Privacy policy

Privacy Policy

Effective Date: January 1, 2025
Last Updated: January 1, 2025

This Privacy Policy describes how eatpluck.com (the “Site,” “we,” “our,” or “us”) collects, uses, and shares your Personal Information when you visit, interact with, or make a purchase from the Site.

We are committed to protecting your privacy and ensuring compliance with applicable privacy laws, including GDPR (EEA/UK), CCPA/CPRA (California), and new U.S. state privacy laws effective in 2025 (Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Minnesota, Tennessee), as well as the updated Children’s Online Privacy Protection Act (COPPA).

1. Collecting Personal Information

When you visit the Site, we collect certain information to provide and improve our services. “Personal Information” means any information that identifies, relates to, or could reasonably be linked to you.

a. Device Information

  • Examples collected: browser type, IP address, time zone, cookie data, pages viewed, search terms, site interactions

  • Purpose: load the Site correctly, optimize performance, detect fraud

  • Source: automatically via cookies, log files, web beacons, tags, pixels

  • Disclosure: shared with our service provider Shopify

b. Order Information

  • Examples collected: name, billing/shipping address, payment details, email, phone

  • Purpose: fulfill orders, process payments, arrange shipping, confirm orders, detect fraud, provide offers (if opted-in)

  • Source: collected directly from you

  • Disclosure: shared with Shopify and Shipping Easy

c. Customer Support

  • Examples collected: email, phone

  • Purpose: provide support and respond to inquiries

  • Source: collected directly from you

We do not collect more information than necessary to provide our services (data minimization principle).

2. Sharing Personal Information

We share your Personal Information with trusted service providers only as needed to deliver services:

  • Shopify – store platform (Shopify Privacy)

  • Vital Ops / Ordoro – shipping management

  • Analytics and Advertising Partners – Google Analytics and advertising platforms (see Section 4)

We may also share Personal Information to comply with legal obligations, enforce our rights, or protect security.

3. Using Personal Information

We use your Personal Information to:

  • Provide, improve, and personalize our services

  • Process transactions and ship products

  • Communicate order updates, offers, and product news

  • Detect and prevent fraud

  • Comply with legal obligations

4. Behavioural Advertising and Analytics

We use cookies and similar technologies to understand usage and deliver relevant ads.

Opt-out of targeted ads:

5. Lawful Basis (GDPR – EEA/UK Residents)

We process your data under:

  • Consent

  • Performance of a contract

  • Legal obligations

  • Vital interests

  • Public interest tasks

  • Legitimate interests (not overriding your rights)

Data may be transferred outside the EEA (e.g., to the U.S. and Canada). Shopify safeguards these transfers—see Shopify GDPR Whitepaper.

6. U.S. State Privacy Rights

If you are a resident of California, Colorado, Connecticut, Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Minnesota, Tennessee, Utah, or Virginia, you have the following rights:

  • Access: know what data we collect

  • Portability: receive a copy of your data

  • Correction: fix inaccurate data

  • Deletion: request deletion of your data

  • Opt-out: stop sale or sharing of personal data or targeted advertising

  • Non-discrimination: you won’t be treated differently for exercising rights

To exercise rights, contact us (see Section 13). You may also authorize an agent to act on your behalf.

7. Children’s Privacy (COPPA)

We do not knowingly collect or solicit Personal Information from children under 13.

  • If we learn we have collected such information without parental consent, we will delete it.

  • We do not share or monetize children’s data.

  • If your child has provided us with information, please contact us immediately.

We comply with COPPA updates effective April 22, 2026, which restrict the use of children’s data, require verifiable parental consent, and mandate a written security program.

8. Data Retention

We retain Personal Information only as long as needed:

  • Order/transaction data: 7 years (tax/accounting purposes)

  • Customer support: 12 months after resolution

  • Marketing data: until you opt out or request deletion

  • Device/analytics data: anonymized or deleted within 24 months

When data is no longer needed, we securely delete or anonymize it.

9. Automated Decision-Making

We use limited automated tools to detect fraud:

  • Temporary IP denylisting for failed transactions

  • Temporary card denylisting linked to suspicious activity

These do not have legal or significant effects on you. Shopify may also use automated fraud detection.

10. Cookies

We use cookies for:

  • Site navigation

  • Cart and checkout

  • Customer login

  • Analytics and advertising

Examples: _secure_session_id, cart, checkout_token, _shopify_y, _landing_page

You may manage cookies through your browser or visit allaboutcookies.org. Blocking cookies may limit site functionality.

11. Do Not Track

We do not currently respond to “Do Not Track” signals due to lack of industry standards.

12. Future Federal Privacy Laws

If new federal privacy legislation (e.g., the American Privacy Rights Act) takes effect, we will update this Privacy Policy accordingly.

13. Your Rights & Contact Information

If you have questions or want to exercise your rights:

Mail:
Castle Hill Foods, Inc.
PO Box 600530
Newtonville, MA 02460-0005, United States

Email: hello@eatpluck.com

If unsatisfied, you may lodge a complaint with your local data protection authority (e.g., UK ICO).

14. SMS Marketing

By opting into SMS messaging, you agree to our [Messaging Terms] and [Messaging Privacy Policy].

15. Changes

We may update this Privacy Policy from time to time. Updates will be posted here with the “Last Updated” date revised accordingly.