Privacy Policy

Effective Date: June 3, 2026  |  Last Updated: June 3, 2026

This Privacy Policy describes how Cabana Taco ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you visit our website at eat-cabanataco.click, place orders, or otherwise interact with our food services. We are committed to protecting your privacy and handling your personal data in a transparent, lawful, and responsible manner.

Please read this Privacy Policy carefully. By accessing or using our website, placing an order, or otherwise engaging with our services, you acknowledge that you have read, understood, and agree to the practices described herein. If you do not agree with the terms of this Privacy Policy, please do not use our website or services.

1. About Us

Cabana Taco is a food business operating in the United States. Our contact details are as follows:

Company Name Cabana Taco
Email Address [email protected]
Website eat-cabanataco.click

For all privacy-related inquiries, requests, or complaints, please contact us using the information provided above. We will make every effort to respond to your inquiry within a reasonable timeframe.

2. Scope of This Privacy Policy

This Privacy Policy applies to all personal information we collect through:

  • Our website located at eat-cabanataco.click
  • Online food ordering systems and platforms we operate or partner with
  • Email, telephone, or other direct communications with us
  • In-restaurant interactions, loyalty programs, and promotional campaigns
  • Third-party services and platforms that link to or interact with our website

This Policy does not apply to third-party websites, applications, or services that may be linked from our website. We encourage you to review the privacy policies of any third-party services you access through our website.

3. Information We Collect

We collect various categories of personal information depending on how you interact with us. The types of information we may collect include:

3.1 Personal Identification Information

When you register an account, place an order, subscribe to our newsletter, or contact us directly, we may collect:

  • Full name – to identify you and personalize your experience
  • Email address – to send order confirmations, receipts, and promotional communications
  • Phone number – for order notifications and customer support purposes
  • Mailing or delivery address – to fulfill delivery orders and process any related requests
  • Date of birth – when required for age verification or promotional offers
  • Account credentials – username and hashed password for registered users

3.2 Payment and Financial Information

When you make a purchase or payment through our website, we collect payment-related information necessary to process your transaction. This may include:

  • Credit card or debit card details (card number, expiration date, CVV)
  • Billing address associated with the payment method
  • Digital wallet information (e.g., Apple Pay, Google Pay, PayPal)
Important: We do not store full payment card numbers on our servers. Payment processing is handled by trusted, PCI-DSS compliant third-party payment processors. We only retain limited transaction reference data necessary for accounting and dispute resolution purposes.

3.3 Order and Transaction Data

We collect information related to the orders you place with us, including:

  • Items ordered, quantities, and customizations
  • Order timestamps and delivery or pickup preferences
  • Order history and purchase frequency
  • Special dietary requirements or preferences you voluntarily provide
  • Promotional codes or loyalty points applied to orders

3.4 Usage Data and Technical Information

When you visit our website, we automatically collect certain technical information through cookies and similar tracking technologies, including:

  • IP address – to determine general geographic location and for security purposes
  • Browser type and version – to optimize website display and functionality
  • Device type, model, and operating system – for technical compatibility
  • Referring URLs – to understand how users find our website
  • Pages visited, links clicked, and time spent on pages – for analytics and improvement
  • Session duration and navigation paths – to identify user behavior patterns
  • Search queries entered on our website – to improve content relevance

3.5 Communications Data

If you contact us by email, phone, or through a contact form, we may collect and retain:

  • The content of your messages, inquiries, or complaints
  • Correspondence history for customer service continuity
  • Feedback, reviews, or ratings you voluntarily submit
  • Survey responses when you choose to participate

3.6 Marketing Preferences

We collect your marketing and communication preferences, including whether you have opted in or out of receiving promotional emails, SMS messages, or push notifications from us.

3.7 Information from Third Parties

We may receive information about you from third-party sources, such as:

  • Social media platforms (if you use social login or share our content)
  • Third-party food delivery platforms we partner with
  • Analytics providers who help us understand website traffic
  • Advertising partners who assist us in targeting relevant audiences

4. How We Use Your Information

We use the personal information we collect for the following purposes, all of which are grounded in legitimate business needs and applicable legal requirements:

4.1 Providing and Managing Our Services

  • Processing your food orders and coordinating delivery or pickup
  • Creating and managing your user account
  • Sending order confirmations, receipts, and status updates
  • Handling refunds, returns, or complaints related to your orders
  • Administering loyalty programs or rewards points

4.2 Payment Processing and Fraud Prevention

  • Processing payments securely through our authorized payment processors
  • Verifying the legitimacy of transactions to prevent fraud
  • Complying with financial regulations and anti-money laundering requirements

4.3 Customer Support and Communications

  • Responding to your questions, inquiries, or complaints
  • Providing troubleshooting assistance or service updates
  • Sending you important notices regarding changes to our services, terms, or policies

4.4 Marketing and Promotions

  • Sending you promotional offers, newsletters, or special deals — only where you have given consent or where permitted by law
  • Personalizing the content and offers you see based on your order history and preferences
  • Conducting targeted advertising campaigns through digital platforms
  • Measuring the effectiveness of our marketing efforts

4.5 Analytics and Service Improvement

  • Analyzing how our website and services are used to identify areas for improvement
  • Conducting internal research and product development
  • Monitoring website performance and resolving technical issues
  • Understanding customer preferences to improve our menu and offerings

4.6 Legal Compliance and Safety

  • Complying with applicable federal and state laws, including the Federal Trade Commission (FTC) Act and applicable California Consumer Privacy Act (CCPA/CPRA) requirements
  • Responding to lawful requests from law enforcement or government authorities
  • Enforcing our Terms of Service and protecting our legal rights
  • Preventing, investigating, and reporting fraud, security breaches, or other illegal activities

5. Legal Basis for Processing Your Data

As a business operating in the United States, our data processing practices are governed primarily by applicable federal and state laws, including but not limited to:

  • The Federal Trade Commission (FTC) Act – which prohibits unfair or deceptive practices in commerce, including with respect to consumer privacy
  • The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) – which provide specific rights to California residents regarding their personal information
  • The CAN-SPAM Act – governing our commercial email communications
  • The Children's Online Privacy Protection Act (COPPA) – protecting the privacy of children under 13

We process your personal information based on the following grounds:

  • Contractual necessity – to fulfill your food orders and provide the services you request
  • Your consent – for marketing communications and optional features where you have affirmatively opted in
  • Legitimate business interests – for fraud prevention, security, analytics, and service improvement
  • Legal obligation – to comply with applicable laws and regulatory requirements

6. Sharing Your Information with Third Parties

We do not sell your personal information to third parties for their own independent marketing or advertising purposes. However, we do share your information in the following circumstances:

6.1 Service Providers and Vendors

We engage trusted third-party companies and individuals to perform services on our behalf. These service providers only have access to your personal information as necessary to perform their specific functions and are contractually obligated to protect it. Categories of service providers include:

  • Payment processors (e.g., Stripe, PayPal, Square) – to handle secure payment transactions
  • Delivery and logistics partners – to fulfill delivery orders on our behalf
  • Email and SMS marketing platforms – to send communications you have consented to receive
  • Analytics providers (e.g., Google Analytics) – to help us understand website usage patterns
  • Cloud hosting and IT infrastructure providers – to store and manage our data securely
  • Customer support software providers – to help us manage customer inquiries efficiently

6.2 Business Transfers

In the event of a merger, acquisition, sale of assets, or other business restructuring, your personal information may be transferred to the acquiring entity as part of the transaction. We will notify you of any such change and provide you with an opportunity to opt out where required by law.

6.3 Legal Requirements and Law Enforcement

We may disclose your personal information when we believe disclosure is necessary or appropriate to:

  • Comply with a legal obligation, court order, subpoena, or government request
  • Protect and defend the rights or property of Cabana Taco
  • Prevent or investigate possible wrongdoing in connection with our services
  • Protect the personal safety of users or the public

6.4 Aggregated and De-identified Data

We may share aggregated or de-identified data that cannot reasonably be used to identify you with third parties for industry analysis, demographic profiling, marketing, advertising, or other business purposes.

7. Cookies and Tracking Technologies

Our website uses cookies, web beacons, pixel tags, and similar tracking technologies to enhance your browsing experience, analyze website traffic, and deliver personalized content and advertising.

7.1 Types of Cookies We Use

Cookie Type Purpose
Essential Cookies Necessary for the website to function properly (e.g., maintaining your shopping cart and login session)
Performance Cookies Collect anonymous data about how visitors use the website to help us improve performance and usability
Functional Cookies Remember your preferences (e.g., language, location) to provide a more personalized experience
Marketing Cookies Track your browsing behavior to deliver relevant advertisements on our website and third-party platforms

7.2 Managing Your Cookie Preferences

You have the right to accept or decline non-essential cookies. You can manage your cookie preferences through:

  • The cookie consent banner displayed when you first visit our website
  • Your web browser settings, which allow you to refuse or delete cookies
  • Opt-out tools provided by advertising networks (e.g., the Digital Advertising Alliance's opt-out tool at optout.aboutads.info)

Please note that disabling certain cookies may affect the functionality and performance of our website.

For a full description of the cookies we use and how to manage them, please refer to our Cookie Policy.

8. Data Security

We take the security of your personal information seriously and implement a range of administrative, technical, and physical safeguards to protect your data against unauthorized access, disclosure, alteration, or destruction.

8.1 Security Measures We Employ

  • SSL/TLS Encryption: All data transmitted between your browser and our servers is encrypted using industry-standard Secure Socket Layer (SSL) technology
  • Secure Payment Processing: Payment card data is handled by PCI-DSS Level 1 compliant payment processors; we do not store full card numbers
  • Access Controls: Access to personal data is restricted to authorized personnel who require it to perform their job functions
  • Firewalls and Intrusion Detection: We maintain technical safeguards to detect and prevent unauthorized access to our systems
  • Regular Security Audits: We periodically review and update our security practices to address emerging threats
  • Employee Training: Our staff receive regular training on data protection best practices and privacy obligations

8.2 Data Breach Response

In the event of a data breach that poses a risk to your personal information, we will notify affected individuals and relevant authorities as required by applicable state and federal laws. We maintain an incident response plan to ensure prompt and effective action in the event of a security incident.

Please Note: While we implement robust security measures, no method of data transmission or storage is 100% secure. We cannot guarantee the absolute security of your personal information, and you transmit data to us at your own risk. If you believe your account has been compromised, please contact us immediately at [email protected].

9. Data Retention

We retain your personal information only for as long as is necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Data Category Retention Period
Account information (active users) Duration of the account plus 3 years after account closure
Order and transaction records 7 years (to comply with tax and accounting obligations)
Payment transaction references 7 years (as required by financial regulations)
Customer support correspondence 3 years from the date of the last interaction
Marketing consent records Until you withdraw consent, plus 3 years thereafter
Website usage and analytics data 26 months (anonymized after this period)
Cookie and tracking data As specified in our Cookie Policy (typically 13 months)

When your personal information is no longer required, we will securely delete, anonymize, or aggregate it so that it can no longer be associated with you. In some circumstances, we may retain your data for longer periods if required by law or to protect our legal interests.

10. Your Privacy Rights

Depending on your state of residence, you may have certain rights regarding the personal information we hold about you. We are committed to honoring these rights in accordance with applicable law.

10.1 Rights Available to All Users

  • Right to Access: You may request a copy of the personal information we hold about you
  • Right to Correction: You may request that we correct inaccurate or incomplete personal information
  • Right to Deletion: You may request that we delete your personal information, subject to certain exceptions
  • Right to Opt Out of Marketing: You may opt out of receiving promotional communications from us at any time

10.2 Rights Under the California Consumer Privacy Act (CCPA/CPRA)

If you are a California resident, you have the following additional rights under the CCPA and CPRA:

  • Right to Know: The right to request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of collection, the purposes of collection, and the categories of third parties with whom we share your information
  • Right to Delete: The right to request deletion of personal information we have collected from you, subject to certain exceptions
  • Right to Correct: The right to request correction of inaccurate personal information we maintain about you
  • Right to Opt Out of Sale or Sharing: The right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising purposes. We do not sell your personal information as defined under the CCPA
  • Right to Limit Use of Sensitive Personal Information: The right to limit our use of sensitive personal information to purposes necessary for providing our services
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights. You will not receive different prices, quality of service, or other disadvantages for exercising your rights
  • Right to Data Portability: The right to receive your personal information in a portable, readily usable format

10.3 How to Exercise Your Rights

To exercise any of the rights described above, please submit a request to us using one of the following methods:

To process your request, we may need to verify your identity to ensure we are disclosing information to the correct individual. We may ask you to provide identifying information such as your email address, full name, or order number. We will not use this verification information for any purpose other than fulfilling your request.

We will respond to your request within 45 days of receipt. If we require additional time, we will notify you of the extension and the reason for the delay. For California residents, we will respond within the timeframe specified under the CCPA/CPRA.

You may designate an authorized agent to submit requests on your behalf. To do so, you must provide written authorization, and we may require you to verify your identity directly with us.

11. Opt-Out of Marketing Communications

If you have previously opted in to receive marketing communications from us, you may opt out at any time using the following methods:

  • Email Unsubscribe: Click the "Unsubscribe" link at the bottom of any promotional email we send you
  • SMS Opt-Out: Reply "STOP" to any promotional text message you receive from us
  • Account Settings: Update your marketing preferences through your account settings on our website
  • Contact Us Directly: Send an opt-out request to [email protected]

Please note that even if you opt out of marketing communications, we will continue to send you transactional messages related to your orders, account security, or important service updates.

12. Children's Privacy

Age Restriction: Our website and services are intended for individuals who are 18 years of age or older. We do not knowingly collect personal information from children under the age of 18.

Cabana Taco does not knowingly collect, solicit, or use personal information from children under the age of 18. Our website is not directed at individuals under 18, and we do not intentionally market our online ordering services to minors.

If you are a parent or guardian and believe that your child under the age of 18 has provided us with personal information, please contact us immediately at [email protected]. We will take prompt steps to delete such information from our records.

For children under the age of 13, our data practices are governed by the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect personal information from children under 13, and if we discover that we have inadvertently collected such information, we will delete it immediately.

13. International Data Transfers

Cabana Taco is based in the United States, and your personal information is primarily collected, stored, and processed within the United States. However, some of our third-party service providers (such as cloud hosting services, analytics providers, and marketing platforms) may store or process your data in other countries.

When we transfer personal information internationally, we take appropriate safeguards to ensure that your information is protected in accordance with this Privacy Policy and applicable law. These safeguards may include:

  • Entering into data processing agreements with international vendors that incorporate appropriate data protection clauses
  • Selecting service providers in countries recognized as providing adequate data protection standards
  • Relying on your consent for specific international transfers where applicable

If you are located outside the United States and choose to use our services, please be aware that your information will be transferred to, stored, and processed in the United States, where privacy laws may differ from those in your country of residence.

14. Third-Party Links and Services

Our website may contain links to third-party websites, social media platforms, delivery services, or other online platforms. These third-party sites have their own privacy policies that govern how they collect and use your personal information. We are not responsible for the privacy practices of any third-party sites and encourage you to review their privacy policies before providing any personal information.

Common third-party integrations that may be present on our website include:

  • Social media sharing buttons (e.g., Facebook, Instagram, Twitter/X)
  • Embedded maps (e.g., Google Maps) for locating our restaurant
  • Third-party food delivery platforms (e.g., DoorDash, Uber Eats, Grubhub)
  • Online review platforms (e.g., Yelp, Google Reviews)

15. Do Not Track Signals

Some web browsers offer a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. Currently, there is no universally accepted standard for how websites should respond to DNT signals. Our website does not currently respond to DNT signals from browsers.

However, you can control tracking technologies through your browser settings and by managing your cookie preferences as described in Section 7 of this Policy.

16. California-Specific Disclosures

If you are a California resident, the following additional disclosures apply to you under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

16.1 Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information from California consumers:

  • Identifiers (name, email address, phone number, IP address)
  • Commercial information (order history, products purchased)
  • Internet or electronic network activity (browsing history on our website)
  • Geolocation data (delivery address, general location)
  • Inferences drawn from personal information (preferences and characteristics)

16.2 Disclosure of Personal Information for Business Purposes

In the preceding 12 months, we have disclosed personal information for business purposes to the following categories of service providers: payment processors, delivery partners, analytics providers, email marketing platforms, and cloud hosting services.

16.3 Non-Discrimination Notice

We will not discriminate against California residents who exercise their CCPA/CPRA rights. We will not deny goods or services, charge different prices, provide a different level of service quality, or suggest that you will receive a different quality of service if you exercise your privacy rights.

16.4 Shine the Light Law

Under California Civil Code Section 1798.83 (California's "Shine the Light" law), California residents may request information about our disclosure of personal information to third parties for direct marketing purposes. To make such a request, please contact us at [email protected].

17. Filing a Privacy Complaint

If you have concerns about how we handle your personal information and are not satisfied with our response, you have the right to file a complaint with the relevant data protection authorities or consumer protection agencies.

17.1 Federal Level

You may file a complaint with the Federal Trade Commission (FTC), which enforces consumer privacy protections under the FTC Act:

17.2 California Residents

California residents may file a complaint with the California Privacy Protection Agency (CPPA), which enforces CCPA/CPRA compliance:

You may also file a complaint with the California Attorney General's Office:

17.3 Contact Us First

Before filing a complaint with a regulatory authority, we encourage you to contact us first so that we have the opportunity to resolve your concern directly. We are committed to addressing privacy complaints promptly and fairly.

18. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our business practices, legal requirements, or technological developments. When we make material changes, we will:

  • Post the updated Privacy Policy on our website with a revised "Last Updated" date
  • Send an email notification to registered users where required by law
  • Display a prominent notice on our website for a reasonable period following the update

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our website or services after any changes to this Policy constitutes your acceptance of the updated terms.

19. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please do not hesitate to contact us:

Cabana Taco — Privacy Inquiries
Company Cabana Taco
Email [email protected]
Website eat-cabanataco.click

We are committed to resolving privacy concerns and will make every effort to respond to your inquiry within 45 days of receipt. For California residents submitting CCPA/CPRA requests, we will respond within the timeframes required by applicable law.

Acknowledgment: By using the Cabana Taco website at eat-cabanataco.click, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy as of its effective date of June 3, 2026.