Effective Date: May 11, 2026
Last Updated: May 11, 2026
Notice for California Residents: This Privacy Policy includes additional disclosures required by the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). See Sections 2.1, 2.2, the Retention table, and "Your California Privacy Rights" for details. To exercise your rights, visit our Your Privacy Choices page or email hi@freshdashmarket.com.
Welcome to Fresh Dash! This Privacy Policy describes how Fresh Dash LLC ("Fresh Dash," "we," "us," or "our") collects, uses, shares, and protects your personal information when you visit our website freshdashmarket.com (the "Site"), use our mobile applications (if any), or otherwise interact with our services (collectively, the "Services").
We are committed to protecting your privacy. Please read this policy carefully to understand our practices regarding your information and how we will treat it. By using our Services, you agree to the collection, use, and sharing of your information as described in this Privacy Policy. If you do not agree, please do not use our Services.
We collect information about you in various ways when you use our Services. This information may include:
The following table summarizes the categories of personal information ("PI") we have collected in the past 12 months under the CCPA's statutory categories, including the sources, business purposes, third parties we disclose to, and the retention period for each category.
| CCPA Category | Examples | Source | Business Purpose | Disclosed To | Retention |
|---|---|---|---|---|---|
| A. Identifiers | Name, email, phone, account ID, IP address, device ID | Directly from you (account creation); automatically (device, network) | Account management, order fulfillment, security, fraud prevention | Stripe (Service Provider), Cloudflare (Service Provider), delivery partners (Service Providers) | Account lifetime + 30 days post-deletion |
| B. Personal records (Cal. Civ. Code §1798.80(e)) | Mailing / delivery address; phone number | Directly from you | Order delivery, fraud prevention, customer support | Stripe, Mapbox (Service Providers), delivery partners | Account lifetime + 30 days; order-related copies retained 7 years for tax compliance |
| D. Commercial information | Purchase history, products viewed, cart contents, refund history | Directly from you; automatically (browsing) | Order processing, personalization, analytics, refunds | Stripe (transaction-related only) | 7 years (tax / accounting compliance) |
| F. Internet / electronic activity | Pages viewed, links clicked, search queries, referring URL, session data | Automatically (cookies, server logs) | Analytics, security, service improvement | Internal only | 13 months |
| G. Geolocation data | IP-derived general location; precise location if you grant browser permission | Automatically (IP); directly from you (geolocation API) | Service availability check, delivery routing, fraud prevention | Mapbox (for geocoding only; Service Provider) | Precise location: session only. General location: 13 months |
| K. Inferences | Product preferences derived from purchase / browsing history | Derived from above categories | Personalization, recommendations | Internal only | Account lifetime + 30 days post-deletion |
We do not collect biometric information (Category E), sensory data (Category H), professional / employment-related information (Category I), education information (Category J), or protected classification characteristics (Category C — such as race, religion, sexual orientation, etc.).
Under the California Privacy Rights Act (CPRA), certain types of personal information are categorized as "sensitive." We collect the following sensitive PI strictly to provide our Services, and we do not use or disclose sensitive PI for the purpose of inferring characteristics about you:
You have the right to limit our use and disclosure of your sensitive PI to those purposes necessary to provide the Services. To exercise this right, visit our Your Privacy Choices page or email hi@freshdashmarket.com with the subject "Limit Sensitive PI". We will respond within 15 business days.
Fresh Dash uses Stripe, Inc. ("Stripe", a Delaware corporation) as our payment processor for all transactions on the Services.
When you provide payment information through our checkout, the following data is collected and transmitted directly to Stripe's secure servers, never touching Fresh Dash systems:
Stripe and its sub-processors may store and process your data on servers located in the United States and other countries. By using our payment functionality, you acknowledge that your payment data may be transferred outside your country of residence. Stripe is certified under PCI DSS Level 1, SOC 2 Type II, and ISO 27001. For details on Stripe's data practices, see Stripe's Privacy Policy.
PCI DSS Scope: Because Fresh Dash uses Stripe's hosted payment elements, we do not store, process, or transmit full cardholder data. Our PCI DSS compliance scope is limited to SAQ-A.
When you opt in to receive text messages (SMS) from FreshDashMarket, we collect and store your mobile phone number, your carrier's name, and the date/time of your opt‑in consent. This information is used only to deliver the text messages you have requested (e.g., order updates, promotional offers, or alerts).
We will never sell, rent, or share your mobile opt‑in data or consent status with any third party or affiliate for their own marketing purposes. Your consent to receive SMS messages is not shared with any outside organization.
No third‑party lead lists or purchased phone numbers are used for SMS marketing. All SMS recipients have provided direct, explicit consent to FreshDashMarket through a compliant opt‑in mechanism (e.g., checking an unchecked box on our website or mobile app).
You may revoke your consent at any time by replying STOP to any message. For help, reply HELP. Standard message and data rates may apply. For questions about how we handle SMS data, contact us at hi@freshdashmarket.com.
We use the information we collect for various purposes, including:
We do not sell or share your personal information as those terms are defined under the CCPA / CPRA, including for cross-context behavioral advertising. We do not currently use any third-party advertising pixels (such as Meta Pixel, TikTok Pixel, or Google Ads conversion tracking). Should this change in the future, we will update this Privacy Policy and provide a clearly labeled opt-out before any such sharing begins.
We disclose your information to the following recipients, distinguishing between Service Providers (bound by written contracts limiting use to the services they provide for us) and Third Parties (independent recipients):
g.freshdashglobal.com); session recording is disabled; the SDK honors Global Privacy Control (GPC) signals automaticallyWe use cookies and similar tracking technologies to collect information about your interaction with our Services. Cookies are small data files stored on your device. We may use session cookies (expire when you close your browser) and persistent cookies (remain until deleted). These technologies help us operate our Services, remember your preferences, analyze usage, and for advertising purposes.
You can typically control cookies through your browser settings. However, disabling cookies may affect the functionality of our Services.
For more information on how we use cookies, please see our Cookie Policy.
We retain personal information only as long as necessary to fulfill the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements. The following table summarizes our standard retention periods:
| Category | Retention Period | Basis |
|---|---|---|
| Account information (name, email, phone, password hash) | Account lifetime + 30 days post-deletion | Service provision; account recovery window |
| Delivery addresses | Account lifetime + 30 days post-deletion | Service provision |
| Order records (purchase history, refunds, transaction metadata) | 7 years | IRS tax and accounting compliance |
| Refund and dispute records | 5 years | Stripe dispute window; audit requirements |
| Card last-four and brand | Retained alongside the related order; deleted with the order record | Customer support; reconciliation |
| Marketing consent records (SMS opt-in, email subscriptions) | Account lifetime + 30 days post-deletion; legal record kept 5 years | TCPA / CAN-SPAM compliance |
| Cookies and device data | Up to 13 months | Standard analytics retention; CalOPPA |
| Customer support communications | 3 years | Dispute resolution; service quality |
| Security and access logs | 1 year | Security investigation; fraud prevention |
| Precise geolocation | Session only (not persisted) | Service provision; minimal data retention |
Where we are subject to overriding legal obligations (such as ongoing litigation, government investigation, or fraud investigation), data may be retained beyond the standard periods until those obligations are satisfied.
We implement reasonable administrative, technical, and physical safeguards designed to protect the personal information we collect against unauthorized access, use, disclosure, alteration, or destruction. However, no internet transmission or electronic storage is completely secure. Therefore, we cannot guarantee its absolute security.
You have certain choices and rights regarding your personal information:
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
You may request to know what categories of personal information we have collected, the sources of that information, the business or commercial purposes for collection, the categories of third parties with whom we share PI, and the specific pieces of PI we hold about you. See Section 2.1 above for the categorical disclosures.
You may request that we delete personal information we have collected from you, subject to exceptions permitted by law (e.g., legal retention obligations for tax records, fraud prevention, completion of pending transactions).
You may request that we correct inaccurate personal information we maintain about you. Upon receiving a verifiable request, we will use commercially reasonable efforts to correct the inaccurate information and respond within 45 days. You can also self-correct most account information by signing in to your account.
You may opt out of the sale or sharing of your personal information at any time. As stated in Section 4, we do not currently sell or share your PI for cross-context behavioral advertising, but we provide an opt-out mechanism regardless:
Sec-GPC: 1) sent by your browser as a valid opt-out requestYou may request that we limit our use and disclosure of your sensitive PI (as described in Section 2.2) to the purposes necessary to provide the Services. We do not currently use sensitive PI for purposes beyond what is necessary, but you may still submit a request via our Your Privacy Choices page.
We will not discriminate against you for exercising any of your CCPA / CPRA rights. You will not receive different prices, lower quality of service, or be denied access to our Services solely for exercising your rights, except where we are permitted by law to offer a different price tied to a clearly disclosed financial incentive (see our Notice of Financial Incentive).
We verify your identity based on the sensitivity of the request:
You may designate an authorized agent to submit requests on your behalf. We require:
Under California Civil Code §1798.83, California residents may request, once per year, information regarding our disclosures (if any) of personal information to third parties for their direct marketing purposes. To submit such a request, email hi@freshdashmarket.com with the subject "Shine the Light".
Our Services do not currently respond to "Do Not Track" (DNT) signals. However, we honor Global Privacy Control (GPC) signals as a valid opt-out of any sale or sharing of personal information, in accordance with the California Attorney General's enforcement guidance.
Our Services are intended for users 16 years of age and older.
If you believe we have inadvertently collected information from a child without proper consent, please contact hi@freshdashmarket.com and we will promptly delete it.
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy on the Site, updating the "Effective Date," and/or through other appropriate communication channels. We encourage you to review this policy periodically.
We are committed to digital accessibility for all users, including people with disabilities. We strive to conform to the Web Content Accessibility Guidelines (WCAG) 2.1, Level AA. If you experience a barrier on our website, or need help completing an order in another way, please email hi@freshdashmarket.com and we will respond within one business day. For our full statement, see our Accessibility Statement.
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:
Email: hi@freshdashmarket.com
Mailing Address: Fresh Dash LLC, 1119 N KRAEMER BLVD, ANAHEIM, CA 92806