Effective date: April 30, 2026 · Last updated: April 30, 2026
This Privacy Policy explains how Fresso Cafe ("Fresso," "we," "us," or "our") collects, uses, and shares information when you use the Fresso Cafe mobile application (the "App") and related services (collectively, the "Service"). By using the Service, you agree to the practices described below.
Fresso Cafe
4899 Highway 6, Suite 116C
Missouri City, TX 77459
Email: cafefresso@gmail.com
The App does not request access to your location, contacts, photos, microphone, camera, health, motion, calendar, or advertising identifier. We do not track you across other companies' apps or websites, and we do not use third-party advertising or analytics SDKs that profile you.
Card and payment information is collected and processed by Square, Inc. through its In-App Payments SDK and servers. Fresso never sees, transmits, or stores your full card number, CVV, or bank account details. We receive only a transaction reference, the amount charged, and the last four digits / brand of the card for receipt display. Square's handling of your payment information is governed by Square's Privacy Notice.
| Purpose | What it covers |
|---|---|
| Provide the Service | Create and manage your account, accept and fulfill orders, run the loyalty program, send order-status push notifications, prevent fraud and abuse. |
| Authenticate you | Verify your identity at sign-in, sign-up, and password reset, including sending one-time codes by SMS via Twilio. |
| Customer support | Respond to questions, troubleshoot issues, and process refunds or order cancellations. |
| Marketing communications | If you have opted in, send you promotional emails and SMS about menu items, deals, and Fresso events. You can opt out at any time (see Section 6). |
| Legal and safety | Comply with applicable law, enforce our Terms of Service, and protect the rights, property, and safety of Fresso, our customers, and the public. |
We do not sell your personal information, and we do not use it for cross-context behavioral advertising.
We share information only with service providers that help us run the Service, and only as needed for that purpose. Each provider is bound by contract or its own published terms to protect your information.
| Provider | Purpose | What they receive |
|---|---|---|
| Square, Inc. | Payment processing, customer record, loyalty program | Name, email, phone, payment details (collected directly by Square), order history, loyalty balances |
| Twilio Inc. (Verify) | SMS verification codes for password reset and account claim | Phone number, time of request |
| Apple, Inc. (APNs) | Delivering push notifications to your device | Device push token, notification content |
| Railway Corp. | Application hosting | All data needed to operate the backend |
| Database hosting provider | Storing account, order, loyalty, and promo data | All stored account and order data |
We may also disclose information (a) to comply with a lawful subpoena, court order, or government request; (b) to investigate or prevent fraud, abuse, or threats to safety; or (c) in connection with a merger, acquisition, financing, or sale of assets, in which case we will notify you and require the recipient to honor this Policy.
If you place an order, you will receive transactional push notifications and may receive transactional SMS or email about your order's status (placed, in progress, ready for pickup, canceled). These are not marketing messages and you cannot opt out of them while you have an active order, except by uninstalling the App or contacting us to cancel.
We will only send you marketing or promotional SMS if you have given prior express written consent (for example, by opting in within the App). Message frequency varies. Message and data rates may apply. Reply STOP to any marketing SMS to unsubscribe, or reply HELP for help. Unsubscribing from marketing SMS does not opt you out of transactional order-status SMS.
We will only send you marketing or promotional email if you have opted in. Every marketing email contains an unsubscribe link, and you can also unsubscribe by emailing cafefresso@gmail.com.
You can disable push notifications at any time in your device's iOS Settings under Notifications → Fresso Cafe.
You can review and update your name, email, and phone number at any time in the App's Account tab. You can permanently delete your Fresso account from Account → Settings → Delete account. Deletion removes your password, device tokens, app login, and personal app data from our systems. Your customer record and prior transactions in Square may be retained as part of Square's records and as required by tax and accounting law; you can contact us to request further deletion to the extent permitted.
You can opt out of marketing email by clicking the unsubscribe link in any marketing email or by emailing us. You can opt out of marketing SMS by replying STOP to any marketing message.
Depending on where you live, you may have rights under state privacy law to (a) know what personal information we have about you, (b) request correction of inaccurate information, (c) request deletion of your information, (d) opt out of "sale" or "sharing" of personal information, and (e) appeal a denial of your request. We do not sell or share your personal information for cross-context behavioral advertising. To exercise any other right, email cafefresso@gmail.com. We will verify your request using information you provide and respond within the time required by law.
If you are in the European Economic Area or the United Kingdom, our legal bases for processing are: contract performance (to provide the Service), legitimate interests (to secure the Service and prevent abuse), consent (for marketing communications, which you can withdraw), and legal obligation (tax and accounting). You have rights of access, rectification, erasure, restriction, portability, and objection under the GDPR/UK GDPR, and you may lodge a complaint with your local data-protection authority.
We keep your account information for as long as your account is active. Order and payment records are retained for at least seven years to comply with tax and accounting requirements. Push device tokens are deleted when you sign out, when Apple invalidates the token, or when you delete the App. Hashed passwords are deleted immediately on account deletion. Backup copies may persist for up to 30 days after deletion before being overwritten.
We use industry-standard measures to protect your information, including TLS encryption in transit, hashed passwords (bcrypt), tokenized authentication (JWT), rate limiting, and access controls on our database. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.
The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it.
The Service is operated from the United States. If you use the Service from outside the United States, you understand and consent to the transfer and processing of your information in the United States, which may have data-protection laws different from those in your country.
We may update this Privacy Policy from time to time. If we make material changes, we will notify you in the App or by email before the changes take effect. The "Last updated" date at the top of this Policy reflects the most recent revision.
Questions, concerns, or requests about this Privacy Policy:
Fresso Cafe
4899 Highway 6, Suite 116C
Missouri City, TX 77459
Email: cafefresso@gmail.com