PRIVACY POLICY
Last Updated: 6th April 2022

I. Introduction and Overview

Thank you for using our services! We are committed to providing you with the best experience possible. This Privacy Policy explains what information we (Epifeast Inc.) and our subsidiaries (together termed as the “Services”)  collect, how that information is used, under what circumstances we share information, and the choices you can make about that information. This Privacy Policy applies whether you access Epifeast Inc. services (as defined in the Terms of Service) through a browser, a mobile application, or any other method.

This Privacy Policy also describes how we collect, use, and disclose your personally identifiable information (“PII”), including personally identifiable health or medical information (“Personal Health Information” or “PHI”). PII is information about you that may be used to identify you (such as your name, phone number, or address). Personal Health Information is PII combined with information that relates to (a) your past, present, or future physical or mental health or condition, (b) the provision of health care to you, or (c) your past, present, or future payment for the provision of health care.

Additional Disclosures:

We may provide different or additional disclosures relating to the processing of personal information about residents of certain countries, regions, or states. Listed below are additional disclosures that may be applicable to you.

  • If you are a California resident, please see the additional privacy disclosures below

  • If you are a Nevada resident, please see the additional privacy disclosures below

  • If you are a resident of Canada, please see the additional privacy disclosures below

II. Information we collect

  1. Information you provide to us or allow others to provide to us

At various points in the Services experience, you may provide us with information about yourself. For example, when you create an account through the Services, you provide us with personal information like your name, email address, and zip or postal code. And if you place an order through the Services, we collect information including your address, phone number, credit card information, and the details of your order. Your account information may be updated or corrected by accessing your account settings.

If you log into the Services through a third-party service, both we and that third-party may receive some information about you and your use of the services. For example, if you choose to log into the Services with your Google account, we may receive information from Google, such as your name, e-mail address, public profile information, and information about your contacts. You should check the privacy policies of these third-party services and your settings there for more information.

Our partners may let us collect information about the use of their sites/apps or share such information with us.


You may also provide us with Personal Information when you: (i) contact us through our online or email forms (including sending us queries, joining our Trial User list to be updated on releases of our products, or responding through the Services to listed job postings), as well as through any third party social media accounts connected to our Services from time to time (i.e. Instagram, Facebook, Twitter, or otherwise); (ii) make a purchase or proceed with a payment transaction through the Services for our products and Service; (iii) use your mobile application to access our service; and (iv) to provide feedback on our services. 


Location Information:

When you use the Services, we may collect precise location data. For instance, if you allow the Services to access location services through the permission system used by your device's mobile operating system or browser, we may collect the precise location of your device. You can choose whether or not to enable the location tracking feature through the settings on your device or browser, or when prompted by the Services’ mobile app. We may also infer your general location information, for example by using your internet protocol (IP) address.


2. Technical information about the usage of the Services

When you use the Services or browse our sites, either through a browser or mobile app, we automatically receive some technical information about the hardware and software that is being used.

Cookies, Pixels, and Other Tracking Technologies:

We, our partners, use various technologies to collect information, including but not limited to cookies, pixels, scripts, and device identifiers. 

We employ some third-party services to help us understand the usage of the Services and the performance of advertising, and these third parties may also deploy cookies, pixels, or other identifiers on the Services or collect information through our mobile applications. For example, we use Google Analytics to understand, in a non-personally-identifying way, how users interact with various portions of the Services -- you can learn more about information that Google may collect here.

Log information:

When you use the Services or browse our sites, our servers will record information about your usage of the Services and information that is sent by your browser or device. Log information can include things like the IP address of your device, information about the browser, operating system, and/or app you are using, unique device identifiers, pages that you navigate to and links that you click, searches that you run on the Services, and other ways you interact with the Services. If you are logged into the Services, this information is stored with your account information.



3. Children

Our Services are not intended for children under 13 years of age, and we do not knowingly collect personal information (as defined by the U.S. Children’s Online Privacy Protection Act, or “COPPA”) in a manner not permitted by COPPA. If we obtain actual knowledge that any information we collect has been provided by a child under the age of 13, we will delete that information to the extent required by applicable laws.

We do not knowingly “sell,” as that term is defined under the California Consumer Protect Act (“CCPA”), the personal information of minors under 16 years old who are California residents.

III. How we use your information

We may use the information we collect for various purposes, including:

  • Provide the Services to you, improve the quality of the service, and develop new products and services

  • Allow our team to process orders of accessories to direct deliveries of your items to you, and/or call or text you with any updates or issues

  • Charge you for the purchase and delivery costs through one or more payment processing partners

  • Offer you customized content (including advertising, coupons, and promotions)

  • Understand how users interact with the Services (including advertising both on and off the Services) as a whole and test new features or changes in our features

  • Provide customer service, respond to your communications and requests, and contact you about your use of the Services

  • Send you messages related to our community affairs efforts

  • Fulfill any other business or commercial purposes at your direction or with prior notice to you and your consent

You can opt out of receiving promotional communications from Epifeast Inc.. by using the settings on the Account Info page or by using the unsubscribe mechanism included in the message, where applicable.

IV. What we share

The Services comprise a platform that presents you with a set of one or more retailer virtual storefronts from which you can select goods for picking, packing, and delivery by third-party logistics partners to your location or, if available, for you to pick up in-store. In order to make this work, we need to share information about you and your order with the other parties who help enable the service. This includes, for example, the third-party logistics partners who pick and deliver your order, the payment processing partner(s) that we use to validate and charge your credit card. To be clear, only our payment processing partner(s) receive credit card information.

We also share information under the following principles:

  • With your consent or at your direction — We will share your information with entities outside of the Services when we have your consent to do so or it is done at your direction. For example:

    • If you enter loyalty card information from a particular retailer, we share that information with the retailer you chose along with your order so that information can be added to your loyalty card account.

    • If you share a recipe publicly on the Services, it is viewable by anyone along with your first name and last initial.

    • If you invite friends to use the Services through our referral program or to share a shopping cart, we will share some information with the friends you invite like your name and picture. Likewise, if you choose to join someone else’s cart, they will see some of your information.

  • With our third-party logistics partners — We may share your information with our third-party logistics partners in order to provide and maintain the Services.

  • For external processing or service provision — We sometimes share information with third parties to process the information on our behalf or to otherwise provide certain services (such as delivery services, advertising services, or information to better tailor our services to you). For the purposes of this processing or provision of services, we may share your information with such third parties under appropriate confidentiality provisions.

  • For legal purposes — We may share your information when we believe that the disclosure is reasonably necessary to (a) comply with applicable laws, regulations, legal processes, or requests from law enforcement or regulatory authorities, (b) prevent, detect, or otherwise handle fraud, security, or technical issues, and (c) protect the safety, rights, or property of any person, the public, or Epifeast Inc

  • On a non-personal or aggregate basis — We share information on both a non-personally identifying basis (including, but not limited to, order and delivery details but not including credit card information) or an aggregate basis.

  • For business purposes — We may share your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company. We may also share your information between and among Epifeast Inc.., and its current and future parents, affiliates, subsidiaries, and other companies under common control and ownership.

V. Personal Health Information

This Section (Personal Health Information) governs our use and disclosure of your Personal Health Information. If there is a conflict between the terms of this Section and any other terms of this Privacy Policy or Epifeast Inc.’s Terms of Services, the terms in this Section will govern. To the extent we receive, create, maintain, use or disclose any of your PHI, we will maintain the privacy and security of such information as required by the federal patient privacy law known as the Health Insurance Portability and Accountability Act and the regulations promulgated under that Act ("HIPAA"), as well as any applicable state and other federal privacy policy laws.

Your PHI is protected under HIPAA and under certain state laws. Those laws give you rights with respect to the access, use, and disclosure of PHI by your health care providers, such as pharmacies, and us. When you place a pharmacy order using our Services, the pharmacy responds as we have described above under the Section entitled "Information we collect" by disclosing to Epifeast Inc. your status as a patient of the pharmacy. Information concerning your status as a patient of the pharmacy is PHI and protected by HIPAA. As discussed above, no other PHI will be disclosed to us by your pharmacy and no other PHI will be disclosed by Epifeast Inc.. to your personal shopper other than your status as a patient of the pharmacy. For a more complete description of your rights under HIPAA and the uses and disclosures of your PHI, please refer to your pharmacy's Notice of Privacy Practices. We will not disclose your PHI without your prior written consent to other people or non-affiliated companies unless: (i) it is needed to provide our Services, (ii) it has been "de-identified" so that it cannot identify you, (ii) we have your prior written consent, (iv) disclosure is required by law, or (v) we are acquired or file for bankruptcy.

VI. Security

We employ and maintain reasonable administrative, physical, and technical measures designed to safeguard and protect information under our control from unauthorized access, use, and disclosure. In addition, when we collect, maintain, access, use, or disclose your PHI, we will do so using systems and processes consistent with information privacy and security requirements under applicable federal and state laws, including, without limitation, HIPAA. All electronic PHI will be encrypted at rest and in transit. Nevertheless, transmission via the internet is not completely secure and we cannot guarantee the security of information about you.

We will make any legally required notifications of any breach of the security, confidentiality, or integrity of your PHI or PII, including, without limitation, breaches of your stored PHI or PII (as breaches are defined under applicable state or federal statutes on security breach notification). To the extent permitted by applicable laws, we will make such notifications to you without unreasonable delay, as consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.

VII. Changes to this Policy

This policy may change from time to time and any revised Privacy Policy will be posted at this page, so we encourage you to review it regularly. If we make changes, we will notify you by revising the date at the top of this Privacy Policy and, in the case of materials changes to the Privacy Policy, we may provide you with additional notice (such as a notice in our user interface or sending you a notification by email).

VIII. Disclosures for Residents of California

These additional disclosures for California residents apply only to individuals who reside in California. The California Consumer Privacy Act of 2018 (“ CCPA ”) provides additional rights to know, delete, and opt-out, out and requires businesses collecting or disclosing personal information to provide notices and means to exercise those rights. The words used in this section have the meanings given to them in the CCPA, which may be broader than their common meaning. For example, the definition of “personal information” under the CCPA includes your name, but also more general information like age.

A. Notice of Collection.

Although the information we collect is described in greater detail in Section II above, the categories of personal information that we have collected – as described by the CCPA – including in the past 12 months are:

  • Identifiers - including name, email address, and IP address.

  • Other individual customer records - including phone number, billing and shipping address, and credit or debit card information. This category includes personal information protected under pre-existing California law (Cal. Civ. Code 1798.80(e)) and overlaps with other categories listed here

  • Demographics - including your age. This category includes data that may qualify as protected classifications under other California or federal laws.

  • Commercial information - including purchases and engagement with our Services.

  • Internet activity - including your interactions with our Service.

  • Geolocation data - including location-enabled services such as WiFi and GPS.

  • Sensory Information - such as recordings of phone calls between you and us and surveillance video at our properties, where permitted by law.

  • Inferences - including information about your interests, preferences, and favorites.

  • Health Information - including any information you provide to us regarding an experience with a retailer that may require us to contact that retailer or other retailer partners for public health or safety reasons or to facilitate a refund. We do not share your identity with retailers we may contact in such a capacity but do share the date, time, and location of a transaction, which may allow a retailer to independently identify you.

For more information on our collection practices, including the sources we receive information from, please review “ Information We Collect ” (Section II above). We collect and use these categories of personal information for the business purposes described in “ How We Use Your Information ” (Section III above), including to provide and manage our Services.

We disclose the following categories of personal information to third parties for our commercial purposes: identifiers, demographic information, commercial information, relevant order information, internet activity, geolocation data, sensory information, and inferences. We partner with different types of entities to assist with our daily operations and manage our Services. Please review “ What We Share ” (Section IV above) for more detail about the third parties we have shared information with and the underlying principles that guide our sharing practices.

B. Right to Know and Delete.

California residents have the right to delete the personal information we have collected from you, and the right to know certain information about our data practices in the preceding twelve (12) months. In particular, you have the right to request the following from us:

  • The categories of personal information we have collected about you;

  • The categories of sources from which the personal information was collected;

  • The categories of personal information about you we disclosed for a business purpose or sold;

  • The categories of third parties to whom the personal information was disclosed for a business purpose or sold;

  • The business or commercial purpose for collecting or selling the personal information; and

  • The specific pieces of personal information we have collected about you.

If you would like to download or delete your personal information, you can do so here, or email us at corporate@epifeastgroup.com. In the request, please specify which right you are seeking to exercise and the scope of the request. We will confirm receipt of your request within 10 days. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your requests to know or delete it.

C. Right to Opt-Out.

We do not generally sell information as the term “sell” is traditionally understood. However, if and to the extent “sale” under the CCPA is interpreted to include advertising technology activities such as those implemented specifically for interest-based advertising, we will comply with applicable law as to such activity.

D. Authorized Agent.

You can designate an authorized agent to submit requests on your behalf. However, we will require written proof of the agent’s permission to do so and verify your identity directly.

E. Right to Non-Discrimination.

You have the right not to receive discriminatory treatment by us for the exercise of any of your rights.

F. Shine the Light.

If you are a California resident, you may ask Epifeast Inc. for a notice describing what categories of personal information Epifeast Inc. shares with third parties or affiliates for those third parties or affiliates’ direct marketing purposes and identify the name and address of the third parties that received such personal information. Please submit a written request to the address provided below and specify you want a copy of your California Shine the Light Notice. We may require additional information from you to allow us to verify your identity and are only required to respond to requests once during any calendar year.

G. Consumer Affairs

Under California Civil Code Section 1789.3, California residents are entitled to the following specific consumer rights notice: If you have a question or complaint regarding the Website, please send an email to corporate@epifeastgroup.com. You may also contact us by writing to us at the address provided below under the Section entitled “Contact Information”. California residents may reach the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs may be contacted in writing at 400 R Street, Suite 1080, Sacramento, California 95814, or by telephone at (916) 445-1254 or (800) 952-5210.

IX. Disclosure for Residents of Nevada

If you are a Nevada resident, you may ask Epifeast Inc. to add you to our opt-out list for possible future sales of certain information we have collected or will collect about you. A sale under Nevada law is the exchange of personal information for monetary consideration by the business to a third party for the third party to license or sell the personal information to other third parties. To submit such a request, please contact our designated request email address: corporate@epifeastgroup.com

X. Contact Information

Questions or comments about our terms of service? Get in touch with us at care@eatwithnymble.com or write to the below contact information:

Epifeast Inc.

2013, Fairmont Dr

San Mateo, California 94402

corporate@epifeastgroup.com
+1 844 972 4300