Tucci’s App Privacy Policy

Last Updated: 10/24/2025

Introduction

Welcome to the Tucci’s App! We respect your privacy and are committed to protecting your personal information. This Privacy Policy explains what data we collect through the Tucci’s mobile application (“App”), how we use and protect it, and with whom we share it. By using the App, you agree to the data practices described in this policy. If you have any questions, you can reach us at community@clbrestaurants.com.

Information We Collect

We collect information from and about you in a few different ways:

Information You Provide

When you create an account, use features like placing a takeout order, requesting a reservation, submitting a private dining inquiry, or making wine purchases, you may provide personal information. This includes:

• Account Information: Name, email address, phone number, and login credentials
• Order Information: Takeout orders, wine purchases, delivery preferences, special instructions, and billing information
• Reservation Information: Name, phone number, email, party size, special requests, and dietary restrictions
• Event Information: RSVP details, dietary preferences, and special occasion information
• Loyalty Program Information: Loyalty account enrollment, point balances, transaction history, reward redemptions, and loyalty code
• Contact Information: When you contact us through the app or request customer support

For example, if you book a reservation via the App’s OpenTable integration, you might input your name and contact information. If you place a takeout or retail wine order, you’ll provide order details, delivery information, and payment details. When you create an account, we collect your email and phone number for verification and communication purposes. If you enroll in our loyalty program, we collect your loyalty preferences, track your dining history for point calculation, and maintain your reward redemption history.

Information Collected Automatically

Like many apps, we automatically receive certain data when you use the App. This includes:

• Device Information: Device type, operating system, unique device identifier, device model, and screen resolution
• Usage Information: How you navigate our App (e.g., which menus, events, or pages you view), features used, time spent in the app, and interaction patterns
• App Performance Data: App crashes, errors, loading times, and performance metrics to help us improve the user experience
• Analytics Data: Page views, button clicks, user flows, and feature usage statistics
• Technical Information: IP address, browser type, mobile carrier, and network information

We might also log the dates and times you access the App and any errors or crashes to help us improve performance and fix technical issues.

Location Data (If You Allow)

We only access your device’s location if you grant permission. This can help us:

• Show you relevant information (for example, confirming our restaurant location)
• Send location-based notifications like special offers if you are nearby
• Provide accurate delivery estimates for wine orders
• Help with navigation to our restaurant
• You can always choose not to share location, or disable location access later in your device settings. The App will work even if you decline to share your location.

Push Notification Tokens

If you enable push notifications, we collect a device token (an identifier) to send notifications. This token is not personally identifying by itself, but it’s linked to your account so we can send you relevant updates (like letting you know your order is ready, or alerting you to a new event). You can always opt out of push notifications in your device settings.

Payment Information

For wine orders and other purchases:

• Credit Card Information: When you make a purchase, payment details are processed securely through Stripe
• Billing Information: Name, billing address, and contact information for order fulfillment
• Transaction History: Records of purchases, refunds, and payment methods used

We do not store credit card numbers or sensitive payment information on our servers. All payment processing is handled securely by our payment partners.

Loyalty Program Data

If you enroll in our loyalty program, we collect:

• Loyalty Account: Your enrollment date, loyalty code, and program preferences
• Point Balances: Current points, tier status, and point transaction history
• Reward Activity: Rewards redeemed, expiration dates, and redemption history
• Dining History: Order patterns, favorite dishes, and spending behavior for personalization
• Fraud Prevention: Data to detect duplicate accounts, code sharing, or program abuse

How We Use Your Information

We use the collected information to provide and enhance our services in ways that are easy to understand:

To Provide App Features and Services

• Account Management: Create and maintain your user account, verify your identity, and provide access to personalized features
• Order Processing: Process takeout orders, wine purchases, and delivery requests
• Reservation Management: Secure restaurant reservations and manage seating arrangements
• Event Management: Handle RSVPs, event registrations, and special occasion bookings
• Customer Support: Respond to your inquiries and provide assistance
• Loyalty Program Management: Track points, process rewards, manage tier progression, and prevent fraud

To Communicate with You

• Order Confirmations: Send email or in-app confirmations of orders, reservations, and purchases
• Account Updates: Notify you of important changes to your account or our services
• Service Messages: Send transactional communications about your bookings, orders, or account status
• Push Notifications: Real-time alerts about order status, reservation reminders, or account activities

To Send Promotional Updates (With Consent)

With your permission, we may send occasional news about Tucci’s, such as:

• Special offers and promotions
• New menu items and seasonal features
• Upcoming events and wine tastings
• Birthday or anniversary reminders
• Loyalty program updates and reward notifications
• Double points events and special loyalty promotions

These communications are delivered via push notifications, email, or in-app messages. We will only send you marketing communications if you have agreed to receive them. You can opt out at any time by adjusting your notification settings or contacting us.

To Improve and Personalize the App

• Analytics: Analyze app usage patterns to understand user preferences and improve functionality
• Personalization: Use your order history and preferences to suggest relevant menu items or events
• Feature Development: Identify popular features and areas for improvement
• User Experience: Optimize app performance, navigation, and interface design
• Loyalty Personalization: Use dining history to recommend rewards, track favorite dishes, and customize loyalty offers

For Security and Fraud Prevention

• Account Security: Monitor for suspicious activity and protect against unauthorized access
• Fraud Detection: Identify and prevent fraudulent transactions or misuse of our services
• Data Protection: Implement security measures to safeguard your personal information
• Loyalty Fraud Prevention: Monitor for duplicate point claims, reward abuse, and suspicious loyalty activity

To Comply with Legal Obligations

• Regulatory Compliance: Meet requirements for alcohol sales, tax reporting, and business operations
• Legal Requests: Respond to lawful requests from government authorities or courts
• Record Keeping: Maintain transaction records as required by law

How We Share Your Information

We understand that sharing your information is a sensitive matter. We only share personal data in specific scenarios with appropriate safeguards:

Within Tucci’s / CLB Restaurants

Your information may be shared within our organization (CLB Restaurants, the parent company of Tucci’s) on a need-to-know basis. This includes:

• Restaurant staff for order fulfillment and service delivery
• Management for business operations and customer service
• Events team for private dining and special occasion coordination

Everyone who accesses personal data is bound by confidentiality agreements and this Privacy Policy.

Service Providers and Partners

Supabase (Data Storage and Authentication)

• Purpose: Secure cloud database for storing account information, order history, and app data
• Data Shared: Email addresses, phone numbers, order details, account preferences, and usage data
• Protection: Supabase is SOC 2 compliant and implements industry-standard security measures

Resend (Email Delivery Service)

• Purpose: Send confirmation emails, account verification, and transactional communications
• Data Shared: Email addresses and message content necessary for delivery
• Protection: Resend is GDPR compliant and uses enterprise-grade security

Stripe (Payment Processing)

• Purpose: Process payments for wine orders and other purchases
• Data Shared: Payment card information, billing details, and transaction data
• Protection: Stripe is PCI DSS compliant and handles all sensitive payment data securely

Analytics Services

• Purpose: Understand app usage patterns and improve user experience
• Data Shared: Anonymized usage statistics and performance metrics
• Protection: Analytics data is aggregated and does not include personal identifiers

When we share data with service providers, it’s only what they truly need to perform their services. We ensure all third parties are contractually obligated to protect your data and use it only for authorized purposes.

OpenTable (Reservations)

When you book a reservation through our App:

• Data Shared: Name, phone number, email, reservation time, party size, and special requests
• Purpose: Facilitate restaurant reservations and manage seating
• Your Rights: OpenTable has their own privacy policy governing their use of your data

PerfectVenue (Private Dining Requests)

When you submit private dining requests:

• Data Shared: Contact information, event details, group size, and special requirements
• Purpose: Coordinate private dining events and special occasions
• Your Rights: PerfectVenue manages this data according to their privacy policy

Social Media and External Links

The App may include links to Instagram, Facebook, or other social media platforms. If you click these links, you will be directed to third-party sites. We do not share your personal data with these platforms, but your activity on those sites is governed by their respective privacy policies.

Legal Compliance and Protection

We may disclose information if:

• Required by law, court order, or legal process
• Necessary to protect our rights, your safety, or the safety of others
• Required to investigate fraud or respond to government requests
• Necessary to enforce our terms of service or protect our business

Business Transfers

If Tucci’s or CLB Restaurants is involved in a merger, acquisition, or sale of assets, user information might be transferred to the successor entity. We will ensure the new owner honors the commitments made in this Privacy Policy and notify you of any significant changes.

Important: We do not sell your personal information to third parties for their own marketing purposes. Any third parties with whom we share data are required to provide the same level of data protection that we commit to in this Policy.

Data Security

We take the security of your information seriously and implement comprehensive security measures:

Technical Safeguards

• Encryption: Data is encrypted in transit and at rest using industry-standard protocols
• Secure Servers: All data is stored on secure, monitored servers with regular security updates
• Access Controls: Strict access controls limit who can view or modify your personal information
• Firewalls: Network security measures protect against unauthorized access
• Regular Audits: Security assessments and penetration testing to identify and address vulnerabilities

Organizational Safeguards

• Employee Training: Regular privacy and security training for all staff
• Data Minimization: We only collect and retain data necessary for our services
• Incident Response: Procedures for detecting and responding to security incidents
• Vendor Management: Careful vetting and ongoing monitoring of third-party service providers

While we strive to protect your information, no system is 100% secure. We encourage you to:

• Use strong, unique passwords for your account

• Keep your device and app updated

• Report any suspicious activity immediately

• Contact us if you believe your account has been compromised

Data Retention

We retain your personal information only as long as necessary for legitimate business purposes:

Account Information

• Active Accounts: Retained while your account is active and for a reasonable period after inactivity
• Deleted Accounts: Personal data is deleted within 30 days of account deletion request

Transaction Records

• Order History: Retained for 7 years to comply with tax and business record requirements
• Payment Information: Processed securely by Stripe and not stored in our systems
• Reservation Data: Retained for 2 years for customer service and business operations
• Loyalty Program Data: Point balances and transaction history retained while account is active, plus 2 years after account closure for fraud prevention and customer service

Analytics Data

• Usage Statistics: Aggregated data may be retained indefinitely for business analysis
• Performance Metrics: Retained for 2 years to improve app functionality

Legal Requirements

Some data may be retained longer if required by law, such as:

• Tax records for 7 years
• Alcohol purchase records as required by state regulations
• Legal dispute records as required by applicable statutes of limitations

When we no longer need your data, we securely delete or anonymize it.

Your Choices and Rights

You have control over your personal information and several rights regarding your data:

Access and Correction

• View Your Data: Request access to the personal information we hold about you
• Update Information: Correct inaccurate or outdated information in your account profile
• Data Portability: Request a copy of your data in a machine-readable format

Account Management

• Account Deletion: Delete your account at any time through app settings or by contacting us
• Data Deletion: Request deletion of specific personal information
• Account Deactivation: Temporarily disable your account while retaining data

Communication Preferences

• Push Notifications: Enable or disable push notifications in app or device settings
• Email Communications: Opt out of marketing emails while maintaining transactional messages
• Promotional Updates: Control whether you receive special offers and event notifications

Privacy Controls

• Location Services: Grant or revoke location access in device settings
• Camera/Microphone: Control access to device features when using app functions
• Analytics: Opt out of analytics data collection where technically feasible

Legal Rights

California Residents (CCPA)

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt out of sale of personal information (we do not sell data)
• Right to non-discrimination for exercising privacy rights

EU/UK Residents (GDPR)

• Right of access to personal data
• Right to rectification of inaccurate data
• Right to erasure (“right to be forgotten”)
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent

To exercise any of these rights, contact us at community@clbrestaurants.com. We may need to verify your identity before fulfilling requests to protect your privacy and security.

Children’s Privacy

The Tucci’s App is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. Our services like reservations, wine purchases, and events are intended for adults.

Age Verification

• Alcohol Sales: Wine purchases require age verification and are restricted to adults 21+
• Account Creation: Users must be at least 13 to create an account
• Parental Guidance: Users aged 13–17 should use the App under parental supervision

If We Learn of Underage Use

If we discover we have collected personal data from a child under 13, we will:

• Immediately delete the information
• Notify parents if contact information is available
• Take steps to prevent future collection from that user

Parents or guardians who believe their child may have provided personal information should contact us at community@clbrestaurants.com.

Third-Party Services and Links

Our App integrates with several third-party services:

Payment Processing

• Stripe: Handles all payment transactions securely
• Privacy Policy: https://stripe.com/privacy
• Data Handling: Payment data is processed by Stripe and not stored by us

Email Services

• Resend: Delivers transactional and marketing emails
• Privacy Policy: https://resend.com/privacy
• Data Handling: Only receives email addresses and content for delivery

Data Storage

• Supabase: Provides secure database and authentication services
• Privacy Policy: https://supabase.com/privacy
• Data Handling: Stores account and app data securely

Reservations

• OpenTable: Facilitates restaurant reservations
• Privacy Policy: https://www.opentable.com/legal/privacy-policy
• Data Handling: Receives reservation details and shares confirmations with us

Event Management

• PerfectVenue: Manages private dining requests
• Privacy Policy: Available through their platform
• Data Handling: Processes event requests and forwards details to our team

We recommend reviewing the privacy policies of these third-party services when using their features.

International Data Transfers

Your personal information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for international transfers:

• Adequacy Decisions: We prefer transfers to countries with adequate data protection
• Standard Contractual Clauses: Use EU-approved contract terms for transfers
• Certification Programs: Rely on certified frameworks like Privacy Shield successors
• Consent: Obtain explicit consent where required by applicable law

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect:

• Changes in our data practices
• New features or services
• Legal or regulatory requirements
• Improvements to our privacy protections

Notification of Changes

• Minor Changes: Posted with updated “Last Updated” date
• Significant Changes: Prominent notice in the App or email notification
• Material Changes: May require new consent before implementation

Your Continued Use

Continued use of the App after policy updates constitutes acceptance of the new terms, to the extent permitted by law. If changes require new consent, we will ask for it explicitly.

Contact Us

We’re committed to addressing your privacy questions and concerns promptly:

Tucci’s / CLB Restaurants
Attn: Privacy Team
Email: community@clbrestaurants.com
Phone: (614) 760-0432
Mail: 8200 Business Way, Suite A, Plain City, Ohio 43064, USA

Response Time

We aim to respond to privacy inquiries within 30 days and will work with you to resolve any issues or answer questions about your personal information.

Privacy Complaints

If you have concerns about our privacy practices, you may also contact:

• Your local data protection authority
• The Federal Trade Commission (FTC) if you’re in the United States
• Your state’s attorney general’s office

Thank you for trusting Tucci’s with your dining experiences and personal information. We take this responsibility seriously and are committed to protecting your privacy while providing exceptional service.