Privacy Notice 

Last Updated: May 18, 2026 

 

Cinchio Solutions, LLC (“Cinchio,” “we,” “us,” or “our”) respects your privacy. This Privacy Notice describes our practices with respect to the Personal Information that we collect via our Cinchio website, and/or our Tatvam website (collectively the “Sites”), the Cinchio or Tatvam mobile applications (“Apps”), through in-person kiosk use, through our Tatvam product, through any social media, other websites or apps wherein consumer reviews may be obtained by us, and any related services, sales, or marketing events, including what rights you may have under applicable laws (collectively, “Services”). As used in this Privacy Notice, “Personal Information” means information that uniquely identifies, relates to, describes, or is reasonably capable of being associated with or linked to an individual or household. 

This Privacy Notice is available to consumers with disabilities. To access this Privacy Notice in an alternative downloadable format, please click here. 

This Privacy Notice does not apply to information we process in the employment context, including information relating to job applicants, employees, contractors, or similar personnel acting in that capacity. Where applicable, those individuals receive a separate notice. 

 

Personal Information We Collect and How We Collect It 

We collect Personal Information directly from you, automatically from your device or browser, from our affiliates, from service providers and business partners acting on our behalf, from event and referral sources, and, in limited cases, from publicly available online sources used in connection with our Tatvam services. The categories of Personal Information we may collect include:  

  • Identifiers and Contact Information – When you use our Sites, Apps, services, or products, or if you contact us through any means, we may collect Personal Information from you directly, including your first and last name, email address, postal address, and/or phone number.  
  • Purchase Information – We collect information about purchases or orders you have made on our Sites, Apps, or in-person at any location where we provide services or products we may make suggestions to you based on your previous orders. 
  • Usage Information – We collect non-identifiable usage details about our users’ behavior within our Sites and App, including screen views, button selects, and abandoned carts. This information is not associated with any individual user and is only used in aggregate to improve the usability of the Sites and Apps. 
  • Automatically acquired information – We may collect information such as IP address and/or browser and device characteristics when you visit, use, or navigate our Sites or Apps. This information does not reveal your specific identity (like name or contact information) but may include device usage information, including device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Site and App, or other technical information. This information is primarily collected to maintain the security and operation of our Site and App, and for our internal analytics and reporting purposes.  
  • Information you publicly make available on the internet – Through our Tatvam product and services, we may collect information from social media accounts or other websites that users choose to make public. This information may include name, email, gender, date of birth, current city, profile or other pictures, as well as any other information that is publicly available on the internet.  
  • Any other Personal Information that you voluntarily provide to us – When using our Site, App, products, services, expressing an interest in obtaining information about us, or our products or services, when participating in activities on the Site or App, or otherwise contacting us.  

 

Sensitive Personal Information and Data 

Some of the information we process may be considered “sensitive data” or “sensitive Personal Information” under applicable law, including precise geolocation and limited health-related dietary or allergy information voluntarily provided in the ordering context. In certain Tatvam workflows, client-authorized credentials may also be handled as highly sensitive account-access information. 

We use such information only for the purposes disclosed at the time of collection or otherwise permitted by law, such as enabling location-based functionality, facilitating an order, accommodating dietary information, or providing authorized benchmarking services. Where required by law, we obtain your consent and provide you with the ability to withdraw that consent. 

Depending on the Service and the context, we may process the following categories of Sensitive Personal Information. Where required by applicable law, we obtain consent before collecting or processing sensitive data for its relevant purpose. 

  • Login information/Credentials– Our Tatvam Services may collect and use any passwords, password hints, security data, social media login data, and any similar security information used for authentication and account access that you provide to us for the purposes of conducting benchmarking services. Any information contained in password-protected accounts you authorize us to access may also be collected and used to provide our services. 
  • Location Information – When you use our Cinchio App or Site, you can allow us to collect your location information so you can find food and beverage locations that are close to you. Once you allow us to find your location, the Cinchio App or Site will notify you of the food and beverage options near your proximity. If you do not want us to collect this information, click on “Don’t Allow” when the Cinchio App or Site asks to use your location.  
  • Sensory/Biometric Information – To the extent video or voice recordings are considered Biometric Data under applicable state laws, we may collect voiceprints when utilizing digital notetaking technology.  
  • Credit/Debit Card or other Payment Information ­– When you make a purchase, we collect your payment information and use a third-party payment processor to collect your credit card, debit card, or other payment information to process your orders. Payment data may be stored by our payment processor and you should review its privacy policies and contact the payment processor directly to respond to your questions.

 

How We Use Personal Information 

We process your information for purposes based on legitimate business interests, the fulfillment of any contract with you, compliance with legal obligations, and/or with your consent. To the extent permitted by applicable law, we use Personal Information: 

  • To provide our services through our Sites, Apps, and kiosk locations, including completing your purchases, emailing you receipts, managing your orders, making it convenient for you to find food, beverage, or retail facilities near your location, and making recommendations based on prior purchases.  
  • For communicating with you, such as notifying you when your order is ready for pick up, for marketing purposes, for sending you product, service, or new feature information, to provide information about changes to our terms, conditions or policies, or for any other communication requested by you.  
  • To request feedback. We may use your information to request feedback and to contact you about your use of our products, services, Sites, or Apps.  
  • To provide benchmarking and analytics services.  Through our Tatvam product, we provide benchmarking, analytics, and competitive-intelligence services to our business customers. In connection with these services: 
  • Client-Authorized Account Access. Where a business customer expressly authorizes us to access its social media or third-party platform accounts for benchmarking purposes, we may collect login credentials and account data necessary to perform the authorized services. We collect and use these credentials solely for the purposes authorized by the business customer, transmit them using encryption in transit and at rest, and delete or return them promptly upon completion of the authorized engagement or upon the customer’s request, whichever comes first. 
  • Publicly Available Information. We may also collect and analyze information that individuals or businesses have made publicly available on social media platforms, review sites, and other public internet sources. This may include publicly posted names, profile information, reviews, ratings, and similar content. We collect this information only to the extent necessary to deliver our benchmarking and analytics services and in compliance with the applicable platform’s terms of service. 
  • Legal Basis (EU/EEA/UK). Where we process Personal Information obtained from publicly available sources for benchmarking purposes, our legal basis is our legitimate interest in providing competitive-intelligence and analytics services to our business customers. We have conducted a balancing assessment and determined that this interest is not overridden by the data subjects’ rights, given that the data is publicly available and is used in aggregated or anonymized form wherever possible. Where we rely on client-authorized account access, our legal basis is the performance of our contract with the business customer, supplemented by the customer’s authorization and any required end-user consents. 
  • Data Minimization. We limit the Personal Information we collect through Tatvam to what is necessary and proportionate for the specific benchmarking or analytics engagement. We do not collect friends lists, check-in histories, “likes,” or other social-graph data unless the business customer has specifically authorized such collection and a legitimate business purpose for the engagement requires it. 
  • Third-Party Platform Terms. Our use of data from third-party platforms is subject to those platforms’ terms of service and applicable API policies. We do not access, scrape, or collect data from platforms in a manner that violates their terms. 
  • As part of a corporate transaction, such as in connection with the sale of part or all of our assets or business, the acquisition of part or all of another business or another business’ assets, or another corporate transaction, including bankruptcy 
  • For legal, security, or safety reasons, such as protecting our and our users’ safety, property, or rights; complying with legal requirements; enforcing our terms, conditions, and policies; detecting, preventing, and responding to security incidents; and protecting against malicious, deceptive, fraudulent, or illegal activity. 
  • For other business purposes. We may use your Personal Information for other disclosed purposes compatible with the context in which the information was collected and as permitted by law, such as data analytics, identifying usage trends, determining the effectiveness of our promotional campaigns, and to evaluate and improve our Sites, Apps, kiosks, services, products, and marketing. 

 

How We Disclose Personal Information 

We may disclose your Personal Information in the following circumstances: 

  • Affiliates and Related Entities – We may disclose Personal Information within our corporate family for internal administration, service delivery, customer relationship management, security, and lawful business operations. 
  • Service Providers – We disclose your Personal Information to third-party service providers as necessary to enable them to support our Sites, Apps, and services.  For example, we use a third-party payment processor to complete our credit/debit card transactions, we use third-party hosting providers to run our Sites and Apps, and we use third-party service providers for shipping products. 
  • Business Customers and Client-authorized Recipients – In connection with Tatvam and related business services, we may provide analytics, reporting, or benchmarking outputs to our business customers and other recipients they authorize. 
  • Legal Obligation or Safety Reasons – We may disclose Personal Information to a third party when we have a good faith belief that such disclosure of Personal Information is reasonably necessary to (a) satisfy or comply with any requirement of law, regulation, legal process, or enforceable governmental request, (b) enforce or investigate a potential violation of any agreement you have with us, (c) detect, prevent, or otherwise respond to fraud, security or technical concerns, (d) support auditing and compliance functions, or (e) protect our rights or the rights of employees, property, or the public against harm. 
  • Merger or Change of Control – We may disclose Personal Information to third parties as necessary if we are involved in a merger, acquisition, or any other transaction involving a change of control in our business, including but not limited to a bankruptcy or similar proceeding. Where legally required, we will give you notice prior to such disclosure. 

We do not disclose Personal Information to third parties for their own direct marketing purposes except as described in this Privacy Notice or with appropriate notice and, where required, choice.  

 

Sales, Sharing, Targeted Advertising, and Profiling  

We do not sell Personal Information in exchange for money. We also do not currently process Personal Information for cross-context behavioral advertising or “targeted advertising” in a manner that would require an opt-out right under applicable U.S. state privacy law, except to the extent we later implement advertising or tracking technologies that fall within those definitions. If our practices change, we will update this Privacy Notice and provide any rights required by applicable law before doing so. 

We do not engage in profiling in furtherance of decisions that produce legal or similarly significant effects about individuals through our public-facing Services. 

 

How Long We Keep Your Personal Information 

We retain Personal Information only for as long as reasonably necessary to fulfill the purposes for which it was collected, as described in this Privacy Notice, and to comply with our legal and contractual obligations. When determining the appropriate retention period, we consider the nature and sensitivity of the data, the purposes for which it is processed, applicable legal and regulatory requirements, and our legitimate business needs. 

The following provides general guidance on our retention practices: 

Data Category  Typical Retention Period  Rationale 
Account and contact information  Duration of account relationship + Two Years  To provide Services and support post-termination inquiries 
Transaction and purchase records  Two Years after transaction  Tax, accounting, and legal compliance obligations 
Payment information  Retained by payment processor per its policies; we retain transaction records for 7 years  PCI-DSS compliance; financial recordkeeping 
Usage and analytics data  Twenty-four months  Service improvement and troubleshooting 
Marketing preferences and communications  Duration of relationship + two years, or until consent is withdrawn  To honor opt-out/unsubscribe requests 
Tatvam benchmarking data and credentials  Duration of service engagement + Two Years  Service delivery; credentials deleted promptly after authorized use 
Location data  Duration of Physical On-Site Visit  Transient use for location-based features 
Biometric/sensory data (voiceprints)  Two Years, or as required by applicable state biometric laws  State biometric privacy law compliance (e.g., BIPA) 

 Where Personal Information is no longer needed for any lawful purpose, we will securely delete or de-identify it. In some cases, we may anonymize Personal Information so that it can no longer be associated with you, in which case the anonymized data is no longer Personal Information and may be used without further notice. 

 

How We Protect Personal Information 

We implement reasonable and appropriate administrative, technical, and physical safeguards designed to protect Personal Information from unauthorized access, acquisition, use, disclosure, alteration, or destruction. However, despite these efforts to store Personal Information in a secure environment, no method of transmission or storage is completely secure and we cannot guarantee absolute security. 

 

Cookies and Similar Technologies 

We and our service providers use cookies, software development kits (SDKs), pixels, tags, local storage, and similar technologies (collectively, “Cookies”) when you interact with our Services. A cookie is a small data file placed on your device that helps us recognize you and remember your preferences. 

 We use the following categories of Cookies: 

  • Strictly Necessary Cookies. These Cookies are essential for the operation of our Sites and Apps. They enable core functionality such as security, network management, session management, and accessibility. You cannot opt out of these Cookies because the Services cannot function without them. 
  • Functional Cookies. These Cookies allow us to remember choices you make (such as your language preference, region, or login credentials) and provide enhanced, personalized features. If you disable these Cookies, some or all of these features may not function properly. 
  • Analytics and Performance Cookies. These Cookies collect information about how visitors use our Sites and Apps, such as which pages are visited most often and whether users receive error messages. The information these Cookies collect is aggregated and used to improve the performance of our Services. We may use third-party analytics providers, such as Google Analytics, for this purpose. To learn more about how Google uses data, visit google.com/policies/privacy/partners/. 
  • Marketing and Advertising Cookies. To the extent we deploy marketing or advertising Cookies in the future, these Cookies would be used to deliver content and advertisements more relevant to you and your interests, to limit the number of times you see an advertisement, and to measure the effectiveness of advertising campaigns. We will update this Privacy Notice before deploying any such Cookies and will provide opt-out mechanisms as required by applicable law. 

 Cookie Duration. Session Cookies are temporary and are deleted when you close your browser. Persistent Cookies remain on your device for a set period or until you delete them. We use both session and persistent Cookies. Persistent Cookies used for analytics and functionality purposes are typically retained for up to 13 months unless you clear them sooner. 

 

Do Not Track 

We do not currently employ a process for automatically responding to “Do Not Track” (DNT) signals sent by web browsers, mobile devices, or other mechanisms. Per industry standards, third parties may be able to collect information, including Personal Data, about your online activities over time and across different websites or online services when you use the website. 

 

Global Privacy Control  

You can use the Global Privacy Control (“GPC”) through a supported browser to signal certain of your opt-out preferences. You may opt out of the processing of your Personal Data for purposes of targeted advertising or certain sales of your Personal Data by broadcasting the Global Privacy Control signal through a supported browser. If you use the GPC, we will process your request for your browser, but it will not apply outside of that browser to your device. You will need to use the GPC for each browser you use to access the website If you clear your cookies in your browser after using the GPC, you will need to use the GPC again for us to process your opt out for that browser. 

 

International Data Transfers 

We may process Personal Information in the United States, the United Kingdom, and other jurisdictions where we or our service providers operate. Where required by applicable law, we use appropriate safeguards for cross-border transfers, such as contractual safeguards or other lawful transfer mechanisms. 

 

Children’s Privacy  

We do not knowingly collect or solicit any Personal Information from children under the age of 18. In the event that we learn that we have collected Personal Information from a child under the age of 18, we will promptly take steps to delete that information. If you are a parent or legal guardian and think your child has given us their Personal Information, you can email us at operations@cinchio.com 

 

Links to Third-Party Websites 

We are not responsible for the practices employed by any websites or services linked to or from our Sites or Apps, including the information or content contained within them. We encourage you to investigate and ask questions before disclosing Personal Information to third parties, since any Personal Information disclosed will be handled in accordance with the applicable third party’s privacy notice.  

 

U.S. State Privacy Rights  

Depending on where you live and subject to applicable law, you may have the right to: 

  • confirm whether we process your Personal Information; 
  • access your Personal Information; 
  • correct inaccuracies in your Personal Information; 
  • delete your Personal Information; 
  • obtain a copy of certain Personal Information in a portable format; 
  • opt out of the processing of Personal Information for targeted advertising, sale, or certain profiling; 
  • withdraw consent where we rely on consent to process your information, including certain sensitive data; 
  • appeal our decision regarding a privacy-rights request. 


Residents of certain states may also have the right to limit certain uses of sensitive Personal Information where applicable.  

California residents may have additional rights under the California Consumer Privacy Act, including the right to know, delete, correct, and opt out of the sale or sharing of Personal Information, and businesses that sell or share Personal Information online must treat user-enabled Global Privacy Control signals as a valid opt-out method.  

 

Individuals in the European Union, European Economic Area, Switzerland, and the United Kingdom 

This section provides additional information regarding Cinchio’s processing of Personal Information of people located in the European Union (“EU”), European Economic Area (“EEA”), Switzerland, and the United Kingdom (“UK”) in accordance with the EU Data Protection Regulation, UK Data Protection Regulation, and the Swiss Federal Data Protection Act.  


Legal Basis for Processing
Our legal basis for processing Personal Information depends on the Personal Information concerned and the context in which we process it.  We process Personal Information from you where we need it to perform a contract with you, where the processing is in our legitimate interests (including the purposes described in this Privacy Notice), where the processing is necessary for us to meet our applicable legal obligations, or if we otherwise have your consent. 


Special Category Personal Information
We do not intend to collect any “special category” Personal Information, as defined by the EEA which is any Personal Information that reveals your racial or ethnic origin, political opinions, religious, moral, or philosophical beliefs, trade union membership, political views, the processing of genetic data, biometric data for the purpose of identifying a person, and Personal Information concerning health or a person’s sex life and/or sexual orientation.  Please refrain from sending us any “special category” Personal Information.  


Automated Decision Making
We do not make any automated decisions on your behalf or about you without first obtaining your express, opt-in consent.  In the event we secure your consent to do so, you have the right to object to the processing of Personal Information via automated decision making at any time by contacting us at operations@cinchio.com 


Transfers to Third Parties and Countries
Personal Information that we collect or receive may be transferred to and/or processed by third parties that are located outside of the EU, EEA, Switzerland, or the UK, some of which applicable authorities may not consider to have an adequate level of protection for Personal Information. Cinchio will only transfer Personal Information to third parties located outside of the EU, EEA, Switzerland, and the UK when it has ensured appropriate safeguards for such Personal Information through the use of the standard contractual clauses or other lawful and approved methods. 

 

Your Privacy Rights and How to Exercise Them  

 Depending on where you live, you may have the following rights with respect to your Personal Information under applicable data protection laws: 

  • Access – The right to know what Personal Information we have collected about you and to access such Personal Information. 
  • Data portability – The right to receive a copy of your Personal Information in a portable and readily usable format. 
  • Deletion – The right to delete your Personal Information that we have obtained, subject to certain exceptions. 
  • Correction – The right to correct inaccuracies in your Personal Information. 
  • Objection/Restriction of Processing – The right to object or restrict us from processing your Personal Information in certain circumstances. 
  • Withdraw Consent – The right to withdraw your consent where we are relying on your consent to process your Personal Information. 
  • Lodge a Complaint ­– The right to lodge a complaint with a supervisory authority or other regulatory agency if you believe we have violated any of the rights afforded to you under applicable data protection laws. We encourage you to reach out to us first, so we have an opportunity to address your concerns directly before you do so.

How to Exercise Your Rights. To exercise your privacy rights, you can: (1) complete our fillable form on our Site https://cinchio.com/contact; (2) email us at operations@cinchio.com; or (3) call us toll free at (855) 945-2110. 

Data Protection Contact. For questions regarding the processing of your Personal Data or to exercise your rights under the GDPR, UK GDPR, or FADP, please contact us at: 

SSA Group, LLC
Attn: Data Protection Inquiries
Email: digitalcompliance@thessagroup.com
Phone: 855-945-2110

 

California Notice at Collection and Additional California Disclosures  

Cinchio makes the following disclosures regarding the Personal Information it has collected within the 12-month period preceding the Effective Date of this Privacy Notice: 


Sources of Personal Information
We collect Personal Information from the categories of sources detailed in the How We Collect Personal Information section above.   

Use of Personal Information
We collect Personal Information for the business and commercial purposes detailed in the How We Use Personal Information section above. 

Disclosure of Personal Information
The categories of third parties to whom we disclose Personal Information for a business or commercial purpose or to whom we sell or share Personal Information are detailed in the “How We Disclose Personal Information” section above.  We do not knowingly sell or share the Personal Information of minors under the age of 16. 

 

Categories of Personal Information We Collect  Categories of Third Parties to Whom We Sell or Share Personal Information 
Identifiers  We do not sell this category of Personal Information. We do not share this category of information as defined by the CCPA; however, we may share information as disclosed in this notice, for example, to third-party service providers to fulfill orders, etc.   
Personal information, as defined in the California customer records law   We do not sell this category of Personal Information. We do not share this category of information as defined by the CCPA; however, we may share information as disclosed in this notice, for example, to third-party service providers to fulfill orders, etc.   
Commercial Information   We do not sell this category of Personal Information. We do not share this category of information as defined by the CCPA; however, we may share information as disclosed in this notice, for example, to third-party service providers to fulfill orders, etc. 
Internet or other similar network activity  We do not sell this category of Personal Information. We do not share this category of information as defined by the CCPA; however, we may share information as disclosed in this notice, for example, to third-party service providers to operate and maintain our Sites and Apps, etc.   
Geolocation data  We do not sell this category of Personal Information. We do not share this category of information as defined by the CCPA; however, we may share information as disclosed in this notice, for example, to third-party service providers who operate and maintain location services used on our Sites or Apps, etc.   

 We collect and use these categories for the business and commercial purposes described in this Privacy Notice and disclose them to the categories of recipients listed above. 

We do not knowingly sell or share the Personal Information of consumers under 18 years of age. 

Shine The Light. Under California Civil Code Section 1798.83, individual customers who reside in California and who have an existing business relationship with us may request information about our disclosure of certain categories of Personal Information to third parties for the third parties’ direct marketing purposes, if any. To make such a request, please contact us using the information in the Contact Us section below. Please be aware that not all information sharing is covered by these California privacy rights requirements and only information on covered sharing will be included in our response. This request may be made no more than once per calendar year. 

To exercise any of the privacy rights afforded to you under applicable data protection laws, please submit a request to us by emailing us at operations@cinchio.com or calling us toll free at (855) 945-2110. 

You will not be discriminated against in any way by virtue of your exercise of the rights listed in this Privacy Notice which means we will not deny our services to you, provide different prices or rates for services to you, or provide a different level or quality of services to you.  Only you, or an authorized agent that you authorize to act on your behalf, may make a request related to your Personal Information.  

We must verify your identity before fulfilling your requests, and if we cannot verify your identity, we may request additional information from you. If you are an authorized agent making a request on behalf of another person, we will also need to verify your identity, which may require proof of your written authorization or evidence of a power of attorney. We endeavor to respond to requests within the time period required by applicable law. If we require more time, we will inform you of the reason and extension period in writing. 

We do not charge a fee to process or respond to your requests unless they are excessive or repetitive. If we determine that a request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. We may deny certain requests, or only fulfill some in part, as permitted or required by law. If you are not satisfied with the resolution of your request and you are afforded a right to appeal such decision, you will be notified of our appeal process in our response to your request. 

 

Changes to this Privacy Notice   

Please note that we may modify or update this Privacy Notice from time to time, so please review it periodically. We will provide you with notice via a pop-up on our Sites and Apps if material changes are made. Unless otherwise indicated, any changes to this Privacy Notice will apply immediately upon posting to our Sites and our Apps. 

 

Contact Us 

 If you have any questions about our practices or this Privacy Notice, please contact us at:  

Cinchio Solutions, LLC
Email: operations@cinchio.com
Phone: (303) 945-2170