitive personal information. Use our Your Privacy Choices page.

  • Right to opt out of certain profiling (in states that recognize it, such as Colorado, Connecticut, Virginia, Texas, Oregon, Delaware, Minnesota, Maryland, New Jersey, and New Hampshire).

  • Right to non-discrimination — we will not deny goods or services, charge different prices, or provide a different level of quality solely because you exercised a privacy right (subject to lawful financial-incentive exceptions, see §17).

  • Right to appeal — if we deny your request, you may appeal as described below.

How to submit a request

  • Online: visit toastique.com/pages/your-privacy-choices.

  • Email: privacy@toastique.com.

  • Phone (toll-free): 1-[INSERT TOLL-FREE NUMBER, REQUIRED FOR CCPA].

  • Postal mail: Toastique Holdings, LLC, Attn: Privacy, 764 Maine Avenue SW, Washington, D.C. 20024.

We will verify your identity using information you have on file with us (account login, recent order details, or email confirmation). For sensitive requests we may require additional verification consistent with the CCPA Regulations, Cal. Code Regs. tit. 11, §§ 7060–7063.

Authorized agents

You may designate an authorized agent to act on your behalf by providing the agent with written, signed authorization. We may require you to verify your identity directly and confirm that you have provided the agent with permission to submit the request. Agents using a power of attorney under Cal. Probate Code §§ 4000–4465 do not need to provide additional authorization.

Response timing

We acknowledge requests within 10 business days and respond substantively within 45 calendar days. We may extend that period by an additional 45 days where reasonably necessary, with notice.

Right to appeal a denial

If we decline your request, you may appeal by replying to our denial email or by writing to privacy@toastique.com with the subject "Appeal." We will respond within 45 days (60 days where extension is permitted). If your appeal is unsuccessful, you may contact your state Attorney General. California residents may also file a complaint with the California Privacy Protection Agency.

12. Global Privacy Control

We honor the GPC opt-out preference signal as a valid request to opt out of "sale" and "sharing" of personal information, including for cross-context behavioral or targeted advertising. We apply that preference to the device and browser sending the signal. If you are signed in to a Toastique account when GPC is received, we apply the preference to that account as well.

13. State-Specific Disclosures

13.1 California

California consumers have the rights described in §11 plus the right to know whether we sell or share personal information, the right to receive specific pieces of personal information, the right to limit the use of sensitive personal information, and the right to non-discrimination. California consumers may submit two requests to know in any 12-month period free of charge. Categories sold/shared and the recipients are listed in §§7–8. We do not sell the personal information of consumers under 16 without authorization. California Civil Code § 1798.83 ("Shine the Light") permits California residents to request once per year information about disclosures of personal information to third parties for direct-marketing purposes; to make such a request, contact privacy@toastique.com.

13.2 Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia

Residents of these states have the rights described in §11 to the extent provided by their state's law, including the right to opt out of targeted advertising, the sale of personal data, and certain forms of profiling. We honor universal opt-out signals (such as GPC) where required. We have completed and maintain on file Data Protection Impact Assessments for processing activities that present a heightened risk of harm under the laws of states that require them, including Colorado, Connecticut, Virginia, Oregon, Texas, Delaware, Minnesota, and Maryland.

13.3 Texas Notice

Texas residents are notified that "we may sell your sensitive personal data" and "we may sell your biometric personal data" only to the extent that any of our processing constitutes a "sale" under the Texas Data Privacy and Security Act. As of the Effective Date, we do not knowingly sell biometric data. To the extent we sell sensitive personal data through our advertising partners, you may opt out via Your Privacy Choices.

13.4 Maryland Notice

Maryland law prohibits the sale of sensitive personal data. We do not sell sensitive personal data to or about Maryland residents and we limit our processing of sensitive data to what is reasonably necessary and proportionate to the products and services you request. We do not process the personal data of Maryland residents under 18 for targeted advertising or sale.

13.5 Nevada

Nevada residents may submit a verified request directing us not to "sell" certain personal information under Nevada Revised Statutes Chapter 603A. We do not sell personal information as defined by Nevada law. Requests may be sent to privacy@toastique.com.

14. Children's Privacy

The Site and Services are intended for adults. We do not knowingly collect personal information from children under 13 in violation of the Children's Online Privacy Protection Act, and we do not knowingly sell or share the personal information of consumers under 16. If you believe we have collected information from a child in violation of applicable law, please contact privacy@toastique.com and we will promptly delete it.

15. Franchise Inquiries

If you submit a franchise inquiry through toastique.com, we collect the information you provide (name, contact details, financial qualification information, and other application data) to evaluate your interest, communicate with you, and comply with the federal Franchise Rule (16 C.F.R. Part 436) and state franchise laws. We retain this information for 7 years and may share it with our franchise development partners, professional advisers, and lenders subject to confidentiality obligations.

16. Security and International Transfers

We maintain administrative, technical, and physical safeguards designed to protect personal information appropriate to its sensitivity. Despite these safeguards, no system is perfectly secure; we cannot guarantee absolute security. We will notify you of breaches as required by applicable law.

Toastique is based in the United States. If you access the Site from outside the United States, your information will be transferred to and processed in the United States, where data-protection laws may differ from those of your jurisdiction. Where required by law, we rely on Standard Contractual Clauses or other lawful transfer mechanisms.

17. Notice of Financial Incentive — Toastique Loyalty & Referral Program

When you join the Toastique Loyalty Program or refer a friend, you receive benefits such as points, discounts, free items, birthday rewards, and early access to new products. The benefits are based on your provision of personal information, including your name, email address, mobile number (if you opt in), birth month, and purchase history. The value of your information is reasonably related to the value of the benefits you receive: we estimate the value of the data you provide based on (i) the average annual revenue per loyalty member compared to non-members, (ii) the cost of the program rewards, and (iii) industry benchmarks for loyalty-program data. You may withdraw from the program at any time by contacting privacy@toastique.com or following the unsubscribe instructions; if you withdraw, you will lose unredeemed benefits.

18. Marketing Communications

Email: every marketing email contains an "unsubscribe" link. You may also email marketing@toastique.com to be removed from the marketing list. We may continue to send transactional or service messages (e.g., order confirmations, account notices) after you unsubscribe.

SMS: by providing your mobile number and opting in, you consent to receive recurring marketing text messages from Toastique at the number provided. Consent is not a condition of purchase. Message-and-data rates may apply. Reply STOP to unsubscribe and HELP for help. Up to 12 messages per month. Carriers are not liable for delayed or undelivered messages. See our SMS Terms and our Privacy Policy.

19. Changes to This Policy

We may update this Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated to active accounts by email or in-Site notice at least 30 days before they take effect. A summary of changes is maintained at toastique.com/policies/privacy-policy/changes.

20. Contact

Toastique Holdings, LLC

Attn: Privacy Officer

764 Maine Avenue SW, Washington, D.C. 20024

Email: privacy@toastique.com