Privacy Policy 

Privacy Policy | Wendy's Breakfast Menu - Data Protection & User Rights
🍔
Wendy's Breakfast Guide

Privacy Policy

We believe in data minimization. Learn what we collect, why we collect it, and how you can control your information. GDPR & CCPA compliant.

Last Updated: March 23, 2026

1. Introduction & Scope

WendysBreakfastMenu.us ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website.

🔒 Key Principle: We practice data minimization. We only collect information necessary to operate the site, improve user experience, and comply with legal obligations. We do not sell your personal information to third parties—ever.

Effective Date: March 23, 2026
Data Controller: WendysBreakfastMenu.us, 123 High Street, Suite 400, Columbus, OH 43215
Data Protection Officer: privacy@wendysbreakfastmenu.us

2. Information We Collect

We collect limited information across three categories:

Category Examples Source Retention
Automatically Collected IP address (anonymized), browser type, device info, pages visited Google Analytics 4, server logs 26 months (GA4 default)
User-Provided Name, email, message content (contact forms only) Contact form submissions 90 days after resolution
Cookies/Tracking Session ID, affiliate referral codes, consent preferences Browser cookies, affiliate pixels Varies (see Cookie Policy)

What We DO NOT Collect

  • Social Security numbers or government IDs
  • Payment information (we don't process payments)
  • Precise geolocation data (we only see approximate city/region from IP)
  • Data from children under 13 (COPPA compliant)

3. How We Use Your Information

We use collected data solely for:

  • Site Operation: Debugging errors, optimizing load times, preventing abuse
  • Analytics: Understanding which menu pages are most helpful (using Google Analytics 4 with IP anonymization enabled)
  • Communication: Responding to your inquiries and correction bounty submissions
  • Affiliate Tracking: Attributing commissions when you click DoorDash/UberEats links (marked with ↗)
  • Legal Compliance: Responding to valid legal requests and protecting our rights
🤖 No AI Training: Your contact form submissions and behavioral data are never used to train machine learning models. We do not use AI services that retain user data (e.g., we don't use ChatGPT API for customer service).

4. Cookies & Tracking Technologies

We use cookies and similar technologies to enhance functionality:

Essential Cookies (Required)

  • Session management (keeping you logged in if we add accounts)
  • Cookie consent preferences storage
  • Security (CSRF protection)

Analytics Cookies (Optional - with Consent)

  • Google Analytics 4: Page views, session duration, referral sources
  • Search Console: Query data, click-through rates

Marketing/Affiliate Cookies (Optional - with Consent)

  • DoorDash affiliate tracking (30-day attribution window)
  • UberEats affiliate tracking (30-day attribution window)

Managing Cookies: You can modify cookie preferences through our Consent Management Platform (CMP) banner when you first visit, or via your browser settings. See our Cookie Policy for granular control options.

5. Third-Party Services & Data Sharing

We share limited data with the following categories of recipients:

Service Providers (Data Processors)

  • Google LLC: Analytics and advertising services (Analytics 4, AdSense)
  • Cloudflare, Inc.: CDN and security services
  • Notion Labs: Internal database for correction bounty tracking

Affiliate Partners

  • DoorDash, Inc. and Uber Technologies, Inc.: When you click affiliate links, they receive your click attribution data (timestamp, referral URL, device type) to credit us for the referral.

Legal Requirements

We may disclose information if required by law, court order, or governmental authority, or to protect our rights, property, or safety, or that of our users or the public.

🚫 No Data Sales: We do not sell, rent, or trade your personal information to third parties for marketing purposes. This is not just policy—it's practice.

6. Your Data Protection Rights

Depending on your location, you have specific rights regarding your personal data:

Right to Access (GDPR/CCPA)

Request a copy of all personal data we hold about you. We provide this within 30 days.

Right to Rectification

Correct inaccurate or incomplete personal information (e.g., typo in your email on a contact form).

Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data, subject to legal retention requirements.

Right to Restriction

Request we limit processing of your data while investigating a dispute.

Right to Data Portability

Receive your data in a structured, machine-readable format (CSV/JSON).

Right to Object

Opt-out of analytics tracking or affiliate marketing cookies at any time.

Exercising Your Rights

Email privacy@wendysbreakfastmenu.us with subject line "Data Request" and specify:

  • Which right you're exercising
  • Your email address (for verification)
  • Specific data you're inquiring about

We respond to all verified requests within 30 days as required by GDPR/CCPA.

7. Data Security Measures

We implement industry-standard security practices:

  • Encryption: TLS 1.3 for all data in transit; AES-256 for stored contact form data
  • Access Control: Only Marcus Chen (Editor) and Sarah Rodriguez (Lead Analyst) have database access
  • Regular Audits: Quarterly security reviews of third-party integrations
  • Backups: Encrypted daily backups retained for 7 days

Despite these measures, no internet transmission is 100% secure. We cannot guarantee absolute security but commit to prompt breach notification (within 72 hours) if one occurs.

8. International Data Transfers

We are based in the United States. If you access our site from the EU, UK, or other regions with data protection laws, your data will be transferred to and processed in the US.

We rely on Standard Contractual Clauses (SCCs) for transfers to Google Analytics and other processors. By using our site, you consent to this transfer.

9. Children's Privacy (COPPA Compliance)

Our site is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent/guardian and believe we have inadvertently collected such data, contact us immediately for deletion.

10. Changes to This Policy

We review this Privacy Policy quarterly. Material changes (affecting your rights) will be notified via:

  • Banner notification on homepage for 30 days
  • Updated "Last Updated" date below
  • Email notification to users who submitted contact forms in past 90 days

Last Updated: March 23, 2026
Next Review: June 23, 2026

Questions About Your Privacy?

Contact our Data Protection Officer:
privacy@wendysbreakfastmenu.us
WendysBreakfastMenu.us
123 High Street, Suite 400
Columbus, OH 43215