Crumbl Global Privacy Policy
LAST UPDATED July 29, 2024

Welcome to Crumbl Cookies! This Privacy Policy describes how Crumbl, LLC (“Crumbl”, “we”, “us”, “our”) collects, uses, stores, and shares your information when:

  • You access and use the Crumbl website available at www.crumblcookies.com, the Crumbl mobile application, or any other mobile application, web application, or website where this Privacy Policy is posted (“Sites”);
  • You visit a Crumbl physical store location (“Stores”);
  • You purchase our products and services (“Products”);
  • You communicate with us in any manner, including by e-mail, text or telephone (“Communications”); and
  • We interact with certain third parties, such as our service providers, governmental agencies, and other parties (“Third Parties”).

If you are a California resident, please see our California Residents section below for more detailed information.

If you are a Nevada resident, please see our Nevada Residents section below for more detailed information.

If you are a Virginia, Colorado, and Connecticut resident, please see our Virginia, Colorado, and Connecticut Residents section below for more detailed information.

If you are in the UK, EU, or other country outside of the United States, please see Non-US Residents Notice below.

Information Practices
What information do we collect about you?

Information you provide to us

We collect your information when you interact with us directly, including when you:

  • access, navigate, and create an account on our Sites;
  • purchase our Products;
  • engage in Communications with us, including via our customer service team online;
  • visit our Stores;
  • participate in a promotion, such as a sweepstakes or contest;
  • post a tagged photo or other content on a third party social network;
  • post a Product review, question, answer, or other information on the Sites;
  • or otherwise interact with us.

The information we collect when you interact with us directly includes:

  • Contact Information, such as your first and last name, mailing address, delivery address, email address, and telephone number.
  • Account Credentials, such as your username, password, password hints, and information used for authentication and account access.
  • Demographic Information, such as your age, gender, zip code, and country.
  • Billing Information, such as your payment information (e.g., credit or debit card number), expiration date, security code, bank account information, or other financial information relating to your purchase of our Products.
  • Profile Information, such as your interests, preferences, shopping lists, email preferences, purchasing history, and favorites.
  • Communications, such as any messages you send to us through feedback and questions to customer support, information you publicly post on our Sites or other websites (such as product reviews or blog comments), e-mail messages, and recordings of telephone calls with customer service or other First Leaf representatives.

Information we automatically collect from you

When you interact with our Sites, Products, and Communications, we automatically receive certain information about you from your devices and browsers, including:

  • Usage Information. Information such as the features you use on our Sites, the links you click and the items you view, pages you visit, emails and advertisements you view, Products you view and purchase, the time of day you browse, and your referring and exiting pages. From time to time, this information may be collected through the use of first and third-party cookies such as though engaging in what’s commonly known as “session replay” cookies, and payment providers such as Stripe.
  • Device Information. Information about the device you are using, including but not limited to the type of device you use, the temporary or persistent unique device identifier (UDID) placed by us or our service providers, the IP address of your device, the MAC address, advertiser ID, your operating system, the type of browser you use, and data from the way you use our Sites. From time to time, this information may be collected through the use of first and third-party cookies such as though engaging in what’s commonly known as “session replay”, and payment providers such as Stripe.
  • Location Data. Information such as imprecise location data (such as location derived from an IP address or data that indicates a city or postal code level). Our Sites may also collect information about the location of your device. We and our service providers may use this approximate location along with other information submitted by you, to provide you with location-based services like local Store information, search results, special offers, and other personalized content.
  • Cookies. Cookies are small data files stored on your device that act as a unique tag to identify your browser. We use two types of cookies on our Sites: session cookies and persistent cookies. Session cookies make it easier for you to navigate our Sites and expire when you close your browser. Persistent cookies help with personalizing your experience, remembering your preferences, and supporting security features. Additionally, persistent cookies allow us to bring you advertising both on and off the Sites. Persistent cookies may remain on your device for extended periods of time, and generally may be controlled through your browser settings.
  • Pixels (also known as web beacons). This is a type of code that is embedded in a website, video, email, or advertisement that sends information about your use to a server. When you access a website, video, email, or advertisement that contains a pixel, the pixel may permit us or a separate entity to drop or read cookies on your browser. Pixels are used in combination with cookies to track activity by a particular browser on a particular device. We may incorporate pixels from separate entities that allow us to track our communications, bring you advertising both on and off the Sites, and provide you with additional functionality, such as the ability to connect our Sites with your social media account.
  • App Technologies. Information concerning technologies included in our mobile applications and Sites that are not browser-based like cookies and cannot be controlled by browser settings. For example, our Sites may include SDKs, which is code that sends information about your use to a server. These SDKs allow us to track our Communications, bring you advertising both on and off the Sites, and provide you with additional functionality, such as the ability to connect our Sites with your social media account.

Internet-based advertising / Do Not Track

We may, from time to time, collect information about users over time and across different websites when you use this Sites. Our third-party partners may also collect information in this manner. For example, we may use one or more third-party online advertising networks to serve ads on our behalf on third-party websites. The third-party ad network may collect information about your visits to our Sites and your interaction with our online ads. This is primarily accomplished using technology such as cookies, action tags, web beacons, and/or GIF tags which are placed in various places within our Sites and our online ads. Some browsers have a 'do not track' feature that lets you tell websites that you do not want to have your online activities tracked. These features are not yet uniform, so our Site is not currently designed to respond to those signals unless otherwise stated in this Privacy Policy.

Social media widgets and single sign on services

Our Sites use third-party social media widgets. Such third-party features may collect information about you, like your IP address and the page(s) you visit on our Sites. They may also place cookies on your device. These social media widgets are either hosted by a Third Party or by our Sites. Your interactions with those features are governed by the privacy policies of the third-party social media networks that provide them.

Children under 13 years of age

This Site is directed to adults, and does not knowingly collect personal information online from children under the age of 13 without prior parental consent. If you are the parent or guardian of a child under the age of 13, and you believe your child has provided personal information to our Sites that you would like us to delete, please contact us.

How do we use your information?

We may use your information to:

  • Fulfill your requests, such as Product orders and responses to email questions;
  • Support our core business functions, such as order fulfillment, internal business process management, authentication, loss and fraud prevention, and public safety functions;
  • Communicate with you about our Products and promotions;
  • Provide the Sites and Stores to you;
  • Improve our Sites, Products, and Stores;
  • Improve our marketing and promotions;
  • Statistically analyze the usage of our Sites, Communications, and Stores;
  • Contact you;
  • Resolve disputes, investigate problems, and enforce our terms;
  • Help diagnose problems with our server, manage our Sites, and to enhance our Products; and
  • Perform a business transaction, such as a merger, acquisition, sale of assets, bankruptcy, or related transactions.
How do we disclose your information?

We may disclose your information in the following circumstances:

  • With Your Consent. We may disclose, share, or make available your information with your consent, which may be obtained in writing, online, through “click-through” agreements, when you accept our terms for our Sites, orally (including over the telephone), or by other means. Your consent to text messaging will not be transferred to third parties.
  • With Service Providers & Business Partners. We may disclose, share, or make available your information with Third Parties, such as service providers, affiliates and subsidiaries, business partners, credit / debit card processing partners, partners that facilitate billing, shipping, and customer service, third-party auditors and law firms, marketing and advertising networks (including those that provide ad measurement services), internet service providers, data analytics providers, companies that help debug and identify and repair errors that may impair the functionality of our Sites, and third parties that help protect against malicious, deceptive, fraudulent, or illegal activity. We may also share your information in connection with financial products or services related to our business, such as private label credit cards. We may also share your information in connection with co-branded Product offerings. We use Stripe for payments, analytics, and other business services. Stripe may collect personal data including via cookies and similar technologies. The personal data Stripe collects may include transactional data and identifying information about devices that connect to its services. Stripe uses this information to operate and improve the services it provides to us, including for fraud detection, loss prevention, authentication, and analytics related to the performance of its services. You can learn more about Stripe and read its privacy policy at http://stripe.com/privacy.
  • In A Business Transfer. We may disclose, share, or make available your information as part of a business transaction, such as a merger or acquisition, joint venture, corporate reorganization, financing, or sale of company assets, or in the unlikely event of insolvency, bankruptcy, or receivership, in which such information could be transferred to third parties as a business asset in the transaction.
  • For Legal Process & Protection. We may disclose, share, or make available your information to satisfy any law, regulation, legal process, governmental request, or where we have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to: (1) enforce or apply agreements, or initiate, render, or bill for use of the Sites; (2) protect our rights or interests, property or safety or that of others; (3) in connection with claims, disputes, or litigation - in court or elsewhere; (4) protect users of our Sites and other carriers, providers, or partners from fraudulent, abusive, unlawful, or otherwise improper use of our Sites; (5) facilitate or verify the appropriate calculation of taxes, fees, or other obligations due to a local, state, or federal government.
How do we secure your information?

Although no system or website can guarantee the complete security of your information, we take all commercially reasonable steps to ensure your information is protected in accordance with all applicable laws and regulations, as appropriate to the sensitivity of your information.

Links to Third-Party Sites

Our Sites may include links to websites/applications that are owned or operated by Third Parties. Please note these links are provided for your convenience and information, and may operate independently from us and have their own privacy policies and/or notices. This Privacy Policy does not cover the practices of those websites/applications. We encourage you to review the privacy policies on those websites/applications to see how they collect and use information.

Your Choices
  • Opt-Out of Promotional Messaging. If you would like to stop receiving promotions, special offers or member-exclusive events, please refer to the unsubscribe instructions contained in those communications..
  • Opt-Out of Texting. You can opt-out of texting at any time. Reply 'STOP' to the text.
  • View and Correct Account Information. You may view and correct your account information by logging into your account online, or contacting us and requesting such information.
  • California Rights. If you are a California resident, please see California Residents below for more information about your rights and choices.
  • Virginia, Colorado, and Connecticut Rights. If you are a resident of Virginia, Colorado, or Connecticut, please see Virginia, Colorado, and Connecticut Residents below.
  • Nevada Rights. If you are a Nevada resident, please see Nevada Residents below for more information about your rights and choices.
  • Non-US Rights. If you are located in a jurisdiction outside of the United States, please see Non-US Residents below for more information about your rights and choices.
California Residents

If you are a California resident, this section applies to you. The capitalized terms and phrases used under this section shall have the same definition as under the California Consumer Privacy Act, as amended and inclusive of its implementing regulations (“CCPA”).


Definitions
  • Personal information. Information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to you or your household.
  • Sensitive personal information. Social security number, driver’s license number, state identification card, passport number, account log-in and password, financial account and password, debit or credit card number and access code, precise geolocation information, race, ethnic origin, religious or philosophical beliefs, union membership, the content of your mail, email or texts other than those communications with us, genetic data, biometric information, health information, and information that concerns your sex life or sexual orientation.
  • Sell, sale, or sold. Selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or other means, your personal information to a third party for money or other valuable consideration.
  • Share, shared, or sharing. Shearing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or other means, your personal information to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration.

Notice of Financial Incentive

Material Terms of Incentive

From time to time, we may offer discounts on our Products in exchange for you providing your personal information, such as your contact information. We may use the information you provide to send Communications to you, and to market future Products and Sites.

How The Incentive Is Reasonably Related To The Personal Information Provided

The discounts we provide (i.e., financial incentive) are based in part on our reasonable but sole determination of the estimated value of the personal information you provide, taking into account, without limitation, estimates regarding the anticipated revenue generated from such information, the anticipated expenses which might be incurred in the collection, storage, and use of such information in the operation of our business, and other relevant factors related to the estimated value of such information to our business, as permitted under applicable law.

Opt-In

By providing your personal information in exchange for a discount, you are affirmatively opting-in to our financial incentive program as described above. If you wish to opt-out of the program, do not submit the personal information.

Right to Withdraw

If you wish to withdraw from receiving a discount in exchange for the personal information you provided, please send an e-mail to privacy@crumbl.com before any such discount it utilized.


Your Rights

To submit any of the requests below, or have a request submitted by your representative, please submit your request to privacy@crumbl.com or call us toll-free to submit a request. you can designate an authorized agent to make the below requests on your behalf. When you use an authorized agent, you must provide the authorized agent with written permission to do so, and, in certain circumstances, we may ask you to verify your own identity directly with us. We may deny a request from an authorized agent that does not submit proof that they have been authorized by you to act on your behalf.


We may take steps to verify your identity by matching the information you provide with your request with the information we have on file about you. Depending on the sensitivity of the information at issue, we may utilize more stringent verification methods, including but not limited to requiring you to sign a declaration under penalty of perjury.

  • Right of Access: You have a right to request that we disclose to you the categories and in some cases specific personal information we have collected about you, including information about from where we collected your information and how it has been disclosed, sold, or shared.
  • Right to Delete. You have a right to request deletion your personal information, subject to certain exceptions.
  • Right to Correct. You have a right to ask that we correct the personal information we have about you, subject to certain exceptions.
  • Right to Opt-Out of the Sale or Sharing of Your Personal Information. You have a right to opt-out of the sale or sharing of your personal information. The process for exercising this right is described at Do Not Sell or Share My Personal Information.
  • Right to Non-Discrimination. You have a right to exercise the above rights without being discriminated against.

Notice of Collection

Below is a list of the categories of personal information we have collected about California residents in the 12 months preceding the date this Privacy Policy was last updated. This list includes information about: (1) the categories of sources from which the information was collected; (2) the business or commercial purpose for collecting, selling, or sharing the information; and (4) the categories of Third Parties with whom we share the information.

  • Identifiers (Includes Sensitive Personal Information): Includes information such as your name, signature, alias, postal address, and telephone number, unique personal identifier, online identifier, IP address, account log-in, email address, account name, driver’s license number or other identifying information. Sensitive personal information within this category includes your driver’s license number or other identification number.
  • Personal Characteristics (Includes Sensitive Personal Information): Includes information such as your age and gender.
  • Financial Information (Includes Sensitive Information): Includes information such as your account name and log-in information, and credit card and debit card number and access code. Sensitive personal information in this category includes your account log-in and password and credit card and debit card number and access code.
  • Internet or other Electronic Network Activity Information: Includes information described above as automatically collected.
  • Commercial Information, such as records of your Products considered and purchased.
  • Geolocation Information, such as your zip code and general location.
  • Audio, Electronic, Visual, Thermal, and Related Information: Includes information such as photographs, video recordings, recorded messages, and other related information.
DisclosureCategoriesDescription
How do we collect this information?Identifiers*We collect this category of information from you directly or automatically from your device(s). We also may collect this information from third parties such as financial institutions, payment processors, and social networks.
Personal characteristics*We collect this category of information from you directly. We may also collect this information from third parties, such as social networks.
Financial information*We collect this information directly from you and in some cases our third party service providers.
Internet or other electronic activity informationWe collect this category of information from you or your device(s) when you provide it to us or interact with us online (such as through our Site, as defined above, or our social media). We also collect this information from third parties such as online advertising networks, online data aggregators, and social networks.
Commercial informationWe collect this category of information from you directly, from third parties, or automatically from your device(s).
Geolocation informationWe collect this category of information from you or your device(s) when you provide it to us or interact with us online (such as through our Site, as defined above, or our social media).
Audio, electronic, visual, thermal and related informationWe collect this category of information from you or your device(s) when you provide it to us or interact with us online (such as through our Site, as defined above, or our social media) or offline (such as through a retail location or over the phone).
InferencesWe draw inferences about you from the information we collect from you or your device(s) when you provide it to us or interact with us online (such as through our Site, as defined above, or our social media) . We also draw inferences about you from the information we collect from third parties such as financial institutions, payment processors, and social networks.
Does this include sensitive personal information?Yes. * Denotes which categories may include sensitive personal information. The sensitive information we may collect includes your driver’s license number or other identification number, account information, and certain financial information.
Is the information “sold” or “shared”?Yes. We make available your IP address and other persistent online identifiers to our advertising partners. In some instances, this transaction may constitute a “sale” or “sharing” of your personal information under California law.
What is our business purpose for collecting your information?See How do we use your information? above.
Who do we disclose this information to?See How do we disclose your information? above.
How long do we keep this information?We keep the information identified above for so long as is reasonably necessary and proportionate to the original purpose for which we collected the information. We base our criteria in determining appropriate retention periods on regulatory and legal requirements, contractual requirements, business needs, and the expectations of you.

Notice of Disclosure for a Business Purpose

The following is a list of the categories of personal information we have disclosed about California residents for a business purpose in the 12 months preceding the date this Privacy Notice was last updated. For a list of the categories of third parties with whom we’ve disclosed the information, please see How do we disclose your information?.

  • Identifiers (Includes Sensitive Personal Information): See above.
  • Personal Characteristics (Includes Sensitive Personal Information): See above.
  • Financial Information (Includes Sensitive Information): See above.
  • Internet or other Electronic Network Activity Information: See above.
  • Audio, Electronic, Visual, Thermal, and Related Information: See above.
  • Inferences: See above.

Notice of Sale and Sharing

We “sell” and “share” your personal information through the use of digital advertising through our Sites. Specifically, we make available certain of your online identifiers and other persistent online identifiers with advertising and marketing partners that may be considered a “sale” or “sharing” of your personal information, as defined under California law. We don’t sell or share the personal information or sensitive personal information of any California resident who is 16 years or younger. To learn more, please see Do Not Sell or Share My Personal Information.


Notice of Use of Sensitive Personal Information

We do not use your sensitive personal information for purposes other than permitted under the CCPA. Specifically, we do not use your sensitive personal information to derive characteristics about you.


California’s “Shine in the Light” law

If you are a California resident and our customer, you have the right to request information from us once per calendar year regarding the customer information we share with third parties for the third parties’ direct marketing purposes. To request this information, please send an email to privacy@crumbl.com with “Shine the Light Request” in the subject line and in the body of your message. We will provide the requested information to you via an email response.

Nevada Residents

If you are a Nevada resident, you have the right to submit a request directing us not to make any sale of your personal information. Crumbl does not sell your personal information for money. However, to request email confirmation that we will not sell your personal information in the future, please send an email to privacy@crumbl.com with “Nevada Opt-Out” in the subject line and in the body of your message.

Virginia, Colorado, and Connecticut Residents
Definitions
  • Personal data. Information that is linked or reasonably linkable to an identified or identifiable individual.
  • Sensitive personal data. Information that includes data revealing racial or ethnic origin, the processing of genetic or biometric data for the purpose of uniquely identifying an individual or precise geolocation data.
  • Sell, sale, or sold. The exchange of personal data for monetary or other valuable consideration.
  • Targeted advertising. Displaying advertisements to a consumer where the advertisement is selected based on personal data obtained or inferred from that individual’s activities over time and across nonaffiliated Internet web sites or online applications to predict such individual’

Notice of Collection

To learn more about the categories of personal information we collect about you and how we use it, please see What information do we collect about you? and How do we use your information? To learn more about the categories of third parties with whom we may share your personal information, please see How we disclose your information.


Your Rights
  • Right to Know and Access: You have a right to know whether Crumbl is processing your personal information, access such personal information subject to certain exceptions, and obtain a copy of the personal information in a portable format. The process for exercising this right is described above in Your Choices.
  • Right to Delete. You have a right to request that we delete your personal information. The process for exercising this right is described in Your Choices.
  • Right to Correct. You have a right to ask that Crumbl correct the personal information it has about you, subject to certain exceptions. The process for exercising this right is described above in Your Choices.
  • Right to Opt-Out of the Sale or Targeted Advertising. You have a right to opt-out of the sale or use of your personal information for targeted advertising. The process for exercising this right is described at Do Not Sell or Share My Personal Information.
  • Right to Non-Discrimination. You have a right not to be discriminated against for the exercise of your rights described herein.
  • Right to Appeal. You have a right to appeal our denial of any request above. We will respond to your appeal within the timeframe required by law, and provide a written explanation in support of our response and provide additional information as required by law. You my exercise your right to appeal by clicking the links above in Your Choices, calling 1-866-983-8582.
Non-US ResidentsData Controller

Crumbl Enterprises LLC
2570 W 600 N, Lindon, UT 84042
European Union Representative: Crumbl UK Limited


How do we use your personal data?

Please see How do we use your information? section above.


What is our lawful basis for processing your personal data?

Your personal data is primarily used by Crumbl to provide you with our Sites, Stores, and Products and to service your requests. Your personal data may also be used to comply with our legal obligations or to fulfill our legitimate interest, such as to personalize your experience, develop and improve our Sites, Stores, and Products, or to detect illegal activity. With your consent, we may also use your information to send you offers and promotions.


Your rights

You have a right to access the personal data we have processed about you, ask that certain of that data be removed (i.e., deleted), correct or change your personal data, or change your marketing preferences by withdrawing your consent at any time. To submit any of the requests below, please submit your request to privacy@crumbl.com.


We may take steps to verify your identity by matching the information you provide with your request with the information we have on file about you. Depending on the sensitivity of the information at issue, we may utilize more stringent verification methods.


Lodging Complaints

You may have a right to lodge a complaint with your local Data Protection Supervisory Authority concerning our data practices. To receive information about your local Data Protection Supervisory Authority, please contact us.

Accessibility

To receive a copy of this Privacy Policy in a different format, please contact us at privacy@crumbl.com.

Contact

If you have any questions, please contact us at privacy@crumbl.com.