Privacy Policy

Effective Date: April 4, 2026 | Last Updated: April 4, 2026

This Privacy Policy describes how Punch Pizza ("we," "us," "our," or "the Company") collects, uses, discloses, and safeguards your personal information when you visit our website at punch-pizza.digital, place orders through our digital platforms, interact with our services, or otherwise engage with us. Please read this policy carefully. By using our website or services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.

We are committed to protecting your privacy and handling your personal information in a transparent and responsible manner in accordance with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission (FTC) Act, and other relevant consumer protection regulations.

1. Who We Are

Punch Pizza is a food service business operating in the United States. We provide pizza and related food products and services to consumers through our website and digital ordering platforms.

Company Name	Punch Pizza
Website	punch-pizza.digital
Email Address	[email protected]

For all privacy-related inquiries, requests, or complaints, please contact us using the information provided in Section 14 of this policy.

2. Information We Collect

We collect various types of information in connection with your use of our website and services. The categories of personal information we may collect include:

2.1 Personal Identification Information

When you create an account, place an order, subscribe to our newsletter, or otherwise interact with us, we may collect:

Full name
Email address
Phone number
Billing address and delivery address
Username and password (stored in encrypted form)
Date of birth (where required for age verification)

2.2 Payment and Financial Information

When you make a purchase through our platform, we collect payment-related information. We use industry-standard third-party payment processors and do not store complete credit or debit card numbers on our servers. We may retain:

Partial payment card details (last four digits) for order reference
Billing address associated with the payment method
Transaction history and order details

2.3 Order and Transaction Information

We collect information related to your orders and transactions, including:

Items ordered and customizations
Order history and frequency
Delivery instructions and preferences
Loyalty points or rewards data (if applicable)
Promotional codes and discounts applied

2.4 Usage and Behavioral Data

When you visit and navigate our website, we automatically collect certain technical and behavioral data, including:

Pages viewed and time spent on each page
Clicks, scrolls, and interactions with website elements
Search queries entered on our website
Referral source (how you arrived at our website)
Products viewed, added to cart, or abandoned

2.5 Device and Technical Information

We automatically collect certain device and network information when you access our website, including:

IP address and approximate geographic location (city/region level)
Browser type and version
Operating system and device type (desktop, mobile, tablet)
Screen resolution and language settings
Time zone setting
Unique device identifiers

2.6 Communications and Customer Support Data

If you contact us for support, feedback, or any other reason, we may collect:

The content of your messages, emails, or chat conversations
Records of correspondence and complaint resolutions
Survey responses and feedback submissions
Social media interactions and mentions (where public)

2.7 Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about your browsing behavior on our website. For a detailed explanation of how we use cookies and how you can manage your preferences, please refer to Section 10 of this Privacy Policy.

2.8 Information from Third Parties

We may receive personal information about you from third-party sources, including:

Social media platforms (if you use social login features)
Third-party food delivery aggregators and platforms
Payment processors and fraud prevention services
Marketing partners and data analytics providers
Publicly available databases and directories

3. How We Use Your Information

We use the personal information we collect for a variety of legitimate business purposes, including:

3.1 Provision of Services

Processing and fulfilling your food orders and delivering them to your specified address
Creating and managing your account on our platform
Sending order confirmations, receipts, and status updates
Providing customer support and responding to your inquiries and complaints
Processing payments and managing billing
Facilitating loyalty programs, promotions, and rewards

3.2 Analytics and Business Improvement

Analyzing usage patterns to improve our website, app, and ordering experience
Understanding customer preferences and popular menu items
Conducting internal research and developing new products or services
Monitoring website performance, security, and uptime
Generating aggregate, anonymized statistical reports

3.3 Marketing and Communications

Sending promotional emails, newsletters, and special offers (where you have consented or where permitted by law)
Displaying personalized advertisements on our website and third-party platforms
Conducting targeted marketing campaigns through social media and digital advertising networks
Sending push notifications (where you have enabled them)
Informing you of new menu items, limited-time offers, and events

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any email or contacting us at [email protected].

3.4 Legal Compliance and Security

Complying with applicable federal and state laws and regulations
Detecting and preventing fraud, unauthorized access, and other illegal activities
Enforcing our Terms of Service and other legal agreements
Responding to lawful requests from government authorities and law enforcement agencies
Protecting the rights, property, and safety of our customers, employees, and the public

4. Legal Basis for Processing

Under applicable U.S. law, including the FTC Act and state privacy statutes, we process your personal information based on the following grounds:

Contractual Necessity: Processing required to fulfill your orders and deliver our services.
Legitimate Interests: Processing for fraud prevention, security, analytics, and business improvement, where such interests are not overridden by your rights.
Consent: Processing for marketing communications and non-essential cookies, where you have provided explicit consent.
Legal Obligation: Processing required to comply with applicable federal and state laws.

5. Sharing Your Information with Third Parties

We do not sell your personal information to third parties for monetary compensation. However, we may share your information with certain trusted third parties under specific circumstances:

5.1 Service Providers and Business Partners

We engage carefully vetted third-party service providers who assist us in operating our business, including:

Payment processors (e.g., Stripe, PayPal) for secure payment handling
Delivery logistics providers to fulfill and track your orders
Cloud hosting and IT infrastructure providers for data storage and website operation
Email and SMS marketing platforms for sending promotional and transactional communications
Analytics providers (e.g., Google Analytics) for website performance analysis
Customer support platforms for managing inquiries and complaints
Fraud detection and security services to protect against unauthorized activity

All service providers are contractually required to process your information only on our behalf, in accordance with our instructions, and are prohibited from using your data for their own commercial purposes.

5.2 Legal Requirements and Law Enforcement

We may disclose your personal information if required to do so by law or in good-faith belief that such action is necessary to:

Comply with a legal obligation, court order, or governmental request
Enforce our Terms of Service or protect our legal rights
Prevent or investigate possible wrongdoing in connection with our services
Protect the personal safety of users or the general public

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred to the acquiring entity. We will notify you via email and/or prominent notice on our website before your information becomes subject to a different privacy policy.

5.4 With Your Consent

We may share your information with other third parties when you have provided explicit consent for us to do so, such as when you participate in co-branded promotions or partner programs.

Important Notice for California Residents: Under the CCPA/CPRA, you have the right to opt out of the "sale" or "sharing" of your personal information for cross-context behavioral advertising. Please see Section 9 for details on exercising your California privacy rights.

6. Data Security

We take the security of your personal information seriously and implement a range of technical, administrative, and physical safeguards to protect it from unauthorized access, disclosure, alteration, or destruction. Our security measures include:

6.1 Technical Safeguards

Secure Socket Layer (SSL) / Transport Layer Security (TLS) encryption for all data transmitted between your browser and our servers
Encryption of sensitive data at rest (including passwords and payment tokens)
Firewalls, intrusion detection systems, and regular vulnerability scanning
Multi-factor authentication for administrative access to our systems
Regular software updates and security patches

6.2 Administrative Safeguards

Role-based access controls limiting employee access to personal data on a need-to-know basis
Regular staff training on data privacy and information security best practices
Data processing agreements with all third-party service providers
Internal data breach response procedures and notification protocols

6.3 Physical Safeguards

Secure data center facilities with restricted physical access
Locked and secured hardware containing personal information

Despite our best efforts, no method of electronic transmission or storage is completely secure. While we strive to protect your personal information, we cannot guarantee its absolute security. In the event of a data breach that is likely to affect your rights and interests, we will notify you promptly in accordance with applicable state data breach notification laws.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements. Our general retention periods are as follows:

Category of Data	Retention Period
Account and profile information	Duration of account, plus 3 years after closure
Order and transaction records	7 years (for tax and accounting compliance)
Payment information (partial)	Duration of account, or as required by payment processors
Marketing preferences and consent records	Until withdrawal of consent, plus 3 years
Customer support and communication records	3 years from last interaction
Website usage and analytics data	Up to 26 months (anonymized after this period)
Cookie and tracking data	As specified in our Cookie Policy (typically 13 months)
Legal hold data	Duration of legal proceedings or investigation

After the applicable retention period expires, we will securely delete or anonymize your personal information. If you request deletion of your account, we will process your request within 45 days, subject to any legal retention obligations.

8. Your Privacy Rights

Depending on your state of residence, you may have the following rights with respect to your personal information. We are committed to honoring these rights in compliance with applicable U.S. privacy laws.

8.1 Right to Know and Access

You have the right to request that we disclose what categories and specific pieces of personal information we have collected about you, the sources from which it was collected, the purposes for which it is used, and the categories of third parties with whom we have shared it.

8.2 Right to Correction

You have the right to request that we correct any inaccurate personal information we hold about you. You may also update certain information directly through your account settings.

8.3 Right to Deletion

You have the right to request that we delete personal information we have collected about you, subject to certain exceptions (e.g., where retention is required by law, for completing transactions, or for detecting security incidents).

8.4 Right to Data Portability

You have the right to receive a copy of the personal information you have provided to us in a structured, commonly used, and machine-readable format, and to transmit that information to another service provider where technically feasible.

8.5 Right to Opt Out of Sale/Sharing

Under the CCPA/CPRA, California residents have the right to opt out of the sale or sharing of their personal information for cross-context behavioral advertising. To exercise this right, contact us at [email protected] or use the opt-out mechanism provided on our website.

8.6 Right to Limit Use of Sensitive Personal Information

California residents have the right to limit our use of sensitive personal information (such as precise geolocation data, financial account information, and health data) to purposes necessary for providing our services.

8.7 Right to Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. We will not deny you goods or services, charge you different prices, or provide a different quality of service solely because you exercised your rights under applicable privacy law.

8.8 Right to Withdraw Consent

Where we process your information based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing carried out prior to withdrawal.

8.9 How to Exercise Your Rights

To exercise any of the rights described above, please submit a verifiable consumer request to us by:

Sending an email to: [email protected]
Visiting our website: punch-pizza.digital

We will respond to your request within 45 days of receipt. If we require additional time (up to 90 days in total), we will notify you of the reason and extension period in writing. We may need to verify your identity before processing your request. You may designate an authorized agent to submit requests on your behalf by providing written authorization.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you are entitled to specific rights under the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA), which took full effect on January 1, 2023.

9.1 Categories of Personal Information Collected (Last 12 Months)

Category	Examples	Collected?
Identifiers	Name, email, IP address, account ID	Yes
Customer Records	Contact details, payment information	Yes
Protected Classification Characteristics	Age (for eligibility verification)	Limited
Commercial Information	Order history, purchase records	Yes
Internet/Electronic Network Activity	Browsing history, page interactions	Yes
Geolocation Data	Delivery address, approximate location	Yes
Sensory Data	Customer support call recordings (where permitted)	Limited
Professional Information	Not collected	No
Inferences	Customer preferences, dietary habits	Yes

To submit a California privacy rights request, contact us at [email protected] with the subject line "California Privacy Rights Request."

10. Cookie Policy Summary

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and deliver personalized content and advertising. Cookies are small text files placed on your device when you visit our website.

10.1 Types of Cookies We Use

Strictly Necessary Cookies: Essential for the website to function properly (e.g., session management, shopping cart functionality). These cannot be disabled.
Performance and Analytics Cookies: Help us understand how visitors interact with our website by collecting anonymous usage data (e.g., Google Analytics).
Functionality Cookies: Allow the website to remember your preferences, such as language settings and saved addresses.
Marketing and Advertising Cookies: Used to deliver targeted advertisements and measure the effectiveness of our marketing campaigns across the web.

10.2 Managing Your Cookie Preferences

You can manage or disable cookies through your browser settings or through our cookie consent banner when you first visit our website. Please note that disabling certain cookies may affect the functionality of our website. Most browsers also allow you to:

View cookies currently stored on your device
Block or delete specific cookies
Block all cookies from specific websites
Block all third-party cookies

For more detailed information about the cookies we use and how to manage your preferences, please refer to our full Cookie Policy available on our website at punch-pizza.digital.

11. Children's Privacy

Our services are intended for individuals who are 18 years of age or older.

Punch Pizza does not knowingly collect, solicit, or process personal information from children under the age of 13. Our website and services are not directed at children under the age of 13, and we do not knowingly market to or collect personal data from minors under this age. We are committed to complying with the Children's Online Privacy Protection Act (COPPA).

If you are under 18, you may use our website only with the involvement and consent of a parent or legal guardian. We strongly encourage parents and guardians to monitor their children's online activities and to educate them about safe internet practices.

If we become aware that we have inadvertently collected personal information from a child under the age of 13 without verifiable parental consent, we will take immediate steps to delete that information from our systems. If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately at [email protected].

12. International Data Transfers

Punch Pizza is based in the United States, and your personal information is primarily collected, processed, and stored within the United States. However, some of our third-party service providers and technology partners may process data in other countries. If your information is transferred to or accessed from a jurisdiction outside the United States, we take steps to ensure that adequate protections are in place in accordance with applicable privacy laws.

If you are accessing our website from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country of residence. By using our services, you consent to such transfers and the processing of your information in the United States.

We implement appropriate contractual and technical safeguards, including data processing agreements and standard contractual clauses where applicable, to protect your personal information during any international transfers.

13. Third-Party Links and Services

Our website may contain links to third-party websites, apps, and services that are not operated by Punch Pizza. If you click on a third-party link, you will be directed to that third party's website. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites or services.

We strongly advise you to review the privacy policy of every website you visit. We are not responsible for the privacy practices of third-party websites, platforms, or services linked from our website, including social media platforms, food delivery aggregators, and payment gateways.

14. Contact Information for Privacy Inquiries

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us. We are committed to addressing your privacy concerns promptly and transparently.

Company Name	Punch Pizza
Privacy Inquiries Email	[email protected]
Website	punch-pizza.digital

We aim to respond to all privacy-related inquiries within 30 days of receipt. For formal consumer rights requests (such as access, deletion, or opt-out requests), we will respond within the timeframes required by applicable law (typically 45 days, with a possible 45-day extension).

15. How to File a Complaint with a Data Protection Authority

If you believe that we have not complied with applicable privacy laws or have not adequately addressed your privacy concerns, you have the right to file a complaint with relevant regulatory authorities. In the United States, the following regulatory bodies oversee privacy and consumer protection matters:

15.1 Federal Trade Commission (FTC)

The FTC is the primary federal agency responsible for consumer protection and privacy enforcement in the United States. If you believe your privacy rights have been violated, you may file a complaint with the FTC:

FTC Website: www.ftc.gov
FTC Complaint Center: reportfraud.ftc.gov
FTC Mailing Address: Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580

15.2 California Privacy Protection Agency (CPPA)

California residents who believe their rights under the CCPA/CPRA have been violated may file a complaint with the California Privacy Protection Agency:

CPPA Website: cppa.ca.gov
California Attorney General: oag.ca.gov/privacy

15.3 State Attorney General Offices

Residents of other states may also file complaints with their respective State Attorney General's office. Many states have enacted their own comprehensive privacy laws with dedicated enforcement mechanisms. We encourage you to consult your state's official government website for the relevant regulatory contact information.

We encourage you to contact us first at [email protected] to give us the opportunity to address your concerns before filing a formal complaint with a regulatory authority. We take all privacy concerns seriously and will work diligently to resolve any issues.

16. Changes to This Privacy Policy

We reserve the right to update, modify, or revise this Privacy Policy at any time to reflect changes in our business practices, applicable laws, or technology. When we make material changes to this policy, we will:

Update the "Last Updated" date at the top of this page
Post a prominent notice on our website homepage
Send an email notification to registered users (where required by law or where changes are significant)

Your continued use of our website and services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information.

If you do not agree with any changes to this Privacy Policy, you should discontinue your use of our services and may request deletion of your personal information by contacting us at [email protected].

Summary of Key Points

We collect personal, usage, device, and order data to provide and improve our food services.
We do not sell your personal information for monetary compensation.
You have rights to access, correct, delete, and port your data, and to opt out of marketing.
California residents have additional rights under CCPA/CPRA.
Our services are for individuals 18 years of age or older. We do not knowingly collect data from children under 13.
Contact us at [email protected] for any privacy concerns.

This Privacy Policy was last reviewed and updated on April 4, 2026. If you have any questions about this policy, please contact us at [email protected].