Daryl here - I write a lot of our software, would appreciate any feedback or suggestions for the site, and would love to hear about your nice dinner needs :)
TL;DR: Personally Identifiable Information (PII) privacy practices and policy needs work.
---
PERSONA
Dual income, no kids, living in midtown, just S of Central Park. Miss these places, enjoyed being a regular at several on your list.
We want to use this service! From the menu link above, we enthusiastically planned orders for Friday, Sunday, and two days next week. (Really.)
Then we paused, since like many who are happy to spend Michelin meals money, we care about our privacy and PII data.
So we traced through Terms of Service to see what you do with our phone numbers.
TOS REVIEW
A few things gave me pause:
3(h) We may use your information for our legitimate business purposes deemed, in our sole discretion, to be essential to the continued operation of our business. Such needs may shift over time and new uses for such data will not require individual disclosure or approval.
This is what lawyers call "a hole you can drive a truck through". Actually, two of them.
4(a) We may share your information with our third-party service providers for certain business purposes. This information is provided in order for them to provide us services such as ... advertising services, marketing ...
The California section clarifies you definitely mean you will share my PII for 4(a) which includes advertising and marketing, not just 4(b) to provide the actual service. The laundry list in 4(a) are not all necessary to operate a business, should be split accordingly.
5) While we strive to protect your information, we cannot guarantee that your Personal Information is absolutely secure. Please keep this in mind when disclosing any information to Taste.
OK, I better watch out. How? There doesn't appear to be any info applicable to opting out of Taste sharing my mobile number to advertising or marketing databases, or using it to match shadow profiles (and inform those of my interest in Taste). You link to consumer information sites that relate to personalization/targeting on device identifiers, but not to you proactively using PII in ways I have a right to opt out of.
The California section re-iterates this, clarifying not only will you do whatever you want with my mobile number, you'll also keep it until you don't feel like it any more. :-)
My guess is you may have copied this legalese from somewhere or some lawyer gave you boilerplate to cover you and not the customer. I'd suggest that's a poor branding and positioning signal.
SUGGESTION BOX
I'd do a couple things: (1) put a big giant "[x] NEVER give my mobile number to any third party or use my mobile for any marketing or advertising beyond delivering my preferred menus by text" checkbox, and then figure out how to make that work, and (2) have someone rewrite this to be consumer PII friendly so it feels more respectful of up-market privacy concerns, with acknowledgment throughout that by ticking that Opt-Out box, no PII will be shared or used other than for billing and actual menu/food delivery notifications.
For borderline examples, since I'm mainly thinking about phone numbers, compare Hiya and Trucaller privacy policies.
Hiya is borderline. The advertising clause allows sharing PII "to third parties to market their products or services to you if you have consented to these disclosures". It's an important "if" unless they think they get to interpret it as the overall click-wrap assent.
Meanwhile Trucaller makes the preposterous claim that you can give other people's personal info (associating names with contact numbers) and are opting in for them. But more to this topic, they straight up promise to spam your mobile number: "We may use any of the information collected, as set out above, to provide You with location and interest based advertising, marketing messaging, information and services. We may contact You ... with information pertaining ... special offers, e.g. newsletter e-mails, SMS and similar notifications about ... our business partners’ [ed: advertiser] products and services."
But for something much better, see Nomorobo, which has the encouraging: "Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential."* and then the much more interesting:
- We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information.
- We do not include or offer third-party products or services on our website.
- We do not allow third-party behavioral tracking.
That's a policy customers can feel comfortable with. Start there, and dial that back if you think your business model is more broken without it than the brand image value you earn by getting to say you don't exploit customers.
Did I mention we want to use Taste? You'll know where everyone with tasting menu money lives, make it safe.