+1 208-757-6263 | [email protected]
3771 S 25th E, Ammon, ID 83406

Privacy Policy

This Privacy Policy describes how Zupas ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you visit our website at zupasrestaurant.click, place orders online, interact with our digital services, or otherwise engage with us. We are committed to protecting your privacy and handling your personal data in a transparent, lawful, and responsible manner.

By accessing or using our website and services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of our website and services immediately.

This Privacy Policy is governed by applicable United States federal and state privacy laws, including but not limited to the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other relevant federal and state regulations.

1. Who We Are

Zupas is a food service business operating in the United States. We operate the website located at zupasrestaurant.click and provide online food ordering, menu browsing, reservation services, loyalty programs, and related customer services.

Business Name Zupas
Website zupasrestaurant.click
Email Address [email protected]

For any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact us using the details provided above or in the "Contact Us" section at the end of this document.

2. Information We Collect

We collect various types of information from and about users of our website and services. The categories of information we collect are described in detail below.

2.1 Personal Identification Information

When you create an account, place an order, sign up for our newsletter, join our loyalty program, or otherwise interact with us, we may collect personal identification information, including but not limited to:

  • Full name
  • Email address
  • Phone number
  • Mailing address and delivery address
  • Date of birth (for age verification and birthday rewards)
  • Username and password (encrypted)
  • Profile photo (if voluntarily provided)

2.2 Payment and Financial Information

When you make a purchase through our website or mobile ordering platform, we collect payment-related information. Please note that we do not store full credit or debit card numbers on our servers. Payment processing is handled by secure third-party payment processors. Information collected includes:

  • Payment card type (e.g., Visa, MasterCard)
  • Last four digits of your payment card
  • Billing address
  • Transaction amounts and purchase history
  • Gift card information

2.3 Order and Transaction Data

We collect information about the orders you place, including:

  • Items ordered and customizations
  • Order date, time, and frequency
  • Delivery or pickup preferences
  • Special instructions and dietary preferences
  • Order history and reorder preferences

2.4 Usage and Behavioral Data

We automatically collect certain information about how you interact with our website and digital services, including:

  • Pages visited and content viewed
  • Time spent on specific pages
  • Links clicked and features used
  • Search queries entered on our website
  • Referral URLs (the website you came from)
  • Browsing and navigation patterns
  • Items added to your cart (including abandoned carts)

2.5 Device and Technical Information

We automatically collect technical information from your device when you access our website, including:

  • IP address
  • Browser type and version
  • Operating system and device type
  • Screen resolution and display settings
  • Device identifiers
  • Time zone settings
  • Language preferences
  • Internet service provider (ISP)

2.6 Location Information

With your permission, we may collect precise geolocation data from your device to help you find the nearest Zupas location, facilitate delivery services, or provide location-based promotions. You can withdraw your consent to location tracking through your device settings at any time.

2.7 Communications and Customer Service Data

When you contact us via email, phone, chat, or other communication channels, we collect:

  • The content of your messages and inquiries
  • Records of correspondence
  • Feedback, reviews, and survey responses
  • Social media messages and interactions with our accounts

2.8 Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about your online activities. Please refer to our dedicated Cookie Policy section (Section 9) for detailed information. Types of cookies we use include session cookies, persistent cookies, analytics cookies, and advertising/targeting cookies.

2.9 Information from Third Parties

We may receive information about you from third-party sources, including:

  • Social media platforms (if you connect your social accounts or log in via social media)
  • Third-party food delivery partners
  • Marketing partners and data analytics providers
  • Publicly available sources

3. How We Use Your Information

We use the information we collect for a variety of business and operational purposes. We process your personal information only when we have a lawful basis for doing so, including your consent, performance of a contract, compliance with legal obligations, or our legitimate business interests.

3.1 Service Provision and Order Fulfillment

  • Processing and fulfilling your food orders
  • Managing your account and loyalty program membership
  • Facilitating delivery and pickup services
  • Processing payments and issuing refunds
  • Sending order confirmations, receipts, and status updates
  • Providing customer support and resolving complaints

3.2 Website Improvement and Analytics

  • Analyzing website traffic and user behavior to improve user experience
  • Understanding which menu items, features, and content are most popular
  • Testing new features and website enhancements
  • Diagnosing technical problems and ensuring website functionality
  • Generating aggregated, anonymized statistical reports

3.3 Marketing and Promotional Communications

  • Sending promotional emails, newsletters, and special offers (with your consent)
  • Delivering personalized recommendations based on your order history and preferences
  • Notifying you about loyalty rewards, points balances, and exclusive member benefits
  • Running targeted advertising campaigns on third-party platforms
  • Conducting market research and customer satisfaction surveys

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any marketing email or by contacting us directly at [email protected].

3.4 Legal Compliance and Safety

  • Complying with applicable laws, regulations, and legal processes
  • Responding to lawful requests from government authorities and law enforcement
  • Preventing fraud, unauthorized access, and other illegal activities
  • Enforcing our Terms of Service and other agreements
  • Protecting the rights, property, and safety of Zupas, our customers, and the public

3.5 Personalization

  • Customizing your website experience based on your preferences and history
  • Remembering your saved addresses, favorite orders, and payment methods
  • Providing location-based content and promotions relevant to you

4. How We Share Your Information

We do not sell your personal information to third parties for monetary compensation. However, we may share your personal information in the following circumstances:

4.1 Service Providers and Business Partners

We engage trusted third-party service providers who assist us in operating our business and delivering services to you. These providers have access to your personal information only to the extent necessary to perform their services and are contractually obligated to maintain the confidentiality and security of your data. Categories of service providers include:

  • Payment processors: To securely process transactions
  • Delivery partners: To fulfill delivery orders
  • Cloud hosting providers: To store and manage our data infrastructure
  • Email service providers: To send transactional and marketing communications
  • Analytics providers: Such as Google Analytics, to understand website usage
  • Customer support platforms: To manage customer inquiries
  • Marketing and advertising platforms: To run targeted campaigns
  • Loyalty program software providers: To manage rewards programs

4.2 Legal Requirements and Law Enforcement

We may disclose your personal information when we believe in good faith that such disclosure is necessary to:

  • Comply with a legal obligation, subpoena, court order, or governmental request
  • Protect and defend the rights or property of Zupas
  • Prevent or investigate possible wrongdoing in connection with our services
  • Protect the personal safety of our users or the public
  • Protect against legal liability

4.3 Business Transfers

In the event that Zupas undergoes a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of its assets, your personal information may be transferred to the acquiring entity. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.

4.4 Aggregated and Anonymized Data

We may share aggregated, anonymized data that does not identify any individual user with third parties for research, marketing, analytics, or other business purposes. This data cannot be used to identify you personally.

4.5 With Your Consent

We may share your personal information with additional third parties when we have obtained your explicit consent to do so.

5. Data Security

We take the security of your personal information seriously and implement a comprehensive range of technical, administrative, and physical security measures to protect your data against unauthorized access, disclosure, alteration, loss, or destruction.

5.1 Technical Security Measures

  • SSL/TLS Encryption: All data transmitted between your browser and our website is encrypted using industry-standard Secure Socket Layer (SSL) / Transport Layer Security (TLS) technology.
  • Password Hashing: User passwords are never stored in plain text. We use robust cryptographic hashing algorithms to protect your credentials.
  • Firewalls and Intrusion Detection: We use firewalls and intrusion detection systems to monitor and protect our network infrastructure.
  • Access Controls: Access to personal data is restricted to authorized personnel only, on a need-to-know basis.
  • Regular Security Audits: We conduct periodic security assessments and vulnerability testing of our systems.

5.2 Organizational Security Measures

  • Employee training on data privacy and security best practices
  • Confidentiality agreements for all personnel with access to personal data
  • Data minimization practices — we only collect data we actually need
  • Vendor security assessments for third-party service providers

5.3 Data Breach Response

Despite our best efforts, no data transmission over the internet or storage system can be guaranteed to be 100% secure. In the event of a data breach that may affect your personal information, we will notify affected individuals and relevant authorities as required by applicable law, including applicable state data breach notification laws.

6. Your Privacy Rights

Depending on your state of residence in the United States, you may have specific privacy rights regarding your personal information. We respect and honor these rights as described below.

6.1 Rights Under the California Consumer Privacy Act (CCPA/CPRA)

If you are a California resident, you have the following rights under the CCPA as amended by the CPRA:

  • Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the sources from which it was collected, the purposes for collecting it, and the third parties with whom it has been shared.
  • Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions permitted by law.
  • Right to Correct: You have the right to request correction of inaccurate personal information we maintain about you.
  • Right to Opt-Out of Sale/Sharing: You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising purposes.
  • Right to Limit Use of Sensitive Personal Information: You may direct us to limit our use and disclosure of sensitive personal information to what is necessary to perform the services you requested.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. We will not deny you goods or services, charge different prices, or provide a different level of service quality because you exercised your privacy rights.

6.2 General Privacy Rights for All U.S. Users

  • Right to Access: You may request a copy of the personal information we hold about you.
  • Right to Correction: You may request correction of inaccurate or incomplete personal information.
  • Right to Deletion: You may request deletion of your personal information where we no longer have a legitimate reason to retain it.
  • Right to Data Portability: You may request that we provide your personal data in a structured, commonly used, and machine-readable format.
  • Right to Withdraw Consent: Where our processing is based on your consent, you have the right to withdraw that consent at any time.
  • Right to Opt-Out of Marketing: You may opt out of receiving marketing communications at any time.

6.3 How to Exercise Your Rights

To exercise any of the rights described above, please contact us using one of the following methods:

We will respond to verifiable consumer requests within 45 days of receipt. If we require more time (up to an additional 45 days), we will inform you of the reason and the extension period in writing. We may need to verify your identity before processing your request to protect your privacy and prevent unauthorized access to your information.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, to provide our services, to comply with legal obligations, to resolve disputes, and to enforce our agreements. The specific retention periods depend on the type of data and the purpose for which it is used.

Data Category Retention Period
Account and profile information Duration of account + 3 years after account closure
Order history and transaction records 7 years (for financial and tax compliance purposes)
Marketing preferences and communications Until you opt out + 1 year
Customer service communications 3 years from last interaction
Usage and analytics data 26 months (anonymized after 13 months)
Cookie and tracking data As specified in Cookie Policy (typically 30 days to 2 years)
Legal compliance and fraud prevention records As required by applicable law (up to 7 years)

When personal information is no longer required, we securely delete or anonymize it in accordance with our data retention schedules. You may request earlier deletion of your data subject to the limitations described in Section 6.

8. Children's Privacy

We are committed to protecting the privacy of children. Our website and online services are not directed to children under the age of 18, and we do not knowingly solicit or collect personal information from anyone under the age of 18. If you are under 18 years of age, please do not use our website or provide any personal information to us.

If we become aware that we have inadvertently collected personal information from a child under the age of 18 without verifiable parental consent, we will take immediate steps to delete that information from our records. If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at [email protected] so that we can take appropriate action.

We comply with the Children's Online Privacy Protection Act (COPPA) and all applicable federal and state laws regarding the online collection of information from minors.

9. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and deliver personalized content and advertising. This section provides a brief overview of our cookie practices.

9.1 What Are Cookies?

Cookies are small text files that are placed on your device (computer, smartphone, or tablet) when you visit a website. They are widely used to make websites work efficiently, provide functionality, and give website owners information about how their site is being used.

9.2 Types of Cookies We Use

  • Strictly Necessary Cookies: These cookies are essential for the website to function properly. They enable core features like security, account management, and order processing. You cannot opt out of these cookies.
  • Performance and Analytics Cookies: These cookies collect information about how visitors use our website, such as which pages are visited most often and whether users receive error messages. We use tools such as Google Analytics for this purpose.
  • Functional Cookies: These cookies allow our website to remember your preferences (such as your saved addresses, language settings, and past orders) to provide a more personalized experience.
  • Advertising and Targeting Cookies: These cookies are used to deliver advertising that is more relevant to you and your interests. They may be placed by us or our advertising partners.

9.3 Managing Your Cookie Preferences

You can control and manage cookies in several ways:

  • Through our cookie consent banner when you first visit our website
  • Through your browser settings (note: disabling certain cookies may affect website functionality)
  • Through opt-out tools provided by third-party analytics providers (e.g., Google Analytics Opt-out Browser Add-on)
  • Through the Digital Advertising Alliance's opt-out tool at optout.aboutads.info

For more detailed information about the specific cookies we use and how to manage them, please review our full Cookie Policy available on our website.

10. International Data Transfers

Zupas is a United States-based business, and your personal information is primarily collected, stored, and processed within the United States. Our servers and primary operations are located in the United States.

If you are accessing our website from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. Data protection laws in these countries may differ from those in your home country.

For users located outside the United States, including those in countries with more stringent data protection laws, we take appropriate safeguards to ensure that any international transfer of your personal information complies with applicable legal requirements. These safeguards may include:

  • Standard contractual clauses approved by relevant data protection authorities
  • Contractual obligations imposed on our third-party service providers
  • Data processing agreements that meet applicable legal standards

By using our website and services, you consent to the transfer of your personal information to the United States and acknowledge that such transfers are subject to United States privacy laws.

11. Third-Party Links and Services

Our website may contain links to third-party websites, social media platforms, and services that are not operated by us. These third-party sites have their own privacy policies, and we are not responsible for their privacy practices or the content they provide. We encourage you to review the privacy policy of every website you visit.

Examples of third-party services we may link to or integrate with include:

  • Social media platforms (Facebook, Instagram, Twitter/X, TikTok)
  • Third-party food delivery platforms
  • Map and location services (Google Maps)
  • Review and rating platforms

Clicking on a third-party link will direct you away from our website. We strongly advise you to review the privacy policy of any third-party site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

12. Do Not Track Signals

Some web browsers include a "Do Not Track" (DNT) feature that sends a signal to websites indicating that you do not want to be tracked. Currently, there is no universally accepted standard for how websites should respond to DNT signals. As a result, our website does not currently respond to DNT browser signals.

However, you can manage your tracking preferences through our cookie consent tool, your browser settings, and the opt-out mechanisms described in Section 9 of this Privacy Policy.

13. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes to this policy, we will:

  • Update the "Last Updated" date at the top of this page
  • Post the revised policy on our website at zupasrestaurant.click
  • Notify you by email (if you have an account with us) or by displaying a prominent notice on our website

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal information. Your continued use of our website and services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

If you have any objections to any changes in this Privacy Policy, you should stop using our services and may request deletion of your account and personal data by contacting us at [email protected].

14. Filing a Complaint

We are committed to resolving any privacy concerns or complaints you may have about our handling of your personal information. If you believe that we have not handled your personal information in accordance with this Privacy Policy or applicable law, we encourage you to contact us first so that we can attempt to resolve your concern directly.

14.1 Contact Us Directly

To file a privacy complaint or raise a concern, please contact our privacy team:

We will acknowledge your complaint within 10 business days and endeavor to resolve it within 30 business days. If we cannot resolve your complaint within this timeframe, we will notify you with an explanation and an expected resolution date.

14.2 Regulatory Complaints — California Residents

California residents who are not satisfied with our response to a privacy complaint may file a complaint with the California Privacy Protection Agency (CPPA) or the California Attorney General's Office:

  • California Privacy Protection Agency (CPPA): cppa.ca.gov
  • California Attorney General – Privacy Complaints: oag.ca.gov/privacy

14.3 Federal Complaints

For complaints regarding unfair or deceptive trade practices, including privacy violations, you may contact the Federal Trade Commission (FTC):

  • Federal Trade Commission (FTC): ftc.gov/complaint | 1-877-FTC-HELP (1-877-382-4357)

14.4 State Attorney General Offices

Residents of other U.S. states may also have the right to file complaints with their respective state attorney general offices. Many states have enacted consumer privacy laws that provide additional rights and remedies. We encourage you to contact your state attorney general's office for more information about your rights under state law.

15. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy, our privacy practices, or the personal information we hold about you, please do not hesitate to contact us. We are committed to responding to all privacy-related inquiries promptly and transparently.

When contacting us about a privacy matter, please include the following information to help us process your request efficiently:

  • Your full name
  • The email address associated with your account (if applicable)
  • A clear description of your request or concern
  • Any relevant details or documentation

We will make every effort to respond to your inquiry within 10 business days. For formal rights requests (such as data access, deletion, or correction requests), we will respond within the timeframes required by applicable law.