Order

Privacy Policy

I. Identity and Address of the Data Controller

Tolo Café (hereinafter "Tolo", "we", or "the company"), located in Blvr. José María Pino Suárez 800, Cuauhtémoc, 50130 Toluca de Lerdo, México, is responsible for the processing of your personal data in accordance with the Mexican Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP) and its Regulations.

II. Personal Data We Collect

We collect the following categories of personal data:

Identification and contact data

  • Full name
  • Mobile phone number
  • Email address
  • Date of birth (optional)

Account and transaction data

  • Order and purchase history
  • Product preferences
  • Transaction and payment information (processed by Stripe)
  • Digital wallet balance and transactions

Technical and usage data

  • Device identifiers
  • Operating system and app version
  • In-app usage and navigation data
  • IP address
  • Geolocation data (when authorized)
  • Notification interaction data

III. Purposes of Data Processing

Primary purposes (necessary)

  • Create and manage your user account
  • Process orders and purchase transactions
  • Manage the loyalty and rewards program
  • Send order confirmations and receipts
  • Verify your identity through one-time password (OTP)
  • Provide customer support
  • Comply with legal and tax obligations

Secondary purposes (optional)

  • Send notifications about promotions, events, and new products
  • Conduct statistical and usage analysis to improve our services
  • Personalize your experience in the app
  • Send marketing communications and targeted advertising
  • Conduct market research

If you do not wish your personal data to be processed for secondary purposes, you may express your refusal by sending an email to hola@tolo.cafe with the subject line "Opt out of secondary purposes".

IV. Data Transfers

Your personal data may be transferred to and processed by the following third parties:

  • Stripe (United States): Payment processing and financial transactions
  • Twilio (United States): SMS messaging for OTP verification
  • Resend (United States): Transactional and marketing email delivery
  • Cloudflare (United States): Infrastructure hosting and content delivery network
  • PostHog (United States/EU): In-app usage and behavior analytics
  • Sentry (United States): Application error and performance monitoring
  • Meta/Facebook (United States): Advertising and audience segmentation
  • TikTok (United States/Singapore): Advertising and audience segmentation
  • Google (United States): Advertising, analytics, and audience segmentation

These transfers are made to fulfill the purposes described in this privacy notice. Third-party recipients assume the same data protection obligations as Tolo.

V. ARCO Rights

You have the right to Access, Rectify, Cancel, or Oppose (ARCO rights) the processing of your personal data. To exercise any of these rights, you may send a request to hola@tolo.cafe with the following information:

  • Full name and contact details
  • Clear description of the right you wish to exercise
  • Documents proving your identity or legal representation
  • Any additional information to help locate your data

We will respond to your request within a maximum of 20 business days from the date of receipt. If the request is deemed appropriate, it will be fulfilled within 15 business days following the communication of our response.

VI. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Keep your session active
  • Remember your preferences
  • Analyze the use of our services
  • Offer personalized advertising

You can manage your cookie preferences through your browser or device settings. Disabling certain cookies may affect the functionality of our services.

VII. Data Retention

We retain your personal data as long as you maintain an active account with Tolo. Once you request account cancellation, your data will be blocked and subsequently deleted in accordance with the timelines established by applicable legislation.

Transaction and tax data will be retained for the period required by applicable Mexican tax laws.

VIII. Changes to the Privacy Notice

We reserve the right to modify this privacy notice at any time. Changes will be notified through the mobile app or by email. We recommend that you periodically review this notice to stay informed about how we protect your data.

IX. Contact

If you have questions or comments about this privacy notice or the processing of your personal data, you may contact us at:

  • Email: hola@tolo.cafe
  • Website: tolo.cafe

Last updated: March 2026