Privacy Policy

Effective Date: June 3, 2026  |  Last Updated: June 3, 2026

1. Introduction and Who We Are

Welcome to East Coast Wings ("we," "us," "our," or "the Company"). We are a food service business operating in the United States, committed to protecting the privacy and security of our customers, website visitors, and all individuals who interact with our brand.

This Privacy Policy applies to all personal information collected through our website located at eastcoastwings-food.rest, our online ordering platform, mobile interactions, in-store data collection, loyalty programs, marketing communications, and any other digital or physical touchpoint associated with East Coast Wings.

We understand that privacy is a fundamental right. Whether you are browsing our menu, placing a food order, signing up for promotions, or simply contacting us with a question, we want you to feel confident that your personal information is handled responsibly, transparently, and in accordance with applicable United States federal and state privacy laws, including but not limited to the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and the Federal Trade Commission Act (FTC Act).

By accessing our website or using any of our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the terms described herein, please discontinue use of our website and services immediately.

2. Contact Information for Privacy Inquiries

If you have any questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us using the information below:

We are committed to responding to all privacy-related inquiries within 30 business days of receipt. For California residents exercising rights under CCPA/CPRA, we will respond within the legally mandated 45-day period, with possible extensions as permitted by law.

3. Information We Collect

We collect various categories of personal information depending on how you interact with East Coast Wings. Below is a detailed breakdown of the types of data we may collect:

3.1 Personal Identification Information

When you create an account, place a food order, sign up for newsletters, participate in promotions, or contact us directly, we may collect:

• Full name (first and last)
• Email address
• Phone number
• Delivery address, billing address, and zip code
• Date of birth (for age verification purposes)
• Account username and password (stored in encrypted form)
• Preferences, dietary restrictions, and order history

3.2 Payment and Transaction Information

When you complete a purchase or transaction through our platform, we collect:

• Payment card type (Visa, Mastercard, etc.)
• Last four digits of your payment card number
• Billing name and billing address
• Transaction amounts, dates, and order identifiers
• Tip amounts and applied promotional codes

Please note: We do not store full payment card numbers. All sensitive payment data is processed through PCI-DSS compliant third-party payment processors. Full card details are handled exclusively by our payment partners and are never stored on our servers.

3.3 Usage and Behavioral Data

As you navigate our website, we automatically collect certain usage data, including:

• Pages visited, links clicked, and time spent on each page
• Search queries entered on our website
• Items added to or removed from your cart
• Order completion rates and abandonment patterns
• Referring website URLs (where you came from before visiting our site)
• Exit pages and browsing session duration

3.4 Device and Technical Information

We automatically collect certain technical information about the device and browser you use to access our services:

• IP address (Internet Protocol address)
• Browser type and version (Chrome, Firefox, Safari, etc.)
• Operating system (Windows, macOS, iOS, Android, etc.)
• Device type (desktop, laptop, smartphone, tablet)
• Screen resolution and display settings
• Language settings
• Time zone and general geographic location derived from IP address
• Unique device identifiers and advertising IDs

3.5 Cookie and Tracking Technology Data

We use cookies, web beacons, pixel tags, local storage objects, and other tracking technologies to collect data about your interactions with our website. For more detailed information, please refer to Section 8: Cookie Usage and Tracking Technologies of this policy.

3.6 Communications Data

When you contact us via email, phone, chat, or feedback forms, we collect:

• The content of your messages and communications
• Contact details you provide when reaching out
• Records of complaints, feedback, and dispute resolution interactions
• Call recordings (where permitted by law and disclosed at the time of the call)

3.7 Loyalty Program and Promotional Data

If you participate in our loyalty rewards program, referral campaigns, or promotional events, we may additionally collect:

• Loyalty points earned and redeemed
• Referral codes used
• Survey responses and feedback submissions
• Social media handles (if you participate in social promotions)

4. How We Use Your Information

East Coast Wings uses collected personal information for the following purposes:

4.1 Service Provision and Order Fulfillment

The primary use of your personal information is to provide you with our food services, including:

• Processing and fulfilling your food orders (delivery, pickup, dine-in)
• Sending order confirmations, receipts, and status updates
• Coordinating with delivery drivers and third-party delivery platforms
• Managing your account and saved preferences
• Providing customer support and resolving issues
• Processing returns, refunds, or order adjustments

4.2 Analytics and Service Improvement

We use aggregated and de-identified data to continuously improve our services:

• Analyzing website performance, traffic patterns, and user behavior
• Testing new features, menu items, and website designs
• Understanding peak order times and popular menu categories
• Improving website speed, navigation, and user experience
• Conducting internal research and reporting

4.3 Marketing and Promotional Communications

With your consent (or as permitted under applicable law), we may use your information to:

• Send promotional emails, SMS messages, and push notifications about special offers, discounts, and new menu items
• Personalize marketing messages based on your order history and preferences
• Retarget you with relevant advertisements on third-party platforms (Google, Meta/Facebook, Instagram)
• Conduct sweepstakes, contests, and loyalty promotions
• Send seasonal greetings and birthday offers (where you have provided your date of birth)

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any email, texting STOP to any SMS number, or contacting us directly at [email protected].

4.4 Legal Compliance and Safety

We may use your information to:

• Comply with applicable federal, state, and local laws
• Respond to lawful requests from government authorities or law enforcement
• Detect, prevent, and investigate fraud, security incidents, and abuse
• Enforce our Terms of Service and other applicable agreements
• Protect the rights, property, and safety of East Coast Wings, our customers, and the public

5. Data Sharing with Third Parties

East Coast Wings does not sell your personal information to third parties for monetary compensation. However, we may share your data in the following circumstances:

5.1 Service Providers and Business Partners

We engage trusted third-party service providers who assist us in operating our business. These parties are contractually obligated to use your data only for specified purposes and in compliance with this Privacy Policy. Categories of service providers include:

• Payment Processors: To securely handle online transactions and prevent fraud
• Delivery Partners: Third-party delivery platforms (e.g., DoorDash, UberEats, Grubhub) to fulfill delivery orders
• Email and SMS Marketing Platforms: To send promotional and transactional communications
• Analytics Providers: Google Analytics and similar tools to analyze website usage
• Cloud Hosting Providers: To store and manage our website and customer data securely
• Customer Support Tools: Helpdesk software platforms to manage customer inquiries
• Advertising Networks: For targeted advertising campaigns on social media and search engines

5.2 Legal Requirements and Law Enforcement

We may disclose your personal information if required to do so by law or if we believe such disclosure is necessary to:

• Comply with a legal obligation, court order, or subpoena
• Cooperate with federal, state, or local law enforcement agencies
• Protect against legal liability or respond to legal claims
• Investigate potential violations of our Terms of Service

5.3 Business Transfers

In the event that East Coast Wings undergoes a merger, acquisition, sale of assets, bankruptcy, or other business transition, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website prior to your data being subject to a materially different privacy policy.

5.4 With Your Consent

We may share your personal information with third parties for any other purpose with your explicit consent, which you may revoke at any time by contacting us.

6. Data Security Measures

The security of your personal information is a top priority at East Coast Wings. We implement a comprehensive set of technical, administrative, and physical security measures designed to protect your data from unauthorized access, disclosure, alteration, and destruction.

6.1 Technical Safeguards

• SSL/TLS Encryption: All data transmitted between your browser and our website is encrypted using industry-standard SSL/TLS protocols (HTTPS)
• Encryption at Rest: Sensitive stored data, including passwords, is encrypted using strong cryptographic algorithms
• Firewalls and Intrusion Detection: We employ network firewalls and intrusion detection/prevention systems to monitor and protect our infrastructure
• Secure Payment Processing: Payment data is handled exclusively by PCI-DSS Level 1 compliant payment processors
• Regular Security Updates: Our systems and software are regularly updated to address known vulnerabilities
• Two-Factor Authentication: Internal administrative accounts require multi-factor authentication

6.2 Administrative Safeguards

• Access to personal information is restricted to authorized employees on a need-to-know basis
• All staff with access to customer data receive regular privacy and security training
• We maintain internal data handling policies and procedures
• Third-party vendors are vetted and required to sign data processing agreements

6.3 Incident Response

In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected individuals and relevant regulatory authorities in accordance with applicable United States laws, including applicable state breach notification statutes. Notifications will be provided promptly and will include details about the nature of the breach, data affected, and steps taken to mitigate harm.

While we strive to protect your personal information, please be aware that no method of electronic transmission or storage is 100% secure. We encourage you to use strong, unique passwords for your account and to contact us immediately if you suspect any unauthorized use of your account.

7. Your Privacy Rights

Depending on your location and applicable law, you may have the following rights with respect to your personal information:

7.1 Right to Access and Know

You have the right to request a copy of the personal information we hold about you, including the categories of data collected, the purposes for which it is used, and the categories of third parties with whom it is shared.

7.2 Right to Correction and Rectification

If any of the personal information we hold about you is inaccurate or incomplete, you have the right to request that we correct or update it. You may also update your account information directly through your user account settings.

7.3 Right to Deletion

You have the right to request the deletion of your personal information, subject to certain exceptions. We may be unable to fulfill deletion requests if we are required to retain the data to:

• Complete a transaction or fulfill an ongoing order
• Comply with legal obligations
• Detect or prevent security incidents or fraud
• Exercise or defend legal claims

7.4 Right to Data Portability

Where technically feasible, you have the right to receive a copy of the personal information you have provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another organization.

7.5 Right to Opt Out of Marketing

You have the right to opt out of receiving marketing communications from us at any time. To do so, you may:

• Click the "unsubscribe" link at the bottom of any marketing email
• Reply STOP to any SMS marketing message
• Contact us at [email protected]

Please note that even after opting out of marketing communications, you may still receive transactional messages related to your orders and account.

7.6 Right to Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. This means we will not deny you services, charge you different prices, or provide a lower quality of service based on your exercise of these rights.

7.7 How to Submit a Privacy Rights Request

To exercise any of the rights described above, please contact us by:

• Email: [email protected] with the subject line "Privacy Rights Request"
• Website: eastcoastwings-food.rest

We may need to verify your identity before processing your request. We will not discriminate against you for making a request and will respond within the timeframe required by applicable law (generally 30–45 days).

8. Cookie Usage and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, understand how our website is used, and deliver relevant marketing communications.

8.1 Types of Cookies We Use

You can control and manage cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling certain cookies may affect the functionality of our website and your ability to complete orders.

For full details on how we use cookies, the specific cookies we deploy, and how to manage your preferences, please refer to our dedicated Cookie Policy available on our website at eastcoastwings-food.rest.

9. Data Retention Periods

We retain your personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, comply with our legal obligations, resolve disputes, and enforce our agreements. The following general retention guidelines apply:

When personal information is no longer required, we securely delete or anonymize it in accordance with industry best practices. Anonymized data, which cannot reasonably be used to identify you, may be retained indefinitely for analytical and business intelligence purposes.

10. California Residents — CCPA/CPRA Rights

If you are a resident of California, you have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), effective January 1, 2023.

10.1 Categories of Personal Information Collected (California)

In the past 12 months, we have collected the following categories of personal information as defined by the CCPA:

• Identifiers (name, email, IP address, account ID)
• Commercial information (order history, purchasing preferences)
• Internet or other electronic network activity information (browsing behavior, search history on our site)
• Geolocation data (general location derived from IP address)
• Inferences drawn from personal information to create a consumer profile

10.2 Your CCPA/CPRA Rights

As a California resident, you have the right to:

• Know: Request disclosure of the categories and specific pieces of personal information collected about you
• Delete: Request deletion of your personal information (subject to exceptions)
• Correct: Request correction of inaccurate personal information
• Opt Out of Sale/Sharing: Opt out of the sale or sharing of your personal information
• Limit Sensitive Data Use: Limit the use and disclosure of sensitive personal information
• Non-Discrimination: Exercise your rights without discrimination

10.3 Submitting a California Privacy Request

To submit a CCPA/CPRA request, contact us at [email protected] with the subject line "California Privacy Request." We will verify your identity and respond within 45 days (with a possible 45-day extension where reasonably necessary).

You may also designate an authorized agent to submit requests on your behalf. Authorized agent requests must include written proof of authorization and identity verification.

11. Children's Privacy

East Coast Wings is committed to complying with the Children's Online Privacy Protection Act (COPPA) and other applicable laws protecting minors. We do not knowingly market to or collect data from children under the age of 13.

If you are a parent or legal guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at [email protected]. Upon verification, we will take immediate steps to delete such information from our systems.

Our ordering platform, loyalty programs, and marketing communications are designed for adult consumers. Individuals under 18 should not use our website or services without the supervision and consent of a parent or legal guardian.

12. International Data Transfers

East Coast Wings is a United States-based business, and your personal information is primarily collected, stored, and processed within the United States. However, some of our third-party service providers, including cloud hosting, analytics, and marketing platforms, may process data on servers located outside the United States.

If your personal information is transferred to and processed in countries outside the United States, we take reasonable steps to ensure that adequate safeguards are in place. This may include:

• Entering into Standard Contractual Clauses (SCCs) or similar contractual mechanisms with our service providers
• Ensuring service providers comply with applicable privacy standards equivalent to those in the United States
• Using providers that participate in recognized privacy certification frameworks

By using our website and services from outside the United States, you acknowledge that your personal information may be transferred to, stored in, and processed in the United States, where privacy laws may differ from those in your jurisdiction. We will always handle your data with the protections described in this Privacy Policy, regardless of where it is processed.

13. Third-Party Links and Websites

Our website may contain links to third-party websites, applications, and services, including delivery platforms, social media networks, and payment processors. These third parties have their own privacy policies, and we are not responsible for the privacy practices of external sites or services.

We encourage you to review the privacy policies of any third-party websites you visit. The inclusion of a link to a third-party website does not constitute an endorsement of that site or its privacy practices. East Coast Wings is not liable for any data collection, use, or disclosure by third-party websites.

When you choose to use third-party delivery services (such as DoorDash, UberEats, or Grubhub) to order from East Coast Wings, your personal information may be subject to those platforms' privacy policies in addition to ours.

14. How to File a Complaint with a Data Protection Authority

If you believe that we have violated your privacy rights or are dissatisfied with our response to your privacy inquiry, you have the right to file a complaint with the appropriate regulatory authority.

14.1 Federal Trade Commission (FTC)

The Federal Trade Commission (FTC) enforces consumer protection laws, including unfair or deceptive privacy practices under Section 5 of the FTC Act. You may file a complaint with the FTC at:

• Website: www.ftc.gov/complaint
• Phone: 1-877-FTC-HELP (1-877-382-4357)
• Address: Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580

14.2 California Residents — California Privacy Protection Agency (CPPA)

California residents may file complaints with the California Privacy Protection Agency (CPPA), which enforces the CPRA:

• Website: cppa.ca.gov
• California Attorney General: oag.ca.gov/privacy

14.3 State Attorney General Offices

Residents of other U.S. states may contact their state Attorney General's office to report privacy concerns or exercise rights available under applicable state privacy laws.

Before filing a complaint with a regulatory authority, we encourage you to contact us directly first. We are committed to resolving privacy concerns fairly and promptly:

Email: [email protected]

15. Changes to This Privacy Policy

We reserve the right to update, modify, or revise this Privacy Policy at any time to reflect changes in our data practices, legal requirements, or business operations. When we make material changes to this policy, we will:

• Update the "Last Updated" date at the top of this page
• Post a prominent notice on our website homepage
• Send an email notification to registered account holders (for significant changes)

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information. Your continued use of our website and services after any changes to this policy constitutes your acceptance of the revised terms.

If you disagree with any changes to this Privacy Policy, you should stop using our services and, if applicable, delete your account by contacting us at [email protected].

16. Consent and Legal Basis for Processing

We process your personal information based on the following legal bases:

• Contractual Necessity: Processing necessary to fulfill your orders, manage your account, and provide our food services
• Legitimate Interests: Processing necessary for our legitimate business interests, including fraud prevention, security, analytics, and service improvement (provided such interests are not overridden by your rights)
• Legal Obligation: Processing required by applicable federal and state laws
• Consent: Processing based on your explicit consent, including for marketing communications and non-essential cookies

Where we rely on consent as the legal basis for processing, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

17. Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals to websites. Currently, there is no uniform standard for how websites should respond to DNT signals. As a result, our website does not currently respond to browser DNT signals. However, you can manage your cookie and tracking preferences through your browser settings and our cookie management tools.

We will continue to monitor developments in DNT standards and update our practices accordingly.

18. Summary of Key Privacy Commitments