Plain language where we can manage it. Legal boilerplate where we must.
Updated: 14 March 2026 · Operator: Boston Piizze Ltd., Ontario corporation #1074432 · Applies to: bostonpiizze.com and all ordering operations.
When you place an order, book a table, or send us a contact-form message, we hold some personal information about you. This document tells you what we collect, why we keep it, how long we hold it, and what you can ask us to do with it. We follow PIPEDA (the federal Personal Information Protection and Electronic Documents Act) and Ontario consumer-protection law.
From an online order: name, phone, email, delivery address, order contents, and your chosen payment method (cash or Interac e-Transfer). We do not take online card payments and do not collect, store, or transmit credit-card numbers — payment is settled in cash or by e-Transfer at the door when the pizza arrives (or at the counter for pickup). Where you place a pickup order we don't need an address.
From a contact form: whatever you put in it. Typically a name, an email, and a message.
From a phone call or email: whatever you tell us, plus our own notes.
From normal browsing: IP address, browser, OS, referring URL, timestamps. Stored for 30 days in webserver logs. Used for security and fraud prevention, never for profiling or ad targeting.
No advertising cookies, no third-party tracking pixels, no Facebook Pixel, no retargeting tags. No mailing-list signups without your explicit opt-in on the checkout page. We do not sell, rent, trade, or otherwise transfer customer information to anyone, ever. We don't even send you promotional emails unless you asked.
Tightly limited to: (a) the delivery rider assigned to your order, who sees the address and order contents; (b) the Canada Revenue Agency, for quarterly HST reporting on aggregate sales; (c) a law-enforcement agency, but only with a valid court order. There is no payment processor in the chain because we do not accept online card payments — cash and Interac e-Transfer are handled directly between you and the rider at the door.
Completed order records: seven years (CRA retention requirement). Contact-form submissions that don't lead to a booking: 12 months, then deleted. Webserver logs: 30 days. We keep no card or banking data at any time.
PIPEDA gives you the right to (a) ask what information we hold about you, (b) ask us to correct anything wrong, (c) ask us to delete it (subject to the seven-year CRA retention for completed transactions), and (d) withdraw any consent you gave us. To exercise any of these, write to privacy@bostonpiizze.com. We respond within 30 days.
If you're not satisfied with our response, you can escalate to the Office of the Privacy Commissioner of Canada at priv.gc.ca.
We run on a small server managed by one of our staff. Traffic is over TLS 1.3. The order database is encrypted at rest. Only Luca and Sofia have admin access. Passwords are salted-hashed (bcrypt), never stored in plain.
We don't knowingly collect information from anyone under 13. If you think a child has submitted a form or placed an order without a parent, email privacy@bostonpiizze.com and we'll delete the record.
When this policy changes we update the date at the top of this page. If the change is meaningful (new data collection, new sharing) we email active-order customers first.
Privacy Officer — Sofia Marchetti (yes, really; Luca is too busy at the oven)
Boston Piizze Ltd.
892 College Street
Toronto, ON M6H 1A4
Canada
privacy@bostonpiizze.com · (416) 538-8900