Privacy Policy

1. Who we are

Burritos Chiquita ("we," "us," or "our") operates the website at burritoschiquitakc.com (and any associated subdomains) along with related online ordering and catering services. Our restaurant is located at 1328 Minnesota Ave, Kansas City, KS 66102.

This Privacy Policy explains what information we collect from you when you visit our website, place an order, submit a catering inquiry, or otherwise interact with our services, and how we use, share, and protect that information.

By using our website or services, you agree to this Privacy Policy. If you do not agree, please do not use our website or services.

2. Information we collect

We collect information in three ways: information you provide directly, information we collect automatically, and information we receive from third parties.

a. Information you provide directly

• Order information: When you place an order through our website, we collect your name, email address, phone number, the items you order, any modifications or special instructions, the date and time of pickup or delivery, and your delivery address (if applicable).
• Payment information: Payment card details are collected and processed by our payment processor (Stripe). We do not store full payment card numbers on our servers. We may receive a tokenized reference, the last four digits of the card, and the card brand.
• Catering inquiries: When you submit our catering form, we collect your name, business or company name (if provided), email address, phone number, requested service type (pickup, delivery, or food truck), estimated headcount, requested date, frequency, ZIP code, and any notes you choose to share.
• Communications: If you call, email, text, or message us through social media, we collect the contents of those communications and any contact details you share.

b. Information we collect automatically

• Device and usage information: When you visit our website, our hosting provider and analytics tools may automatically collect your IP address, browser type and version, device type, operating system, the pages you visit, the time and date of your visit, the referring website, and the time you spend on each page.
• Cookies and similar technologies: We use cookies and similar technologies to remember your preferences (such as language setting and cookie consent), keep you logged in (if applicable), and understand how visitors use our site. See Section 6 for more details.
• Approximate location: Based on your IP address, we may infer the city or region you are visiting from. We do not collect precise GPS location unless you explicitly grant permission through your browser.

c. Information we receive from third parties

• Payment processors: Our payment processor may share transaction details with us, including the amount paid, payment status, and tokenized payment information.
• Delivery partners: If you order through a third-party delivery service (such as DoorDash), we may receive your name, contact information, and order details from that service.
• Social media: If you tag us, message us, or interact with our content on Instagram, TikTok, Facebook, or other platforms, those platforms share your public profile information with us.

3. How we use your information

We use the information we collect for the following purposes:

• To process, prepare, and fulfill your food orders and catering requests
• To contact you about your order or catering inquiry, including confirmations, scheduling, pickup or delivery updates, and clarifying questions
• To process payments and prevent fraudulent transactions
• To respond to your questions, feedback, complaints, and requests
• To improve our website, menu, and customer experience
• To understand which dishes, sections, and features are most useful to our customers
• To send you transactional messages (order confirmations, receipts, catering proposals)
• With your consent, to send you promotional or marketing messages — you can opt out at any time
• To comply with legal obligations, including tax records, food safety regulations, and responding to lawful requests from authorities
• To protect our rights, property, and safety, and the rights, property, and safety of our customers and the public

4. Who we share information with

We do not sell your personal information. We share information only as described below:

a. Service providers

We share information with trusted third-party service providers who help us operate our business. These include:

• Payment processing: Stripe, Inc. processes payment card transactions on our behalf. Your payment information is governed by Stripe's privacy policy.
• Point-of-sale system: Clover (a service of Fiserv) handles in-restaurant orders and may sync with online orders.
• Website hosting: Our website is hosted by a cloud hosting provider that processes server logs containing IP addresses and basic usage data.
• Email and communication tools: We use email service providers to send transactional and marketing emails.
• Analytics: We may use website analytics services (such as Google Analytics) to understand site usage in aggregate.
• Delivery services: When delivery is requested, we share necessary order details with delivery partners (such as DoorDash).

b. Legal and safety reasons

We may disclose information when required by law, subpoena, court order, or other legal process, or when we believe in good faith that disclosure is necessary to: (i) comply with a legal obligation, (ii) protect and defend our rights or property, (iii) prevent fraud or wrongdoing, (iv) protect the personal safety of our customers, employees, or the public, or (v) cooperate with law enforcement investigations.

c. Business transfers

If Burritos Chiquita is involved in a merger, acquisition, asset sale, reorganization, or bankruptcy, your information may be transferred as part of that transaction. We will notify you (such as via email or a notice on our website) before your information is transferred and becomes subject to a different privacy policy.

d. With your consent

We may share your information for any other purpose with your explicit consent.

5. Payments and order processing

All online payments are processed through Stripe, Inc. We do not see, store, or have access to your full payment card number, expiration date, or security code. Stripe is a PCI-DSS Level 1 certified payment processor, which is the highest level of security certification in the payment industry.

When you complete a payment, we receive only a transaction reference, the amount paid, the payment status, the last four digits of your card, and the card brand. This is the minimum information needed to manage your order, issue refunds if necessary, and maintain accurate financial records.

For more information about how Stripe processes payment information, please review Stripe's Privacy Policy at stripe.com/privacy.

6. Cookies and tracking technologies

A cookie is a small text file stored on your device when you visit a website. We use cookies and similar technologies for the following purposes:

• Strictly necessary cookies: These are required for the website to function properly, including remembering your shopping cart contents during your visit and your language preference.
• Preference cookies: These remember your settings (such as your selected language and whether you have dismissed our cookie banner).
• Analytics cookies: These help us understand how visitors use our site so we can improve it. We use aggregate, non-identifying data wherever possible.

You can control cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or be alerted when cookies are being sent. However, blocking strictly necessary cookies may prevent some features of our website from working properly.

When you first visit our website, we display a cookie banner. By continuing to use the site after seeing the banner, you consent to our use of cookies as described in this section.

7. How long we keep your information

We keep your personal information only as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, tax, or reporting requirements.

• Order records: We retain order records for at least 7 years to comply with tax and accounting requirements.
• Catering inquiries: We retain catering inquiry information for up to 3 years for relationship management and follow-up purposes.
• Marketing communications: If you sign up for our marketing communications, we keep your contact information until you unsubscribe, and for a reasonable period afterward to honor your opt-out request.
• Website analytics: We typically retain raw website analytics data for up to 26 months.
• Server logs: Server access logs are typically retained for 30 to 90 days.

When we no longer need your personal information, we securely delete or anonymize it.

8. How we protect your information

We take reasonable administrative, technical, and physical safeguards to protect your information from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. These measures include:

• SSL/TLS encryption for data transmitted between your browser and our servers
• Use of PCI-DSS compliant payment processors so we never handle raw payment card data
• Limited access to personal information on a need-to-know basis
• Regular review of our security practices

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially reasonable means to protect your information, we cannot guarantee absolute security. If we become aware of a security breach affecting your personal information, we will notify you in accordance with applicable law.

9. Your privacy rights

Subject to applicable law, you have the following rights regarding your personal information:

• Access: You can request a copy of the personal information we hold about you.
• Correction: You can ask us to correct inaccurate or incomplete information.
• Deletion: You can ask us to delete your personal information, subject to certain legal exceptions (such as records we must keep for tax purposes).
• Opt out of marketing: You can unsubscribe from marketing emails by clicking the unsubscribe link in any marketing email, or by contacting us directly.
• Portability: Where applicable, you can request a copy of your information in a structured, commonly used, machine-readable format.
• Restriction or objection: You may have the right to restrict or object to certain processing activities.

To exercise any of these rights, please contact us using the information in Section 15. We may need to verify your identity before fulfilling your request, and we will respond within the time frame required by applicable law (typically 30 to 45 days).

We will not discriminate against you for exercising any of these rights.

10. State-specific rights

Residents of certain US states have additional rights under state privacy laws. We honor these rights regardless of where you live.

a. California residents (CCPA / CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act. These include the right to know what personal information we collect, sell, or share; the right to delete personal information; the right to correct inaccurate information; the right to opt out of the sale or sharing of personal information; the right to limit use of sensitive personal information; and the right not to be discriminated against for exercising these rights.

We do not sell personal information. We do not knowingly share personal information with third parties for cross-context behavioral advertising.

b. Virginia, Colorado, Connecticut, Utah, and other states

Residents of Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws have similar rights to access, correct, delete, and obtain a copy of their personal information, as well as the right to opt out of targeted advertising and the sale of personal information. We honor all such requests.

c. Right to appeal

If we deny a privacy rights request, you may appeal our decision by contacting us using the information in Section 15. We will respond to appeals within the time frame required by applicable law.

11. Children's privacy

Our website and services are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information promptly. If you are a parent or guardian and believe your child has provided personal information to us, please contact us and we will take appropriate action.

12. Third-party links and services

Our website may contain links to third-party websites and services, including social media platforms, delivery services, mapping services, and our payment processor. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you visit or use.

13. Do Not Track signals

Some browsers offer a "Do Not Track" (DNT) signal. There is currently no industry standard for how websites should respond to DNT signals. Our website does not currently respond to DNT signals, but we honor opt-out requests submitted directly to us as described in Sections 9 and 10.

14. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this policy and, where appropriate, notify you by email or by posting a notice on our website. We encourage you to review this policy periodically.

Your continued use of our website or services after changes are posted constitutes your acceptance of the updated policy.

15. How to contact us

If you have questions, concerns, or requests about this Privacy Policy or how we handle your personal information, please contact us: