Let The Journey Begin
Track Order
Contact
Menu
Search
Home
My Cart
Me

CaptainGreek Privacy Policy

Introduction
Information We Collect
How We Use Your Information
How We Share Your Information
Use of Cookies and Tracking Technologies
Data Security
Your Rights and Choices (Customers & Vendors)
Children’s Privacy
California Privacy Rights (CCPA/CPRA)
Use of Social Login (Google, Microsoft, Apple)
Newsletter and Marketing Emails
Third-Party Services and Integrations
Business Transfers
Changes to This Privacy Policy
Contact Us

Introduction

Captain Greek Group of Companies, LLC (“CaptainGreek,” “we,” “us,” or “our”) operates a United-States-based multi-vendor e-commerce marketplace and mobile application that connects customers with vendors offering Mediterranean products (together, the “Services”). This Privacy Policy explains how we collect, use, share, and protect personal information obtained from anyone who interacts with the Services, whether as a customer purchasing goods or an independent vendor listing them. By accessing or using any part of the Services, you acknowledge that you have read and understood this Privacy Policy and agree to the practices described here.

Because all purchases on CaptainGreek require a registered account—guest checkout is not available—we necessarily collect the information needed to process orders, provide customer support, comply with legal obligations, and improve the Services. Third-party providers that support our operations (such as payment processors, shipping carriers, analytics providers, or social-login partners) maintain their own privacy statements; this Policy describes only how CaptainGreek handles your information when you engage with our platform.

Information We Collect

We collect various types of information from you in order to operate our marketplace and provide our services:

Account Information (Customers & Vendors) — When you create a CaptainGreek account we collect:

  • Basic personal details – your name, email address, password, and phone number.

  • Address details – billing and shipping addresses required for orders and deliveries.

  • Social-login data – if you register or sign in with Google, Microsoft, or Apple we receive only the name and email address those providers confirm for your account (see Use of Social Login below).

For Vendors – In addition to the customer-account information above, we collect Business & Verification Information, including:

  • Business details: legal entity or store name, DBA (doing-business-as) name, registered business address, and public shop name/URL.

  • Contact details: primary contact person, business email address, and business phone number.

  • Tax & compliance identifiers: Employer Identification Number (EIN) or Social Security Number (for sole proprietors), relevant state sales-tax IDs, and tax forms such as IRS Form W-9 or 1099-K certifications.

  • Payout & banking information: bank-account holder name and routing/account numbers (collected and stored securely through Stripe Connect).

  • Identity & license documents: government-issued photo ID, business license, reseller certificate, or similar documentation used to verify eligibility.

  • Other optional profile data: shop logo, social links, marketing images, or any additional information you choose to display in your public vendor profile.

  • Additional documentation: any other records we reasonably require to verify identity, meet know-your-customer (KYC) obligations, or comply with applicable law.

We use all of the above information to identify you, secure your account, enable payouts, and operate the marketplace in compliance with legal and industry requirements.

Order & Transaction Information — Each time a purchase is made on CaptainGreek we create a detailed record of that transaction:

  • For customers: we log the products and quantities purchased, unit and total prices, order number, date-and-time stamp, selected shipping method, billing and shipping addresses, any gift notes or special instructions you add at checkout, and the content of on-site messages exchanged with the vendor about that order.

  • For vendors: we store the listing data you provide for every product involved in the sale—SKU, title, description, price, stock status or variant options—as well as the shop policies you publish (e.g., shipping, returns, warranties).

We keep this information so we can process payments, fulfill and deliver orders, provide customer support, manage returns or disputes, generate shipping labels, and satisfy tax, accounting, and other legal record-keeping obligations.

  • Payment Information: We use Stripe to handle payment processing for all transactions. You will provide credit/debit card details or other payment data at checkout, but CaptainGreek does not store full payment card numbers or sensitive payment information on our servers. Payment details are transmitted securely to Stripe; we only retain basic payment metadata (e.g. the type of payment, transaction ID, billing address) needed for recordkeeping. We do not store your credit card information – Stripe processes payments on our behalf and collects device and browser data to help detect fraud (See Third-Party Services – Stripe below for more on Stripe’s role.)

  • Communications: If you contact us for support, submit inquiries, or communicate with vendors (for instance, to ask a question about a product), we collect the information you provide in those communications. This may include emails, chat logs, or contact form messages. We use these to respond to you and improve our services.

  • Automatically Collected Data: Like most websites, CaptainGreek collects certain information automatically when you visit or use our site. This includes technical information such as your IP address, browser type, device identifiers, pages or products viewed, referring/exit pages, and timestamps. We (or third-party analytics tools) gather usage data about how you navigate the site – for example, which pages you visit and how long you spend – to understand and improve the user experience. We use cookies and similar tracking technologies to enable this data collection (see Use of Cookies below).

  • Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to operate our website and marketplace. Cookies are small text files stored on your device that help the site function properly, remember your preferences, and collect information about your interactions. In the Use of Cookies section below, we provide detailed information about the cookies we use, their purposes, and their expiration periods.

  • Location Information: We do not actively track your precise geolocation. However, your IP address may provide a general location (e.g., city or state), which can be used for purposes such as estimating shipping or complying with regional legal requirements (for example, sales tax calculations or privacy disclosures). Vendors may indicate their business location (e.g., city and state) as part of their public shop profile.

We collect the above information either directly from you (when you fill out forms or communicate with us) or automatically through your interaction with our site and services. You may choose not to provide certain information (for example, you can choose not to fill out optional profile fields), but note that some information is required for using key features of the marketplace (for instance, we need your address to ship an order, and vendors need to provide identity details to receive payouts).

How We Use Your Information

We use the collected information for the following purposes:

  • Providing and Improving Our Services: We use personal information to operate the CaptainGreek marketplace and provide you with the products and services you request. This includes processing orders and payments, facilitating transactions between customers and vendors, and delivering ordered products. For example, we use your information “to facilitate and process transactions, orders, and payments” on the platform. We also use data to personalize your experience (such as recommending products or tailoring content to your interests) and to improve our website’s functionality, layout, and performance based on how users interact with it.

  • Account Management and Customer Support: We maintain your account information to allow you to log in, update your profile, and use our marketplace features. We will use your contact information (email or phone) to communicate with you about your account or transactions – for example, sending order confirmations, shipping updates, and responses to your inquiries. We also use your data to provide customer service and support. If you are a vendor, we use your information to communicate about your shop, orders, payouts, and to provide vendor-specific support.

  • Vendor Services: If you are a vendor, we use the information you provide (such as product information, shop details, and any vendor profile data) to display your listings on the marketplace and connect you with buyers. We may use vendor contact information to send important updates about the marketplace, policy changes, or opportunities on CaptainGreek. Vendor data is also used to calculate commissions, process payouts, and generate any required tax documentation.

  • Payments and Fraud Prevention: We use personal and payment information to process transactions securely via Stripe. Your information is used to charge your payment method for purchases and to ensure vendors receive payment for sales. To protect our platform and users, we (and our payment processor Stripe) use data such as device identifiers and transaction history to detect and prevent fraudulent transactions. For instance, Stripe may analyze device and browser data to flag suspicious activity as part of our fraud prevention measures.

  • Communicating with You: We use your contact information to send service-related communications. These include confirmations and receipts, notices about your orders or account, and updates on any customer service issues. We may also send newsletters or marketing communications if you have subscribed to them or if it’s in the context of a sale (see Newsletter and Marketing Emails below). You can opt out of promotional emails at any time. We do not send unsolicited text messages or non-essential communications without consent.

  • Marketing and Personalization: With your consent or as permitted by law, we may use your information to send you promotional content about new products, special offers, or other news about CaptainGreek that may interest you. We might also use data about your past browsing or purchases to tailor advertisements on our site or on third-party platforms (such as showing you items similar to what you viewed). Any such usage involving cookies or pixels is described in Use of Cookies and Third-Party Services sections. You can opt-out of marketing emails and you can adjust your browser or ad settings to limit targeted advertising (see Your Rights & Choices and CCPA Rights below).

  • Analytics and Performance: We analyze usage data (through tools like Google Analytics) to understand how our users navigate the site, which pages or products are most popular, and where improvements are needed. This helps us troubleshoot issues, test new features, and enhance the user experience. For example, we look at aggregated data on page load times, checkout funnel drop-off, and other metrics to optimize our site’s performance and design. Analytics cookies (like Google’s _ga cookie) gather this data and provide us with anonymous statistics about site traffic.

  • Legal Compliance and Security: We use information to comply with applicable legal obligations and to enforce our terms and policies. For instance, we may use personal data to validate that users meet certain requirements (such as age restrictions or vendor eligibility criteria) or to keep records required by law (e.g., for tax, accounting, and regulatory purposes). We also may process your data as needed to protect the security and integrity of our marketplace – for example, monitoring for security breaches, preventing misuse of our services, and enforcing our Terms and Conditions. We only use personal information in ways that are compatible with the purpose for which it was collected or as subsequently authorized by you.

We will not use your personal information for purposes unrelated to the above without notifying you and obtaining your consent when required. If we plan to process your information for a new purpose, we will update this Privacy Policy or otherwise communicate the changes to you.

How We Share the Information

We understand that information about our customers and vendors is a key part of our business, and we are not in the business of selling your personal information to others. We share personal information only as necessary to run our marketplace, to facilitate transactions, and as otherwise described below, under strict controls:

  • Sharing with Vendors (for Order Fulfillment): When you purchase a product from a third-party vendor on CaptainGreek, we share necessary information about you with that vendor so they can fulfill your order. This typically includes your name and shipping address, and may include your email or phone number if needed for customer support or digital delivery. Vendors see the details of the items you ordered from their shop, but they do not receive your payment card information or any other orders you’ve placed with other vendors. We require vendors to use buyer information only for order fulfillment and related communications, and to protect your information in accordance with this policy and applicable law. Similarly, if you as a vendor fulfill an order, the customer will see certain information about you – for example, your shop name, your provided business contact info, and any information required on an invoice or shipping label (such as an origin address). Note: All vendors on CaptainGreek are independent businesses; while they are expected to uphold privacy protections, any personal data you provide directly to a vendor (outside of our platform’s systems) is not covered by this Privacy Policy.

  • Sharing with Customers (Vendor Information): If you are a vendor, some of your information is visible to users of the site. This includes the public information you provide in your vendor profile or shop page, such as your seller display name, shop description, product listings, and any reviews or ratings. When a customer places an order from you, they will receive your shop name and contact info on the transaction records (e.g., order confirmation emails or packing slips) as required for e-commerce receipts. We may also share limited vendor contact information with a customer if necessary to facilitate communication about an order (for example, if a return needs to be arranged, we might provide the customer with a vendor’s return address). We do not share vendors’ personal financial information or sensitive personal data with customers.

  • Service Providers and Partners: We employ and contract with various third-party service providers to perform functions and services on our behalf. This includes, for example, payment processing companies, shipping carriers, email service providers, data analytics providers, advertising partners, and technology/IT support services. We share information with these third parties only to the extent necessary for them to provide their services. For instance: your payment information is shared with Stripe to process payments securely; your address may be shared with shipping companies like UPS or USPS to calculate shipping rates and deliver your package; your email address may be shared with an email distribution service to send order confirmations or newsletters; and we share anonymous or aggregated site usage data with analytics and marketing partners (like Google and Meta/Facebook) to understand site performance and reach people with relevant advertising. These service providers are contractually obligated to protect your information and use it only for the purposes we specify. They do not have independent rights to use your personal data for their own unrelated purposes.

  • Business Transfers: If CaptainGreek undertakes a corporate transaction such as a merger, acquisition by another company, sale of assets, or financing, personal information may be disclosed to potential or actual purchasers (and their advisors) as part of due diligence or transferred to the new ownership as one of the business assets. In such cases, we will ensure that your information remains subject to the protections of this Privacy Policy (unless you consent otherwise). See Business Transfers below for more information.

  • Legal Compliance and Protection: We may release your information when we believe in good faith that such disclosure is necessary to comply with applicable laws or legal processes (such as responding to a subpoena or court order), or to enforce or apply our Terms and other agreements; or to protect the rights, property, or safety of CaptainGreek, our users, or others. This includes exchanging information with other companies and organizations for fraud prevention, spam/malware detection, and similar purposes. For example, we might disclose certain data to law enforcement authorities if required by law, or flag to financial institutions certain transaction details to investigate fraudulent activity. We will notify you of such disclosure, when permissible, in accordance with legal requirements.

  • With Your Consent or At Your Direction: We will share your personal information with third parties in instances where you explicitly ask or direct us to do so. For example, if you participate in a promotion or program where we need to send your information to a partner, we will do so only with your consent. Outside of the situations outlined above, you will have the opportunity to choose whether we share your personal information.

Importantly, we do not sell your personal information to third parties for monetary consideration. Any sharing of data is only done for the business and operational purposes described and with appropriate privacy safeguards in place. If in the future we anticipate the need to share personal data in a way that constitutes a “sale” under applicable law (such as certain types of targeted advertising sharing under California law), we will provide the required notices and opt-out mechanisms (see California Privacy Rights (CCPA) below).

Use of Cookies and Tracking Technologies

Like most online services, CaptainGreek uses cookies and similar tracking technologies to provide, personalize, and improve our services. This section explains how we use cookies and provides a table of the cookies set through our website.

What Are Cookies? Cookies are small text files placed on your computer or device when you visit a website. They allow the website to recognize your browser and remember certain information about you (such as your preferences or login status). We use first-party cookies (served by us) as well as third-party cookies (served by others) for various purposes. We also use related technologies like web beacons, pixels, and local storage. In this policy, we refer to all of these as “cookies” for simplicity.

Why We Use Cookies: We use cookies to make our site function correctly, to enhance your user experience, to analyze site traffic, and to support our marketing efforts. Some cookies are strictly necessary for the site to operate (for example, to keep you logged in or to remember items in your cart), and these do not require consent. Other cookies, such as for analytics and advertising, are non-essential and will only be used with your consent where required by law. On your first visit to our site, you will be presented with a cookie banner that allows you to manage your cookie preferences.

Below is a table of cookies that may be set when you use CaptainGreek.com, along with their purpose and typical expiration:

Cookie Name

Purpose

Expiry

PHPSESSID

General session identifier. Preserves the user’s session state and login across page requests (essential for site functionality).

Session (until browser is closed)

mage-messages

Stores messages and notifications (e.g. cookie consent banner, error messages) to ensure they are displayed to the user. Automatically cleared after displaying.

24 hours

form_key

Security token to prevent Cross-Site Request Forgery (CSRF) attacks. Ensures that form submissions are from an authenticated source.

1 hour

X-Magento-Vary

Improves page load performance by indicating when cached content should be refreshed for the user. Does not store personal data.

24 hours

persistent_shopping_cart

Remembers cart information if your session expires or you return to the site later, allowing you to retrieve your shopping cart. Facilitates a seamless shopping experience for returning users.

30 days (persistent)

_ga

Google Analytics cookie used to distinguish unique users by assigning a random ID. Helps analyze how visitors use the site (e.g. pages visited, traffic sources).

2 years

_gid

Google Analytics cookie used to distinguish users on a shorter timeframe. Stores a unique ID for each day to compile daily visit statistics.

24 hours

_gat

Google Analytics cookie used to throttle request rate (limits the collection of data on high-traffic sites). Does not store user data.

1 minute

IDE

Google advertising cookie (DoubleClick) used to deliver and measure personalized ads. Helps to show you relevant advertisements on Google services and across the web, and to avoid repeating the same ads.

~1 year

_fbp

Facebook/Meta Pixel cookie used to identify browsers for providing analytics and personalized advertising on Facebook’s network. Helps us with “interest-based” ads and measuring ad campaign effectiveness.

3 months

__stripe_mid

Stripe payment cookie used for fraud prevention and to distinguish users. This cookie allows Stripe to process payments securely without storing any credit card information on our servers.

1 year

__stripe_sid

Stripe payment cookie for fraud prevention, tied to your session. Helps Stripe assess risk and ensure payment transactions are secure.

Session (30 minutes)

m

Stripe cookie used to identify the device for payment processing and fraud detection. It helps Stripe format the checkout appropriately and adds an extra layer of security.

2 years

nsr

Stripe cookie (nsr stands for “Network Stripe”) used during the checkout process. Supports Stripe’s payment functionality, for example by routing requests appropriately.

Session (until browser is closed)

cookiesEnabled

Stripe cookie indicating your cookie preferences or that cookies are enabled in your browser. Used during checkout to ensure Stripe can operate properly if cookies are permitted.

Session (until browser is closed)

affiliate_id

CaptainGreek affiliate tracking cookie (only set if you arrived via an affiliate link). Stores the referral ID of the affiliate who referred you, so that the affiliate can be credited for any qualifying purchases.

30 days

USER_ALLOWED_SAVE_COOKIE

Indicates whether the user has given consent to non-essential cookies (i.e., whether the cookie banner was acknowledged). This cookie is used to remember your preferences for future visits.

1 year


*Expiry values are the maximum lifespan set by the cookie. They may be shortened if you delete cookies, clear site data, or if the provider rotates the identifier sooner.

Please note: The exact cookies and their names may change as we update our platform or integrate new services. We will endeavor to keep this table up-to-date. Also, some cookies (especially those marked as “Session”) are temporary and will be removed when you close your browser.

Third-Party Cookies: Many of the cookies above (especially those for analytics and advertising) are set by third-party providers (like Google and Meta) and not directly by CaptainGreek. These cookies enable the third-party features or services we use (for example, Google Analytics or Facebook Pixel) and the data collected by them is often governed by those third parties’ privacy policies. We encourage you to review Google’s and Meta’s privacy policies to understand how they handle the information they may collect via cookies. Certain features store small snippets in your browser’s localStorage or sessionStorage (for example, “recently viewed products”). These act like persistent cookies and can be cleared by deleting site data in your browser settings.

Your Cookie Choices: You have the right to control and manage your cookies. When you first visit our site, you may be given an option to accept or decline certain cookies. In addition, most web browsers let you control cookies through the browser settings. You can set your browser to refuse new cookies, delete existing cookies, or notify you when new cookies are set. Please note, however, that if you block or delete cookies, our site may not function as intended. For example, if you disable essential cookies, you might not be able to log in or add items to your cart. Cookies allow you to take full advantage of some of our features, so we recommend leaving them enabled for the best experience. That said, the choice is yours – and non-essential cookies (like advertising cookies) will not be set if you decline them in our cookie consent tool or via your browser.

Do-Not-Track Signals: Some browsers offer a “Do Not Track” (DNT) feature that, when enabled, signals to websites that you do not wish to be tracked across sites. Currently, there is no uniform standard for how to respond to DNT signals, and our site does not respond to them. We instead offer the cookie consent and opt-out mechanisms described above. As standards emerge, we will reevaluate our approach to DNT signals. We also honor the Global Privacy Control (GPC) signal as a request to opt out of non-essential cookies.

For further information on managing cookies and targeted advertising, see Your Rights & Choices and California Privacy Rights below.

Data Security

CaptainGreek is committed to protecting your personal information. We implement appropriate technical and organizational measures to secure your data against unauthorized access, alteration, disclosure, or destruction. These measures include, for example:

  • Encryption: Our website is secured via SSL/TLS encryption. This means that when you enter personal information (such as login credentials or payment details) on our site, that information is encrypted in transit and transmitted securely over HTTPS. Encryption helps prevent eavesdropping or interception of your data by unauthorized parties during transmission.

  • Access Controls: We restrict access to personal data to authorized personnel who need it to perform their job duties (for example, our customer support and IT staff). Vendors only have access to the customer information necessary to fulfill their own orders. All staff and vendors are expected to adhere to confidentiality obligations. Administrative access to systems handling personal data is protected with strong authentication (such as passwords and, where feasible, multi-factor authentication).

  • Secure Storage: Personal data collected by us is stored on secure servers. We employ firewalls, intrusion detection systems, and other security technologies to prevent unauthorized access to our systems. We review our information collection, storage, and processing practices periodically to guard against unauthorized access, use, or modification.

  • PCI Compliance: We do not store credit card numbers on our systems, but we do follow industry best practices and rely on PCI-DSS compliant payment processors to handle payment data. Stripe, for instance, is certified to PCI Service Provider Level 1, the highest level of payment security.

  • Monitoring and Testing: We monitor our site for potential vulnerabilities and attacks. Regular security scans, software updates, and penetration testing are part of our security protocol to ensure our defenses remain effective. We also maintain up-to-date antivirus and anti-malware protection on our systems.

Despite our efforts to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security. You should also play a role in keeping your information safe by maintaining the confidentiality of your account credentials and using unique, strong passwords. If you suspect any unauthorized access to or use of your account, please contact us immediately.

In the event of a data breach that affects your personal information, we will notify you and the relevant authorities as required by law, and will take all reasonable steps to mitigate the impact and prevent future incidents.

Your Rights and Choices (Customers & Vendors)

We believe you should have control over your personal information. Whether you are a customer or a vendor on CaptainGreek, you have certain rights and choices regarding the data we hold about you, subject to applicable law:

  • Access and Portability: You have the right to request a copy of the personal information we hold about you. We can confirm whether we are processing your personal data and provide you with a copy of that data, typically in a common electronic format. For example, you may request that we provide the order history and account information associated with your account. For California residents, this is known as the “Right to Know” (see CCPA Rights below). We will send you your data or make it available to you in a portable format (e.g., CSV or PDF file).

  • Correction (Rectification): We strive to keep your information accurate and up to date. If you find that any personal information we have collected about you is incorrect or incomplete, you have the right to request that we correct or update it. For instance, if you change your phone number or notice an error in your address, you can update this in your account settings or ask us to update it. Vendors can update most of their shop information by logging into their vendor dashboard, but if any data requires assistance to change, we will help correct it upon request.

  • Deletion (Right to Erasure): You may request that we delete your personal information, and we will do so unless we are legally required or permitted to keep certain data. This is sometimes called the “Right to be Forgotten.” For example, if you no longer wish to use CaptainGreek, you can request account deletion. Please note that we will retain transaction records as needed for legal, auditing, and business purposes – we will, however, disassociate those records from your identity where possible. If you are a vendor and request deletion, we may need to retain some information about your past transactions for accounting and compliance (but we will mark your account as closed and not use your data for other purposes). Also note that residual copies of your information might not be immediately removed from backup systems, but will be deleted as those backups are updated.

  • Opt-Out of Marketing Communications: If you no longer wish to receive our non-transactional emails, you can opt out at any time. You can do this by clicking the “unsubscribe” link in any marketing email we send, or by adjusting your email preferences in your account settings. Even if you opt out of marketing messages, we will still send you transactional and service-related communications (such as order updates, security alerts, or account notifications) as these are necessary for us to provide our services to you.

  • Opt-Out of Sale/Sharing: California and certain other U.S. residents can instruct us not to ‘sell’ or ‘share’ their personal information for targeted advertising. You can do this by activating the Do Not Sell or Share link in our footer or by sending a Global Privacy Control (GPC) signal.

  • Account Management: You can access and update certain personal information directly by logging into your CaptainGreek account. For example, customers can edit their profile details and saved addresses, and vendors can update their shop descriptions and product listings. We encourage you to keep your information current. If you wish to change the email address associated with your account, you may do so through account settings or by contacting support for assistance (additional verification may be required). If at any time you wish to deactivate or close your account, please contact us. Closing your account will mean you can no longer log in or make purchases (or, for vendors, no longer sell); however, your information may be retained as noted above for legal reasons.

  • Cookies & Tracking Choices: As described in Use of Cookies, you have choices regarding cookies and similar technologies. You can adjust your browser settings to refuse cookies, and you can use available tools to opt out of tracking by certain third-party advertisers. Additionally, if we implement a cookie consent tool, you can manage your preferences (e.g., withdraw consent for analytics/advertising cookies). For more details or assistance with managing cookies, you can contact us. You can withdraw any consent you have given us at any time, and we will honor it going forward.

  • International Users / GDPR: Our marketplace is intended for U.S. users only; we do not specifically target or market to individuals in the European Union. However, if you are using our service from outside the U.S. (knowingly or unknowingly) and certain international data protection laws apply (such as the EU General Data Protection Regulation), you may have additional rights such as the right to object to or restrict processing of your data. We honor all applicable rights in accordance with law. Please contact us if you have any questions or requests regarding your data. EU users can also lodge a complaint with their local data-protection authority.

To exercise any of the above rights or make any requests regarding your personal information, please contact us using the details in Contact Us below. We will need to verify your identity before fulfilling certain requests (for example, by confirming you have access to the email associated with your account). We will respond to valid requests within the timeframe required by law (generally within 45 days, with extensions if necessary and notified). There is no charge for making such requests, though repeated or excessive requests may incur a reasonable fee as permitted by law. If we deny your request, we will explain why and tell you how to appeal that decision.

We will not discriminate against you for exercising your rights. For instance, if you request deletion of your data or opt out of marketing, we will not deny you services or provide a different quality of service (subject to the data actually needed to provide the service). California residents have additional rights, including the right to opt-out of ‘sale’ or ‘sharing’; see California Privacy Rights below..

Children’s Privacy

CaptainGreek.com is not intended for children under 13. In line with the U.S. Children’s Online Privacy Protection Act (COPPA), we do not knowingly collect personal information from anyone under 13 unless we first obtain verifiable parental consent. Our website, products, and services are designed for users aged 13 and over—most are primarily of interest to adults or older teenagers. By visiting or using CaptainGreek, you confirm that you are at least 13, or that you are doing so with the knowledge and permission of a parent or guardian.

If we discover that a child under 13 (or, where applicable, under the local age-of-consent threshold) has provided personal information without parental consent, we will delete that data and close the account as quickly as possible. Parents or guardians who believe their child has submitted information to us should email support@captaingreek.com so we can investigate and remove it.

We do not knowingly market to children, nor do we “sell” or “share” personal information of anyone under 16 for targeted advertising purposes. Our Mediterranean food items, jewelry, and multivendor services are aimed at a general audience and normally purchased by adults. Minors aged 13–17 should use the site only with parental supervision, particularly when making purchases or sharing personal details.

California Privacy Rights (CCPA/CPRA)

If you are a resident of California, you have special rights with respect to your personal information under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). In the past 12 months, we have collected and shared personal information about consumers as described in this Privacy Policy. This section details additional disclosures and rights available to California residents:

Categories of Personal Information Collected: California law requires us to disclose the categories of personal information that we collect and have collected in the preceding 12 months. These include: identifiers (like name, email, address, IP address); customer records (payment information, order history); characteristics of protected classifications under California or federal law (we do not actively collect sensitive characteristics, except possibly age or gender if you provide it); commercial information (purchase history and tendencies); internet or other electronic network activity information (browsing history, interactions with our site); geolocation data (approximate location from IP); and inferences drawn from the above (preferences or profiles). See Information We Collect and Use of Cookies sections above for details on what we collect and why.

Categories of Personal Information Disclosed for Business Purposes: We may disclose your information to third parties for our business purposes, as described under How We Share Your Information. In the past 12 months, we have disclosed the following categories of personal information for business purposes: identifiers (to service providers like payment and shipping companies); customer records and commercial info (to vendors fulfilling orders and to payment processors); internet activity data (to analytics and security providers); and potentially geolocation and inferences (to advertising partners for analytics/advertising). We do not disclose sensitive personal information (like social security numbers or financial account passwords – we do not collect those). All such disclosures are for the purposes outlined earlier (order fulfillment, payments, analytics, etc.) and not for the third party’s own commercial use except to provide those services to us.

Sale or Sharing of Personal Information: Under the CCPA’s broad definitions, a “sale” includes selling, renting, releasing, disclosing, disseminating, making available, or transferring personal information to another business or third party for monetary or other valuable consideration. “Sharing” under CPRA includes disclosing personal information to third parties for cross-context behavioral advertising (targeted advertising) for the benefit of a business. CaptainGreek does not sell your personal information for money. We also do not share your personal information for third-party targeted advertising in the sense of providing data to third parties for their own advertising purposes. However, we do use third-party analytics and advertising cookies (like Google Analytics and the Meta Pixel) which may collect data about your visit to our site and usage of our services. While we don’t provide those partners with your personal details like name or address, some of this online activity data could be considered a “sharing” of personal information for advertising purposes under California law (since it enables tailored ads to you). To the extent our use of advertising or analytics cookies is deemed a “sale” or “sharing” of personal information, you have the right to opt out of that (see below).

Your Rights as a California Resident:

  • Right to Know: You have the right to request that we disclose the following information to you, up to twice per 12-month period: (1) The categories of personal information we have collected about you; (2) The categories of sources from which the personal information was collected; (3) The business or commercial purpose for collecting, selling, or sharing your personal information; (4) The categories of third parties to whom we have disclosed your personal information; (5) The specific pieces of personal information we have collected about you. If we have sold or shared personal information or disclosed it for a business purpose, you may request that we provide (6) the categories of personal information and categories of third parties for each type of disclosure/sale. Note: Some information we have about you may come from your interactions (like cookies) and may not be readily linked to you by name in our systems; in responding to Right to Know requests, we will provide as much detail as we can associate with you after verifying your identity.

  • Right to Delete: You have the right to request that we delete personal information we have collected from you and retained, subject to certain exceptions. Upon receiving a verified request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exemption applies. Please note that we may decline to delete information for reasons permitted by CCPA – for example, if the information is necessary to complete a transaction you requested, to detect security incidents, to exercise free speech or another legal right, to comply with a legal obligation, or for certain internal uses that are compatible with the context in which you provided it. We will inform you if any such exception applies when responding to your deletion request. (If you have an account with us, you may also delete certain information by deleting your account as described above.)

  • Right to Correct: (Effective January 1, 2023) You have the right to request correction of inaccurate personal information that we maintain about you. If you identify information that is incorrect, please let us know and, once verified, we will correct it (taking into account the nature of the information and purpose of processing).

  • Right to Opt-Out of Sale or Sharing: You have the right to opt out of the sale of your personal information or the sharing of your personal information for cross-context behavioral advertising. As noted, we do not sell personal data for money, but if you wish to opt out of the possible “sharing” of data via third-party analytics/advertising cookies, you can do so by rejecting those cookies (using our cookie consent tool or browser settings) or by contacting us to request an opt-out. We have provided a “Do Not Sell or Share My Personal Information” link on our website footer for California residents, which allows you to record your preference that your personal data not be sold or shared. Activating that preference will disable third-party advertising cookies on our site for your browser. You can also broadcast an opt-out preference signal (such as the Global Privacy Control, GPC) and we will honor it as a valid opt-out of sale/sharing request to the extent required by law.

  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. This means we will not deny you goods or services, charge you different prices or rates, or provide a different level of quality of service just because you exercised your rights under the CCPA. However, please be aware that if you ask us to delete your information or opt out of certain uses, it may impact our ability to personalize your experience or provide certain services (for example, if you delete your account, you won’t be able to make purchases, or if you opt out of certain cookies, some site features might not work as intended). Any such impact is a result of your request, not a punitive measure from us.

Submitting CCPA Requests: To exercise your Right to Know, Right to Delete, Right to Correct, or Right to Opt-Out, you (or your authorized agent) can contact us as described in Contact Us below. For Right to Know, Delete, or Correct requests, we will need to verify your identity to a “reasonable degree of certainty” or “reasonably high degree of certainty” depending on the sensitivity of the information requested. This may involve verifying information associated with your account, such as confirming control of your email address or asking for details of a recent transaction. If you have an authorized agent making the request on your behalf, we will require proof of the agent’s authority (e.g., a signed permission from you or a power of attorney). We aim to respond to verified requests within 45 days, and will inform you if we need more time (up to an additional 45 days).

For opt-out of sale/sharing, if you use the website link or browser signal, the opt-out is automated and we honor it as described. If you have any trouble or have questions about these rights, you can email us for assistance.

For additional information, you may consult the California Attorney General’s CCPA page for consumers.

Use of Social Login (Google, Microsoft, Apple)

CaptainGreek offers convenient social login options to streamline account creation and sign-in. If you choose to register or log in using a third-party account (such as Sign in with Google, Sign in with Microsoft, or Sign in with Apple), please be aware of the following:

  • Information Received: When you use a social login option, the third-party provider (e.g., Google, Microsoft, or Apple) will authenticate your identity and may ask if you consent to share certain information with us. If you grant permission, the provider will send us basic account information such as your name and email address associated with that account. We use this information to create or log you into your CaptainGreek account. For example, “when you sign in with Google, we receive your name and email address, which we use to manage your account”. We do not receive your password or any other confidential information from your third-party account – the authentication process is handled by the provider (e.g., Google) and they simply confirm to us that you are who you say you are. We also retain the provider-specific user ID (for example, Google’s sub value or Apple’s user identifier) so you can sign in again without re-authorizing.

  • How We Use Social Login Data: The name and email obtained from your social login are used to populate your CaptainGreek profile (you can later change your display name in your account settings if you wish). We treat this information like any other account registration data under this Privacy Policy. The primary advantage is you don’t have to remember another password for CaptainGreek; instead, you use your existing trusted account to log in.

  • What is not shared: We do not gain access to your contacts, friends list, or any other data from your social account beyond the basic profile info mentioned, unless explicitly stated and authorized by you. For instance, logging in with Apple allows you to hide your email; if you choose that option, Apple will provide a relay email and we will not see your real Apple ID email. We respect such choices.

  • Third-Party Privacy: Your use of social login is also subject to the privacy policy and terms of the provider. We recommend you review Google’s, Microsoft’s, or Apple’s privacy policy (as applicable) to understand how they handle your authentication data. CaptainGreek does not control the data collection or tracking practices of these providers. However, typically when you use an OAuth login, the third party may record that you used your account to sign into CaptainGreek (for security and account activity logs).

  • Security: Social logins can add security (for example, if your Google account has two-factor authentication, that security carries over to your CaptainGreek login). However, be sure to keep your third-party account secure since it can be used to access your CaptainGreek account. If you lose access to your social account or suspect it’s compromised, please change your social account password and update your login method with us if needed. You can revoke CaptainGreek’s access at any time in your Google, Microsoft, or Apple account settings; doing so will disable social sign-in until you reconnect or set a password.

Using social login is optional – you can always create a traditional account with an email and password if you prefer. If you did sign up via a social login and later wish to disconnect it, you may contact us for assistance in converting to a standalone login (this might involve setting a password for your account). Likewise, if you have issues logging in via a social account, we’re here to help.

Newsletter and Marketing Emails

If you subscribe to our newsletter or opt-in to receive promotional communications, we will use your email address to send you periodic updates, offers, and news about CaptainGreek. All promotional messages we send comply with the U.S. CAN-SPAM Act and any relevant state email-marketing laws.

Subscription and Consent — You may choose to join our mailing list by providing your email (e.g., by checking a box during account signup or entering your email in a newsletter form). We send marketing emails only to users who have an existing customer relationship with us or who have affirmatively opted in. (Certain lists may use a double-opt-in confirmation link; if so, you will not be added until you confirm.) By subscribing, you consent to receive promotional emails such as newsletters, special promotions, product announcements, or other updates we think may interest you.

Content of Emails — Our marketing emails aim to provide value—for example, exclusive discount codes, information on new Mediterranean products, or community stories. Vendors might occasionally receive seller-focused newsletters about new marketplace features or promotions. We strive to keep messages reasonable in number and high in quality.

Opt-Out Mechanism — You may opt out of marketing emails at any time. Every promotional message includes an unsubscribe link; clicking and confirming will remove you from future distributions. You can also adjust email preferences in your account settings or contact us directly. We process opt-out requests within 10 business days. Even after you opt out, we will continue to send transactional or relationship emails (order confirmations, security alerts, policy updates).

Third-Party Email ServiceWe never sell or rent your email address. We may use a provider to manage and send newsletters; that provider may access your address solely to send our emails and must safeguard it in line with strong privacy and security commitments.

Frequency — Where available, you may choose how often you receive newsletters (e.g., weekly vs. monthly digest). If no preference is set, we limit mailings to a reasonable cadence—typically a few times per month or when there is significant news.

Interaction Tracking — Our emails may contain tiny tracking pixels that tell us whether a message was opened or a link clicked. We use this aggregate data to improve our content; we do not create individual behavioral profiles beyond tailoring future email topics. If you prefer not to be tracked, you can select text-only emails, disable images, or unsubscribe altogether.

We hope you enjoy our communications, and opting out is always easy and honored. If you believe you have received a marketing email after unsubscribing, please let us know and we will investigate promptly.

Third-Party Services and Integrations

CaptainGreek relies on several third-party services and integrations to power our marketplace. These services help with payments, analytics, advertising, social features, shipping, and more. We want to be transparent about these partnerships and how your data may be involved:

  • Payment Processing (Stripe): As noted, we use Stripe to process all credit/debit card payments. When you enter your payment information at checkout, it is transmitted directly to Stripe via secure APIs – we do not see or store your full card number or CVV on our servers. Stripe uses your payment data (card number, expiration, billing ZIP code, etc.) to authorize and process the transaction. Stripe also may set cookies or collect device information from the checkout page for fraud prevention purposes (e.g., the __stripe_mid and __stripe_sid cookies mentioned earlier help Stripe distinguish legitimate users from fraudsters by analyzing browsing behavior and device signals). Stripe operates independently as a data processor: it collects identifying information about the devices that connect to its services and uses that info to improve security and prevent fraud. We have a Data Processing Agreement in place with Stripe to ensure they protect user data. For more details, you can read Stripe’s own privacy policy at https://stripe.com/privacy. By using CaptainGreek (and making a purchase or receiving a payout as a vendor), you are agreeing to Stripe’s processing of your data as needed for payments. If you have questions about Stripe’s handling of personal information, we encourage you to review their policy or contact us. Importantly, Stripe’s integration means CaptainGreek never stores your sensitive payment details, which adds an extra layer of security for our users.

  • Shipping Carriers (UPS and others): We integrate with shipping services like UPS (United Parcel Service) and potentially USPS/FedEx to facilitate order deliveries. When you or a vendor generate a shipping label or calculate shipping costs through our site, these carriers may receive certain data such as the origin and destination postal codes, package weight, and dimensions. If a shipping label is purchased, the carrier will receive the full shipping address for pickup and delivery. We share only the information necessary for the carrier to perform their service (e.g., name and address for the label, email if the carrier will send tracking updates). These carriers are considered service providers under our Privacy Policy – they use the data solely for shipping and delivery. They may have their own legal obligations to retain records of shipments. We do not control the privacy practices of UPS or other carriers, but generally they do not use your info for other purposes beyond fulfilling shipments. If you have questions about how a carrier handles data, please refer to their privacy notices.

  • Analytics (Google Analytics): We use Google Analytics (GA) to collect insight about how users find and use our website. Google Analytics uses cookies (_ga, _gid, etc.) to collect information such as your IP address, device type, browser, the pages you visit on our site, and the time spent. This helps us compile reports and improve the site. The information collected is generally aggregated and not personally identifiable; GA focuses on trends (like total number of visitors, demographic breakdowns, popular pages) rather than individual user behavior. However, Google may use the data for its own purposes as described in its privacy policy. We have enabled IP anonymization in Google Analytics where possible (truncating IP addresses for EU users when applicable), though since we operate in the US, that may not be applicable for all traffic. You can opt out of Google Analytics by using a browser add-on provided by Google or by adjusting cookie settings. Google Analytics data may be stored by Google on servers in the United States or other countries. We have a data processing agreement with Google as required by law. For more information, read Google’s privacy policy and how it uses data when you use partners’ sites (search for “Google Analytics data privacy”). By using our site with cookies enabled, you consent to the processing of your data by Google as described. If you opt out, no GA cookies will be set and your site usage won’t be tracked by GA.

  • Advertising and Tracking (Google Ads and Meta/Facebook): We utilize certain marketing and advertising tools to reach users who have shown interest in our platform. Specifically, we may use Google Ads (including Google Ads conversion tracking and remarketing) and the Meta Pixel (Facebook Pixel):

    • Google Ads: After making a purchase or performing key actions on our site, a Google Ads cookie (IDE or others) may be triggered to help us track conversions (so we know, for example, which advertisement led you to a sale) and to allow us to show you ads on Google or its partner sites in the future (this is called remarketing). If we run Google Ads campaigns, Google may place a cookie to identify your browser and show relevant CaptainGreek ads as you browse other sites. These cookies might collect information like your IP, which ad you clicked, timestamps, and some site interaction data. All information is used in accordance with Google’s policies for advertisers. You can opt out of Google’s personalized advertising by visiting Google’s Ad Settings, or opt out of third-party cookies (including many ad cookies) through the Network Advertising Initiative opt-out page or similar tools.

    • Meta Pixel (Facebook/Instagram): We have installed the Meta Pixel on our site. This is a small snippet of code that allows us to understand the actions people take on our site after clicking an ad on Facebook or Instagram, and it helps us retarget ads to those people or find audiences with similar interests. The Pixel may trigger cookies (_fbp and others) that send Meta information such as your Facebook User ID (if you’re logged into Facebook while browsing), the URL you visited on our site, and what action was taken (e.g. “Added to Cart” or “Purchase Completed”). Meta uses this data to provide aggregated analytics to us and to enable us to advertise more effectively on their platforms. For example, we can measure ad conversions or build a “Custom Audience” of visitors for future campaigns. We do not receive personal data from Facebook directly; rather, we get anonymized or aggregated reports (e.g., how many people viewed a page or purchased). Nonetheless, because Facebook may combine this data with your user profile on their side, the Pixel is considered “sharing” data. You can control whether Facebook uses your data for targeted ads in your Facebook privacy settings (Ad Preferences). Also, using a tracker blocker or adjusting cookie settings can prevent the Pixel from loading.

Please note that while these advertising partners collect data via cookies or pixels on our site, we do not provide them with your name, contact info, or any order details directly. They track pseudonymous data tied to your browser or device. However, if you have accounts with these providers, they may link the site visit info with your account for their purposes. You can opt out of these tracking technologies as described in our Cookies section and through browser/device settings (for example, enable Limit Ad Tracking on iOS, or use the WebChoices tool for opting out of interest-based advertising).

  • Social Media and Widgets: Our site may include features that allow you to share content on social media or that integrate with social networks (for example, a “Share on Facebook” or “Pin it” button, or an Instagram feed display). If you use these features, the relevant third-party (such as Facebook, Twitter, Pinterest, etc.) may collect your information through cookies or APIs. For instance, clicking “Share” might prompt you to log into your social account and that service could record that you shared an item from CaptainGreek. These interactions are governed by the privacy policy of the respective platform. We do not receive the details of your login credentials from these interactions, but we may see some aggregate engagement metrics (e.g., how many times something was shared).

  • Marketplace Extensions — CaptainGreek runs on Magento 2.4.7 with several in-house and third-party extensions that enable vendor shops, returns, affiliate tracking, and similar features. These extensions execute entirely within our own servers; no customer or vendor personal data is transmitted to the extension developers. All data handled by these tools remains subject to the safeguards described in this Privacy Policy.

  • Other Third-Party Links or Services: Our site may occasionally link to external sites or services (for example, a vendor’s own terms & conditions page, or an article on our blog that links to a third-party site). If you click those links, you will be directed to sites that are not under our control. This Privacy Policy does not apply to those external sites. We recommend you review the privacy policies of any third-party websites or services you visit. CaptainGreek is not responsible for the content or privacy practices of sites outside our domain.

We endeavor to integrate only trusted third-party services and to minimize data sharing to only what is necessary. We also strive to keep our integrations updated to patch any security or privacy issues. If you have questions about any specific integration or third-party service on our site, feel free to reach out for more information. In summary, third-party services are used to support our operations (payments, analytics, etc.), and we share data with them under controlled conditions for the described purposes. We do not authorize them to use your data for other purposes, and where feasible we include contractual clauses to protect your information.

Business Transfers

As our business grows and evolves, we may engage in transactions such as mergers, acquisitions, asset sales, reorganizations, or other ownership changes. In the event of such a transaction, personal information may be among the assets that are transferred to or acquired by a third party. For example:

  • If CaptainGreek (or substantially all of its assets) were to be acquired by another company, or if we merge with another entity, customer and vendor information would likely be one of the assets transferred to the new owner. This is common in business transactions – your information would typically continue to be used for the same purposes, by the successor entity, in continuity of service.

  • If we are involved in a bankruptcy, receivership, or a similar proceeding, your information may be transferred as part of that process to creditors or to a new entity (e.g., if the business is sold or reorganized).

In any such transfer of information, your personal data would remain subject to the promises and commitments we have made in this Privacy Policy, unless you agree otherwise. We will make reasonable efforts to ensure that any successor entity honors the terms of this Privacy Policy with respect to your personal information. If a significant change in ownership occurs and the new entity plans to handle your data in a materially different way, we will provide notice and, if required, obtain your consent before the data is used under a new privacy policy.

You will have the opportunity to opt out of any such transfer if required by applicable law. In practice, if an acquisition is completed, the new owner generally steps into our shoes and will continue to use your data for the same purposes described here. We will notify users via email and/or a prominent notice on our website if their personal information becomes subject to a different privacy policy or if their data is going to be transferred and become subject to another entity’s control (where that is materially different from today’s scenario).

Our business is not currently in the process of any such transaction, but we include this section for transparency and as a commitment to you that your privacy remains a priority, even if our company’s structure changes.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will post the updated policy on this page and update the “Effective Date” at the top. If the changes are significant, we will provide a more prominent notice (such as by email notification to registered users or a banner on our site) to inform you of the update.

Your continued use of CaptainGreek.com after any changes to this Privacy Policy constitutes acceptance of those changes, so please review this policy periodically for updates. We will not, without your consent, use or share your personal information in a materially new way that is not described in this Privacy Policy. If we propose to do so (for example, if a new third-party integration would involve using your data in a novel way), we will give you a chance to consent or opt-out as required by law.

For any questions about the changes or if you need a prior version of this Privacy Policy, you can contact us (see below).

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal information, please do not hesitate to contact us. We are here to help and will respond as promptly as we can.

Contact Information:

  • Email: You can reach our privacy team at support@captaingreek.com. Please include “Privacy Inquiry” in the subject line so we can route your request appropriately.

  • Support Center: You may also contact us through our online Support Center or Contact Us form on our websitecaptaingreek.com, which can guide you to submit specific requests or report issues. If you are a registered user, you might find a contact option when logged into your account as well.

We will address your inquiry in accordance with applicable privacy laws. For security and to protect your confidentiality, we may need to verify your identity before disclosing or discussing personal data details. If you are contacting us to exercise a privacy right (such as accessing or deleting your data), please state clearly what you are requesting to help us fulfill it effectively.

Thank you for trusting CaptainGreek.com. We value your privacy and are committed to safeguarding your personal information while providing a vibrant marketplace for Mediterranean food and culture
Back to Top