Privacy Policy

This Privacy Policy ("Policy") explains how MEZZA collects, uses, and discloses personal

information relating to you, as well as the rights and choices available to you in connection

with such information. This Policy governs your access to and use of the MEZZA mobile

application (the "Application"), the website located at https://www.mezzapay.com (the

"Website"), and any other online services operated by MEZZA that link to this Policy

(together with the Website and Application, the "MEZZA Services).

Under applicable data protection laws, a distinction is made between entities that determine

the purposes and means of processing personal data ("controllers" or "businesses") and those

that process data on behalf of others ("processors" or "service providers"). This Policy applies

only where we act as a controller or business. It does not apply to personal information we

process on behalf of a client or partner, which is governed by that party's own privacy policy.

Certain jurisdictions require specific disclosures. If you reside in California, Colorado,

Connecticut, Montana, Nevada, Oregon, Texas, Utah, or Virginia, please refer to the regional

disclosures at the end of this Policy.

If you have any questions or concerns about this Policy or how your data is handled, you may

contact us at: privacy@mezzapay.com

1. Information We Collect

We collect several types of information from and about users of the MEZZA Services,

including information you provide directly, information collected automatically, and data

received from third parties.

1.1 Information You Provide to Us Directly

When you interact with the MEZZA Services, we may ask you to provide information that

can be used to identify or contact you.

•

Contact Information: such as your full name, phone number(s), email address, and

mailing or home address.

Demographic Information: including your age, gender, date of birth (day and

month), and general location.

Account Information: such as your chosen username and password when creating an

account.

Purchase Information: including details of transactions made through the MEZZA

Services such as credits redeemable across the MEZZA network ("MEZZA Cash"), or

(“MEZZA Cash Back”) redemption activity, transaction timestamps, items ordered,

and purchase values. We may also collect information regarding your preferences and

interests, as provided by you or inferred from your transaction history and interactions.

Dining Preferences: such as allergy information or dietary restrictions you choose to

disclose.

•

Referral Information: such as the email address of individuals you refer to the

Services or to whom you send gifted credits.

•

User Content: including messages, feedback, or inquiries you send to customer

support, as well as any images or content you upload to your user profile.

Job Application Information: if you apply for a position with MEZZA, we may

collect information required to evaluate your application, including employment and

educational background, writing samples, transcripts, and references.

1.2 Information Automatically Collected From Your Browser or Device

When you access the MEZZA Services via a mobile device, computer, or other, we may

automatically collect the following categories of data:

•

Device Information: such as the type of device, device ID, IP address, browser type,

operating system, and user settings.

Service Use Information: including browsing behavior, offers viewed or used, pages

visited, and features engaged.

Location Data: approximate location inferred from your IP address or device

configuration.

We and our partners utilize various tracking technologies to collect this data, including

cookies (small text files stored on your device), pixel tags (transparent images used to track

web activity), JavaScript, API calls, and similar technologies. These tools help us enhance

user experience, perform analytics, and support marketing and advertising activities. For more

details and opt-out mechanisms, please see the “Analytics and Advertising” and “Your Rights

and Choices” sections below.

1.3 Information from Third Parties and Public Sources

We may also receive information about you from third-party sources, which may include:

•

Merchant Partners: such as restaurants or venues in the MEZZA network that may

share information like your dining preferences or purchase activity.

Reservation Platforms: including booking data from third-party services you use.

Social Media Platforms: when you engage with our content or account on third-party

platforms.

•

Vendors: including fraud detection providers, advertising networks, analytics

companies, and other business service providers.

Public Sources: information obtained from publicly available records or sources.

We are not responsible for the data handling practices of third-party platforms or services and

recommend that you consult their respective privacy policies for additional information.

2. How We Use the Information

We collect and process personal information in accordance with the practices described in this

Policy, including for the following purposes:

2.1 Providing Services to You

We use your personal information to administer and operate the MEZZA Services, including

managing your account and delivering the services you request.

2.2 Communications in Response to Your Actions

We use your information to communicate with you regarding your interactions with the

MEZZA Services. For instance, when you create an account, purchase credits, accept credits

shared by another user, or otherwise engage with our services, we will send you transactional

communications confirming these actions. This includes, for example, emails confirming your

registration, credit purchases or redemptions, and membership activation, as well as follow-up

communications to facilitate your use of our services.

These communications are essential to the functioning of the MEZZA Services and cannot

generally be disabled. We may also respond to any inquiries or support requests you submit.

Additionally, we may send SMS messages to verify your identity as part of our security

protocols, such as during account access on a new device or when you attempt to claim an

offer—commonly known as two-factor authentication.

2.3 Communications About Updates and Security

We may send you notifications by email regarding important changes to your account for

security or administrative purposes. For example, we may notify you if there is an attempt to

change account information or if legal agreements or policies have been updated. These

communications are considered service-related and, in most cases, are not subject to opt-out.

2.4 Marketing Communications

From time to time, we may send you marketing-related messages, including promotional

emails, SMS messages, or push notifications through the Application. Standard text

messaging charges may apply. If you have opted in to receive push notifications, you may

disable them by modifying your device settings or uninstalling the Application. You can also

opt out of receiving SMS marketing by replying “STOP” to any such message or by emailing

privacy@mezza.com with your opt-out request, specifying the phone number or device to be

unsubscribed. Please note that opt-outs are limited to the device or number from which they

are requested.

2.5 Understanding Trends and Improving the Service

We use information about you to evaluate how users interact with the MEZZA Services,

assess the effectiveness of our marketing and advertising, and identify trends and user

behaviors. This allows us to refine and enhance our services, content, user experience, and

promotional strategies.

2.6 Personalizing Your Experience

We may use your data to tailor the content and services of the MEZZA Services to your

individual preferences (including personalized offers, recommendations, or other relevant

features).

2.7 Surveys and Feedback Requests

We may occasionally contact you to request feedback or invite you to participate in surveys

regarding your experience with the MEZZA Services, our website, or marketing initiatives.

We may send these communications on our own behalf or on behalf of our marketing

partners. Participation in such surveys is entirely voluntary. You may opt out at any time by

clicking the unsubscribe link provided in our communications or by emailing

privacy@mezzapay.com.

2.8 Advertising

We use personal information to support our advertising and promotional activities. This may

involve working with third-party advertising agencies, ad networks, publishers, social media

platforms, and technology vendors. For instance, we may display ads for MEZZA products

and services on third-party websites and social media platforms.

These ads often rely on tracking technologies to deliver relevant content, measure campaign

performance, detect fraud, limit ad frequency, and generate insights. When you visit the

MEZZA Services after viewing a third-party advertisement, tracking tools may help us

assess whether you engaged with the ad and how that engagement relates to your behavior on

our platform.

Some advertising we engage in may constitute targeted advertising, which involves

displaying personalized ads based on your activity across non-affiliated websites or

applications over time. This may include embedding third-party tracking technologies in the

MEZZA Services or sharing hashed identifiers with third-party platforms to help deliver or

measure personalized campaigns.

2.9 Referrals or Gifts

We use information you provide when referring others or sending gifted credit to enable us to

deliver such referrals or credits at your request.

2.10 Merchant Partners

We may use your information to improve the services offered by our Merchant Partners and

to provide you with information related to those partners. For example, we may share your

name and email address with a Merchant Partner to match your information with transaction

data and recognize you as a VIP customer at a participating location.

2.11 Security and Legal Protection

We use your information to safeguard the rights, property, safety, and well-being of MEZZA,

our users, and others. This includes detecting, investigating, and preventing fraudulent,

harmful, or unlawful activity.

2.12 At Your Direction

We use your information in accordance with your instructions, including to process

reservations, fulfill orders, or generate purchase confirmations on your behalf.

2.13 With Your Consent

We may also use your personal information for additional purposes that are not listed here,

but only after providing specific notice to you and obtaining your consent, where legally

required.

2.14 Use of De-Identified and Aggregated Data

Notwithstanding the above, we may use information that does not identify you (including data

that has been aggregated or de-identified in accordance with applicable law) for any purpose

to the extent permitted by law.

For information about your rights and choices with respect to how we use your data, please

consult the “Your Rights and Choices” section below.

3. When Do We Disclose Information?

MEZZA may disclose personal information about you to third parties under specific

circumstances, including:

•

(a) with your knowledge and consent;

(b) as described in this Privacy Policy;

(c) when required by applicable law, regulatory authorities, or legal process;

(d) as permitted in order to protect the rights, property, safety, confidentiality, or

reputation of MEZZA or its users;

•

(e) to enforce our terms and conditions;

(f) to detect, prevent, or address fraud, cybercrime, or other harmful activity; or

(g) to pursue available legal remedies or mitigate potential damages.

We may disclose your information to the following categories of recipients:

4. Service Providers

We may share your information with third-party service providers under contractual

obligations that require the protection of your data. These providers assist us with data

hosting, storage, processing, analytics, marketing, customer support, and communication

services, among other business operations. To the extent required by applicable law, service

providers are prohibited from using your personal information for purposes other than

providing services to MEZZA, although they may use de-identified or aggregated

information to the extent permitted by law.

5. Affiliates and Related Entities

We may share your personal information with our parent company, subsidiaries, affiliates, or

other companies under common ownership or control. These related entities may use your

information for their own legitimate business purposes in accordance with their respective

privacy policies. MEZZA remains accountable for the management and safeguarding of any

such data.

6. Third-Party Vendors and Other Independent Controllers

Some third parties we work with operate as independent data controllers and determine their

own purposes and means of processing your information. For example, we may disclose data

to advertising networks, social media platforms, analytics providers, and technology vendors

involved in delivering or measuring targeted advertising. Because these entities act

independently, we encourage you to consult their privacy policies and terms of use for more

information on how they process your data.

7. Merchants and Transaction Processors

When you place an order with a Merchant through MEZZA, we may share the necessary

details—such as your name, order contents, phone number, and address—with the partner or

their delivery provider to facilitate the transaction and address any service-related issues.

A current list of our platform integrations is available at:

https://mezza.integrationsplatforms.com

8. Business Transfers (Mergers, Acquisitions, etc.)

As MEZZA continues to evolve, we may reorganize, merge with, or sell portions of our

business or assets. In connection with such transactions—including bankruptcy, acquisition,

or restructuring—customer data may be disclosed or transferred as a business asset, subject to

the commitments made in this Policy at the time of collection.

9. Legal Compliance and Security

We may disclose personal information where necessary to comply with legal obligations,

including in response to subpoenas, court orders, law enforcement requests, or other lawful

government demands. We may also disclose data to protect the rights, safety, or property of

MEZZA, its users, or others.

10. At Your Direction

We may disclose personal information to third parties based on your request or explicit

instructions, such as when you authorize a reservation, referral, or credit transfer to another

person or platform.

11. Disclosure of De-Identified or Aggregated Data

We may share information that does not identify you personally—including information that

has been aggregated or de-identified in compliance with applicable law—with third parties for

lawful business purposes. Such purposes may include:

•

industry research and analysis,

demographic profiling,

investor reporting,

publication in industry white papers or media articles.

These disclosures do not contain data that could reasonably be used to identify you.

12. Your Rights and Choices

Depending on your jurisdiction, you may have additional rights and choices regarding your

personal information. This section outlines the mechanisms available to you to exercise

control over your data.

13. Jurisdictional Rights

If you are a resident of California, Colorado, Connecticut, Montana, Nevada, Oregon, Texas,

Utah, or Virginia, please refer to the state-specific disclosures at the end of this Privacy Policy

for information about your additional legal rights under applicable state laws.

14. Account Management

You may access, review, update, correct, or delete certain personal information associated

with your account directly through the MEZZA Services:

•

To edit your information, log in to the Application, navigate to the Profile section, and

make the necessary changes in Account Info.

To remove a saved payment card, go to Wallet Section select the card you wish to

remove, and follow the prompts to unlink it.

If you delete all personal information in your profile, your account may become

deactivated.

To request deletion of your entire account and associated records, you may contact us

at privacy@mezzapay.com

Please note that we may retain certain information as necessary to comply with legal

obligations, resolve disputes, and enforce our agreements.

15. Tracking Technology Management

The MEZZA Services may place cookies and similar tracking technologies on your browser

or device. You may adjust your browser settings to block cookies or to alert you when a

website attempts to place a cookie on your device. If you use multiple browsers, you must

adjust settings individually for each one.

Blocking or deleting cookies may impact your ability to access certain features or

functionality of the MEZZA Services.

Some browsers or browser extensions may support automated preference signals (e.g.,

Global Privacy Control) indicating your choices regarding the use of tracking technologies.

Where required by law, we honor such signals.

If you wish to opt out of the sale or sharing of your personal information (as defined under

applicable law) without using a browser preference signal, you may also do so via the “Your

Privacy Choices” link located in the footer of our website.

You may stop all data collection via the mobile application by uninstalling it from your

device.

If you use Apple iOS, we will only access your device's Advertising Identifier (IDFA) if

you have granted us permission. You may reset or limit the use of this identifier at any time

through your iOS privacy settings.

16. Third-Party Opt-Out Tools

You may exercise additional choices regarding third-party data collection through the

following industry tools:

•

Google Analytics Opt-Out: https://tools.google.com/dlpage/gaoptout

Google Display Advertising Settings: https://www.google.com/settings/ads/onweb/

Digital Advertising Alliance (DAA): https://youradchoices.com/control

Network Advertising Initiative (NAI): https://www.networkadvertising.org/choices/

Please be advised that these tools apply only to the specific browser or device you are using at

the time you opt out. MEZZA is not responsible for the effectiveness or accuracy of third-

party opt-out mechanisms.

17. International Data Transfers

MEZZA is headquartered in the United States, and any information we collect is governed by

U.S. law. If you are located outside the United States, please note that your data may be

transferred to, stored in, and processed in countries whose data protection laws may not offer

the same level of protection as those in your jurisdiction.

By using the MEZZA Services and submitting your information, you acknowledge and

consent to the transfer, processing, and storage of your data in the United States and other

jurisdictions.

18. Links to Third-Party Sites and Services

The MEZZA Services may contain links to third-party websites or services, including

through APIs or embedded content. These links are provided for your convenience, and their

presence does not imply any affiliation, sponsorship, or endorsement by MEZZA.

We do not control and are not responsible for the privacy practices of third-party sites or

services. We encourage you to read the privacy policies of those external websites before

sharing any personal information.

19. Children’s Privacy

The MEZZA Services is not directed to individuals under the age of 13. We do not

knowingly collect personal information from children under 13 years of age. If you are under

13, please do not submit any personal data to us.

If you are a parent or legal guardian and believe that your child under 13 has provided us with

personal information, please contact us at privacy@mezzapay.com, and we will take steps to

delete such data from our systems.

20. Data Security

We implement reasonable administrative, technical, and physical safeguards to help protect

your personal information from unauthorized access, use, disclosure, alteration, or

destruction.

Despite these efforts, no method of electronic transmission or storage is entirely secure, and

we cannot guarantee the absolute security of your information.

21. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our business

practices, legal obligations, or services. Any modifications will take effect immediately upon

being posted on our Website and/or Application, unless otherwise stated.

If we make material changes to the Policy, we will update the “Effective Date” and may

notify you by email or through in-app messaging, where appropriate. We encourage you to

periodically review this Policy to remain informed of how we protect your data.

Continued use of the MEZZA Services following any updates constitutes your acceptance of

the revised Policy.

22. Processing of personal data in accordance with GDPR

22.1 Purpose of processing of personal data

MEZZA, acting as Data Controller, collects and processes your personal data in accordance

with Regulation (EU) 2016/679 of 27 April 2016 (the “GDPR”) and the French Data

Protection Act, “Loi Informatique et Libertés” as amended.

We process your personal data for the following purposes:

•

Administering and operating the MEZZA Services, including account management

and service delivery;

Communicating with you regarding your transactions, account security, and updates to

our services;

•

Sending marketing communications and promotional offers, subject to your choices;

Understanding trends, improving our services, and assessing the effectiveness of our

marketing and advertising;

•

Personalizing your user experience, including offers and recommendations;

Conducting surveys and requesting feedback;

Supporting advertising and promotional activities, including targeted advertising;

Processing referrals, gifted credits, and related transactions;

Collaborating with our Merchant Partners to improve their services and identify VIP

customers;

•

Ensuring the security of our services, preventing fraud, and protecting MEZZA’s

rights and the rights of others;

•

Carrying out activities at your request and with your consent;

Using de-identified and aggregated data for research, analytics, and lawful business

purposes.

Your personal data will be retained only for as long as necessary to fulfil the purposes for

which it was collected, plus any applicable statutory limitation periods.

You have the following rights: access, rectification, erasure, restriction of processing,

objection, and data portability. You may exercise these rights by contacting us at:

privacy@mezzapay.com. You also have the right to lodge a complaint with the French

supervisory authority (CNIL).

22.2 Subprocessing and Data Protection

In connection with the performance of this Agreement, the Processor is authorized to process,

on behalf of MEZZA, only the personal data strictly necessary for the agreed purposes, which

may include account management, payment processing, transaction facilitation, analytics,

marketing support, customer communications, fraud prevention, and service improvement.

The Processor undertakes to:

1. Process personal data solely on documented instructions from MEZZA, including with

respect to transfers to a third country, unless required to do so by law;

2. Ensure the confidentiality of personal data and guarantee that any person authorized to

process it is bound by an appropriate confidentiality obligation;

3. Implement appropriate technical and organizational measures to ensure the security of

personal data;

4. Assist MEZZA in fulfilling its obligations regarding data subjects’ rights and personal

data breach notifications;

5. Upon completion of the services, delete or return all personal data in accordance with

MEZZA’s instructions;

6. Make available to MEZZA all information necessary to demonstrate compliance with

the GDPR and the Loi Informatique et Libertés, and allow for and contribute to audits

conducted by MEZZA or its designated auditor.

The Processor may not engage another subprocessor without MEZZA’s prior written

authorisation, and only on condition that such subprocessor is bound by the same contractual

obligations as those set out in this Agreement.

The list of the Data Processor is the following:

• Google Cloud Platform (CGP)

• Sentry.io

• SendGrid

• Twilio

• Apple

• Google

• InfoBip

23. How to Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data

practices, you may contact us at:

Email: privacy@mezzapay.com