We collect only what we need to get your coffee to you. We don't sell your information — ever. Last updated: January 2025.
When you place an order or create an account, we collect your name, email address, shipping address, and payment details (processed securely — we never store full card numbers). For subscriptions, we also store your billing cycle preference.
When you browse the site, we collect standard analytics data — pages visited, time on site, referring URL, browser type. This helps us improve the experience and understand which roasts you're most curious about.
Your information is used to fulfill orders, process payments, send shipping notifications, and respond to support requests. If you opt in, we'll also send you roast announcements and occasional notes from the roastery.
We use aggregated, anonymized analytics to improve our website and product offerings. We do not use your data for automated decision-making or profiling.
We share your information only with the third parties necessary to operate our business: our payment processor (for charging your card), our shipping carriers (to deliver your order), and our email platform (to send transactional messages).
We do not sell, rent, or trade your personal information to advertisers, data brokers, or any other third parties.
We use essential cookies to keep your cart intact and maintain your session. We also use analytics cookies (e.g. Google Analytics) to understand site traffic. No cross-site advertising cookies are used.
You can disable cookies in your browser settings at any time. Disabling essential cookies may affect your ability to complete a purchase.
You may request access to, correction of, or deletion of your personal data at any time by emailing hello@marcopolo.cafe. We'll respond within 30 days.
You can unsubscribe from marketing emails at any time via the link in any email we send. Transactional emails (order confirmations, shipping updates) are not affected by unsubscribing.
If you are located in the EU or UK, you have additional rights under GDPR, including the right to data portability and the right to lodge a complaint with your local supervisory authority.
All data transmitted between your browser and our servers is encrypted via TLS. Payment data is handled by our PCI-compliant payment processor and never stored on our servers. We regularly review our data practices and access controls.
No method of transmission over the internet is 100% secure. If you believe your account has been compromised, contact us immediately.
We may update this policy as our practices evolve. Material changes will be communicated via email to active customers. The date at the top of this page reflects the most recent revision.
This policy is governed by the laws of the State of Texas.
Privacy questions? Email hello@marcopolo.cafe — we respond within one business day.