Privacy Policy
Effective Date: July 16, 2026
This Policy covers the main Vlore Bakery website, the linked Shopify store, orders, accounts, samples, menus, private-label projects, contact and career forms, merchant applications, and related communications.
1. Scope and Who We Are
This Privacy Policy describes how Vlore Bakery ("Vlore," "we," "us," or "our") collects, uses, discloses, and retains personal information when you use www.vlorebakery.com; the linked Vlore Bakery and Hot Sauce store currently hosted at e74705-59.myshopify.com; related checkout, account, and customer-service functions; bread-sample, menu, contact, career, and merchant-application forms; and related communications (collectively, the "Services").
This Policy does not govern a distributor, processor, manufacturer, social network, or other independent business when you interact with it directly. Those parties apply their own notices. Shopify and certain other platform providers may process information both for Vlore and for their own disclosed purposes.
2. Personal Information We Collect
The information we collect depends on how you interact with the Services. We may collect the following categories:
Identifiers and contact information
Name, business name, title, email address, telephone number, billing and shipping address, account identifier, IP address, and similar identifiers.
Customer-account and authentication data
Account credentials, preferences, saved addresses, account activity, and information used to authenticate or secure an account. Passwords are handled through the store platform and should not be sent to Vlore by email or general forms.
Orders and commercial information
Products viewed or purchased, quantities, variants, pricing, discounts, cart contents, order history, receipts, returns, refunds, warranties, samples, menu-program participation, distributor relationships, and customer-service records.
Payment and transaction information
Payment method type, billing details, authorization status, transaction identifiers, fraud signals, and limited card information such as brand and last four digits. Full card data is generally collected and processed by Shopify or another payment provider rather than stored by Vlore.
Restaurant, business, and eligibility information
Restaurant type, location, purchasing role, distributor, account status, product usage, estimated needs, sample or menu eligibility, tax-exemption information, and other business details supplied in an inquiry or application.
Merchant-application and underwriting information
Business ownership, processing history, merchant statements, bank or financial information, and other materials requested for a payment-services evaluation. Sensitive underwriting data should be submitted only through a designated secure channel.
Custom and private-label materials
Logos, trademarks, artwork, photographs, label text, menu content, prices, brand instructions, proof approvals, production files, and related communications.
Communications and customer service
Messages, call notes, emails, form submissions, support requests, event dates, complaint information, photos of damaged goods, feedback, and records of our response.
Applicant and professional information
Employment history, current position, sales experience, education, qualifications, resume, references, professional profiles, availability, and other information submitted through the careers process.
Device, browser, and network activity
Browser and device type, operating system, cookie and advertising identifiers, pages viewed, links clicked, referring pages, search terms, session activity, approximate location derived from IP address, and security logs.
Marketing and consent records
Email-subscription status, communication preferences, consent language, date and source of consent, unsubscribe or opt-out records, and campaign interaction information.
Social-media and public information
Information you make available when interacting with our social pages or public reviews, and business or professional information from lawful public sources.
Inferences
Preferences, likely product interests, customer segment, lead status, fraud risk, or other conclusions drawn from the information above.
Sensitive personal information
We may receive financial-account details, government identifiers, account credentials, or other sensitive data only when needed for a lawful merchant, employment, fraud-prevention, or transaction purpose. Do not include sensitive data in a general contact, sample, or menu form unless specifically requested through a secure channel.
3. Sources of Personal Information
We collect information from:
You
When you browse, create an account, place an order, contact us, subscribe, request a sample or menu support, submit artwork, apply for work, complete a merchant application, or otherwise communicate.
Shopify and payment providers
Account, checkout, payment, fraud-screening, order, shipping, return, and customer-service information generated through the online store.
Form, CRM, and communications providers
Information submitted through website forms, Pipedrive or other customer-relationship tools, email systems, file-upload services, telephone systems, and messaging providers.
Distributors, manufacturers, suppliers, and fulfillment partners
Information needed to quote, verify eligibility, coordinate orders or samples, produce custom goods, deliver products, administer warranties, or resolve issues.
Analytics, advertising, and social platforms
Device activity, campaign interactions, referral data, and audience information when those technologies are enabled and permitted.
Affiliates and business partners
Information relating to POS, payment, restaurant support, private-label, menu, and related Vlore offerings when necessary to respond to a request or manage a relationship.
Public and professional sources
Business websites, public directories, professional profiles, government records, and references, where lawful and relevant.
4. How We Use Personal Information
We may use personal information to:
operate, maintain, personalize, and secure the Services;
create and administer accounts and authenticate users;
process payments, accept or reject orders, fulfill and ship goods, provide receipts, manage taxes, returns, refunds, recalls, warranties, and customer service;
evaluate and fulfill bread-sample requests and menu or promotional-material programs;
quote, proof, manufacture, and deliver private-label or customized products and verify rights in submitted assets;
respond to inquiries, coordinate with distributors, suppliers, carriers, manufacturers, and restaurant-support partners, and provide requested non-marketing communications;
evaluate merchant applications, obtain underwriting or processing options, and refer an applicant to relevant payment or POS providers;
review job applications, verify information, contact references, communicate about roles, and comply with employment laws;
send marketing communications as permitted and manage subscriptions, consent, preferences, and suppression lists;
analyze Site performance, customer journeys, product interest, campaigns, and operations; develop and improve products and services; and create aggregated or de-identified insights;
detect, investigate, and prevent fraud, abuse, chargebacks, security incidents, unsafe products, policy violations, or unlawful conduct;
comply with food-safety, recall, tax, accounting, legal, regulatory, litigation, recordkeeping, and law-enforcement obligations; and
evaluate or complete a financing, merger, acquisition, reorganization, asset sale, or similar business transaction.
5. How We Disclose Personal Information
We may disclose personal information to the following categories of recipients for the purposes described in this Policy:
Shopify and payment providers
To host the store, manage accounts and checkout, process payments, screen fraud, provide customer privacy tools, and support transactions. Shopify may also process consumer information under its own privacy notices.
Shipping, fulfillment, and logistics providers
To validate addresses, generate labels, deliver or retrieve orders, provide tracking, investigate loss or damage, and administer recalls.
Manufacturers, suppliers, distributors, and warranty providers
To check availability, fulfill wholesale or direct orders, produce or label custom goods, coordinate samples, administer warranties, and resolve product issues.
Hot Brand-It and other customization vendors
To receive and proof artwork, manufacture labels or products, communicate about approvals, and fulfill private-label requests.
POS, processor, bank, and merchant-services partners
To evaluate merchant applications, provide quotes or underwriting, arrange equipment or processing, and administer a requested commercial relationship. These parties may act as independent businesses under their own notices.
Website, form, CRM, cloud, and communications providers
To host content, operate forms, store files, manage leads and support, send email or messages, maintain records, and provide IT services.
Analytics, advertising, and social-media providers
To measure use and campaigns, prevent fraud, provide social functions, and deliver or measure advertising when those technologies are enabled and permitted.
Recruiting and verification providers
To host applications, store resumes, evaluate candidates, contact references, and perform permitted screening.
Professional advisers and insurers
Lawyers, accountants, auditors, consultants, and insurers who need information to provide advice, coverage, audit, or claims services.
Authorities and protected parties
Courts, regulators, food-safety agencies, tax authorities, law enforcement, or other parties when reasonably necessary to comply with law, respond to legal process, administer a recall, protect safety or rights, investigate fraud, or enforce agreements.
Corporate-transaction participants
Potential or actual buyers, investors, lenders, advisers, and successors in a merger, financing, reorganization, asset sale, bankruptcy, or similar transaction, subject to appropriate protections.
At your direction
A person, distributor, reference, restaurant, or other organization when you ask us to disclose information or consent to the disclosure.
We do not disclose personal information to third parties for their independent purposes merely because they are related to Vlore. We disclose only when reasonably connected to the purposes above, an applicable agreement, your direction, or law.
6. Sale, Sharing, and Targeted Advertising
We do not sell personal information in exchange for money. If we enable advertising pixels, social-media tags, audience tools, or certain analytics technologies, those providers may collect identifiers and internet or device activity from the Services. Depending on applicable law, those disclosures may be considered a "sale," "sharing" for cross-context behavioral advertising, or targeted advertising even though no money changes hands.
Where applicable, you may opt out through a "Your Privacy Choices" or cookie-settings link displayed on the Services, by submitting a request through www.vlorebakery.com/contact with the subject or first line "Opt Out of Sale/Sharing or Targeted Advertising," or through a legally recognized browser-based opt-out preference signal such as Global Privacy Control. The preference will apply to the browser or device from which it is sent unless we can associate it with an authenticated account.
We do not knowingly sell or share sensitive personal information or personal information of individuals under 16 for targeted advertising. We do not use sensitive personal information to infer characteristics unrelated to the service you requested.
7. Cookies and Similar Technologies
The Services and our providers may use cookies, pixels, software development kits, local storage, session replay or interaction tools, and server logs. Depending on the configuration, these technologies may support:
Strictly necessary functions
Checkout, cart, account login, security, fraud prevention, network management, accessibility, and preference storage.
Analytics and performance
Understanding traffic, navigation, errors, product interest, campaign performance, and Site improvement.
Functional features
Remembering choices, embedding media or social features, and supporting customer service.
Advertising
Measuring advertisements, limiting repetition, building audiences, or showing interest-based advertisements where permitted.
Use the available cookie or privacy controls to make choices. You can also adjust browser settings, but blocking necessary cookies may prevent checkout or account features from working. Browser "Do Not Track" signals are not interpreted consistently; we respond to legally recognized opt-out preference signals where required.
8. Email, Telephone, and Text Communications
We use contact information to send order, security, proof, shipping, recall, support, application, and other service-related communications. We may also send marketing emails where permitted and consistent with your choices. Marketing consent is not a condition of purchase, sample eligibility, job consideration, or merchant evaluation.
Use the unsubscribe link in a marketing email to stop promotional email. If you separately consent to marketing text messages, you may opt out by replying STOP or using another reasonable method stated in the message; HELP may provide assistance. Message frequency varies and carrier rates may apply. We may retain limited suppression information so we do not re-enroll an opted-out address or number inadvertently.
An opt-out does not stop non-marketing communications needed to complete a transaction, provide safety or recall information, respond to you, maintain security, or comply with law.
9. Data Retention
We retain personal information only as long as reasonably necessary for the purpose collected, the relationship, a documented business need, or legal requirements. Retention is based on the following criteria:
Accounts and profile information
For the life of the account and a reasonable period afterward for security, reactivation, support, disputes, and legal obligations.
Orders, payments, shipping, returns, and tax records
For the period needed to fulfill the transaction and afterward for accounting, tax, warranty, recall, chargeback, fraud, audit, and legal-claim requirements.
Food traceability and recall records
For the period appropriate to the product life, distribution chain, regulatory requirements, safety investigations, and potential claims.
Samples, inquiries, and sales leads
For as long as reasonably needed to respond, verify eligibility, conduct follow-up, maintain relationship history, prevent abuse, and meet legal or accounting obligations.
Menu, private-label, and custom-project files
For the project and a reasonable period afterward to reproduce approved work, manage reorders, protect rights, resolve disputes, and comply with labeling, accounting, or legal requirements.
Merchant applications and underwriting materials
Until the requested evaluation and reasonable follow-up are complete, and longer only when needed for an active relationship, processor requirement, fraud prevention, dispute, legal hold, or law. Unneeded prospect documents should be securely deleted or de-identified.
Applicant information
For the hiring process and a reasonable period afterward for future roles, compliance, recordkeeping, and claims, subject to applicable law and your rights.
Customer service, warranty, and complaint records
For as long as needed to resolve the issue, administer a remedy, identify safety trends, defend claims, and improve operations.
Marketing and consent records
Until you unsubscribe or the consent is no longer valid, plus a limited suppression and proof-of-consent record.
Cookies, logs, analytics, and security records
For the period reasonably needed for the stated purpose, security, troubleshooting, fraud prevention, analytics, and legal compliance, after which information is deleted, aggregated, or de-identified.
We may retain information longer for litigation holds, investigations, recalls, safety incidents, fraud prevention, legal obligations, or the establishment, exercise, or defense of claims. We may retain aggregated or de-identified information that cannot reasonably be linked to an individual.
10. Data Security
We use reasonable administrative, technical, and physical safeguards designed for the nature of the information and risks involved. Measures may include access controls, vendor controls, secure payment processing, authentication, backups, monitoring, and staff procedures. No transmission or storage system is completely secure, and we cannot guarantee absolute security.
Do not send card numbers, account passwords, bank-login credentials, Social Security numbers, medical records, or other unnecessary sensitive information through email or general Site forms. Use only the secure channel specifically provided for payment, underwriting, or employment information. If you believe an account or submission has been compromised, contact us promptly.
11. Your U.S. State Privacy Rights
Depending on your state, the law's applicability thresholds, and the type of information, you may have the right to:
confirm whether we process personal information and access or obtain a copy of it;
correct inaccurate personal information;
delete personal information, subject to exceptions;
obtain certain information in a portable format;
opt out of sale, sharing, targeted advertising, or certain profiling as those terms are defined by law;
limit certain uses or disclosures of sensitive personal information;
obtain information about categories of collection and disclosure;
appeal a denied request where applicable; and
receive equal service and not be unlawfully discriminated against for exercising a right.
Submit a request through www.vlorebakery.com/contact and begin the message with "Privacy Request," call 417-619-1496, or write to the address in Section 18. State the right you want to exercise and provide enough information for us to locate relevant records. Do not send sensitive identification documents unless we request them through a secure method.
We may verify your identity and authority based on the request and risk. An authorized agent may submit a request where permitted, but we may require proof of authorization and direct confirmation from you. If we deny a request and your law provides an appeal, reply or resubmit with "Privacy Appeal" and explain the basis. We will not unlawfully discriminate against you for exercising a privacy right.
12. California Privacy Notice
This section supplements the rest of the Policy for California residents if the California Consumer Privacy Act, as amended ("CCPA"), applies to Vlore and the relevant information. In the preceding 12 months, we may have collected and disclosed for business purposes the categories below to the extent relevant to our operations:
Identifiers
Such as name, business contact details, addresses, online identifiers, IP address, and account identifiers. Disclosed to service providers, Shopify, payment providers, fulfillment parties, distributors, business partners, advisers, authorities, and transaction participants. Identifiers may also be disclosed through advertising or analytics technologies if enabled.
California customer-record information
Such as contact, payment, signature, and account information. Disclosed to providers and partners needed for transactions, support, merchant evaluation, legal compliance, and business administration.
Commercial information
Such as orders, products, samples, menu programs, returns, preferences, and purchase history. Disclosed to store, payment, fulfillment, distributor, supplier, warranty, CRM, analytics, and professional-service recipients.
Financial and payment information
Such as billing data, limited card details, transaction records, and merchant-underwriting information. Disclosed to Shopify, payment providers, processors, banks, fraud providers, accountants, advisers, and authorities as necessary. Full card data is generally handled by payment providers.
Internet or other electronic network activity
Such as browsing, device, cookie, click, cart, account, and interaction data. Disclosed to hosting, Shopify, security, analytics, communications, and, if enabled, advertising providers.
Approximate geolocation
Derived from IP address or delivery information. Disclosed to hosting, fraud, analytics, shipping, payment, and service providers for the stated purposes.
Audio, electronic, visual, or similar information
Such as customer-service communications, submitted photos, artwork, logos, and files. Disclosed to service providers, suppliers, customization vendors, advisers, and authorities as needed.
Professional or employment-related information
Such as business role, experience, resume, references, merchant information, and job history. Disclosed to recruiting, CRM, verification, partner, adviser, and authority recipients as appropriate.
Inferences
Such as product interests, lead status, customer segment, or fraud risk. Disclosed to service providers and relevant partners for operations, personalization, analytics, security, and marketing.
Sensitive personal information
Potentially including account credentials, financial-account information, payment data, government identifiers, or contents of certain communications when submitted for employment, merchant underwriting, security, or transactions. Used and disclosed only for permitted operational, security, legal, or requested-service purposes and not to infer unrelated characteristics.
The sources, business purposes, recipient categories, and retention criteria are described in Sections 2 through 9. We do not sell personal information for money. If advertising or audience technologies are enabled, identifiers and internet activity may be "shared" under the CCPA. Use the methods in Sections 6 and 11 to opt out where applicable.
California residents may request to know, access, correct, or delete covered information; request information about collection, sale, sharing, or disclosure; opt out of sale or sharing; and limit certain uses of sensitive personal information where the law provides that right. We do not currently offer a financial-incentive program in exchange for personal information.
13. Shopify and Other Platform Providers
Shopify hosts the online store and processes account, device, checkout, order, payment, fraud, and customer-service information to provide its platform. Depending on the feature, Shopify may act as a service provider or processor for Vlore and may also process information for its own disclosed purposes. Shopify's Consumer Privacy Policy at www.shopify.com/legal/privacy/consumers and Shopify privacy controls apply to its independent processing.
Other providers, including Pipedrive, payment companies, social networks, distributors, manufacturers, and Hot Brand-It, may likewise act as our service provider, an independent business, or both depending on the interaction. When you leave our Services or knowingly submit information directly to another business, review that business's privacy notice.
14. Children
The Services are directed to adults and businesses and are not intended for children under 13. We do not knowingly collect personal information from children under 13 through the Services. If you believe a child has provided information, contact us so we can investigate and take appropriate action. We do not knowingly sell or share personal information of individuals under 16 for targeted advertising.
15. International Visitors
Vlore is based in the United States. Information may be processed and stored in the United States and other locations where Shopify and other providers operate. Those locations may have different data-protection laws. Where required, we use appropriate mechanisms for cross-border processing. The Services are primarily directed to the United States unless a written offer states otherwise.
16. Third-Party Links and Distributor Transactions
The Services may link to distributor sites, manufacturers, social networks, payment processors, and other services. This Policy does not govern those businesses when they determine how to use information independently. If you buy through a distributor, the distributor's privacy policy governs its transaction records, although Vlore may separately receive information needed for sales support, safety, traceability, or the relationship.
17. Changes to This Policy
We may update this Policy prospectively and will post a new effective date and any notice required by law.
18. Contact Us
For privacy requests, use www.vlorebakery.com/contact with "Privacy Request" in the message, call 417-619-1496, or write to Vlore Bakery - Privacy, 921 S Springfield Ave, Bolivar, MO 65613.
