Privacy Policy

Personal information that you provide:

1. Contact and biographical information, such as your name, age, gender, email address, mailing address, phone number, and birthday.
2. Account information, such as your Croissant login information.
3. Purchase information, such as the items that you purchase and your purchasing preferences, such as the time of day that you typically make purchases.
4. Payment information, such as your PayPal or Venmo account information, bank account number, or other account information so that we can pay you.
5. Marketing data, such as your preferences for receiving our marketing communications, and details about your engagement with those communications.
6. Feedback or correspondence, such as information that you provide when you contact us with questions, feedback, or otherwise correspond with us, including your full name, email address, telephone number, and the content of your communications.
7. Emailed order information, such as personal information contained on digital receipts and order confirmations, and consumer account and email log-in credentials so that we can easily import purchased items to your Croissant account through email forwarding and/or email sync.

Information that we obtain from other sources:

1. Merchant Interactions. Merchants that we partner with may provide us with information about your purchase, such as the items that you purchased. These merchants may also provide us with your contact information, such as your email address.
2. Social media interactions. We may maintain pages on social media platforms, such as Facebook or Twitter. When you visit or interact with our pages on those platforms, the platform provider's privacy policy will apply to your interactions and their collection, use, and processing of your personal information. You or the platforms may provide us with information through the platform, and we will treat such information in accordance with this Privacy Policy.

Automatic Data Collection:

We and our service providers may automatically log information about you, your computer or mobile device, and your interaction over time with our Service, our communications and other online services, such as:

1. Device Data, such as your computer's or mobile device's operation system, manufacturer and model browser type, IP address, unique identifiers, language settings, mobile device carrier, and general location information such as city, state, and geographic area.
2. Online activity and usage data. When you access and use the Service, we receive and store information about such interactions such as pages or screens you viewed, how long you spent on a page or screen, browsing history, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access, and whether you have opened our marketing emails or clicked links within them.

We use the following tools for automatic data collection:

1. Cookies, which are text files that websites store on a visitor's device to uniquely identify the visitor's browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, and helping us understand user activity and patterns.
2. Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.
3. Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.

We use the personal information collected above for the following purposes:

1. To operate our Service. Provide, operate, and improve our Service and our business; Process your payments and complete transactions with you; Communicate with you about our Service, including by sending announcements, updates, security alerts, and support and administrative messages; Provide support, and respond to requests, questions, and feedback. Verify and add the information from your purchases from our participating brands and merchants, and to improve user-facing features on our App or Website.
2. For research and development. To analyze and improve the Service and to develop new products and services, including by studying use of our Service.
3. To create anonymous data. To create anonymous data from your personal information and other individuals whose personal information we collect. We make personal information into anonymous data by removing information that makes the data reasonably personally identifiable to you. We may use this anonymous data and share it with third parties (such as merchants that we partner with) for our lawful business purposes, including to analyze and improve our Service, conduct research, and promote our business.
4. To comply with a legal obligation. For example to keep records of transactions, to verify your identity, or as requested by any judicial process or governmental agency.
5. For compliance, fraud prevention, and safety. To: (i) protect our, your or others' rights, privacy, safety or property (including by making and defending legal claims); (ii) enforce the terms and conditions that govern our Service; and (iii) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
6. To send you direct marketing communications. We may from time-to-time send you direct marketing communications via email or text message as permitted by law, such as to notify you of special promotions and offers. You may opt out of our marketing communications as described in the "Unsubscribe from direct marketing communications" section, below.Croissant's use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.

We do not sell personal information. We share personal information with the following categories of recipients:

1. Affiliates. We share personal information within Croissant and with our subsidiaries and affiliates, for purposes consistent with this Privacy Policy.
2. Service providers. We share personal information with third party companies and individuals that provide services on our behalf or help us operate our Service (such as customer support, application hosting, email delivery, marketing, identity verification, fraud detection, shipping and logistics providers, and database management).
3. Professional advisors. We disclose personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.
4. For compliance, fraud prevention and safety. We may share personal information for the compliance, fraud prevention, and safety purposes described above.
5. Legal. We may share personal information with law enforcement agencies, regulatory bodies, public authorities or pursuant to the exercise of legal proceedings if we are legally required to do so, or if we believe, in good faith, that such disclosure is necessary to comply with a legal obligation or request, to enforce our terms and conditions, to prevent or resolve security or technical issues, or to protect the rights, property or safety of Croissant, users, a third party, or the public.
6. Business transfers. We may share personal information in connection with a corporate transaction (or potential transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution.We do not share your information that we receive through Google Gmail APIs with third parties other than those service providers as necessary to support functions we need to operate our programs, for legal or security reasons, or as part of an acquisition or liquidation.

Unsubscribe from direct marketing communications

You may opt out of marketing-related communications by following the opt out or unsubscribe instructions contained in the marketing communication that we send you, or by contacting us using the details in the "Contact Us" section below.

Personal information requests

Depending on the personal information processed, we also offer you choices that affect how we handle the personal information that we control. You may request the following in relation to your personal information:

1. Information about how we have collected and used your personal information.
2. Access to a copy of the personal information that we have about you. Where applicable, we will provide the information in a portable, machine-readable, readily usable format.
3. Correction of personal information that is inaccurate or out of date.
4. Deletion of personal information that we no longer need to provide our Service or for other lawful purposes.
5. Additional rights, such as to object to and request that we restrict our use of your personal information, and where applicable, you may withdraw your consent.To make a request, please email us as provided in the “Contact Us” section, below. We may ask for specific information from you to help us confirm your identity. California residents can empower an “authorized agent” to submit requests on their behalf. We will require authorized agents to confirm their identity and authority, in accordance with applicable laws. You are entitled to exercise the rights described above free from discrimination.

Limits on your choices

Your choices may be limited, such as where fulfilling your request would impair the rights of others, our ability to provide a service that you have requested, or our ability to comply with our legal obligations and enforce our legal rights. If you are not satisfied with how we address your request, then you may submit a complaint by contacting us as provided in the “Contact Us” section below.

Online tracking opt-out

There are a number of ways to opt out of having your online activity and device data collected through our Service, which we have summarized below:

1. Blocking cookies in your browser. Most browsers let you remove or reject third-party cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit allaboutcookies.org.
2. Use the following links to learn more about how to control cookies and online tracking through your browser: Firefox; Chrome; Microsoft Edge; Safari
3. Google Analytics. We use Google Analytics to help us better understand how people engage with the Service by collecting information and creating reports about how users use our Service. For more information on Google Analytics, click here. For more information about Google's privacy practices, click here. You can opt out of Google Analytics by downloading and installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout.
4. Using privacy plug-ins or browsers. You can block our Service from setting third-party cookies by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, DuckDuckGo, Ghostery or uBlock Origin, and configuring them to block third party cookies / trackers. Note that because these opt-out mechanisms are specific to the device or browser on which they are exercised, you will need to opt out on every browser and device that you use.
5. Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Children's privacy

Our Service is not intended for use by children under 18 years of age. If we learn that we have collected personal information through the Service from a child under 18 without the consent of the child's parent or guardian as required by law, then we will delete it. If you are a parent or guardian and you are aware that your child has provided us with personal information, then please contact us as set out in the “Contact Us” section below.

Security practices

We use reasonable organizational, technical and administrative measures designed to protect against unauthorized access, misuse, loss, disclosure, alteration and destruction of personal information. Unfortunately, data transmission over the Internet cannot be guaranteed as completely secure. Therefore, while we strive to protect your personal information, we cannot guarantee the security of personal information.

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, then we will notify you by updating the date of this Privacy Policy and posting it on this page.

If you have any questions, comments or complaints about this Privacy Policy, our privacy practices, or if you would like to exercise your rights with respect to your personal information, then please contact us by email at: customerservice@croissant.com or by mail at: