Privacy & Data Policy

1. Introduction & Scope

Terroir Cocoa ("we," "our," or "us") is committed to protecting your privacy and handling your personal data with transparency, care, and in strict compliance with applicable data protection laws, including the GDPR, CCPA, and LGPD.

This Privacy Policy explains how we collect, use, store, and share information when you visit our website, place orders, subscribe to our newsletter, or otherwise interact with our services. By using our site or providing your information, you consent to the practices described herein.

2. Information We Collect

We collect information to provide, improve, and secure our services. This includes:

2.1 Information You Provide Directly

• Contact details (name, email, phone, shipping/billing address)
• Payment information (processed securely by third-party providers; we do not store full card details)
• Account credentials and preferences
• Communications sent to us (support inquiries, feedback, newsletter sign-ups)
• Farm tour reservation details and dietary/accessibility requirements

2.2 Information Collected Automatically

• Device and browser identifiers, IP address, and location data
• Browsing activity, clickstream data, pages visited, and time spent
• Technical logs for system security and performance optimization

2.3 Information from Third Parties

We may receive data from payment processors, shipping partners, marketing platforms, and analytics providers to verify transactions, fulfill orders, and prevent fraud.

3. How We Use Your Information

We process your personal data for the following legitimate purposes:

• Order Fulfillment: Processing payments, shipping products, and handling returns or exchanges.
• Customer Support: Responding to inquiries, resolving issues, and providing account management.
• Communication: Sending transactional emails, order updates, and marketing messages (with explicit consent where required).
• Product Development: Analyzing usage patterns to improve our website, formulations, and customer experience.
• Legal & Security: Preventing fraud, enforcing terms of service, and complying with legal obligations.

4. Sharing & Third Parties

We do not sell or rent your personal information. We share data only when necessary and under strict contractual safeguards:

• Service Providers: Payment gateways (Stripe, PayPal), shipping carriers, email platforms, and hosting infrastructure.
• Legal Compliance: When required by law, regulation, or to protect our rights and safety.
• Business Transfers: In the event of a merger, acquisition, or asset sale, data may transfer to the successor entity with continued privacy obligations.

All partners are required to comply with data protection standards and may only use your information for the specific services contracted.

5. Data Security

We implement industry-standard technical and organizational measures to protect your data, including:

• End-to-end encryption (TLS 1.3) for data in transit
• Encrypted storage and strict access controls for data at rest
• Regular security audits, vulnerability scanning, and employee training
• Incident response protocols compliant with regulatory notification timelines

While no system is completely infallible, we continuously monitor and upgrade our defenses to safeguard your information.

6. Your Rights & Choices

Depending on your jurisdiction, you may have the right to:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Correct inaccurate or incomplete information.
• Deletion: Request erasure of your data, subject to legal retention requirements.
• Restriction: Limit processing activities under certain conditions.
• Portability: Receive your data in a structured, machine-readable format.
• Opt-Out: Unsubscribe from marketing communications at any time.
• Complain: Lodge a grievance with a supervisory authority in your region.

To exercise these rights, contact us using the details in Section 11. We will respond within 30 days and may request verification to protect your privacy.

7. Cookies & Tracking Technologies

We use cookies and similar technologies to ensure functionality, analyze traffic, and personalize your experience:

• Essential: Required for cart functionality, authentication, and security.
• Analytics: Help us understand usage patterns (e.g., Google Analytics, configured in anonymized mode).
• Marketing: Used for retargeting and campaign measurement (only with consent).

You can manage preferences via your browser settings or our cookie consent banner. Disabling non-essential cookies may affect certain features.

8. International Data Transfers

Our operations may involve transferring data across borders. We ensure adequate protection through Standard Contractual Clauses (SCCs), regional compliance frameworks, and rigorous vendor assessments. Data is never transferred to jurisdictions lacking appropriate safeguards without explicit legal mechanisms in place.

9. Children's Privacy

Our services are not directed to individuals under 16. We do not knowingly collect data from minors. If we discover unintentional collection, we will promptly delete the information. Parents or guardians who suspect data collection should contact us immediately.

10. Policy Updates

We may revise this policy to reflect operational changes, legal requirements, or technological developments. Material changes will be communicated via email or prominent website notice. The "Last Updated" date at the top of this page will reflect the most current version. Continued use after modifications constitutes acceptance.

11. Contact Us

For privacy inquiries, data requests, or concerns, please reach out to our Data Protection Officer: