Privacy Policy

This “Privacy Policy” describes how Mostly Vegetables, PBC d/b/a “Nan’s Kitchen”  (“Mostly Vegetables, PBC,“MVPBC”,we", us”, "our", “Nan’s”, “Nan’s Kitchen” ) handles the information we collect from and about you through:

  • our digital platforms that link to this Privacy Policy, including our websites (collectively, the “Site”), mobile applications (collectively, the “Application”), and kiosks or tablets at Nan’s Kitchen restaurant locations (together with the Site and Application, the “Services”); 

  • social media platforms; 

  • our other marketing activities; and 

  • offline activities at our restaurant locations described in this Privacy Policy.

Information We Collect

  • Contact Data. Your first and last name, company name, email address, mailing, delivery or office addresses, and phone number. 

  • Profile Data. The username and password that you set to establish an online account with us, and other information you may choose to submit or include in your account profile, such as your birthday or gender. 

  • Order and Transactional Data. Information you provide to place an order at one of our restaurants or through the Services for delivery or pick up, including your order information, payment card information, information about your payment transactions, and your order history. 

  • Communications Data. Information in your communications with us, including when you request support, contact us with questions or feedback, communicate with us via chat features, complete our surveys, engage with us on social media, or otherwise communicate with us.  Communications may be monitored and recorded by MVPBC. and its third party service providers for the purposes described in the How We Use Your Information section below. 

  • Marketing Data.  Your preferences for receiving marketing communications from us, the email or phone number you provide when you subscribe to our marketing emails or text messages, and information you provide when you participate in an event, contest, or promotion. 

  • Security Data.  Security camera footage of our restaurants and other facilities.

  • Other Information that is not specifically listed in this Privacy Policy, which we will use consistent with this Privacy Policy or as otherwise explained at or before the time of collection.

Information We Collect Automatically. When you access the Services or our communications, we, our service providers and third party partners may automatically log, monitor and record information about you, your computer or mobile device, and your activity over time on the Services and other online services for the purposes described in the How We Use Your Information section below. This information includes:

  • Device Data. Information about your computer’s or mobile device’s operating system type and version number, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G) and general location information such as city, state or geographic area.

  • Usage Data. Date and time of your visit, pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, search terms you enter using our Services, access times, and duration of access, whether you have opened our emails or clicked links within them, and other functional information on Service performance (like diagnostics and crash logs)

  • Precise Geolocation of Your Device when you grant access to it in your device’s settings.

Cookies and Other Data Collection Technologies. Some of the information that we, our service providers and third party partners collect automatically is collected through the following technologies:

  • Cookies, which are text files that websites store on a visitor’s browser or device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of tracking user activity and patterns, helping the visitor navigate between pages efficiently, remembering preferences, improving the visitor’s browsing experience, and enabling functionality, analytics, and online advertising..  Cookies used on our site include cookies that we serve as well as cookies served by third parties that we work with to enable the services they provide, such as website/application analytics services that track traffic and usage. 

  • Pixels, also known as web beacons or clear GIFs, which are embedded invisibly in image files within webpages or HTML formatted emails and used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked, typically to compile statistics about usage of websites and the success of marketing campaigns. We may use pixels to collect information about your interactions with our email messages, such as the links you click on and whether you open or forward a message, the date and time of these interactions and the device you use to read emails.

  • Browser web storage (including HTML5), also known as locally stored objects, functions like cookies but enables the storage of a larger amount of data. 

Information Collected from Other Sources. We may receive information about you from companies that help provide our Services, or from other third parties, such as:

  • Data Providers, such as information services and data licensors.

  • Publicly-Available Sources, such as publicly-available social media profiles.

  • Marketing Partners, such as companies that have entered into joint marketing relationships or other joint ventures with us.

We may combine information about you that we receive from third parties with information we collect about you in other ways and use the combined information consistent with this Privacy Policy.

Information Collected from Third Party Platforms. If you communicate with us through or mention us on a social media or other third party platforms, we may collect information about you, such as the communications, your name, your username associated with that platform and any information or content you have permitted the platform to disclose to us. The platform provider’s privacy policy will apply to your interactions with the platform and its collection, use and disclosure of your information, including when you interact with pages that we maintain on social media platforms. We will treat information about you that we receive from such platforms as described in this Privacy Policy. You should check your privacy settings in your social media or other third party accounts to understand what information is disclosed to us through these services and your choices regarding such disclosures.

Information About Others. If you decide to invite a third party to create an account with us, we will collect your and the third party’s name and e-mail address to send an e-mail and follow up with the third party. When you provide the personal information of others to us about people other than yourself, you are responsible for ensuring that you have their permission to do so.

How We Use Your Information

We use your information for the following purposes and as otherwise described in this Privacy Policy or at the time of collection:

Service Delivery. We may use your information to:

  • Provide, operate and improve the Services and our business and develop new products or services;

  • Create and administer your account;

  • Fulfill your orders, including by communicating them to our local restaurants, delivery networks (including third party delivery marketplaces), ecommerce platforms, and other service providers and by providing you with receipts, order confirmations and pickup instructions;

  • Provide customer support and improve our customer support capabilities, including to perform quality assurance monitoring of support calls and to train support personnel;

  • Administering your participation in rewards programs and other offers and promotional programs we may provide;

  • Respond to your requests, resolve disputes and/or troubleshoot problems;

  • Understand your needs and interests, and tailor the features and content of the Services and communications to you;

  • Communicate with you about the Services, including sending you announcements, updates, security alerts, and administrative e-mail notifications such as security or support and maintenance advisories; and

  • Enable security features of the Services, such as by sending you security codes via email or SMS, and remembering devices from which you have previously logged in.

Research and Development. We may use your information for research and development purposes, including to analyze and improve the Services and our business.  As part of these activities, we may create anonymous, aggregated, and/or de-identified data from information we collect by removing information that makes the data personally identifiable to you. We may use this anonymous data and disclose it to third parties for our lawful business purposes, including to analyze and improve the Services and promote our business.  We do not attempt to reidentify deidentified information, except that we may do so to test whether our deidentification processes comply with applicable law.

Interest-Based Advertising. We work with third party advertising companies and social media companies that display ads on our Services and other online services. These companies use cookies and other technologies to collect data (including the Device Data and Usage Data described above) on your activity over time across our Services and other online services or your interaction with emails, which they use to try to tailor the ads you see online to your interests. These ads are known as “interest-based advertisements.” You can learn more about your choices for limiting interest-based advertising in the Internet-Based Advertising Choices section below. We may also disclose user contact information to third party online services, such as social media platforms, to facilitate interest-based advertising to those contacts or similar users on third party online services

Marketing. We may send you offers and promotions from MVPBC, our affiliates, joint venture partners and other companies that offer products or services that may be of interest to you, in each case, as permitted by law. You can opt out of our marketing and promotional communications as described in the Opt Out of Marketing Communications section below.

Compliance and Protection. Regardless of any choices you make below, we may use your information if we believe in good faith that such disclosure is appropriate to:

  • comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;

  • protect our, your, or others’ rights, privacy, safety, or property (including by making and defending legal claims);

  • enforce the terms and conditions that govern the Services;

  • secure the Services, including to monitor for and respond to security incidents; and

  • prevent, identify, investigate, and deter any activity that is fraudulent, harmful, unauthorized, unethical, or unlawful or that violates the relevant terms and conditions governing the Services.

Consent. If you consent or direct us to use your information in a certain way, we will use your information consistent with your consent or direction.

Artificial Intelligence. We and our vendors may use artificial intelligence (AI) and machine learning technologies, including generative AI, to facilitate the processing of information described in this Privacy Policy.

How We Disclose Your Information

We may disclose your information as described below and as otherwise described in this Privacy Policy or at the time of collection:

Third Parties Designated by You. When you use the Services and authorize a third party to receive your information, we will disclose it to them. We may also otherwise disclose your information consistent with your consent.

Service Providers. We may disclose your information to companies and individuals that provide services on our behalf or help us operate the Services or our business (such as customer support, online chat functionality, fraud detection/prevention, security, hosting, payment processing, order and menu processing, ecommerce, analytics, email delivery, food delivery, marketing, advertising, privacy preference management, security, fraud prevention, generative artificial intelligence, and mobile application development and operation). These third parties may use your information only to help us operate the Services or our business as authorized under our contracts with them.

Payment processors. When you make purchases through the Service, your transactions are processed by third party payment processors, such as Stripe or Toast Merchant Services. These payment processors may collect your name, phone number, e-mail address, mailing address, billing address, payment card information, and other information needed to process your payment.  They may also retain this information to enable you to make additional purchases through our Service without having to re-enter your payment information each time.  They do not share your payment card information with us. Their collection and use of your information is governed by their own privacy policies, terms and rules. You can learn about how Stripe handles your information in its privacy policy available here: https://stripe.com/privacy

Affiliates. We may disclose your information to our parent company, subsidiaries, and other companies under common ownership or control with us for purposes consistent with this Privacy Policy.

Joint Marketing Partners and Joint Ventures. We may disclose information to third-party companies that have entered into joint marketing collaborations or joint ventures with us, which may use and disclose such information pursuant to their own privacy policies. Please note, however, that data we obtain through any of our short code SMS programs will not be disclosed to any third-parties for their own marketing purposes. 

Advertising Partners. We may disclose your information to third-party advertising companies for the purposes described in the Interest-Based Advertising section above, and to analytics providers that help us measure the performance of our advertising campaigns and related information.

Business Transferees. We may disclose some or all of your information in connection with or during negotiation of any actual or prospective business transaction (e.g., mergers, financings, acquisitions or dissolution, transactions or proceedings involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets) to the parties to that transaction and their representatives. In the event of an insolvency, bankruptcy, receivership or similar proceeding, your information may also be transferred as a business asset. 

Authorities and Others. We may disclose your information to law enforcement, government authorities and private parties if we believe in good faith that such disclosure is appropriate or necessary for the compliance and protection purposes described above.

Professional Advisors. We may disclose your information to professional advisors, such as lawyers, bankers, auditors, and insurers, where necessary in the course of the professional services that they render to us.

Your Rights and Choices

Rights Regarding Your Information. Depending on the state where you reside, applicable data protection laws may provide you with certain rights regarding your "personal information" or "personal data" as defined in such laws (collectively, for purposes of this section, "personal information"). Specifically, you may have the right to ask us to:

  • Inform you about the categories of personal information we collect or disclose about you; the categories of sources of such information; the business or commercial purpose for collecting your personal information; and the categories of third parties to which we
    disclose personal information;

  • Provide you access to and/or a copy of certain personal information we hold about you;

  • Correct or update personal information we hold about you;

  • Delete certain personal information we have about you; or

  • Opt you out of the processing of your personal information for purposes of profiling in
    furtherance of decisions that produce legal or similarly significant effects, if applicable. 

You may submit requests to exercise these rights via email to  privacy@nanskitchen.com.  We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it. Certain information may be exempt from these requests under applicable law. For example, we need certain information in order to provide the Services to you or comply with applicable law. 

We may need to verify your identity to process your information/know, access, correction, or deletion request, and we reserve the right to confirm your residency. Depending on the sensitivity of the information you are requesting and the type of request you are making, to verify your identity, we may request that you provide information such as authentication into your Service account, government identification, personal identifiers we can match against information we hold about you, confirmation of your request using the email address or telephone number associated with your account, or a declaration under penalty of perjury, where permitted by law.    

You may be able to designate an authorized agent to make a request on your behalf. To verify your authorized agent’s identity and authority to act on your behalf, we may require a copy of a valid power of attorney that you have signed and provided to your authorized agent. If you have not provided your agent with such a power of attorney, we may ask you to take additional steps to verify your request, such as by verifying your identity
directly with us and, providing proof that you have given the authorized agent signed permission to submit the request

Depending on applicable law, if we deny your request to exercise the above
privacy rights, you may have the right to appeal the denial. You may do so through the same mechanism this Privacy Policy designates for the submission of the request.  

Notice of Right to Opt Out of Sales of Personal Information and Processing/Sharing of Personal Information for Targeted Advertising Purposes. Depending on where you live, you may have the right to opt out of “sales” of your personal information and “sharing/processing of your information for targeted advertising.” As described in the “How We Disclose Your Information” section above, we may disclose personal information to third-party advertising providers for interest-based advertising purposes or use related analytics partners to help us analyze use of our Services and our user/customer base. We may also disclose personal information to entities that have entered into joint marketing partnerships or joint ventures with us. Under applicable law, the disclosure of your personal information to these third parties may be considered a “sale” of personal information or the processing/“sharing”/processing of personal information for “targeted advertising” purposes. 

You can submit requests to opt-out of processing of personal information for targeted advertising purposes here and by emailing us at privacy@nanskitchen.com. If you transmit a legally recognized browser-based opt out preference signal from your browser, we recognize such preference as a request to opt-out of processing of personal information for targeted advertising purposes to the extent required by applicable law.

Opt-Out of Marketing Communications. You may request to opt-out of marketing emails by following the unsubscribe instructions provided at the bottom of any e-mail you receive from us or by sending your opt-out request to privacy@nanskitchen.com. After opting out of marketing emails, you may continue to receive service-related and other non-marketing communications, including notices of any updates to our Terms of Use Agreement or Privacy Policy.

Text Messages. We may offer communications via SMS texts or similar technology (including via automatic telephone dialing equipment, where permitted by applicable law) sent by MVPBC dba Nan’s Kitchen or any of its service providers, such as when we send you text messages to confirm, process, or notify you about the status and pickup location of an order you place with us, or for any customer service, account-related, or marketing purpose. To stop receiving text messages from a short code operated by MVPBC dba Nan’s Kitchen, reply STOP to any message you receive from such short code. Note that we may send you a message to confirm receipt of your STOP request. Message and data rates may apply for this service. You can also opt-out of Nan’s Kitchen marketing texts by emailing us your request and mobile telephone number to privacy@nanskitchen.com.

Cookie Choices. Most browsers let you remove and/or stop accepting cookies from the websites you visit. To do this, follow the instructions in your browser’s settings. Many browsers accept cookies by default until you change your settings. If you do not accept cookies, however, you may not be able to use all functionality of the Services and our Services may not work properly. 

Online Analytics Choices. As noted above, we use certain analytics providers, including Google Analytics, to help us analyze and understand use of the Services. You can learn more about Google Analytics, one of the analytics services we use, and how to opt-out of being tracked by Google Analytics, here:  https://tools.google.com/dlpage/gaoptout  at https://www.facebook.com/privacy/explanation. You can learn about and opt out-out of personalized ads from Google by visiting https://adssettings.google.com, or from Facebook by visiting https://safety.google/intl/en/privacy/ads-and-data/ and following the instructions to manage your ad preferences.

Precise Geolocation of Your Device. You can deactivate access to your mobile device’s precise geolocation in your mobile device’s settings.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We do not currently respond to “Do Not Track”. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Choosing Not to Disclose Your Information. If you do not provide information that we need to provide the Service, we may not be able to provide you with the Services or certain features. We will tell you what information you must provide to receive the Services when we request it. 

Other Sites and Services

Our Services may contain links to websites, mobile applications or other online services operated by third parties. When you click on a link to any other website, mobile application or online service, you will leave our Services and go to another site, and another entity may collect information from you. In addition, our content may be included on other online services that are not associated with us. We have no control over, do not review, and are not responsible or liable for, these third-party online services or for their content or actions, and we neither endorse nor make any representations about them. Other online services may follow different rules regarding the collection, use and disclosure of your information. We encourage you to read the privacy policies of other online services that you visit or use. The links to third-party online services are for your convenience and do not signify our endorsement of, or affiliation with, any third party or its services.

Security and Retention

We use a variety of technical, organizational and physical safeguards designed to help protect your information. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your information.

We retain information until we determine that retention no longer is necessary to fulfill the purpose for which it was collected and retained, and as required by applicable law.  Whether the retention period is sufficient to fulfill such purposes is the primary criteria for determining the duration of the retention period. Retention periods may vary depending on the type of information and the context and purpose of its collection and use.

International Data Transfers

We are headquartered in the United States and may work with service providers and partners who operate in the United States and other countries. If you are located outside the United States, you should be aware that information you provide to us is transferred to us and processed in the United States or other locations where we or our service providers and partners are located. Your information will be protected subject to this Privacy Policy and United States laws, which may not be as protective as the privacy laws where you live. By using the Services, you acknowledge and consent to such transfers of your information to the United States and other locations where we or our service providers or partners are located.

Children

Our Services are not intended for use by children under the age of 16. If we learn that we have collected "personal information" (as defined in the Children's Online Privacy Protection Act) online from a child under 16 without the consent of the child’s parent or guardian as required by law, we will delete it as soon as possible. If you believe that we might have collected any personal information online from a child under 16, please contact us at privacy@nanskitchen.com.

Changes to This Privacy Policy

This Privacy Policy may be updated from time to time for any reason. If we make material changes to this Privacy Policy, we will notify you by posting the new Privacy Policy at nanskitchen.com and changing the effective date listed at the top of this Privacy Policy. If required by law we will also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via e-mail or another manner through the Services. Any modifications to this Privacy Policy will be effective upon our posting the modified version as described above (or as otherwise indicated at the time of posting). In all cases, your continued use of the Services after the posting of any modified Privacy Policy indicates your acceptance of the modified Privacy Policy.

How To Contact Us

Please direct any questions or comments to :

Nan’s Kitchen, 271 Great Road, Stow, MA 01775

Attention: Legal Department or via email to privacy@nanskitchen.com.

Effective Date: November 15, 2024