Feasty Privacy Policy

1. Introduction

Feasty, LLC ("Feasty," "we," "our," or "us") respects your privacy. This Privacy Policy explains how we collect, use, and share information when you use the Feasty mobile application, website, and related services (collectively, the "Platform").

By using Feasty, you agree to the practices described in this Policy. If you do not agree, please do not use the Platform.

Role of Parties: Feasty acts as a data controller for information we process to operate the Platform. Vendors are independent controllers of information they receive to fulfill orders. Our vendors and service providers act as service providers or contractors under applicable law.

2. Information We Collect

We may collect the following categories of information:

• Account Information: name, email address, phone number, and password.
• Order Information: items ordered, payment method, and pickup or delivery details.
• Vendor Information: business name and payout details.
• Payment Data: processed by Stripe. We do not store card details.
• Location Data: approximate location, collected with your consent.
• Device & Usage Data: IP address, browser type, app version, and usage logs.
• Communications: emails, texts, or in-app messages you send or receive through the Platform.
• Cookies & Tracking Data: used to improve service and analytics.
• Google Calendar Data: when you connect your Google Calendar, we access your calendar to create and manage schedule events on your behalf. We do not access calendar data unrelated to your Feasty schedule.

Data Retention: We retain your data only as long as necessary for the purposes described in this Policy, subject to the following schedules:

• Order data: retained for 3 years from the date of the transaction to support dispute resolution, tax compliance, and legal obligations.
• Account data: retained for 2 years following account closure or last active use, after which it is deleted or anonymized.
• Vendor payout data: retained for 7 years to comply with IRS and financial recordkeeping requirements.
• Communications and support records: retained for 2 years.
• Cookies and usage data: retained for up to 13 months.

Data that is no longer required will be securely deleted or anonymized.

3. How We Use Information

We use information to:

• Process and fulfill orders.
• Provide customer and vendor support.
• Facilitate payments and vendor payouts.
• Improve and personalize the Platform.
• Send transactional updates such as order confirmations and security alerts.
• Send marketing communications, with your consent where required by applicable law.
• Detect fraud, enforce our Terms & Conditions, and comply with legal obligations.

We do not use personal information for cross-context behavioral advertising or automated decision-making that produces legal effects on individuals.

4. How We Share Information

We may share information with:

• Vendors: to fulfill orders placed through the Platform.
• Stripe: to process payments on our behalf.
• Service Providers: including hosting, analytics, and customer support tools, who process data on our behalf under contractual data protection obligations.
• Legal Authorities: when required by law, subpoena, or to protect the rights and safety of Feasty and its users.
• Business Transfers: in connection with a merger, acquisition, or sale of assets, subject to standard confidentiality protections.

We do not sell personal information. If our practices change, we will provide a clear opt-out mechanism and advance notice before doing so.

5. Privacy Rights

Depending on your state of residence, and where required by applicable law, you may have the right to:

• Access or receive a copy of the personal information we hold about you.
• Request correction of inaccurate personal information.
• Request deletion of your personal information, subject to legal retention obligations.
• Opt out of the sale or sharing of your personal information.
• Limit the use of sensitive personal information.
• Appeal a decision if we deny your privacy rights request.

To submit a privacy rights request, email [email protected]. We will verify your identity using account information and respond within the timeframe required by applicable law (generally 45 days, with a possible 45-day extension). Appeals may also be submitted by email.

We will not discriminate against you for exercising any privacy rights available to you under applicable law.

6. California Privacy Rights (CCPA/CPRA)

Feasty intends to operate in California and is committed to complying with the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). California residents have the following additional rights:

• Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of that information, the business or commercial purposes for collection, and the categories of third parties with whom we share it.
• Right to Delete: You may request deletion of personal information we have collected from you, subject to certain exceptions.
• Right to Correct: You may request correction of inaccurate personal information.
• Right to Opt Out: You may opt out of the sale or sharing of your personal information. Feasty does not currently sell personal information.
• Right to Limit Sensitive Data Use: You may limit the use and disclosure of sensitive personal information to purposes permitted by law.
• Right to Non-Discrimination: We will not discriminate against you for exercising any CCPA rights.

To exercise any of these rights, email [email protected]. We will respond within 45 days of a verified request, with a possible extension of an additional 45 days where reasonably necessary.

We do not knowingly sell or share the personal information of California residents under the age of 16 without opt-in consent as required by law.

7. Children's Privacy

The Platform is intended for users who are 18 years of age or older. We do not knowingly collect, use, or share personal information from anyone under the age of 18. If we discover that we have inadvertently collected information from a user under 18, we will promptly delete it.

If you believe we have collected information from a minor, please contact us at [email protected].

8. Communications & SMS

By providing a phone number, you may receive transactional text messages such as order updates and account alerts. Marketing texts require separate opt-in consent. You may opt out of text messages at any time by replying STOP or emailing [email protected].

9. Cookies & Tracking

We use cookies and similar technologies for login, security, and analytics, including Google Analytics 4 (GA4). When you use the Platform, certain usage data may be shared with Google for analytics purposes.

We use Google Analytics Consent Mode v2, which means:

• On your first visit, you will be presented with a consent banner before any analytics tracking is activated.
• If you decline, Google Analytics operates in cookieless mode and does not collect or share your personal information with Google.
• If you accept, standard analytics tracking is enabled to help us improve the Platform.
• You may change your consent preference at any time through the Platform settings.

We automatically detect and honor Global Privacy Control (GPC) browser signals as a valid opt-out of the sharing of your personal information. No additional action is required if your browser has GPC enabled.

You can also adjust your browser settings to disable cookies at any time, though some Platform features may not function correctly. For more information on how Google processes data, visit policies.google.com/privacy.

10. Google API Services & Calendar Integration

Feasty's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

When you connect your Google Calendar account, Feasty:

• Accesses your Google Calendar solely to create, update, and delete schedule events you manage within the Feasty Platform.
• Does not use Google Calendar data for advertising, profiling, or any purpose unrelated to the scheduling feature.
• Does not share Google Calendar data with third parties except as necessary to operate the feature.
• Does not allow humans to read your Google Calendar data unless you explicitly request support or we are required to do so by law.

You may revoke Feasty's access to your Google Calendar at any time through your Google Account permissions at myaccount.google.com/permissions.

11. Security

We implement reasonable technical and organizational safeguards to protect your personal information, consistent with applicable laws including the New York SHIELD Act. While no system is fully secure, we take meaningful steps to reduce the risk of unauthorized access, loss, or misuse. Users share information at their own risk.

In the event of a data breach affecting your personal information, we will notify you as required by applicable state law.

12. International Users

If you access Feasty from outside the United States, your data may be transferred to and stored in the U.S. We will apply appropriate safeguards as required by applicable law for such transfers.

13. Financial Incentives

We do not currently offer financial incentive programs in exchange for your personal information. If we do in the future, we will provide a separate notice with material terms and obtain your opt-in consent before collecting data under any such program.

14. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. Material changes will be communicated by posting a notice in the app or on our website with an updated effective date. Your continued use of the Platform after any update constitutes your acceptance of the revised Policy.

15. Contact Us

For privacy questions, to exercise your rights, or to report a concern:

Email: [email protected]