MTM App Privacy Policy

Last Updated: November 12, 2025

1. Introduction

Welcome to the MTM App Privacy Policy. This Privacy Policy explains how Matt the Miller’s Tavern Steakhouse, part of CLB Restaurants (“we,” “us,” or “our”), collects, uses, discloses, and protects your personal information when you use the MTM mobile application (the “App”).

We are committed to protecting your privacy and being transparent about our data practices. This Privacy Policy should be read together with our Terms of Service, which govern your use of the App.

Quick Summary

  • We collect information you provide (account details, orders, preferences) and information automatically (device data, usage patterns).
  • We use your information to provide restaurant services, improve the App, and communicate with you.
  • We share information with service providers (Supabase, Resend, OpenTable, PerfectVenue) to operate the App.
  • You have rights to access, correct, and delete your personal information.
  • We implement security measures to protect your data.
  • We do not sell your personal information to third parties.

Contact Us: If you have questions about this Privacy Policy, contact us at community@clbrestaurants.com.

2. Information We Collect

2.1 Information You Provide to Us

Account Information:

  • Name (first and last)
  • Email address
  • Phone number
  • Password (encrypted)
  • Date of birth (for age verification)
  • Profile preferences

Loyalty Program Information:

  • Loyalty account details
  • Points balance and transaction history
  • Rewards redemption data
  • 4-digit loyalty code
  • Favorite menu items

Order and Reservation Information:

  • Takeout order details (items, quantities, special instructions)
  • Reservation details (date, time, party size)
  • Dining preferences and allergies
  • Order history

Event and Private Dining Information:

  • Event inquiry details (date, guest count, budget)
  • Special requests and preferences
  • Contact information for event coordination

Communications:

  • Feedback and reviews you submit
  • Customer support inquiries
  • Survey responses
  • Marketing preferences

2.2 Information Collected Automatically

Device Information:

  • Device type and model
  • Operating system and version
  • Unique device identifiers
  • Mobile network information
  • Device settings

Usage Information:

  • App features accessed
  • Pages and screens viewed
  • Time and date of access
  • Session duration
  • Navigation patterns
  • Crash reports and error logs

Location Information:

  • Location data (with your permission) for restaurant directions
  • Location selection (Dublin or West Chester)
  • IP address-based approximate location

Push Notification Information:

  • Push notification tokens (if you enable notifications)
  • Notification delivery and engagement data

2.3 Information from Third Parties

Toast POS Integration:

  • Check data and transaction details
  • Menu items purchased
  • Visit frequency and spending patterns
  • Loyalty code usage

OpenTable:

  • Reservation confirmations
  • Dining history
  • Reservation preferences

PerfectVenue:

  • Event inquiry status
  • Private dining booking details

3. How We Use Your Information

3.1 To Provide Our Services

  • Create and manage your account
  • Process takeout orders and reservations
  • Administer the loyalty program (earn and redeem points)
  • Track loyalty transactions and reward usage
  • Provide customer support
  • Send order confirmations and updates
  • Facilitate private dining and event requests
  • Deliver push notifications (with your consent)

3.2 To Improve and Personalize

  • Analyze usage patterns to improve App functionality
  • Personalize your experience based on preferences
  • Recommend menu items and offers
  • Track favorite dishes and dining habits
  • Optimize App performance and fix bugs
  • Develop new features and services

3.3 To Communicate with You

  • Send transactional emails (account verification, password resets)
  • Provide loyalty program updates and reward notifications
  • Share restaurant news, events, and promotions (with your consent)
  • Respond to inquiries and feedback
  • Conduct surveys and request reviews
  • Send important App updates and policy changes

3.4 For Legal and Security Purposes

  • Comply with legal obligations and regulations
  • Enforce our Terms of Service
  • Detect and prevent fraud or abuse
  • Protect the security and integrity of the App
  • Verify age for alcohol-related services
  • Respond to law enforcement requests

3.5 For Business Operations

  • Analyze business performance and trends
  • Generate aggregated, anonymized reports
  • Conduct internal research and development
  • Manage and improve restaurant operations

4. How We Share Your Information

4.1 Service Providers

We share information with trusted third-party service providers who assist us in operating the App and providing services:

Supabase (Database and Authentication):

  • Stores user account data, loyalty information, and app content
  • Provides secure authentication services
  • Subject to Supabase’s privacy policy and security practices
  • Data stored in secure cloud infrastructure

Resend (Email Services):

  • Delivers transactional emails (verification, password resets)
  • Sends loyalty program notifications
  • Processes marketing communications (with your consent)
  • Subject to Resend’s privacy policy

OpenTable (Reservation Management):

  • Processes and manages restaurant reservations
  • Shares reservation details with our restaurant systems
  • Subject to OpenTable’s terms and privacy policy

PerfectVenue (Event Management):

  • Handles private dining and event inquiries
  • Facilitates event booking and coordination
  • Subject to PerfectVenue’s terms and privacy policy

Toast (Point of Sale):

  • Syncs transaction data for loyalty program
  • Tracks purchases and loyalty code usage
  • Provides check data for point calculations

4.2 Business Transfers

If MTM Tavern Steakhouse or CLB Restaurants is involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred to the successor organization. We will notify you of any such change and provide options regarding your information.

4.3 Legal Requirements

We may disclose your information if required by law or in response to:

  • Subpoenas, court orders, or legal processes
  • Requests from law enforcement or government agencies
  • Protection of our rights, property, or safety
  • Protection of users or the public
  • Investigation of fraud or security issues

4.4 With Your Consent

We may share information with other parties when you explicitly consent, such as:

  • Social media sharing (if you choose to share content)
  • Third-party integrations you authorize
  • Promotional partnerships (with your opt-in)

4.5 Aggregated and Anonymized Data

We may share aggregated, de-identified, or anonymized information that cannot be used to identify you for:

  • Industry research and analysis
  • Marketing and promotional purposes
  • Business intelligence and reporting

4.6 What We DO NOT Do

  • We do NOT sell your personal information to third parties
  • We do NOT share your information for third-party marketing without your consent
  • We do NOT rent or lease customer lists

5. Data Security

5.1 Security Measures

We implement reasonable technical, administrative, and physical security measures to protect your information from unauthorized access, use, or disclosure:

  • Encryption: Passwords are encrypted using industry-standard hashing algorithms
  • Secure Connections: Data transmission uses SSL/TLS encryption
  • Access Controls: Limited access to personal information on a need-to-know basis
  • Secure Infrastructure: Data stored in secure, monitored cloud environments
  • Regular Audits: Periodic security assessments and updates
  • Secure Authentication: Multi-factor authentication for administrative access

5.2 Your Responsibilities

You play an important role in protecting your information:

  • Choose a strong, unique password
  • Do not share your account credentials
  • Log out of the App on shared devices
  • Report suspicious activity immediately
  • Keep your device and App updated

5.3 Data Breach Notification

In the event of a data breach that compromises your personal information, we will:

  • Notify you promptly as required by law
  • Describe the nature of the breach
  • Provide steps you can take to protect yourself
  • Report the breach to appropriate authorities

5.4 Limitations

While we implement strong security measures, no system is completely secure. We cannot guarantee absolute security of your information. You use the App at your own risk.

6. Data Retention

6.1 How Long We Keep Your Information

Account Data:

  • Retained while your account is active
  • Deleted within 30 days of account deletion request
  • Some data may be retained longer for legal compliance

Transaction Records:

  • Order and loyalty transaction history retained for up to 7 years for accounting and tax purposes
  • Aggregated, anonymized data may be retained indefinitely for analytics

Communications:

  • Customer support inquiries retained for 3 years
  • Marketing communications retained until you unsubscribe
  • Feedback and reviews may be retained indefinitely

Loyalty Program Data:

  • Points and reward data retained while account is active
  • Transaction history retained for program integrity and auditing
  • Inactive accounts (12+ months) may have points expired

6.2 Deletion Process

When you delete your account:

  • Personal information is deleted within 30 days
  • Some information may be retained in backup systems for up to 90 days
  • Transaction records retained as required by law
  • Anonymized data may be retained for analytics
  • Deletion is permanent and cannot be reversed

7. Your Privacy Rights

7.1 Access and Correction

You have the right to:

  • Access: Request a copy of your personal information
  • Correction: Update or correct inaccurate information through the App or by contacting us
  • Review: View your loyalty points, transaction history, and account details in the App

7.2 Account Deletion

You may delete your account at any time:

  • Through the App settings menu
  • By emailing community@clbrestaurants.com
  • We will process deletion requests within 30 days
  • Deletion forfeits all unredeemed loyalty points

7.3 Marketing Communications

You have the right to opt out of marketing communications:

  • Unsubscribe from emails using the link in each message
  • Adjust notification preferences in App settings
  • Contact us to opt out of all marketing
  • You will still receive transactional communications (order confirmations, account updates)

7.4 Location Data

You can control location data collection:

  • Disable location permissions in your device settings
  • You can still use the App without sharing location
  • Some features (directions) may be limited without location access

7.5 Push Notifications

You can control push notifications:

  • Disable notifications in App settings
  • Manage notification permissions in device settings
  • Choose which types of notifications to receive

7.6 California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to Know: Request details about the personal information we collect, use, and share
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt out of the “sale” of personal information (we do not sell personal information)
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at community@clbrestaurants.com with “CCPA Request” in the subject line.

7.7 European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation:

  • Right to Access: Obtain a copy of your personal data
  • Right to Rectification: Correct inaccurate information
  • Right to Erasure: Request deletion of your data
  • Right to Restriction: Limit how we process your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to certain data processing
  • Right to Withdraw Consent: Withdraw consent for data processing at any time

To exercise these rights, contact us at community@clbrestaurants.com.

8. Children’s Privacy

8.1 Age Restrictions

The MTM App is not intended for children under 13. We do not knowingly collect personal information from children under 13 without parental consent.

8.2 Parental Consent

  • Users aged 13-17 should use the App with parental supervision
  • Account creation requires users to be 18 or older
  • If we discover we have collected information from a child under 13 without parental consent, we will delete it promptly

8.3 Parents’ Rights

If you believe we have collected information from your child under 13, please contact us immediately at community@clbrestaurants.com. We will:

  • Verify your identity as the parent/guardian
  • Delete the information promptly
  • Terminate the account if applicable

9. Cookies and Tracking Technologies

9.1 Technologies We Use

The App may use the following technologies to collect information:

  • Local Storage: Stores preferences and session data on your device
  • Analytics Tools: Track usage patterns and App performance
  • Push Notification Tokens: Enable delivery of notifications
  • Device Identifiers: Unique identifiers for your device

9.2 Purpose of Tracking

  • Remember your preferences and settings
  • Maintain your login session
  • Analyze App usage and performance
  • Improve user experience
  • Deliver relevant notifications

9.3 Your Choices

  • Clear App data in your device settings
  • Disable analytics in App settings (if available)
  • Manage notification permissions
  • Note: Disabling some technologies may limit App functionality

10. Third-Party Links and Services

10.1 External Links

The App may contain links to third-party websites and services, including:

  • Social media platforms (Instagram, Facebook, Google Reviews, Yelp)
  • OpenTable reservation system
  • PerfectVenue event platform
  • Restaurant website (mtmtavern.com)

10.2 Third-Party Privacy Practices

  • We are not responsible for the privacy practices of third-party services
  • Third parties have their own privacy policies and terms
  • We encourage you to review third-party privacy policies
  • Your interactions with third parties are governed by their policies

10.3 Social Media

If you choose to interact with our social media pages:

  • Your interactions are governed by the social platform’s privacy policy
  • We may collect publicly available information from your social profiles
  • You control what information is public on your social accounts

11. Changes to This Privacy Policy

11.1 Updates

We may update this Privacy Policy periodically to reflect:

  • Changes in our data practices
  • New App features or services
  • Legal or regulatory requirements
  • User feedback and industry best practices

11.2 Notification of Changes

We will notify you of material changes through:

  • Updated “Last Updated” date at the top of this policy
  • In-app notifications for significant changes
  • Email notification (if we have your email)
  • Prominent notice in the App

11.3 Your Acceptance

Your continued use of the App after changes constitutes acceptance of the updated Privacy Policy. If you do not agree with changes, you should:

  • Stop using the App
  • Delete your account
  • Contact us with concerns

11.4 Review Regularly

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

12. International Data Transfers

12.1 Data Location

Your information may be transferred to and stored on servers located in:

  • United States (primary data storage)
  • Other countries where our service providers operate
  • Countries with different data protection laws than your own

12.2 Protections for International Transfers

When we transfer data internationally, we ensure adequate protections through:

  • Service provider agreements with data protection clauses
  • Compliance with applicable data protection regulations
  • Industry-standard security measures
  • Regular security audits and assessments

12.3 Your Consent

By using the App, you consent to the transfer of your information to countries outside your residence, including countries that may have different data protection laws.

13. Business Context and Legal Basis

13.1 Legal Basis for Processing (GDPR)

If you are in the EEA, we process your personal data based on:

  • Contractual Necessity: To fulfill our obligations under the Terms of Service (account management, orders, loyalty program)
  • Legitimate Interests: To improve our services, prevent fraud, and operate our business
  • Consent: For marketing communications and optional features
  • Legal Obligations: To comply with laws and regulations (age verification, tax records)

13.2 Business Purpose Categories

We collect and use information for the following business purposes:

  • Providing restaurant and loyalty services
  • Customer relationship management
  • Marketing and promotions (with consent)
  • Analytics and business intelligence
  • Security and fraud prevention
  • Legal compliance and dispute resolution

14. Contact Information and Questions

14.1 Privacy Questions

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

MTM Tavern Steakhouse / CLB Restaurants
Privacy Team
Email: community@clbrestaurants.com
Subject Line: “Privacy Question”
Phone: (614) 760-0432
Address: 8200 Business Way, Suite A, Plain City, Ohio 43064, USA

14.2 Data Protection Officer

For GDPR-related inquiries, you may contact our data protection contact at the address above with “GDPR Inquiry” in the subject line.

14.3 Response Time

We will respond to privacy inquiries within:

  • 30 days for general inquiries
  • 45 days for CCPA requests (may be extended to 90 days with notice)
  • 30 days for GDPR requests (may be extended to 90 days with notice)
  • Urgent security matters addressed immediately

14.4 Regulatory Authorities

If you are in the EEA, you have the right to lodge a complaint with your local data protection authority. If you are in California, you may contact the California Attorney General’s office.

15. Additional State-Specific Rights

15.1 Nevada Residents

Nevada residents have the right to opt out of the sale of personal information. We do not sell personal information as defined by Nevada law. If you have questions, contact us at community@clbrestaurants.com.

15.2 Other State Laws

We comply with applicable state privacy laws, including emerging regulations. If your state has specific privacy rights, contact us to exercise them.

16. Consent and Acknowledgment

By downloading, installing, or using the MTM App, you acknowledge that:

  • You have read and understood this Privacy Policy
  • You consent to the collection, use, and sharing of your information as described
  • You understand your privacy rights and how to exercise them
  • You agree to receive transactional communications necessary for the services
  • You can withdraw consent for optional data processing at any time

Thank you for trusting MTM Tavern Steakhouse with your information.

We are committed to protecting your privacy and providing transparent information about our data practices. If you have any questions or concerns, please don’t hesitate to contact us.

MTM Tavern Steakhouse – Part of CLB Restaurants