Privacy Policy

Last updated: May 7, 2026

Santa Fe Burrito Grill (“we,” “us,” “our”) respects your privacy. This Privacy Policy explains how we collect, use, share, and protect information when you visit santafeburritogrill.co or use the Santa Fe Burrito Grill mobile application (collectively, the “Services”).

By using our Services, you agree to the collection and use of information as described in this policy.

1. Information We Collect

Information You Provide Directly

  • Account information: name, email address, phone number, password.
  • Order information: items ordered, special instructions, pickup or delivery address, dietary preferences.
  • Payment information: processed securely by our payment provider, Shift4 Payments. We do not store full credit card numbers on our servers. We store a tokenized reference that allows repeat purchases without re-entering card details.
  • Customer support communications: messages, complaints, or feedback you send to us.

Information Collected Automatically

  • Device information: device type, operating system, app version, unique device identifiers, push notification tokens.
  • Usage data: screens viewed, features used, errors encountered, session duration.
  • Location data: if you grant permission, we use your location to show the closest store and accurate delivery distances. We only access location while the app is in use.
  • Diagnostic data: crash reports and performance metrics to help us fix bugs.

Information from Third Parties

  • Sign-in providers: if you sign in using Apple or Google, we receive your name and email from that provider.
  • Delivery partners: when you place a delivery order, our partner DoorDash provides delivery status updates and driver information.

2. How We Use Your Information

We use the information we collect to:

  • Process and fulfill your orders.
  • Communicate with you about your orders (confirmations, status updates, delivery notifications).
  • Operate our loyalty rewards program and apply promotional codes.
  • Improve the app, fix bugs, and prevent fraud.
  • Send you marketing communications (only if you opt in).
  • Comply with legal obligations.

3. How We Share Your Information

We share your information only when necessary:

  • With Shift4 Payments, to process payments. Shift4 is a PCI-DSS Level 1 certified payment processor.
  • With DoorDash, when you place a delivery order. We share your name, phone number, and delivery address so the driver can complete the delivery.
  • With service providers who help us operate the app: Supabase (database hosting), Sentry (crash reporting and analytics), Expo (push notifications and over-the-air updates), and our geocoding service (to convert addresses to coordinates).
  • For legal reasons, such as responding to a subpoena, court order, or government request.
  • Business transfers, if we sell, merge, or transfer our business.

We do not sell your personal information to third parties.

4. Data Retention

We retain your information for as long as your account is active and as needed to provide our Services. You can request deletion of your account at any time through the app’s “Delete Account” feature in your profile, or by emailing us. When you delete your account:

  • Your personal information is removed from our active systems.
  • Your payment token at Shift4 is deleted.
  • Anonymized order history may be retained for tax, accounting, and legal compliance.

5. Your Rights and Choices

Depending on where you live, you may have the following rights:

  • Access: request a copy of the information we have about you.
  • Correction: ask us to correct inaccurate information.
  • Deletion: ask us to delete your account and personal information.
  • Opt-out: unsubscribe from marketing emails or disable push notifications in your device settings.
  • California residents: under the CCPA, you may request information about the categories of personal information we collect and to whom we disclose it. We do not sell personal information.
  • EU/EEA residents: under the GDPR, you may exercise rights of access, rectification, erasure, restriction of processing, and data portability. Our legal basis for processing is contract performance (to provide ordering services), legitimate interests (to operate and improve our Services), and consent (for marketing).

To exercise any of these rights, contact us at the email below.

6. Cookies and Tracking Technologies

Our website uses cookies for basic functionality and analytics. Our mobile app does not use third-party advertising trackers. We use Apple’s App Tracking Transparency framework on iOS to ask for your consent before enabling any analytics that could identify you across other apps.

7. Children’s Privacy

Our Services are not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us information, please contact us and we will delete it.

8. Security

We use industry-standard security measures to protect your information, including encryption in transit (HTTPS), encryption at rest, role-based access control, and regular security audits. No system is perfectly secure, but we work hard to protect your data.

9. International Data Transfers

We are based in Massachusetts, United States. If you use our Services from outside the United States, your information will be transferred to and processed in the United States.

10. Changes to This Policy

We may update this policy from time to time. When we make material changes, we will notify you by email or through a notice in the app. The “Last updated” date at the top reflects the current version.

11. Contact Us

If you have questions about this Privacy Policy or want to exercise your rights, contact us:

Santa Fe Burrito Grill
Email: support@santafeburritogrill.co
Mailing address: [INSERT BUSINESS MAILING ADDRESS]

Santa Fe Burrito Grill is a family-owned restaurant business operating multiple locations in Massachusetts.