Skip to main content

Privacy Policy

How we handle your information

Effective May 5, 2026

This Privacy Policy explains how Golden Naga, Inc., doing business as Laughing Monk Cafe (“Laughing Monk,” “we,” “us,” or “our”), collects, uses, and shares information when you visit our website at laughingmonkcafe.com, sign up for our newsletter or text updates, contact us, or otherwise interact with our online services (collectively, the “Services”). Golden Naga, Inc. is the controller of personal information collected through this website.

This policy does not cover services that operate under their own privacy notices, including online ordering at order.laughingmonkcafe.com (operated by AppFront), reservations on Tock, ticketing through Eventbrite, or the in-restaurant point-of-sale. When you use those services we link to their privacy policies; please review them directly.

Quick summary

  • We collect only what we need to run the website, take reservations, send updates you asked for, and reply to you.
  • We do not sell or rent your personal information, and we do not share it for cross-context behavioral advertising.
  • We share information only with vendors who help us operate (e.g., email, SMS, hosting, database) and only as needed to provide a service.
  • We do not run third-party advertising trackers, analytics, or session-replay tools on this website.
  • You can opt out of marketing email or SMS at any time, update your account, or ask us to delete your data — see Your Choices and Rights.

1. Information we collect

a. Information you give us directly

  • Account & profile: name, email, phone number, birthday (optional), bio (optional), avatar image, dietary preferences, social profile links you choose to add.
  • Newsletter signups: email address and the page or campaign you signed up from.
  • SMS signups: mobile phone number, the keyword/page used to opt in, and your opt-in timestamp.
  • Contact form & support requests: name, email, phone (optional), location of interest, your message.
  • Event bookings: name, email, phone, party size, date, time, dietary requests, special-occasion notes you provide, and any deposit information needed to confirm the booking.
  • Phone verification: phone number for one-time passcodes used to confirm your identity.

b. Information we collect automatically

  • Device & log data: IP address, browser type, operating system, referring URL, pages viewed, and rough timing — captured by our hosting provider (Vercel) for security and reliability.
  • Cookies: a single first-party session cookie keeps you signed in. We do not use third-party advertising cookies, cross-site tracking, fingerprinting, or session-replay tools on this website. See Cookies and similar technologies.
  • Approximate location: we do not request precise GPS through your browser. When you view a map embedded from Google Maps, Google may receive your IP address; please review Google’s policies for details.

c. Information from third parties

  • Loyalty & ordering: if you connect a Laughing Monk account to AppFront for online ordering or loyalty, we may receive a loyalty identifier and order summary so we can show your account status. Order details, payment information, and full transaction records remain with AppFront.
  • Reservations: if you book through Tock, the booking details are managed by Tock; we receive only what is needed to host you (name, party size, time, special requests).

2. How we use information

  • To create and operate your account and let you sign in securely.
  • To confirm, manage, and send reminders about your reservations and events.
  • To respond to messages, support requests, and feedback you send us.
  • To send transactional emails and texts (booking confirmations, changes, cancellations, password and phone-verification codes).
  • To send marketing emails, SMS, or other communications only if you have opted in, and only until you opt out.
  • To keep the website secure, prevent fraud or abuse, and comply with legal obligations.
  • To improve the website by understanding which pages and features are used (counts only — we do not profile individuals on this website).

3. How we share information

We do not sell or rent your personal information. We share information only as described below, and only as needed to provide the service you asked for.

  • AppFront — online ordering, payment, and loyalty at order.laughingmonkcafe.com.
  • Tock — table reservations at participating locations.
  • Eventbrite — ticketing for select events.
  • Resend — delivery of transactional and (where you opt in) marketing email.
  • Twilio — delivery of SMS messages and phone-verification codes.
  • Supabase — managed database, authentication, and file storage for the website.
  • Vercel — website hosting, edge delivery, and security logging.
  • Google — embedded maps on location pages and a server-side “open now” lookup using the Places API. We do not load Google Analytics, Tag Manager, or advertising tags on this site.
  • Payment processors — when paid event bookings are activated, payments will be handled by a PCI-compliant processor (such as Stripe or Authorize.net). Card data passes directly to the processor and is not stored on our servers.
  • Professional advisors — accountants, lawyers, or insurers, as reasonably needed.
  • Legal & safety — when required by law, subpoena, court order, or to protect the rights, property, or safety of our guests, staff, or business.
  • Business transfers — if we are involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will notify you and post an update here.

We require these vendors to handle your information only on our behalf and consistent with this policy.

4. We do not sell or “share” your personal information

Laughing Monk Cafe does not sell personal information for money, and we do not “share” personal information for cross-context behavioral advertising as those terms are defined under California and similar U.S. state privacy laws. We have not done so in the preceding 12 months and have no plans to.

5. Cookies and similar technologies

We use a single first-party session cookie (set by Supabase) to keep you signed in to your Laughing Monk account. The cookie is removed when you sign out or when it expires.

We do not use third-party advertising cookies, cross-site tracking pixels, fingerprinting, or session-replay tools on this website. Most browsers let you block or delete cookies through their settings — blocking the session cookie will simply sign you out of your account.

Linked services (AppFront, Tock, Eventbrite, Google Maps) may set their own cookies when you use them. Please review their policies for details.

6. Marketing emails and SMS

We send marketing email and SMS only to people who have opted in. Every marketing email includes a one-click unsubscribe link, and you can also reply to any message to ask us to remove you.

For SMS programs, message and data rates may apply. Reply STOP to opt out at any time and HELP for assistance. Frequency varies. We do not share mobile opt-in data with third parties for their own marketing.

7. Data retention

  • Account data — kept while your account is active. If you delete your account, we remove or anonymize personal identifiers, and retain a minimal record of completed bookings/payments where required by law (typically up to 7 years for tax and accounting purposes).
  • Newsletter subscribers — kept until you unsubscribe; unsubscribed records retain only the email and an unsubscribe flag so we don’t accidentally re-mail you.
  • Contact form messages — kept up to 24 months for service quality and dispute resolution, then deleted.
  • SMS verification codes — short-lived; the codes themselves expire within minutes and are not retained.
  • Server logs — typically 30–90 days, longer if needed to investigate a security incident.

8. How we protect information

We use technical and organizational safeguards intended to protect personal information, including HTTPS in transit, encrypted storage at rest with our database vendor, role-based access controls, credential rotation, and audit logging on administrative actions. No system is perfectly secure, and we cannot guarantee absolute security; if we discover a breach involving your personal information we will notify you and the appropriate authorities as required by law.

9. Children’s privacy

Our website is intended for adults. We do not knowingly collect personal information from children under 13, and we do not knowingly sell or share the personal information of anyone under 16. If you believe a child under 13 has provided us with personal information, please contact us at privacy@laughingmonkcafe.com and we will delete it.

10. Your choices and rights

You can:

  • Update profile details any time at your profile.
  • Opt out of marketing email by clicking the unsubscribe link in any campaign, or by contacting us.
  • Opt out of SMS by replying STOP to any message.
  • Delete your account from your profile page; we will remove personal identifiers as described in Data retention.
  • Request a copy of the personal information we hold about you.
  • Ask us to correct information that is inaccurate.
  • Ask us to restrict or stop certain processing.

To exercise any of these rights, email privacy@laughingmonkcafe.com from the email address tied to your account, or contact us at the postal address below. We will verify your identity before acting and respond within the time required by applicable law.

11. California privacy rights

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the CPRA, gives you the rights described in this section. We have collected the following categories of personal information in the past 12 months:

  • Identifiers (name, email, phone, IP address, account identifiers).
  • Customer-records information (name, phone, email, billing address — when payment is collected).
  • Commercial information (booking and order history, deposit records).
  • Internet activity (pages viewed, referring URLs, basic device data).
  • Geolocation (approximate, derived from IP — no precise GPS).
  • Inferences drawn from the above (e.g., favorite location, dietary preferences) — only to personalize your experience.

We collect this information from you directly, automatically when you use the site, and (for loyalty/ordering) from AppFront. We use it for the business purposes described in How we use information and share it only with the vendors listed in How we share information. We have not sold or shared personal information for cross-context behavioral advertising in the past 12 months.

California residents have the right to:

  • Know what personal information we collect, use, disclose, and (if applicable) sell or share.
  • Receive a copy of the personal information we hold about you.
  • Delete personal information, subject to legal exceptions.
  • Correct inaccurate information.
  • Limit the use of sensitive personal information (we do not use sensitive personal information for purposes that would trigger this right).
  • Opt out of sale or sharing — not applicable, because we do not sell or share.
  • Be free from retaliation for exercising any of these rights.

To exercise these rights, email privacy@laughingmonkcafe.com. You may also designate an authorized agent in writing to make a request on your behalf; we will require verification before acting.

12. Other U.S. state privacy rights

Residents of states with comprehensive privacy laws (including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and Montana) generally have similar rights to access, correct, delete, and obtain a copy of their personal information, and to opt out of targeted advertising or the sale of personal information. We do not engage in targeted advertising or sale, but you can still exercise your access, correction, and deletion rights using the contact information below.

13. Audience and transfers

Our Services are offered to guests in the United States, primarily in the Greater Boston area and other regions where we operate restaurants. We do not target the European Union, the United Kingdom, or other regions outside the U.S. If you access the site from outside the U.S., you understand that your information will be processed in the U.S. under U.S. law.

14. Third-party links and services

Our site links to services operated by third parties — including AppFront, Tock, Eventbrite, Google Maps, and our social media pages. We are not responsible for the privacy practices of those services. Please review their privacy notices before using them.

15. Changes to this policy

We may update this policy as our Services or applicable law change. When we make material changes we will revise the “Effective” date at the top and post the updated policy here. For significant changes we will also notify subscribers by email. Your continued use of the Services after a change becomes effective means you accept the updated policy.

16. Contact us

Golden Naga, Inc. d/b/a Laughing Monk Cafe
737 Huntington Avenue, Boston, MA 02115
Email: privacy@laughingmonkcafe.com

This policy is provided for general information and does not create a contract or warranty. It does not constitute legal advice; if you have questions about your rights, please consult an attorney.