LEGAL & COMPLIANCE

Privacy & Data Policy

Last Updated: November 15, 2024

At Terroir Cocoa, we believe that trust is as essential to our craft as the cacao beans we cultivate. This policy outlines how we collect, use, protect, and share your personal information when you visit our website, place an order, join our farm tours, or interact with our communications. We are committed to transparency and compliance with global data protection standards, including GDPR and CCPA.

1. Introduction

Terroir Cocoa ("we," "us," or "our") operates the website terroircocoa.com and related digital services. This Privacy Policy applies to all visitors, customers, and subscribers. By accessing our services, you consent to the practices described herein. If you do not agree, please discontinue use of our site.

2. Information We Collect

We collect information necessary to fulfill orders, improve your experience, and maintain our services. This includes:

  • Personal Information: Name, email address, shipping/billing address, phone number, and company name (for wholesale inquiries).
  • Payment Data: Credit card numbers and financial details are processed securely by our payment partners. We do not store raw payment credentials on our servers.
  • Usage Data: IP address, browser type, device information, referring URLs, pages visited, and time spent on site.
  • Communication History: Records of customer support interactions, newsletter subscriptions, and marketing preferences.
  • Farm Tour Registrations: Emergency contact details, dietary restrictions, and accessibility requirements for visitors booking estate tours.

3. How We Use Your Information

Your data enables us to deliver premium products and services responsibly. We use your information to:

  • Process and fulfill orders, arrange shipping, and manage returns
  • Communicate order updates, delivery tracking, and customer support responses
  • Send personalized product recommendations, farm news, and sustainability updates (only with explicit consent)
  • Improve website functionality, user experience, and inventory forecasting
  • Verify age for restricted products and comply with regional regulations
  • Prevent fraud, abuse, and unauthorized access to our systems

4. Data Sharing & Third Parties

We never sell your personal information. We only share data with trusted service providers essential to our operations, under strict confidentiality agreements:

  • Payment Processors: Stripe & PayPal for secure transaction handling
  • Shipping & Logistics: DHL, FedEx, and local couriers for delivery coordination
  • Analytics & Infrastructure: Google Analytics & AWS for performance monitoring
  • Marketing Platforms: Klaviyo for email campaigns (opt-in only)

We may also disclose information if required by law, to protect our legal rights, or in connection with a business merger or acquisition.

5. Security & Data Retention

We implement industry-standard safeguards including SSL/TLS encryption, tokenized payment processing, restricted server access, and regular security audits. While no system is completely immune to breaches, we prioritize continuous improvement to protect your data.

We retain personal information only as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations, resolve disputes, and enforce agreements. Typically, order data is kept for 3 years, and inactive accounts are anonymized after 24 months of inactivity.

6. Your Privacy Rights

Depending on your jurisdiction, you may have the right to:

  • Access, correct, or update your personal information
  • Request deletion or anonymization of your data
  • Export your data in a machine-readable format
  • Opt out of marketing communications at any time
  • Lodge a complaint with a supervisory authority

To exercise these rights, contact us using the details in Section 10. We will respond within 30 days and may request verification to protect your account.

7. Cookies & Tracking Technologies

We use cookies and similar technologies to ensure site functionality, analyze traffic, and personalize your experience. Categories include:

  • Essential: Required for cart, checkout, and security features
  • Analytics: Help us understand how visitors interact with our site
  • Marketing: Used to deliver relevant product updates (requires consent)

You can manage cookie preferences through your browser settings or our on-site consent banner. Disabling essential cookies may limit site functionality.

8. Children's Privacy

Our services are not directed to individuals under 16 (or the applicable age of consent in your region). We do not knowingly collect data from children. If we discover unauthorized collection, we will promptly delete the information and notify the guardian.

9. Policy Updates

We may revise this policy to reflect changes in our practices, technology, or legal requirements. Updates will be posted on this page with a revised "Last Updated" date. Material changes will be communicated via email or site notification.

10. Contact Us

If you have questions about this policy, wish to exercise your data rights, or need assistance with your account, please reach out to our Data Protection Team:

Terroir Cocoa Privacy Office

📧 Email: privacy@terroircocoa.com

📞 Phone: +593 99 123 4567 (Mon–Fri, 9AM–5PM EST)

📍 Mailing: Privacy Department, km 12 Napo Valley Road, Ecuador 170505

We are committed to responding to all privacy inquiries within 30 business days.