ROUGH & TUMBLE

Privacy Policy

Rough & Tumble Hospitality (“Rough & Tumble,” “we,” “us,” or “our”) operates the website roughandtumblepub.com and our two Seattle pub locations in Ballard and Columbia City. We are committed to protecting your privacy and handling your personal information with care and transparency.

This Privacy Policy explains what information we collect, how we use and share it, your rights under applicable law, and how to contact us with questions. It applies to our website, email marketing, online ordering, event registrations, and any other interactions you have with us.

This policy is designed to comply with: the federal CAN-SPAM Act, the Telephone Consumer Protection Act (TCPA), the Children's Online Privacy Protection Act (COPPA), Washington State's My Health My Data Act (MHMDA), the Washington Consumer Protection Act (RCW 19.86), and applicable sections of the Washington Privacy Act (SB 5062 / RCW 31.04). We will update this policy as laws change.

1. Information We Collect

1.1 Information You Give Us Directly

We collect information you voluntarily provide when you:

•       Sign up for our email newsletter or mailing list

•       Create an account or join our loyalty program

•       Place an online order through Toast or DoorDash (via their platforms)

•       Submit an inquiry for private events

•       Contact us by email, phone, or through our contact form

•       Enter a contest, giveaway, or promotion

•       Register for an event

This may include your name, email address, phone number, mailing address, payment information (processed by third-party providers — we do not store full card numbers), dietary preferences or allergy information, and any other information you choose to share.

1.2 Information Collected Automatically

When you visit our website, we and our service providers automatically collect certain technical information, including:

•       IP address and approximate geographic location (city/state level)

•       Browser type, operating system, and device type

•       Pages visited, time spent on pages, and referring URLs

•       Clickstream data and interactions with our site

•       Cookies and similar tracking technologies (see Section 5)

1.3 Information from Third Parties

We may receive information about you from:

•       Squarespace: our website platform, which hosts our site and newsletter signup

•       Toast: our point-of-sale and online ordering provider

•       DoorDash: our third-party delivery partner

•       Social media platforms: if you interact with us on Facebook, Instagram, or X (Twitter), those platforms may share limited data with us under their own privacy policies

•       Event co-hosts or partners: if you register for a co-hosted event, we may receive your registration information

1.4 Sensitive Information — Washington My Health My Data Act

Washington's My Health My Data Act (effective March 31, 2024) creates special protections for consumer health data. We do not intentionally collect health data. However, if you voluntarily share allergy information, dietary restrictions, or other health-related data to facilitate your dining experience, we treat that information with the highest level of care. We do not sell, share, or use that information for any purpose other than accommodating your request. You may request deletion of this information at any time (see Section 8).

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 To Operate Our Business

•       Process and fulfill online food orders

•       Respond to your inquiries, comments, and requests

•       Coordinate private event bookings

•       Manage your account or loyalty program membership

•       Send transactional communications (order confirmations, booking details)

2.2 Marketing and Communications

•       Send you our email newsletter about events, promotions, new menu items, and merchandise drops — only if you have opted in

•       Send you text/SMS messages about events or promotions — only with your explicit prior consent (TCPA-compliant)

•       Personalize communications based on your preferences and history with us

2.3 To Improve Our Services

•       Analyze website traffic and usage patterns

•       Understand customer preferences and improve our menus, events, and offerings

•       Conduct internal research and business analytics

2.4 Legal Compliance and Safety

•       Comply with applicable federal and Washington State laws and regulations

•       Enforce our terms and policies

•       Protect the rights, property, and safety of Rough & Tumble, our customers, and the public

•       Respond to legal process, court orders, or government requests

2.5 Legal Basis for Processing

Where required by law, we rely on the following bases for processing your personal information: your consent (e.g., for marketing emails and SMS), performance of a contract (e.g., processing your order), compliance with legal obligations, and our legitimate business interests (e.g., website analytics) where they do not override your rights.

3. How We Share Your Information

We do not sell your personal information. We do not share your personal information with third parties for their own independent marketing purposes without your consent. We share information only in the following limited circumstances:

3.1 Service Providers

We share information with trusted vendors who help us operate our business, including:

•       Squarespace (website hosting and newsletter platform)

•       Toast (online ordering and point-of-sale)

•       DoorDash and/or other similar delivery services (delivery services)

•       Squarespace, Printful, similar online printing and/or merchandise fulfillment sites as required to process order (website hosting and newsletter platform)

•       Email marketing platforms

•       Event management or ticketing tools

•      Other platforms and software as required to perform business

These providers are contractually required to use your information only to provide services to us and to maintain appropriate security protections.

3.2 Legal Requirements

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect the rights or safety of Rough & Tumble, our customers, or the public.

3.3 Business Transfers

If Rough & Tumble is involved in a merger, acquisition, asset sale, or similar transaction, your information may be transferred as part of that transaction. We will notify you via email or prominent website notice before your information becomes subject to a different privacy policy.

3.4 With Your Consent

We may share your information for other purposes with your explicit consent.

4. Email and Text (SMS) Communications

4.1 Email — CAN-SPAM Compliance

We send marketing emails only to individuals who have opted in. Every marketing email we send will:

•       Clearly identify Rough & Tumble as the sender

•       Include a valid physical mailing address

•       Include a clear and easy way to unsubscribe in every message

•       Honor unsubscribe requests within 10 business days

To unsubscribe from marketing emails: click the "Unsubscribe" link at the bottom of any email we send, or email us at hello@roughandtumblepub.com with "Unsubscribe" in the subject line. Note that unsubscribing from marketing emails will not affect transactional messages related to orders or bookings you have placed.

4.2 SMS / Text Messages — TCPA Compliance

We send text messages only to individuals who have provided explicit prior written consent. By providing your phone number and affirmatively opting in to SMS communications, you consent to receive recurring promotional text messages from Rough & Tumble. Message frequency varies. Message and data rates may apply.

To stop receiving text messages: reply STOP to any text message we send. You may also reply HELP for assistance. Opting out of SMS will not affect your email subscriptions.

5. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your experience, analyze traffic, and understand how visitors use our site. Cookies are small data files stored on your device.

Types of Cookies We Use

•       Strictly necessary cookies: required for the website to function (e.g., shopping cart, session management). These cannot be disabled.

•       Analytics cookies: help us understand how visitors interact with our site (e.g., Google Analytics or Squarespace Analytics). We use this data only in aggregate form.

•       Functional cookies: remember your preferences (e.g., location, language).

•       Marketing cookies: may be placed by third-party services (e.g., social media plugins). We do not use advertising networks or ad-targeting cookies for our own campaigns.

You can control cookies through your browser settings. Most browsers allow you to refuse cookies or delete existing ones. Note that disabling certain cookies may affect website functionality. Our site does not currently respond to browser "Do Not Track" signals, though we are monitoring developing standards in this area.

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this policy, comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:

•       Email marketing data: retained until you unsubscribe or request deletion

•       Order and transaction records: retained for 7 years per standard business and tax record requirements

•       Event booking information: retained for 3 years after the event

•       Website analytics data: retained per our analytics provider's standard retention periods (typically 14–26 months)

•       Health/allergy information: deleted upon request or within 90 days of the relevant dining experience

7. Data Security

We implement reasonable and appropriate technical, administrative, and physical safeguards to protect your personal information from unauthorized access, disclosure, alteration, or destruction. These include:

•       SSL/TLS encryption on our website

•       Access controls limiting who within our organization can access personal data

•       Use of PCI-DSS compliant payment processors (Toast, Squarespace Commerce) — we do not store full payment card numbers

•       Regular review of our data practices and vendor agreements

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security. In the event of a data breach affecting Washington State residents, we will notify affected individuals in accordance with Washington's data breach notification law (RCW 19.255.010) within the required timeframe.

8. Your Privacy Rights

Depending on where you live and the nature of the information involved, you may have the following rights regarding your personal information:

8.1 Rights Available to Washington State Residents

Under the Washington Consumer Protection Act and related state laws, you have the right to:

•       Access: request a copy of the personal information we hold about you

•       Correction: request that we correct inaccurate or incomplete information

•       Deletion: request that we delete your personal information, subject to certain exceptions (e.g., legal retention requirements)

•       Data portability: receive your information in a portable, machine-readable format where technically feasible

•       Opt-out of sale: we do not sell personal information, so this right is already satisfied

•       Non-discrimination: we will not discriminate against you for exercising any privacy right

8.2 My Health My Data Act (Washington State)

If you have shared consumer health data with us (e.g., allergy or dietary restriction information), you have the additional rights to:

•       Confirm whether we hold health data about you

•       Withdraw consent for collection or sharing of health data

•       Request deletion of all health data we hold

We will respond to health data requests within 45 days, with a possible 45-day extension where reasonably necessary.

8.3 How to Exercise Your Rights

To exercise any of the rights above, contact us at: hello@roughandtumblepub.comwith the subject line "Privacy Request." We will respond within 45 days of receiving a verifiable request. We may ask you to verify your identity before fulfilling your request.

We will not charge a fee for reasonable requests. If your request is unfounded, repetitive, or excessive, we may charge a reasonable administrative fee or decline the request.

9. Children's Privacy — COPPA Compliance

Our website and services are not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe we have inadvertently collected information from a child under 13, please contact us immediately at hello@roughandtumblepub.com and we will promptly delete that information.

Rough & Tumble is a family-friendly pub. Minors are welcome on premises in accordance with Washington State liquor laws. Our online ordering and email marketing programs are intended for adults 18 and older.

10. Third-Party Links and Services

Our website contains links to third-party websites and services, including Toast, DoorDash, Facebook, Instagram, and X (Twitter). This Privacy Policy does not apply to those third-party sites. We encourage you to review the privacy policies of any third-party services you use. We are not responsible for the privacy practices of third parties.

11. Washington Consumer Protection Act

Washington's Consumer Protection Act (RCW 19.86) prohibits unfair or deceptive acts or practices in trade or commerce. Our privacy practices are designed to be transparent and non-deceptive. We do not make false or misleading representations about how we collect, use, or share your personal information. If you believe we have engaged in an unfair or deceptive practice, you may file a complaint with the Washington State Attorney General's Office at atg.wa.gov.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated policy on our website with a revised "Effective Date." For material changes, we will provide additional notice such as a prominent website banner or email notification to subscribers.

Your continued use of our website or services after the effective date of the updated policy constitutes your acceptance of the changes. We encourage you to review this policy periodically.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Rough & Tumble Hospitality LLC

Privacy Inquiries / Data Requests

Email: hello@roughandtumblepub.com

Subject Line: "Privacy Request"

5309 22nd Ave NW, Top Floor, Seattle, WA 98107

Phone: 206.737.7687

LEGAL NOTICE: This Privacy Policy was prepared for informational and compliance purposes for Rough & Tumble LLC. It is not legal advice. We recommend periodic review by a licensed Washington State attorney, particularly as the Washington Privacy Act, My Health My Data Act, and related regulations continue to evolve.