El Gato Negro Coffee ("we," "us," or "our") operates the website elgatonegro.coffee and provides mobile espresso bar services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, make a purchase, create an account, or interact with us in any way.
1. Information We Collect
Information You Provide
- Account information: Name, email address, and phone number when you create an account or check out as a guest.
- Billing and shipping details: Shipping address and billing information required to process your orders.
- Birthday: Optionally provided and stored as a customer profile field for marketing purposes (e.g., birthday offers).
- Marketing preferences: Whether you opt in to receive promotional emails from us.
- Inquiry and contact form data: Event details, venue information, guest counts, and any other details you submit through our booking inquiry forms.
- Order history: Records of purchases you make through our online shop or in-person point of sale.
Information Collected Automatically
- Device and browser data: IP address, browser type, operating system, and device identifiers collected through standard web server logs and analytics.
- Usage data: Pages visited, time spent on pages, and navigation patterns.
- Cookies: Session and authentication cookies as described in the Cookies section below.
2. How We Use Your Information
We use your information for the following purposes:
- Order fulfillment: Processing and shipping your purchases, sending order confirmations, and delivering digital products.
- Account management: Creating and maintaining your customer account, authenticating your identity, and managing your preferences.
- Marketing: Sending promotional emails and offers only when you have explicitly opted in. You can unsubscribe at any time via the link in every marketing email.
- Inquiry response: Responding to your booking inquiries and event requests.
- Site improvement: Analyzing usage patterns to improve website performance, navigation, and content.
- Fraud prevention and security: Protecting against unauthorized access, spam, and fraudulent transactions.
3. Third-Party Services
We share data with the following third-party services as necessary to operate our business. Each service processes only the data required for its function:
Payments
- Shopify Payments processes online transactions. Shopify receives your name, email, billing address, shipping address, and payment card details to complete purchases.
- Helcim processes in-person point-of-sale transactions when you purchase from our cart at events.
Authentication
- Shopify Customer Account API handles customer login using OAuth 2.0 with PKCE. Your email and profile information are exchanged during authentication.
- Google Sign-In is available as an optional login method. If you choose Google Sign-In, Google shares your name, email, and profile picture with us via OAuth.
Site Functionality
- Google Places API provides address autocomplete. Partial address text you type is sent to Google to return matching suggestions.
- Cloudflare Turnstile protects our forms from spam and abuse. It processes browser signals (not personal data) to verify you are a real visitor.
- Vercel hosts our website and may collect basic analytics data such as page views, geographic region, and referral source.
Content and Media
- Sanity CMS manages our website content (events, blog posts, service descriptions). Sanity does not receive or store any user personal information.
- Cloudinary hosts and optimizes images displayed on our website. No user personal data is sent to Cloudinary.
Communications
- Resend delivers transactional emails (order confirmations, shipping updates, password resets, inquiry responses). Your name and email address are shared with Resend for delivery purposes.
Data Storage
- Neon (PostgreSQL) is our database provider. Your account data, order history, and inquiry records are stored in a Neon-hosted database.
4. Cookies and Tracking
Our website uses the following cookies:
| Cookie | Purpose | Duration |
|---|
| egn-customer-session | Encrypted session cookie that keeps you logged in. Contains no readable personal data. HTTP-only and secure. | 90 days |
| egn-auth-state | Temporary cookie used during the login process to prevent cross-site request forgery. Automatically deleted after use. | 10 minutes |
Third-party services (Shopify, Google, Cloudflare) may set their own cookies when you interact with features that rely on them. We do not control third-party cookies. You can manage cookies through your browser settings. Disabling cookies may affect login and checkout functionality.
5. Data Retention
- Account data is retained for as long as your account remains active.
- Order records are retained for at least 7 years to comply with tax and accounting obligations.
- Inquiry data is retained for 2 years after the inquiry is resolved, then deleted.
- Marketing data is retained until you unsubscribe or request deletion.
- Session cookies expire automatically as described above.
When you request account deletion, we remove your personal information within 30 days, except where retention is required by law.
6. Your Rights
You have the right to:
- Access the personal information we hold about you.
- Correct inaccurate or incomplete personal information.
- Delete your personal information, subject to legal retention requirements.
- Withdraw consent for marketing communications at any time.
- Request a copy of your data in a portable format.
To exercise any of these rights, email us at hello@elgatonegro.coffee. We will respond within 30 days.
7. Children's Privacy
Our website and services are not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us at hello@elgatonegro.coffee and we will promptly delete it.
8. California Privacy Rights
If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:
- Right to know what personal information we collect, use, and disclose.
- Right to delete your personal information, subject to certain exceptions.
- Right to opt out of the sale of your personal information. We do not sell your personal information.
- Right to non-discrimination for exercising your privacy rights.
To exercise your CCPA rights, contact us at hello@elgatonegro.coffee. We will verify your identity before processing any request.
9. Data Security
We implement industry-standard security measures to protect your personal information, including encrypted data transmission (HTTPS/TLS), encrypted session cookies (JWE), secure database hosting, and access controls. However, no method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of our website after changes are posted constitutes your acceptance of the updated policy.
11. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, contact us at: