the short version: we collect only what we need to process your orders and communicate with you. we never sell your data. we use Stripe for payments and Firebase for our platform — both industry-standard, secure services. you can request deletion of your data at any time.
1. who we are
tandoco is a high-protein meal prep and bakery business based in Minneapolis, Minnesota. this privacy policy explains how we collect, use, store, and protect your personal information when you use our website (tandoco.com), place orders, create an account, or interact with us in any way.
2. information we collect
we collect the following types of information:
- account information: name, email address, and phone number when you create an account or place an order.
- order information: items ordered, order history, pickup preferences, and any notes you include with your order.
- payment information: payment is processed securely by Stripe, a PCI-DSS Level 1 certified payment processor. your credit card number, CVV, and expiration date are entered directly into Stripe-hosted fields and are never transmitted to or stored by tandoco. we only store non-sensitive references (Stripe customer ID, last 4 digits of card, card brand, and expiration month/year) so you can recognize your saved payment method on return visits.
- communications: emails, messages, or feedback you send us directly.
- usage data: basic page view data (page visited, device type, referral source) collected to understand how our site is used. this data is anonymous and does not include personally identifiable information.
- email list: if you sign up for our founding member list, waitlist, or email alerts, we collect your email address.
3. how we use your information
we use your information to:
- process and fulfill your meal prep orders
- communicate with you about your orders, pickups, and account
- send you updates about new menu items, weekly drops, and promotions (only if you opted in)
- improve our website, menu, and services
- respond to your questions, feedback, and support requests
- comply with legal obligations
4. we never sell your data
we do not sell, rent, trade, or share your personal information with third parties for their marketing purposes. period. your data is yours.
5. third-party services
we use a small number of trusted third-party services to operate our business:
these services have access only to the data necessary to perform their functions and are obligated to protect your information.
6. cookies & tracking
our website uses minimal tracking:
- session storage: we use browser session storage to generate a temporary session ID for basic analytics (page views, device type). this data is anonymous and expires when you close your browser.
- authentication cookies: Firebase uses cookies to maintain your login session so you don't have to sign in every time you visit.
- we do not use third-party advertising cookies, tracking pixels, or retargeting tools.
7. data security
we take reasonable measures to protect your personal information:
- all data is transmitted over HTTPS (encrypted connections)
- payment data is handled entirely by Stripe, a PCI-DSS Level 1 certified processor
- user accounts are secured through Firebase Authentication
- access to customer data is restricted to tandoco team members only
while we do our best to protect your data, no method of electronic transmission or storage is 100% secure. we cannot guarantee absolute security.
8. your rights
you have the right to:
- access your personal data — view your account information and order history in your account portal
- update your information — edit your name, email, or phone in your account settings
- delete your account and data — email us at hello@tandoco.com and we will delete your account and associated data within 30 days
- unsubscribe from marketing emails at any time using the unsubscribe link in any email, or by contacting us
9. children's privacy
our services are not directed to children under 13. we do not knowingly collect personal information from children under 13. if you believe we have inadvertently collected such information, please contact us and we will promptly delete it.
10. changes to this policy
we may update this privacy policy from time to time. if we make significant changes, we will notify you by posting the updated policy on this page with a new "last updated" date. your continued use of our services after changes are posted constitutes acceptance of the updated policy.
11. contact
questions about this privacy policy? reach out anytime.
- email: hello@tandoco.com
- Instagram: @tandoco
by using the tandoco website and services, you acknowledge that you have read and understood this privacy policy. tandoco reserves the right to update this policy at any time.