Privacy policy.

What this policy covers

This policy applies to thaiginger.com — the website you’re reading now — operated by Thai Ginger Restaurants (“Thai Ginger,” “we,” or “us”).

It does not cover:

• The Thai Ginger mobile app (operated on our behalf by Toast). The mobile app has its own privacy policy you can read inside the app.
• Online ordering, which is hosted by Toast. When you click “Order online” you leave this site and your information is handled under Toast’s privacy statement.

Information we collect

Information you give us

• Newsletter signup. Your email address, the date you signed up, and which page you signed up from. Used to send you occasional updates about menu changes, events, and offers. You can unsubscribe at any time from the link in any newsletter we send.
• Contact form. If you reach out through the contact page, we collect the name, email, phone (optional), and message you submit so we can reply.
• Catering inquiries. If you submit a catering lead, we collect your name, email, phone, event date, guest count, and any notes you include — used to scope and quote your event.
• Job applications. If you apply for a position through the jobs page, we collect the contact information and any resume or notes you submit.
• Dietary or accessibility notes. You may choose to share allergies, dietary preferences, or accessibility needs in a form. We treat these as sensitive — see Sensitive information below.

Information collected automatically

• Site usage data. When you visit, our analytics tools log things like the pages you view, time on page, referring URL, approximate location (from IP), device type, and browser. We use this in aggregate to understand what’s working and what isn’t.
• Cookies and similar technologies. Small files stored by your browser. See Cookies below.
• Server logs. Our hosting provider (Vercel) logs basic request data — timestamp, IP address, path, response code — for security and reliability.

How we use it

• To run the website and keep it working.
• To respond to you when you contact us, apply for a job, or request catering.
• To send our newsletter, when you’ve opted in.
• To understand which pages are useful, where people get stuck, and what to improve.
• To protect the site against abuse, fraud, and security incidents.
• To comply with our legal obligations (tax records, lawful requests, etc.).

We do not sell your personal information. We do not share it with advertisers for cross-context behavioral advertising.

Who we share it with

We share personal information only with the service providers we need to run the site, and only for the purposes listed here. Each one is contractually bound to handle your data on our behalf.

• Vercel — site hosting and server logs.
• Sanity — content management; stores newsletter subscriber emails.
• Resend — transactional email delivery (form replies, catering quotes, newsletter sends).
• Google Analytics 4 / Google Tag Manager — aggregate site analytics, with IP anonymization enabled.
• Toast — only if you click through to online ordering. We do not transmit your personal information to Toast from this website.

We may also disclose information when required by law, subpoena, or other lawful request, or to defend our legal rights. If Thai Ginger is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction; you will be notified of any change in control or use of your data.

Your privacy rights

Depending on where you live, you have different rights over your personal information. To exercise any of them, email info@thaiginger.com. We’ll respond within the time required by the law that applies to you (generally 45 days). We may need to verify your identity before acting on a request.

Everyone

• Ask what personal information we hold about you.
• Ask us to correct it if it’s wrong.
• Ask us to delete it.
• Unsubscribe from our newsletter at any time.

California (CCPA / CPRA)

If you’re a California resident, in addition to the above you have the right to:

• Know what categories of personal information we collect, the sources, the purposes, and the categories of third parties we share it with (covered above).
• Opt out of the “sale” or “sharing” of your personal information. We do not sell personal information, and we do not share it for cross-context behavioral advertising. You can submit a Global Privacy Control (GPC) signal from a supported browser and we will treat it as an opt-out.
• Limit our use of sensitive personal information to the purposes necessary to provide the service (see Sensitive information).
• Not be discriminated against for exercising any of these rights.
• Appoint an authorized agent to make a request on your behalf, with written authorization.

Washington (My Health My Data Act)

We’re a Washington-based restaurant and we take the My Health My Data Act (MHMDA) seriously. If you share dietary, allergy, or accessibility information with us through a form, we treat it as “consumer health data” under the law. That means:

• We collect it only with your consent, and only for the purpose you submitted it (e.g., a catering accommodation, a contact-form question).
• We do not sell it. We do not share it with anyone outside the service providers listed above.
• You can ask us to confirm what we hold, and to delete it, by emailing info@thaiginger.com.
• You can withdraw your consent at any time.

Other US state laws

Residents of Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia have similar rights to access, correct, delete, and obtain a copy of your personal information, and to opt out of targeted advertising or profiling. Email info@thaiginger.com to exercise them. If we deny a request, we’ll explain why and how to appeal.

European Union / United Kingdom

If you’re in the EU or UK, the GDPR / UK GDPR gives you additional rights:

• Access, correction, erasure, and restriction of processing.
• Data portability (a copy of your data in a portable format).
• Objection to processing based on legitimate interests.
• Withdrawal of consent at any time (without affecting prior lawful processing).
• The right to lodge a complaint with your local data protection authority.

Our lawful bases for processing are: consent (newsletter, cookies); contract (responding to your inquiries); and legitimate interests (security, fraud prevention, aggregate analytics).

Children’s privacy

This site is for a general audience. We do not knowingly collect personal information from anyone under 13. If you believe a child has submitted information through this site, email info@thaiginger.com and we will delete it.

How long we keep it

• Newsletter subscribers: until you unsubscribe, then deleted within 30 days.
• Contact and catering inquiries: up to 24 months after our last exchange, then archived or deleted unless retained for a specific reason (e.g., a booked event).
• Job applications: up to 12 months, unless we hire you (in which case employment record retention applies).
• Analytics: retained at the default Google Analytics 4 setting (26 months) in aggregate, anonymized form.
• Server logs: up to 30 days for security and reliability.

Security

We use industry-standard safeguards — TLS encryption in transit, access controls on the systems that hold your data, and a small set of trusted service providers — to protect your information. No system is perfect, and we cannot guarantee absolute security. If we ever experience a breach that affects you, we will notify you as required by applicable law.

International users

Thai Ginger operates in the United States. If you access this site from outside the US, your information will be processed in the US under the safeguards described here. For EU and UK visitors, we rely on appropriate transfer mechanisms (such as the EU Standard Contractual Clauses) where required.

Changes to this policy

We’ll update this page when our practices change. Material changes will be noted at the top of the page with a new “Last updated” date, and — for substantive changes — we’ll give newsletter subscribers email notice before the change takes effect.

Contact us

For any privacy question or to exercise a right above:

Email: info@thaiginger.com