OAKBERRY logo
OAKBERRY logo

Oakberry U.S. Privacy Policy (Effective June 15, 2025)

Introduction

Oakberry (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect personal information about our customers in the United States, both online (e.g. through our websites and mobile apps) and in our stores.

We comply with all relevant U.S. federal and state privacy laws, including the California Consumer Privacy Act and California Privacy Rights Act (together, CCPA/CPRA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), and Utah Consumer Privacy Act (UCPA).

In the absence of a single federal privacy law, we follow Federal Trade Commission (FTC) guidelines and industry best practices to safeguard your data. For example, we implement “Privacy by Design” principles by limiting data collection to what is needed, providing you choices, and being transparent about our practices.

This policy focuses on consumer data (not employee or business-to-business data) and is written in clear language to help you understand your rights and our data practices.

By using Oakberry services, whether purchasing in-store or interacting with our websites/apps, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of our services.

If you have any questions, you can contact us using the information in the Contact Us & Exercising Your Rights section below.

Information We Collect

We collect various types of personal information from and about consumers. The information we collect and the way we collect it may vary based on how you interact with us (online or in-store).

In the past 12 months, we may have collected the following categories of personal information:

  • Identifiers and Contact Information: For example, your name, email address, telephone number, postal address, or account username. We collect this information when you provide it directly, such as when you create an account, sign up for our newsletter, join our loyalty program, enter a promotion, or make a purchase.
  • Customer Records and Transaction Information: This includes information you provide in the course of a transaction, such as payment information (e.g. credit/debit card details) and order details. If you make a purchase or order for delivery, we collect information about the items purchased, date and location of the purchase, and payment method. (Note: Oakberry does not store full payment card numbers; payments are processed securely by our payment service providers.)
  • Loyalty Program Data: If you enroll in Oakberry Rewards or other loyalty programs, we (or our program service provider) collect information such as your contact details, account credentials, and profile information (e.g. username, password, birthday, preferences). We also collect details of your purchases and interactions (e.g. points earned, rewards redeemed, store locations visited) to administer the program and provide you with benefits. Participation in such programs is voluntary and subject to additional terms provided at enrollment. (Please see “Loyalty Programs & Financial Incentives” below for more information on how privacy laws apply to these programs.)
  • Communications and Inquiries: The content of your communications with us, such as when you contact customer support, provide feedback, or interact on social media. For example, if you email us or message us, we will collect your name, contact information, and the content of your message.
  • Online Usage Information: When you interact with our websites or mobile applications, we collect certain information automatically through cookies and similar technologies (see Cookies & Online Analytics below). This may include device identifiers and technical information (IP address, browser type, operating system), as well as data about your usage of our sites/apps (dates/times of visits, pages or content viewed, features used, clicks, and referring page URL). For instance, we use Google Analytics to help analyze how users navigate our site; Google Analytics may set cookies on your browser to collect information such as your IP address, browser type, and pages visited.
  • Geolocation Data: With your permission, we may collect precise geolocation data from your mobile device or browser. For example, our mobile app or website may request access to your location to help you find the nearest Oakberry store or to provide location-based services (such as special offers or features relevant to your area). You will be informed and given the opportunity to allow or refuse such geolocation access. You can also disable location permissions at any time in your device settings. (If you do not grant permission, we may still infer an approximate location from your IP address for certain purposes like analytics or showing site content in the correct language, but this is not always precise.) Please note that precise geolocation data is considered sensitive personal information under some state laws, and Oakberry will not collect or use such data without obtaining any required consent or giving required notice.
  • Preferences and Profile Information: Any preferences you provide, such as your marketing preferences (e.g. opting in or out of email newsletters or SMS alerts), and responses to optional surveys or promotions. We may also infer your preferences or characteristics from your interactions, such as your favorite store location or product preferences based on your purchase history (e.g. if you frequently buy a certain smoothie, we might infer you prefer that flavor).
  • Photographs or Video (In-Store): [Optional] For security and fraud prevention, some Oakberry retail locations use CCTV video surveillance. If you visit these stores, your image may be captured on our security cameras. These recordings are used solely for safety, security, and loss prevention purposes, and are typically overwritten or deleted after a set period unless needed to investigate an incident. We do not use security footage for marketing or profiling. (We mention this for transparency, but note that typical in-store camera footage is not used to identify individuals by name.)

We collect personal information directly from you (for example, when you fill out a form or make a purchase), automatically through your use of our services (for example, via cookies and sensors), and in some cases from third parties.

Third-party sources may include our franchisees or business partners who help facilitate your requests (for instance, if you place an order through a delivery partner or a third-party platform, they may share order details with us), social media platforms (if you interact with our official pages), and publicly available sources. We only collect personal data from third parties in accordance with applicable law and ensure we have a lawful basis for such collection.

We will not collect additional categories of personal information or use the data we collected for materially different, unrelated purposes without providing you notice and obtaining your consent if required.

How We Use Your Information

Oakberry uses personal information for the following business and commercial purposes (one or more purposes may apply simultaneously):

  • To Provide Products and Services: We use your information to fulfill your orders and requests, process transactions, make and serve your Oakberry bowls or smoothies, and deliver services you ask for. For example, if you place an online order for pickup or delivery, we use your information to process payment and prepare your order. If you sign up for an account or loyalty program, we use your info to create and manage your account and track your rewards.
  • Customer Service and Communications: We use contact information to communicate with you about your orders, respond to your inquiries, and provide customer support. For instance, if you contact us with a question or a problem, we will use your name and email/phone to address your issue and follow up. We may also send you service-related announcements when necessary (such as changes to our terms or privacy policy, recall notices, or important information about your account or transactions).
  • Marketing and Promotions: With your consent or as otherwise permitted, we use personal information (like your contact details and preferences) to send you marketing communications about our products, services, and events. This includes email newsletters, SMS alerts (if you opt in), or postal mail offers. We also use information like your past purchases or location to tailor our marketing; for example, we might send you a special offer for a new store opening in your state, or a coupon for an item you’ve purchased before. You can opt out of marketing communications at any time (see Email Marketing Practices below). We do not share your contact information with third-party advertisers for their independent marketing without your consent.
  • Loyalty and Incentive Programs: If you join Oakberry Rewards or other incentive programs, we use your information to administer those programs. This includes tracking your points and reward eligibility, analyzing your purchases to award loyalty benefits, and contacting you about program-related updates (e.g. notifying you that you’ve earned a reward). We may also use loyalty program data to personalize your experiences – for example, offering you a birthday reward if we have your date of birth, or suggesting a new topping that complements your usual orders. (See Loyalty Programs & Financial Incentives for how we handle data in compliance with laws regarding these programs.)
  • Analytics and Improvement of Services: We use usage data (including data collected via cookies and Google Analytics) to understand how our websites and app are used, measure the effectiveness of our marketing, and improve our offerings. For example, we analyze which web pages are most popular, how users navigate our site, where our app may be encountering errors, or what time of day we get the most visitors. This helps us troubleshoot issues, optimize the user experience, and design features and content that are more useful to our customers. We may also use aggregated data across many users to understand trends (e.g. which menu items are most ordered in which region).
  • Personalization: To the extent permitted, we may use personal information to personalize your experience. This might include remembering your preferences (such as language or location settings on our site), greeting you by name, showing you content or promotions that align with your interests, and customizing in-app or in-store experiences. For instance, if our app knows your usual store location (because you’ve favorited it or allowed geolocation), it can show you that store’s menu and promotions by default.
  • Security and Fraud Prevention: We process certain information to maintain the security of our websites, app, and stores, and to detect and prevent fraud or other unauthorized activities. For example, we may use IP addresses and device identifiers to detect unusual activity (such as repeated failed login attempts) and take steps to protect your account. In our stores, camera footage may be used to deter theft or investigate incidents, as noted above. We also may use personal information to verify identity for account access or when you exercise your privacy rights (to ensure that the person making a request is actually you or your authorized agent).
  • Legal Compliance: We use and disclose information as necessary to comply with our legal obligations, such as tax and accounting rules, responding to valid subpoenas or law enforcement requests, or as required by applicable laws and regulations. For instance, if a law enforcement agency lawfully requires information about a transaction, we may provide it. We also retain transaction records as needed for financial reporting and audits.
  • Protecting Rights and Interests: Where necessary, we may use personal information to protect our rights, privacy, safety or property, and/or that of our customers, employees, or others. This includes enforcing our terms and conditions, detecting or investigating illegal or fraudulent activities, or defending against legal claims. For example, if we receive notice of a customer dispute or lawsuit, we may review relevant personal information (such as communications records or purchase history) to respond.
  • Other Core Business Purposes: We may use information for internal business purposes such as training and quality control (e.g., reviewing customer service calls for quality assurance), mergers and acquisitions (if we consider a business transaction like a merger or sale, information may be evaluated or transferred as part of that process in accordance with privacy laws), or other operational purposes consistent with the context of collection.

If we seek to use your information for a purpose that is materially different from the purposes above, we will provide you with notice and obtain your consent when required by law.

We strictly limit the use of personal information to the purposes identified above or as otherwise disclosed to you. We do not use your data in ways that are incompatible with the original purposes for which it was collected without obtaining your consent. We also adhere to principles of data minimization – meaning we only collect and process the minimum amount of personal data necessary for the stated purposes – and we do not collect sensitive personal data (such as precise geolocation, as mentioned, or health information) unless it is necessary and we have provided the required notices or obtained consent under applicable law.

How We Share Your Information

Oakberry understands that your personal information is important, and we are careful in sharing it only as needed.

We do not sell your personal information for money to third parties. We also do not share your personal information for targeted advertising in exchange for money. However, some of our data sharing practices (for example, allowing third-party analytics cookies on our site or using an advertising partner to show you ads for Oakberry on other platforms) might be considered a “sale” or “share” of personal information under certain state laws, because those laws have broad definitions of what constitutes a sale or sharing. We treat your information with the same high level of care across all states, and we provide you the ability to opt out of these practices as described in Your Privacy Choices below.

The types of third parties with whom we may share personal information (and why) are:

  • Service Providers (Processors): We share personal information with our trusted service providers who perform services on our behalf and under our instructions. These include, for example, companies that host our website and databases, process payments, fulfill orders, send emails or SMS on our behalf, provide customer support software, or operate our loyalty program platform. We only share the information necessary for them to perform their functions, and we contractually require them to use the data only for our purposes and to protect it appropriately. For instance, if you sign up for Oakberry Rewards, your data will be processed by our loyalty program service provider in order to track your points and rewards. Similarly, if you make an online purchase, our payment processor will receive your payment details to complete the transaction. These service providers are not permitted to use your information for their own unrelated purposes.
  • Affiliated Companies: We may share information with companies that are under common ownership or control with Oakberry (for example, parent company, subsidiaries, or sister brands, if any) as needed to support our operations and services. Any affiliated entities that receive your information will process it with the same level of protection as described in this Policy. (Note: If Oakberry operates franchises, we consider franchisees as independent businesses, not affiliates. We address data sharing with franchise locations below.)
  • Oakberry Franchise Locations: Oakberry operates via franchise partners in certain areas. If you engage with a particular Oakberry store (franchise) – for example, by placing an order at that store, joining a store-specific promotion, or providing feedback related to that store – we may share relevant personal information with the franchise owner as needed to fulfill your request or address your feedback. Franchisees are required to handle your information in accordance with this Privacy Policy and applicable law. For instance, if you use our mobile app to order from a franchise location, we will share your order details and contact info with that store so they can make your order and let you know when it’s ready.
  • Marketing and Advertising Partners: We may allow certain partners to collect information on our website/app to help us with advertising and marketing. For example, we might use a third-party advertising network or social media platform to show ads for Oakberry on other websites or apps you use. These partners may use cookies or similar technologies to collect information about your online activities over time and across sites (such as your device identifier or pages you visit) in order to serve you Oakberry ads that are more relevant to you. We only work with partners that comply with applicable privacy laws, and we do not share directly identifying information (like your name or email) with these third-party advertisers unless you have given consent. We also honor your rights to opt out of targeted advertising or the “sale” of data as required by state laws (see Your Privacy Choices). If you prefer not to have tailored ads, you can opt out as described below.
  • Analytics Partners: As noted, we use analytics services like Google Analytics. These providers receive online identifiers and usage data through our site (via cookies or SDKs). They use this data to provide us with aggregate reports and insights. Google Analytics may also use the data it collects from our site for its own purposes, according to its privacy policy. However, we have configured Google Analytics to limit the data it can see (for example, by masking IP addresses when possible) and to use it only as our service provider. We also respect Global Privacy Control and similar signals as opt-outs for data sharing (see Cookies & Online Analytics below).
  • Business Transactions: If we undergo a business transaction such as a merger, acquisition, reorganization, or sale of some or all assets, personal information may be transferred as part of that deal, as permitted by law. We would ensure the recipient agrees to handle your personal information in accordance with this Privacy Policy. You would be notified via a prominent notice on our website or via email of any change of ownership or material changes in uses of your personal information.
  • Legal and Safety Disclosures: We may disclose personal information to government authorities, law enforcement, courts, or other third parties when we believe disclosure is required by applicable law or legal process, or to protect the rights, property, or safety of Oakberry, our employees, our customers, or the public. This can include responding to subpoenas or court orders, addressing fraud or security issues, or enforcing our agreements and policies. We will carefully review such requests and only provide the minimum necessary information in compliance with the law.

No Unauthorized Selling: As stated above, Oakberry does not sell your personal information to data brokers or third parties for monetary compensation. We also do not disclose sensitive personal information (such as precise location or financial details) for purposes other than those allowed by law without your consent. If in the future Oakberry ever needs to sell personal information or expand sharing in a way that is considered a “sale” under privacy laws, we will update this Privacy Policy and provide required notices and opt-out mechanisms (such as a “Do Not Sell or Share My Personal Information” link on our website) before such activity occurs.

Combining Information: We may combine information collected from you through various sources (for example, combine data from in-store purchases with data from your online account) to ensure complete and up-to-date records and to help us operate our business. We may also anonymize or aggregate personal information so it can no longer be linked to you, and use that data for purposes such as research and analytics. This aggregated data is not considered personal information and may be shared with any third party.

Cookies & Online Analytics

We and our partners use cookies and similar tracking technologies on our websites and apps to provide and improve our services, as well as to offer a better user experience and relevant marketing. Cookies are small text files that websites store on your browser or device to save information. When you visit Oakberry’s website, we or our third-party analytics and advertising partners may set cookies or read cookies already on your device. This section explains how we use these technologies and your choices.

Types of Cookies and Why We Use Them:

  • Essential Cookies: These are necessary for our website to function properly and cannot be switched off in our systems. For example, they help with basic functions like page navigation and remembering items in your cart. Without these cookies, services you have asked for (such as adding items to your order) cannot be provided.
  • Performance and Analytics Cookies: These cookies collect information about how visitors use our site, such as which pages are most visited and if any errors occurred. We use this data to improve the website’s performance and your experience. For instance, we use Google Analytics to understand aggregate website traffic and usage patterns. Google Analytics cookies allow us to see information like how long users stay on a page, how they navigated to our site, and how they interact with site content. This information is collected in an anonymous form (we do not use Google Analytics to collect your name or contact info), and we use it for statistical analysis and product development.
  • Functional Cookies: These enable enhanced functionality and personalization, such as remembering your preferences (e.g., your chosen store location or language selection) and recognizing you when you return. They may be set by us or by third-party providers whose services we have added to our pages (for example, a chat support widget). If you disable these, some or all of these services may not function properly.
  • Advertising and Targeting Cookies: Oakberry may allow advertising partners to set cookies that collect information about your browsing activities on our site in order to provide you with relevant ads on other sites or social media. For example, if you visit our site and view certain menu items, you might later see an advertisement for Oakberry on another website or on Facebook. These cookies can also measure the effectiveness of our ad campaigns. The information collected typically includes identifiers like cookie IDs or device IDs and context about the pages you viewed. We do not permit third-party ad networks to collect your contact information from our site, only device and browsing information.

Google Analytics:

As noted, we use Google Analytics, a web analytics service provided by Google LLC. Google Analytics uses first-party cookies to track interactions. The data Google Analytics collects about your use of our site (e.g. your IP address, browser, pages visited, time spent) is transmitted to Google’s servers, which may be in the United States or other countries. Google uses this information to provide us reports on site usage and to improve their analytics platform. We use these reports to analyze trends and improve our website, as described above. We have entered into a data processing agreement with Google to limit how they can use the data collected from our site. For example, we have disabled Google’s ability to use our analytics data for their own purposes like ad personalization (to the extent offered in Google’s settings). You can learn more about how Google Analytics handles data by visiting Google’s Privacy & Terms site.

Your Choices for Cookies:

On your first visit to our site (and periodically thereafter), you may see a cookie banner or notice that allows you to opt in or out of certain non-essential cookies. Even if you accept cookies initially, you can adjust your browser settings to refuse or delete cookies. Most web browsers provide options to notify you when a cookie is being set or to block cookies altogether. Please note, however, that if you disable all cookies, some features of our site may not function correctly (for example, our site might not remember your cart or login session).

Opt-Out of Google Analytics:

If you do not want Google Analytics to be used in your browser, you can install the official Google Analytics Opt-Out Browser Add-on, which is available at Google’s website. This tool prevents Google Analytics from collecting information on any site you visit that uses GA (including ours).

Advertising Cookie Choices:

For third-party advertising cookies, you can often opt out through the Network Advertising Initiative (NAI) opt-out page or the Digital Advertising Alliance (DAA) Consumer Choice page. These industry programs allow you to see a list of participating companies and opt out of interest-based advertising from each. Note that opting out through these tools will typically place an opt-out cookie on your device, so if you clear cookies, you may need to opt out again. Also, opting out of targeted ads does not mean you will no longer see any ads from us; it means those ads will no longer be personalized based on your browsing behavior.

Do Not Track and Global Privacy Controls:

“Do Not Track” (DNT) is a setting available in some web browsers that allows users to signal they do not want to be tracked across websites. Currently, there is no universal standard for how to interpret DNT signals, and Oakberry’s websites do not respond to browser DNT signals. However, we will honor certain universal opt-out signals that are required or recognized by law. For example, if your browser or device is set to broadcast the Global Privacy Control (GPC) signal, our website will treat that as a valid request to opt out of the sale of personal information or targeted advertising cookies for that browser, as required by California and Colorado law. In practical terms, when our site detects a GPC signal, it will automatically disable third-party cookies or other tracking intended for “selling” or “sharing” data on that browser, without you needing to click the “Do Not Sell” link. (Please note that this GPC-based opt-out is tied to your browser, so it won’t apply if you visit our site from a different device or if you clear your browser data.) We applaud industry efforts to develop user-friendly privacy controls and will continue to support legally required signals as standards evolve.

Email Marketing Practices

If you provide us with your email address or sign up to receive marketing communications, we may send you periodic emails about new products, special offers, events, or other news we think may interest you. We strive to send engaging, relevant content, and we limit the frequency of our marketing emails. You can opt-in to our mailing list through our website or in-store promotions (for example, by scanning a QR code to join our newsletter). If at any time you no longer wish to receive promotional emails from us, you have the right to unsubscribe.

How to Unsubscribe: Each marketing email we send includes an “Unsubscribe” link at the bottom. By clicking that link and confirming, you will be removed from our marketing list for future emails. Alternatively, you can opt-out by contacting us at privacy@oakberry.com (please specify that you wish to unsubscribe from marketing). We will process your opt-out request as soon as possible and in accordance with applicable law. Please note that even if you opt out of marketing messages, we may still send you transactional or service-related communications when necessary (such as e-receipts, loyalty program updates, or important notifications about your account or purchases), as these are not promotional in nature.

Oakberry complies with the CAN-SPAM Act, a federal law that sets rules for commercial emails and gives recipients the right to have emails stopped. In compliance with CAN-SPAM, our marketing emails will always accurately identify the sender, include a valid postal address for Oakberry, and provide a clear way to opt out (unsubscribe) from future emails. We honor all opt-out requests – when you unsubscribe, we will stop sending you marketing emails within the timeframe required by law (usually 10 business days or sooner). We will not charge you or require you to do anything beyond making the request. Ensuring you have control over your inbox is important to us, and we appreciate your attention to our communications.

Loyalty Programs & Financial Incentives

As mentioned, Oakberry may offer loyalty programs or other promotional incentives that provide benefits to consumers in exchange for collecting or retaining personal information. For example, Oakberry Rewards is a program where customers can earn points on purchases and redeem them for discounts or free items. To administer this program, we must collect and retain certain personal information, such as your name, contact information, and purchase history. Because these programs involve a value exchange (personal data for rewards), privacy laws like the CCPA/CPRA require us to make certain disclosures and, in some cases, obtain your consent.

Notice of Financial Incentive (California): If you are a California consumer and you join an Oakberry loyalty or rewards program, the CCPA/CPRA considers this a “financial incentive” program. California law requires that we provide you with a Notice of Financial Incentive at the point of data collection, explaining the material terms of the incentive in clear language. This notice will describe, for example, what data you need to provide (e.g. your email and purchase history), the benefits you will receive (e.g. a discount or free item), and how you can opt out of the program. Importantly, California requires that participation in such programs be opt-in (we will only include you if you affirmatively sign up), and that we inform you that you may withdraw at any time without penalty. The law also asks that we explain, in a general way, how the value of the incentive is reasonably related to the value of the data you provide. Oakberry assesses the value of your personal data based on the expense related to providing the program (for instance, the approximate additional sales generated by loyalty members versus the cost of rewards given). We value our customers’ trust and provide loyalty benefits in good faith to thank you for your patronage.

If you do not agree to the terms in the Notice of Financial Incentive, you should refrain from joining the program or you may opt out (unsubscribe) from the program at any time. Opting out of the loyalty program will stop any further collection of new data for the program and you will forfeit unused rewards, but we will retain past data as required for accounting and to prevent fraud, or as required by law.

Data Practices in Loyalty Programs: The personal information collected through Oakberry Rewards or similar programs will be used only as described in the program terms and this Privacy Policy. Typically, we (and our service provider running the program) use your data to track your purchases, allocate points, inform you of rewards, and tailor offers. We may also analyze loyalty members’ purchase trends to help with product development and marketing strategies (for example, if many members in a region redeem rewards for a certain new topping, we know it’s popular). We do not sell loyalty program data to third parties, and we do not share it with anyone except service providers and, if applicable, the Oakberry franchise location you frequent for purposes of awarding your points or delivering your benefits.

If you request deletion of your data (see Your Privacy Rights below), please note that deleting certain data may mean we can no longer verify your eligibility for rewards; in such cases, deletion may require that we close your loyalty account. California and other states allow businesses to offer a different price or service level if it is part of a voluntary loyalty program, as long as the difference is reasonably related to the value of the consumer’s data and users have given informed consent. Oakberry’s incentives (like a free bowl after 10 purchases) are designed to comply with these rules. We will never discriminate against you for exercising privacy rights (no denying service or charging higher prices), except that if you ask us to delete or stop selling/sharing your data, we may not be able to provide benefits that rely on that data (for example, we can’t award points on past purchases if those records are deleted).

Virginia and Colorado Loyalty Requirements: Other states also have provisions regarding loyalty programs. For instance, the Colorado Privacy Act has specific rules for bona fide loyalty programs, including requirements to disclose what data is collected and how third parties are involved, and it does not require opt-in consent (Colorado residents are opted in by joining, and can opt out by leaving the program). Virginia’s law similarly permits loyalty programs but requires that if you exercise your privacy rights (like opting out of sale or requesting deletion), we cannot refuse you the loyalty benefits unless the data at issue is necessary for the program. Oakberry’s policy is to follow all such requirements. This means, for example, if a Virginia customer in our loyalty program requests deletion of their data, we will either (a) delete the data and inform them that this will terminate their participation in the program (since we can’t run it without their data), or (b) offer an alternative solution allowed by law. We also provide a way for you to appeal any decision we make regarding your loyalty data (see Exercising Your Rights below, which applies to loyalty programs as well).

In summary, our loyalty and incentive programs are fully optional. We will give you required details upfront and obtain any necessary consent. You can withdraw at any time. We will not penalize you for opting out – you will simply miss out on the promotional benefits on a going-forward basis, which is the standard consequence of not participating. We view these programs as a win-win: you get rewards and personalized perks, and we get to build a stronger relationship with our customers. We are committed to running these programs in a transparent, fair, and privacy-conscious manner.

Your Privacy Rights

Consumers in certain U.S. states have specific legal rights regarding their personal information. Oakberry believes in honoring these rights and extending similar controls to all our customers as appropriate. In this section, we outline the privacy rights you have and explain how you can exercise them. All users (regardless of state) can contact us with questions about their data, but the availability of certain rights (and how to exercise them) may vary depending on your state of residence and the applicable law. We will not discriminate against you for exercising any of these rights (meaning we won’t deny you products, charge you different prices, or provide a lesser service just because you exercised your rights), though note that if you ask us to delete data that is necessary to provide a service (like an active loyalty membership), we may not be able to continue providing that service.

The following is a summary of privacy rights provided under various state laws:

  • Right to Know / Access: You have the right to request that we disclose the personal information we have collected about you and how we have used and shared it. Specifically, you can ask for the categories and specific pieces of personal information we have about you, the categories of sources from which we collected the information, the business or commercial purposes for collecting (or sharing) it, and the categories of third parties with whom we have shared your information. Upon verification of your identity (to protect your privacy), we will provide the requested information for the preceding 12 months, free of charge (unless a longer period is required by law). This is sometimes called a “data access request” or “request to know.” California, Virginia, Colorado, Connecticut, and Utah all provide a version of this right to access personal data.
  • Right to Data Portability: You have the right to obtain a copy of the personal information that you have provided to us, in a portable and (to the extent technically feasible) readily usable format. In practice, this means that when you make an access request, you may request that we provide your information in a commonly used electronic format (such as CSV or PDF) that you can keep for your records or transfer to another service. We will include this as part of fulfilling an access request. (For example, California views this as part of the right to access, and Virginia/Colorado list it as a separate “portability” right – either way, we will provide your data in a handy format.)
  • Right to Correct: You have the right to request that we correct inaccuracies in your personal information. If you find that any personal data we maintain about you is incorrect or outdated (for example, an email address or mailing address that has changed, or an inaccurate loyalty account detail), please let us know so we can fix it. We will take into account the nature of the information and the purposes for which we are processing it when determining how to correct it. We may need to verify the accuracy of the new information you provide and ensure proper identity verification before making the correction. California (CPRA) added a right to rectification, and Virginia, Colorado, and Connecticut laws also grant consumers the right to have inaccurate personal data corrected. Note: Utah’s law (UCPA) does not currently provide a specific right to correction. However, even for Utah residents, we will honor correction requests as a good business practice whenever feasible.
  • Right to Delete: You have the right to request deletion of the personal information we have collected from you. Upon a verified request, we will delete the personal information from our records (and direct our service providers to do the same), subject to certain exceptions allowed by law. For example, we may retain information needed to complete a transaction you requested, to detect security incidents, for legitimate internal business purposes such as accounting, or to comply with a legal obligation. If an exception applies, we will let you know in our response. All five state laws mentioned (CA, VA, CO, CT, UT) include a right to deletion of personal data you provided, but there are differences in scope. Notably, under Utah law, the right to delete only applies to personal data that you provided to us (e.g., information you actively gave us), and does not extend to data we obtain elsewhere or derive. Other states (CA/CPRA, VA, CO, CT) allow you to delete both data you provided and data we may have obtained about you. Rest assured, Oakberry will honor the broader deletion rights for residents of those states. If you are a Utah resident requesting deletion, we will delete at least the data you have given us directly, and we will consider deleting additional data in our discretion or if required by other applicable law. We will clarify in our response what has been deleted. Keep in mind that deletion is permanent and cannot be undone – if you request deletion of your loyalty account data, for example, you will lose any points or rewards and would have to sign up anew if you wish to rejoin later.
  • Right to Opt Out of Sale or Sharing of Personal Information / Targeted Advertising: You have the right to direct us not to sell your personal information to third parties. As mentioned, Oakberry does not sell data for money, but some sharing of data for advertising or analytics could be considered a “sale” or “share” under the CCPA’s broad definitions. California consumers have the right to opt out of both “sales” and “sharing” of personal information. Similarly, Virginia, Colorado, and Connecticut give you the right to opt out of the use of your data for targeted advertising and the sale of personal data (as those terms are defined in those laws). “Targeted advertising” generally means showing you ads based on your personal data obtained from your activities across non-Oakberry websites or apps (sometimes called interest-based or cross-context advertising). If you do not want Oakberry to share your personal information with third parties for targeted advertising purposes, you can opt out. The mechanism for this is typically by clicking the “Do Not Sell or Share My Personal Information” link on our website footer or by using a recognized opt-out preference signal (like the Global Privacy Control, discussed above). You can also submit an opt-out request through the methods described in Exercising Your Rights (e.g. contacting us). Once we process your opt-out, we will not share your data for targeted ads and will not sell it unless you later opt back in. Utah’s law also provides a right to opt out of selling personal data and use for targeted advertising. Utah’s definition of “sale” is limited to monetary exchanges, and like Virginia, it doesn’t count common sharing for online advertising as a sale if no money is paid. Nonetheless, we include Utah residents in our offer: if you are in Utah and wish to ensure your data isn’t used for targeted advertising, feel free to use our opt-out tools. We will honor it even if technically not required.
  • Right to Limit Use of Sensitive Personal Information (California): Under the CPRA, California consumers have the right to direct a business to limit the use and disclosure of sensitive personal information if it is used for purposes beyond what is necessary to provide the services. “Sensitive personal information” in California includes things like precise geolocation, racial or ethnic origin, health information, sexual orientation, as well as account login credentials, financial account info, etc. Oakberry does not generally collect many categories of sensitive data on consumers, except possibly precise location if you allow it, and financial information for transactions. We only use sensitive info to provide you services (e.g., using your location to find a store, or using payment info to process a purchase). We do not use or disclose sensitive personal information for purposes like profiling or targeted advertising without consent. Therefore, we believe we do not engage in uses of sensitive data that would require offering a “Limit Use of My Sensitive Info” option (since we already limit our use to necessary purposes). If that changes, we will implement a mechanism for California residents to limit the use of sensitive info (such as a link on our site). California consumers can also contact us if they have questions about any sensitive information usage.
  • Right to Opt Out of Profiling (Virginia/Colorado/Connecticut): In Virginia, Colorado, and Connecticut, you have the right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects concerning you. “Profiling” in this context means automated processing of personal data to evaluate or predict personal aspects like economic situation, health, personal preferences, interests, reliability, behavior, location or movements, when that profiling is used to make decisions that have legal or similarly significant effects (e.g. something that might affect your rights or livelihood). Oakberry does not engage in any such profiling decisions – for example, we do not use algorithms to decide whether to extend credit or employment or housing, etc. Our profiling is limited to marketing segmentation and analysis to improve customer experience, which does not have significant effects on consumers. Therefore, there is effectively nothing to “opt out” of in our current practices. That said, if you have any concerns about automated processing of your data, please let us know. Utah’s law does not include a right to opt out of profiling, and California’s law currently addresses automated decision-making through future regulations (but not an explicit consumer right yet). We will update our policy if these laws evolve to require additional notice or choices for automated decision-making.
  • Right to Non-Discrimination / No Retaliation: As noted, all consumers have the right not to receive discriminatory treatment for exercising privacy rights. This means we will not deny you goods or services, charge you a different price, or provide a different quality of service just because you exercised a privacy right under CCPA or other law. If you opt out of the sale of your data, we will honor your choice and not reduce your service level. If you request deletion, we’ll delete your data and not punish you for it. The only nuance is if the exercise of your privacy rights makes it impossible for us to provide something you were getting – for example, if you withdraw from the loyalty program (a financial incentive) or ask us to delete data that is required for that program, you might lose the associated benefits. This is not discrimination; it’s a direct result of your request (the law explicitly allows difference in service if reasonably related to the value of your data in the context of a voluntary loyalty program). We will always explain any such impact beforehand so you can decide. Other than that scenario, Oakberry treats all customers equally regardless of whether they exercise privacy rights.
  • Right to Appeal (for certain states): If we decline to take action on a request you make (for example, if we deny a deletion request because an exception applies, or we cannot verify your identity), you have the right to appeal our decision in Virginia, Colorado, and Connecticut. Our notification of a denial will include instructions on how you can appeal. Typically, you can submit an appeal by contacting us (using the contact information below) and indicating that you are lodging an appeal of our decision. We have a dedicated review process for appeals, and a higher-level reviewer will reconsider your request along with any additional information you provide. We will respond to your appeal within the time frame required by law (generally 45 days). If we ultimately deny your appeal, we will inform you of that decision and provide information on how you may contact your state Attorney General to submit a complaint if you wish. California does not mandate a formal appeal process, but we will of course work with you to resolve any issues or complaints if you feel your request was not handled properly.

Summary of State Variations:

  • All of the above rights are available to California residents under the CCPA/CPRA.
  • Virginia, Colorado, and Connecticut residents have rights to access, correct, delete, and opt-out similar to California’s (with some differences in definitions and procedures). Notably, Colorado and Connecticut require companies to honor universal opt-out signals for targeted advertising by specified dates, which Oakberry has implemented (as described in Cookies & Online Analytics). Virginia, Colorado, and Connecticut also require consent before processing sensitive personal data such as precise geolocation, which Oakberry obtains where applicable (for example, the act of allowing our app to use your location can serve as that consent).
  • Utah’s law provides a more limited set of rights: access, deletion (of provided data), portability, and opt-out of sale/targeted ads. Utah does not provide rights to correct or opt-out of profiling. Nevertheless, Oakberry’s policy is to allow our users in Utah to correct their data if needed (through our normal customer service process) and to opt out of any advertising-related sharing, just as we offer to others.

We aim to meet the highest standard required by any of these laws, and often we voluntarily exceed legal requirements as part of our commitment to consumer privacy. If you have any questions about which rights apply to you, please contact us. Next, we will detail how you can actually make any of the above requests.

Exercising Your Rights & How to Contact Us

Oakberry takes your privacy requests seriously. Below, we describe the process for making requests to exercise your rights, and how you can reach us with questions or concerns about this Policy or your personal information.

Submitting a Privacy Request:

To exercise your Right to Know (access), Right to Delete, Right to Correct, Right to Opt-Out of Sale/Sharing or Targeted Ads, or other applicable rights, you may contact us through any of the following methods:

  • Online Webform: Visit our Privacy Center at Oakberry Privacy Request Form (if available on our website) to submit your request. We may provide dedicated forms for specific requests (for example, a “Do Not Sell or Share” opt-out form, or a general data rights request form). Instructions will be provided on the form – typically, you will need to provide your name, contact information, and details about your request.
  • Email: Send an email to privacy@oakberry.com with the subject line “Privacy Rights Request” and in the body, include your name, the state you reside in, and which rights you want to exercise. For example, you might write: “Hello, I am a California resident. Please provide me with a copy of my personal information (access request) and delete my account data.” Please make sure to send the email from the address associated with your Oakberry account or provide sufficient information for us to identify you in our records.
  • Toll-Free Phone: Call us at 1-800-XXX-XXXX. Our privacy support line is available [days and times]. When you call, please inform the customer service representative that you are making a CCPA/privacy request. They will guide you through the information we need to process your request and will confirm details such as your name, contact info, and the nature of your request. For deletion or correction requests, they might ask what data specifically you want deleted or corrected (you can say “all personal information” or specify certain elements).
  • Postal Mail: You may send a written request to the following address:
    Oakberry Privacy Team
    123 Oakberry Lane, Anytown, USA 00000
    In your mail, please include your full name, contact information, the nature of your request, and any relevant details (e.g., if you have multiple emails, specify which one is associated with your interactions with Oakberry). Note that postal requests will take longer to process due to mail delivery times, so for faster response we encourage electronic methods.

Verifying Your Identity:

For certain requests, especially those involving access or deletion of personal information, we need to verify your identity to ensure we are dealing with the correct person. This is a legal requirement intended to protect your data from unauthorized access. When you submit a request, we will take steps to verify you by asking for information that we can match against our records. For example, we may ask you to confirm two or three pieces of information we have on file (such as your phone number, a recent purchase amount or date, or your loyalty account number). For highly sensitive requests (like obtaining specific pieces of personal info or very sensitive data), we might employ a higher standard of verification (for instance, asking you to log into your account or provide a government-issued ID, to the extent allowed by law). If you have an Oakberry account, we may ask you to submit the request through your logged-in account, which helps with verification. If we cannot verify your identity to a reasonable or required degree of certainty, we will not be able to fulfill the request (and will notify you of this). We will treat any information you provide for verification solely for that purpose and will delete it after processing your request, as required.

Authorized Agents:

If you prefer, you may designate an authorized agent to make a privacy rights request on your behalf (for example, you might hire a private service or ask an attorney to handle it, or perhaps a family member if you are unable to do so). If you use an authorized agent, we will require proof of their authority to act on your behalf. This could be a signed letter from you, a power of attorney, or other documentation we find sufficient under the law. We may also contact you directly to confirm that the agent has permission. (California specifically allows authorized agents, and we follow similar principles for other states.) Agents should submit proof of authorization along with the request. If we do not receive proof, we may reach out to you or the agent for clarification.

Response Timing and Process:

We will confirm receipt of your request within 10 days (for California residents) or as required by law. In general, we aim to respond to all verified requests within 45 days of receipt. If we need more time (up to an additional 45 days, for a maximum of 90 days total), we will inform you of the reason and extension in writing. Typically, we may extend the timeline if your request is complex or if we have a high volume of requests at that time. Our response will be delivered through the method you contacted us (usually email), or via your account if applicable. If you have a password-protected account with us, we may fulfill an access request by providing the information through that account (in a secure manner). For deletion requests, we will either confirm that we have deleted your data or, if an exception applies, we will let you know what we could not delete and why. For correction, we will confirm the data has been corrected or supplementally noted. For opt-out requests, we will implement the opt-out and confirm that you have been opted out of sale/sharing or targeted advertising, as requested. If we cannot comply with a portion of your request, we will explain the reasons in our response. Common reasons might include: we could not verify your identity, we do not have any data on you (e.g., if you never interacted with us or if we already deleted it), or an applicable law provides an exception (for instance, we may deny a deletion request if we are required by law to keep the data, or an access request if it would violate someone else’s privacy). We will, however, honor the parts of your request that are not exempt.

Appeal Process (for Virginia/Colorado/Connecticut):

If you are dissatisfied with the outcome of a request (for example, we denied it based on an exemption, or you believe we did not fully comply), you have the right to appeal our decision. To do so, please reply to our response email or contact us again (within a reasonable time, ideally 60 days of our decision) and indicate that you are lodging an “appeal” of the prior decision. Provide any additional context as to why you believe our decision was unjustified. Your appeal will then be reviewed by a higher-level staff member or committee within our privacy team who was not involved in the initial decision. They will reevaluate all the materials and applicable law, and then inform you of the outcome of the appeal within 45 days (or the timeframe required by your state law). If the appeal is denied, we will provide you with an explanation and information on further recourse. For example, Virginia requires that if an appeal is denied, we must inform you that you can contact the Virginia Attorney General if you have concerns (and we would provide contact details for the VA AG’s office). Similarly, Colorado and Connecticut have provisions for contacting their respective AGs. We will include the relevant information in our appeal response based on your state.

Contacting Us with Questions or Concerns:

In addition to or instead of making a formal privacy rights request, you may simply have questions about our Privacy Policy or practices. If so, please do not hesitate to contact us. You can reach our Privacy Officer / Data Protection Team at:

  • Email: privacy@oakberry.com
  • Postal Mail: Oakberry Privacy Team, 123 Oakberry Lane, Anytown, USA 00000
  • Phone: 1-800-XXX-XXXX (ask for the Privacy team or leave a message regarding a privacy inquiry)

We will do our best to address your inquiry promptly. If you have a concern that we have not addressed to your satisfaction, you also have the right to contact your state’s Attorney General or privacy regulator. For example, California residents can contact the California Privacy Protection Agency or the California Attorney General; Virginia residents can contact the Virginia Attorney General, and so on. We hope it never comes to that, and we welcome the opportunity to resolve issues directly.

California “Shine the Light” Disclosure:

California Civil Code § 1798.83 (the “Shine the Light” law) allows California residents to request certain information about our disclosure of personal information to third parties for their direct marketing purposes. Oakberry’s policy is not to share our customers’ personal information with third parties for independent direct marketing without consent. Therefore, we believe we are exempt from this requirement. Nonetheless, if you are a California resident and would like to make a Shine the Light inquiry, you can reach out to us at the contact information above and we will respond as required.

California Minors:

We do not knowingly collect personal information from individuals under the age of 13 without parental consent, consistent with the federal Children’s Online Privacy Protection Act (COPPA). Our websites and services are intended for a general audience and are not directed at children under 13. If you are under 13, please do not provide any personal information. If we become aware that we have inadvertently collected personal information from a child under 13, we will delete it as soon as possible. If you are a parent or guardian and believe we have information about a child, please contact us to request deletion. Additionally, teens aged 13-16 in California have the right to opt in (or have a parent opt in on their behalf) before any “sale” of their personal information. Oakberry does not sell personal data, and in any case, we do not knowingly sell or share information of consumers under 16 without appropriate consent.

Data Security and Retention

How We Protect Your Data:

Oakberry uses a combination of administrative, technical, and physical security measures designed to safeguard your personal information. We follow industry standards and best practices (including guidance from the FTC and state regulations) to protect data against unauthorized access, theft, and loss. For example, our website employs encryption (HTTPS/TLS) to secure data in transit. Sensitive information like payment card details is handled by PCI-compliant payment processors and transmitted using secure encryption protocols. We maintain access controls so that personal data is only accessible to employees and service providers who need it for their job duties, and they are bound by confidentiality obligations. We also implement measures such as firewalls, intrusion detection systems, and regular security assessments of our systems. Our team receives privacy and security training to ensure they understand the importance of protecting customer data. Additionally, we have incident response plans in place to handle any suspected data breach swiftly and appropriately, including notifying affected individuals and regulators as required by law.

While we strive to protect your information, no system can be 100% secure. Therefore, we encourage you to also take precautions, such as using unique and strong passwords for your accounts, not sharing your login credentials, and logging out after using any shared devices. If you believe that the security of your personal information has been compromised with us, please contact us immediately.

Retention of Personal Information:

We retain personal information for as long as reasonably necessary to fulfill the purposes for which it was collected, as described in this Policy, or for other legitimate business purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements. For example, we will retain transaction records to comply with tax and financial laws, typically for at least seven years. Loyalty program data will be kept for the duration of your membership and then as needed to comply with legal or contractual requirements (e.g., keeping records of rewards issued). Web and app usage data (like analytics logs) may be retained for a shorter period, often 14 to 36 months, unless we need it for security investigations. When determining retention periods, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure, the purposes of processing, whether we can achieve those purposes through other means, and applicable legal requirements. In some cases, we may anonymize your personal information (so it can no longer be associated with you) for statistical or research purposes, in which case we may use this information indefinitely without further notice. When personal information is no longer needed, we will ensure it is either securely destroyed or de-identified in accordance with applicable laws and industry standards.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. If we make material changes to the way we collect or use personal information, or to the privacy rights available to you, we will notify you in advance by posting the updated Privacy Policy on our website with a new effective date, and/or by prominent notice (such as a notice on our homepage or via email notification). We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. The “Effective Date” at the top indicates when this Policy was last revised. Your continued use of Oakberry services after the Effective Date constitutes your acceptance of the updated Policy. If you do not agree to the revised terms, please stop using our services and contact us to address any concerns.

Contact Us

Your trust is important to us, and we welcome any questions or feedback about this Privacy Policy or our data practices. If you have questions, concerns, or requests regarding your personal information or this Policy, please do not hesitate to contact Oakberry’s privacy team:

  • Email: privacy@oakberry.com
  • Phone: 1-800-XXX-XXXX (toll-free)
  • Mail: Oakberry Privacy Team, 123 Oakberry Lane, Anytown, USA 00000

We will respond as promptly as we can. If contacting us by mail, please provide a way for us to reach you (email or phone) in your letter.

Thank you for being a valued Oakberry customer. We are dedicated to safeguarding your privacy and delivering an enjoyable, secure experience whether you’re visiting us online or in person.

Last Updated: June 15, 2025