U.S. & AFRICANFOOD MARKET

Privacy Policy

Last updated: February 27, 2026

1. Information We Collect

Information you provide directly:

  • Account information: name, email address, phone number, and password when you create an account
  • Order information: delivery address, payment details, order history, and delivery instructions
  • Profile preferences: dietary restrictions, allergen information, and product preferences you choose to provide
  • Communications: messages, feedback, or support requests you send us

Information from third-party authentication:

When you sign in using Google or Apple, we receive your name, email address, and profile photo (if available) as permitted by your settings with that provider. We do not receive or store your Google or Apple account password.

Information collected automatically:

  • Device information: device type, operating system, browser type, and unique device identifiers
  • Usage data: pages visited, features used, search queries, click patterns, and time spent on the Service
  • Network information: IP address, internet service provider, and general geographic location (city/region level)
  • Cookies and similar technologies (see Section 7 below)

2. How We Use Your Information

We use your information to:

  • Process, fulfill, and deliver your orders
  • Send order confirmations, delivery updates, receipts, and transactional communications
  • Create and manage your account, including authentication and account recovery
  • Personalize your experience, including product recommendations based on your stated dietary preferences
  • Improve our products, services, website, mobile app, and customer experience
  • Communicate about promotions, new products, and service updates (with your consent where required)
  • Prevent fraud, detect security threats, and enforce our Terms of Service
  • Comply with legal obligations and respond to lawful requests from public authorities

3. Legal Basis for Processing

We process your personal information based on the following legal grounds:

  • Contract performance: processing necessary to fulfill your orders and provide the Service
  • Legitimate interests: improving our services, preventing fraud, and ensuring platform security
  • Consent: marketing communications and health-related data processing (which you may withdraw at any time)
  • Legal obligation: compliance with applicable laws, regulations, and legal processes

4. Information Sharing & Disclosure

We do not sell your personal information. We never have and never will.

We share your information only in the following circumstances:

  • Service providers: payment processors (for transaction processing), delivery partners (for order fulfillment), cloud hosting providers (for data storage), and email/SMS providers (for transactional communications). All service providers are bound by data processing agreements and may only use your data to perform services on our behalf.
  • Authentication providers: when you use Google or Apple sign-in, limited data is exchanged with those providers as described in their respective privacy policies.
  • Legal requirements: when required by law, subpoena, court order, or governmental regulation, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business transfers: in connection with a merger, acquisition, bankruptcy, or sale of all or a portion of our assets, in which case you will be notified of any change in ownership or use of your personal information.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you the Service. After account deletion, we retain certain data for the following periods:

  • Transaction records: up to 7 years as required for tax and accounting purposes
  • Communication records: up to 3 years for dispute resolution and customer service quality
  • Usage analytics: aggregated and anonymized data may be retained indefinitely

You may request deletion of your personal data at any time (see Section 8). We will delete or anonymize your data within 30 days of a verified request, unless we are legally required to retain it.

6. Data Security

We implement industry-standard technical and organizational security measures to protect your personal information, including:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
  • Secure payment processing through PCI DSS–compliant payment processors — we never store full credit card numbers on our servers
  • Access controls limiting employee access to personal data on a need-to-know basis
  • Regular security assessments and monitoring for unauthorized access
  • Secure authentication with hashed passwords and support for OAuth 2.0 providers

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Cookies & Tracking Technologies

We use cookies and similar technologies for the following purposes:

  • Essential cookies: required for authentication, session management, shopping cart functionality, and security. These cannot be disabled.
  • Functional cookies: remember your preferences, language settings, and past interactions to improve your experience.
  • Analytics cookies: help us understand how you use our Service so we can improve it. We use anonymized analytics and do not use this data for advertising.

We do not use third-party advertising cookies or trackers. You can manage or delete cookies through your browser settings. Disabling essential cookies may affect the functionality of the Service.

We honor Do Not Track (DNT) browser signals. When we detect a DNT signal, we disable non-essential analytics cookies for that session.

8. Your Rights & Choices

Depending on your location, you may have the following rights regarding your personal information:

  • Access: request a copy of the personal data we hold about you
  • Correction: request correction of inaccurate or incomplete data
  • Deletion: request deletion of your personal data, subject to legal retention requirements
  • Portability: request your data in a structured, machine-readable format
  • Opt-out: unsubscribe from marketing communications at any time via the unsubscribe link in any email or through your account settings
  • Withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at privacy@usafm.com. We will respond to verified requests within 30 days. We will not discriminate against you for exercising your privacy rights.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • Right to know: you may request the categories and specific pieces of personal information we have collected about you, the sources of collection, the business purposes, and the categories of third parties with whom we share it
  • Right to delete: you may request deletion of your personal information, subject to certain exceptions
  • Right to correct: you may request correction of inaccurate personal information
  • Right to opt out of sale/sharing: we do not sell or share your personal information for cross-context behavioral advertising. No opt-out is necessary, but you may still submit a request for confirmation
  • Right to non-discrimination: we will not discriminate against you for exercising any CCPA/CPRA rights

To submit a verifiable consumer request, email privacy@usafm.com with the subject line "California Privacy Request." We will verify your identity before processing the request.

10. Other State Privacy Rights

Residents of states with comprehensive privacy laws — including Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and others as enacted — may have similar rights to access, correct, delete, and port their personal data. If you are a Washington State resident, please also see our Health Data Notice for information about your rights under the My Health My Data Act. Contact us to exercise any state-specific rights.

11. Children's Privacy

Our Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete such information promptly. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@usafm.com.

12. Third-Party Links

The Service may contain links to third-party websites or services that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policy of every site you visit.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, for significant changes, by email or prominent notice on the Service. Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy. We encourage you to review this page periodically.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

US African Food Market
Attn: Privacy
4126 11th St
Rock Island, IL 61201
Email: privacy@usafm.com