Cinnabon Privacy Policy

Last Updated:  January 1, 2025

Cinnabon Franchisor SPV LLC, Cinnabon LLC, and their affiliates (collectively, “Cinnabon,” “we,” “our,” “us”) value your privacy. In this Privacy Policy, we describe how we collect, use, and process the personal information we obtain about people who use our websites or mobile apps, browse or purchase our products, apply to become franchisees, or who otherwise interact with us online or offline (collectively, our “Services”). This Privacy Policy does not apply to any websites or mobile apps that are created, run, or controlled by Cinnabon’s independently owned or operated by independent franchisees or any other third party.

By using our Services or otherwise providing personal information to us, you are agreeing to this Privacy Policy and our Terms and Conditions.

In this Privacy Policy, “personal information” (a/k/a “personal data”) means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked with a particular person or household. Generally, we collect the following categories of personal information, which we use for the business or commercial purposes shown.  The personal information we collect about you may vary depending on the nature of your relationship and interactions with us.

In addition to the purposes described above, we may use and disclose any category of personal information we collect to comply with law, cooperate with and respond to law enforcement requests, or as otherwise required by applicable law, court order, or governmental regulations; to maintain appropriate records for internal administrative purposes; to protect our rights and interests and those of our franchisees, to resolve any disputes, to enforce this Policy or any of our other policies, to protect the rights or property of another, or to prevent harm; and to evaluate or conduct a merger, sale, or other acquisition of some or all of our organization or its assets.

We, and the vendors we work with, may collect information about your use of our Services using automated tools such as cookies, pixels, and software development kits. These tools enable us to compile statistics about the use of our Services, analyze trends, enhance the security of our Services, deliver content and advertisements, and otherwise administer and improve our Services. The information collected through tracking technologies may include your browser type, language preference, operating system, device identifier, device type, access time, Internet Protocol (IP) address, the URLs of websites you visited before and after visiting our websites, the web search that landed you on our websites, the length of your visits to our websites, and the links you click and pages you visit within our websites. You can set your browser not to accept cookies, to remove cookies, or to notify you when you are sent a cookie, giving you the opportunity to decide whether or not to accept it. However, please note that if you disable the use of cookies on your computer, some functionality of our websites will not work.

Analytics. We may use certain third-party web analytics services to help us understand and analyze how visitors use our Services and to serve advertisements on our behalf across the Internet. We have implemented Google Analytics Advertising features such as dynamic remarketing, interest-based advertising, audience targeting, behavioral reporting, demographics and interests reporting, user segment analysis, device reporting, display advertising, and video ads reporting. We may use cookies and other identifiers to deliver advertisements, measure your interests, personalize content, and detect your demographics, location, or device. For more information on how Google Analytics uses data, visit www.google.com/policies/privacy/partners/. To opt out of Google Analytics and advertising cookies, visit myadcenter.google.com and tools.google.com/dlpage/gaoptout/.

Session Monitoring. We use session-replay services, such as Hotjar, to help us understand and analyze how visitors use our Services, and to improve the Services. When you interact with us online, information related to your browsing behavior (including your device IP address, device screen size, device type (unique device identifiers), browser information, country, and preferred language) may be collected by us or our service providers. For more information regarding Hotjar's collection and use of information, please visit Hotjar's privacy policy here.

Online Advertising. We and the third parties we contract with may use tracking technologies to gather interest-based information to customize the ads you see. This information may include data collected while you are on our website and data from other sources. One of the tools we use for this purpose is Google Ads, which is an advertising service provided by Google. Google uses cookies and other identifiers, in combination with its own data, to show you ads based on your usage of our websites. You can personalize the ads you receive or opt out of ads from Google by visiting the Google Ads Settings page. Additional options for opting out of interest-based advertising can be found here and here.

Do Not Track Signals. Your web browser may have settings that allow you to transmit a “Do Not Track” signal when you visit various websites or use online services. Like many websites, our websites are not designed to respond to “Do Not Track” signals received from browsers.

We retain personal information for as long as necessary or permitted for the purposes described in this Policy or otherwise authorized by law. This generally means holding the information for as long as one of the following apply: 

Where personal information is used for more than one purpose, we will retain it until the purpose with the latest period expires.

We may disclose your personal information within our company, to our affiliates, to our business partners and franchisees, and to our vendors.

Disclosures for Business or Commercial Purposes. The following chart describes how we disclose personal information to our affiliated brands and companies, franchisees, and service providers for business or commercial purposes.

Other Disclosures of Personal Information. We may disclose your personal information to comply with applicable law, such as in response to requests from law enforcement agencies, regulators, other public authorities, courts, and third-party litigants in connection with legal proceedings or investigations.

Opting Out of Targeted Advertising, Sales, and Sharing of Personal Information. In accordance with applicable state privacy laws, we provide the right to opt out of targeted advertising, sales, and sharing of personal information. If you would like to opt out of targeted advertising, sales, and sharing taking place through tracking technologies such as cookies, please go to the Your Privacy Choices link in the cookie banner or the footer of the website where you want to opt out. Consumers in some states, such as California, Colorado, Connecticut, Montana and Texas, may also use the Global Privacy Control signal to opt out. If you choose to use a browser-based opt-out signal, , you will be opted out of online, cookie-based sales and sharing of personal information associated with the browser for which you have enabled the signal. If you use multiple browsers or devices, you will need to activate the signal for each one that you use. To submit a request to opt out of offline sales and sharing, please use our webform, or call us toll-free at 1-877-845-7444.

Updating Your Information. If you wish to update the personal information you have provided to us, you may do so by logging into your account or by contacting us through our Contact Us form. Please note that outdated copies of information that you have updated may remain viewable in cached and archived pages for a period of time, and we may maintain records in our systems of this information as well.

Marketing Emails. You may opt out of marketing email communications by following the opt-out instructions contained in our emails or by submitting your request here. If you opt out of marketing email communications, we may still send you administrative emails about your account or any product you have requested or received from us.

Text Messages. You have the choice to opt-in to receiving text messages and alerts on the mobile phone number(s) you disclose to us. Once you opt-in, we may send you text messages (i) regarding your account and your orders; (ii) about our products and promotions (including advertisements, sales, and special offers); (iii) to investigate or prevent fraud; and (iv) to alert you in the event of an issue with any of your purchases. You do not have to opt-in to text messages and alerts to use and enjoy our Services. If you opt-in, standard text messaging charges may apply. You may choose to opt-out of our text messages and alerts at any time by sending us a text message from your mobile phone with the word STOP, STOP ALL, END, QUIT, CANCEL or UNSUBSCRIBE, and we will unsubscribe you from text communications. 

Mobile App. If you no longer wish to provide us with information through one of our mobile apps, you may delete or deactivate your account through the app or our websites. Choosing Delete Account will result in deletion of all content, earned Points and Rewards, and other content associated with your Rewards account. Choosing Deactivate Account will place a temporary hold on your account so that you may not access any information or content from the account including earned Points or Rewards which are not voided but are subject to expiration. If you initiated the Deactivation, you may reactivate your account at any time by contacting Guest Relations. Please note that even if you choose to delete your account, we may be required to retain certain information to comply with applicable laws, rules, and regulations.

PRIVACY RIGHTS FOR RESIDENTS OF COVERED U.S. STATES

You may have additional privacy rights under the law of the state in which you live. This section describes the rights of consumers in California, Colorado, Connecticut, Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Oregon, Texas, Utah and Virginia, as well as California vendors, franchisees, prospective franchisees and other business contacts (collectively, “Covered States”). We maintain separate notices for California employees and job applicants.

How to Submit a Privacy Rights Request. If you are a resident of a Covered State, you can submit a request relating to your personal information using the online request form found here or by calling us toll-free at 1-877-845-7444. Please note that we may need to authenticate your identity before your request can be processed. For authentication, you will be asked to log into your account or to provide 2-3 pieces of personal information that we will match against our records. In some states and for some types of requests, you may designate an authorized agent to make a request on your behalf; however, you will still need to verify your identity directly with us before your request can be processed. An authorized agent may submit a request on your behalf using the webform or toll-free number listed above. We will not discriminate against you if you choose to exercise any of your privacy rights under the Covered State privacy laws.

California Privacy Rights

If you are a California resident who interacts with us as a consumer, franchisee, prospective franchisee, vendor, or business contact, you have the right to submit requests relating to your personal information in accordance with the California Consumer Privacy Act (“CCPA”) and other California privacy laws.

Right to Know. You have the right to know:

Deletion. You have the right to request that we delete personal information that we collected from you, subject to certain exceptions. Where we use deidentification to satisfy a deletion request, we commit to maintaining and using the information in deidentified form and will not attempt to reidentify the information.

Correction. If you believe that personal information we maintain about you is inaccurate, you may submit a request for us to correct that information. Upon receipt of a verifiable request to correct inaccurate personal information, we will use commercially reasonable efforts to correct the information as you direct.

Right to Opt Out of Sales and Sharing of Personal Information. You have the right to opt out of the sale of your personal information, and to request that we do not share your personal information for cross-context behavioral advertising. For more information on how to use this right, please see the information provided under Your Choices, above.

Right to Limit Use and Disclosure of Sensitive Personal Information. You may direct us to limit the use and disclosure of your sensitive personal information to uses/disclosures that are reasonably necessary to provide our goods and services, or as needed: to ensure security and integrity; to prevent fraud or illegal activity; for physical safety; for short-term, transient use, including for non-personalized advertising; to perform services on behalf of the business; and to verify or maintain the quality or safety of a service or device owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance such services or devices.

California’s Shine the Light Law. California consumers may ask us to provide them with (i) a list of certain categories of personal information that we have disclosed to third parties for their direct marketing purposes during the immediately preceding calendar year, and (ii) the identity of those third parties. California consumers may make one such request per calendar year. To make this request, you may contact us at Privacy@Cinnabon.com or send a letter to 5620 Glenridge Drive NE, Atlanta, GA 30342. In your request, please state that you are a California consumer making a request under California’s Shine the Light Law and provide a current California mailing address for our response. Please allow up to thirty (30) days for a response. We reserve our right not to respond to such requests submitted to addresses other than those specified in this paragraph. Please note that rights under the CCPA and California’s Shine the Light law must be exercised separately.

Privacy Rights for Consumers in Covered States Other Than California

If you are a consumer who lives in Colorado, Connecticut, Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Oregon, Texas, Utah or Virginia, you may submit certain requests relating to your personal information as described below. 

Access and Data Portability. You have the right to confirm whether we are processing your personal information, to access your personal information, and to obtain a copy of your personal information in a portable format. Delaware and Oregon consumers may also request a list of third parties to which we disclosed personal information.

Deletion. You have the right to request that we delete your personal information, subject to exceptions. Where we use deidentification to satisfy a deletion request, we commit to maintaining and using the information in deidentified form and will not attempt to reidentify the information.

Correction. You have the right to request that we correct inaccuracies in your personal information, taking into account the nature of the personal information and our purposes for processing it.

Right to Opt Out. You have the right to opt out of the following uses of your personal information: (a) targeted advertising; (b) the sale of personal information; and (c) profiling in furtherance of decisions that produce legal or similarly significant effects concerning your economic situation, health, personal preferences, interests, reliability, behavior, location, or movements. We do not sell personal information for money and do not profile individuals in furtherance of decisions that produce legal or similarly significant effects under applicable state privacy laws. For information on how to opt out of targeted advertising and/or non-monetary “sales” of personal information, please see the information provided under Your Choices, above.

Right to Appeal. Sometimes we are unable to process requests relating to your personal information, in which case, your request will be denied. If your privacy rights request has previously been denied by us and you believe we denied it in error, you may appeal for reconsideration of your request.

Please note that if you make a privacy rights request, we will retain a record of your request for recordkeeping purposes.

Additional Information for Nevada Residents

Nevada law provides residents the right to opt out of the “sale” of “covered information” to third parties, including but not limited to name, address, social security number, telephone number, email address, and other information through which a person may be contacted. Our uses of your personal information are not sales under Nevada law. If you have any questions or if you would like to receive notice by email in the event we should engage in “sales” of personal information under Nevada law in the future, please contact us using the contact information provided below.

California Notice of Financial Incentive

Our Financial Incentive Offers. From time to time, we offer coupons, specials, or other discounts to consumers who have opted-in to the receipt of promotional communications from us by providing us with certain personal information, such as an email address or a phone number. Occasionally, we also offer consumers the opportunity to enter contests and sweepstakes. Consumers who share certain personal information with us by entering have a chance to win the contest or sweepstakes. Each contest or sweepstakes is governed by its own terms, and the specific financial incentive offered will be detailed in such terms.

Consumers may also join our free rewards program. You will be enrolled in our rewards program only after you provide prior opt-in consent. Participation in our rewards program gives consumers the opportunity to accrue points with qualifying purchases that can be redeemed for rewards.

Material Terms of Our Financial Incentive Offers. The nature and value of our financial incentives may differ depending on the benefit provided and what information we collect. Most financial incentives that we offer will involve one or more of the following categories of personal information: identifiers, personal records, commercial information (such as purchase records), and inferences. Our rewards program collects the following categories of personal information: identifiers (such as name and email address), personal  records (such as telephone number), characteristics or protected classifications under California or federal law (such as gender), commercial information (such as purchase records), professional or employment-related information, and inferences. Our rewards program is subject to our Terms and Conditions.

Financial Incentive Offer Opt-In Consent and Right to Withdraw. Participation in our financial incentives, including our rewards program, requires your prior opt-in consent. If the financial incentive relates to marketing emails, you may opt out at any time by following the opt-out instructions contained in any marketing email we send to you. Similarly, you may withdraw from our rewards program by deleting or deactivating your account through the app or our websites. Please see our Terms and Conditions for instructions. If you delete your profile, you will lose any points, rewards, and offers that have accrued.

Our Good Faith Valuation of California Consumers’ Personal Information. Our offers and financial incentives may be individualized to each consumer, or a group of consumers, based on one or more factors. Our reasonable determination of the estimated value of personal information collected through our offers and rewards programs takes into consideration, without limitation, estimates regarding the anticipated revenue generated from such information, the anticipated expenses which might be incurred in the collection, storage, and use of such information in the operation of our business, and other relevant factors related to the estimated value of such information to our business, as permitted under the CCPA. Thus, the value of a consumer’s personal information will depend on the specific offer or financial incentive. With respect to our rewards program, we treat the value of consumer data collected through the program as the equivalent of relevant expenses related to the collection and retention of consumers’ personal information as part of the program.

Loyalty Program Disclosures for Colorado Residents

The purpose of this section is to notify Colorado consumers about how we use personal information in connection with our loyalty program. You have the right to delete your personal information associated with your rewards account; however, if you delete your personal information, we will be unable to link your rewards to your account, and therefore you will be unable to receive benefits from the program.

The chart below identifies the categories of personal information that we collect, sell, or process for targeted advertising, and the third parties who receive these categories of personal information in connection with our rewards program. 

For more information about how we process your personal information, please click here.

We are based in the United States. If you are using our Services outside the United States, please be aware that personal information we obtain about you may be transferred to and processed in the United States or other jurisdictions outside your own. Your personal information may be accessible by public authorities where it is processed. By using our Services and providing your personal information, you acknowledge that your personal information may be transferred to and processed in jurisdictions other than your own. Please be aware that the data protection laws and regulations that may apply to your personal information transferred to the United States or other countries may be different from the laws in your country of residence.

Additional Information for People in the EEA and UK

We provide the following supplemental information for residents of the European Economic Area (“EEA”) and the United Kingdom (“UK”).

Cinnabon is the data controller for customer personal information collected through our Services. Cinnabon is the data controller with respect to the data of franchisees, prospective franchisees, and franchisee applicants it collects or otherwise processes. You may be required to provide certain personal information, such as your contact information and payment details, in order to use our Services.

Legal Bases for Our Personal Information Processing. Your personal information is processed under the following legal bases:

Your Privacy Rights. You may ask us to take the following actions with respect to your personal information:

You may submit these requests by emailing us at the address provided under Contact Us, below. We may require specific information from you to help us verify your identity prior to processing your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to any legal restrictions on disclosing this information.

Submitting a Complaint. If you would like to submit a complaint about our use of your personal information or our response to your request regarding your personal information, you may contact us at the address provided under Contact Us, below or submit a complaint directly to the data protection authority in your jurisdiction. If you reside in the EEA, you can find information about your data protection authority here. If you reside in the UK, you may file complaints with the Information Commissioner’s Office here.

Transfers of Your Personal Information. When you directly provide your personal information through our Services, you acknowledge that your personal information is being provided by you to a company based in the United States. The laws that apply to personal information protection in the United States differ from those applicable in the EEA and the UK. If it is necessary for us to transfer personal information out of the EEA and the UK, we do so by using suitable data transfer safeguards, such as the standard contractual clauses approved by the European Commission, which impose data protection obligations on parties to the transfer. You may obtain additional information about our data transfer mechanisms by contacting us at the address provided under Contact Us, below.

Canadian Privacy Rights

Canadian residents have the following rights with respect to their personal information:

You may submit these requests by email to us at the address provided under Contact Us, below. We may require specific information from you to help us verify your identity prior to processing your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to any legal or regulatory restrictions on disclosing this information. Please note, if you withdraw your consent, we may not be able to provide you with a particular product or service. We will explain any impact to you to help you with your decision.

Our Services are not intended for children, and we do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will delete it in accordance with applicable law.

If you request more information from us about our franchise opportunities, we may ask that you complete our franchise application, which requests personal information from you, including:

We may disclose the information provided in our franchise application to our affiliated brands and vendors as needed to process your franchise application, including to run background checks and to determine creditworthiness.

If you provide personal information related to other people, such as your spouse, investment partners, or personal references, as part of the franchise application process, you guarantee that you do so with the knowledge and permission of those people. We may use any information you provide to contact those people and disclose it, as necessary, to our affiliated brands and vendors in relation to the franchise application process.

At no cost to you, we maintain appropriate safeguards designed to protect personal information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. Nevertheless, no data security measures can guarantee 100% security. We encourage you to safeguard your passwords, ID numbers, and other information you use to access our Services.

Our Services include links to websites operated by our service providers that are designed to provide specific features or content (for example, sites supporting online orders or gift card purchases), and may also include links to third-party websites. When you click a link on our site that includes the    symbol, you are leaving our site and navigating to a site operated by another company. Third-party websites have their own privacy policies that you should review to understand how they may collect, use, or disclose your personal information. We are not responsible for the content or privacy practices of any linked websites that are not under our control. Our gift cards are sold online by CashStar, a Blackhawk Network business (“CashStar”). For CashStar’s Privacy Policy, please click here. If you would like to adjust your cookie settings on the gift card sales website, please use the controls provided by CashStar on that site. To submit a privacy rights request to CashStar, please click here.

Certain features of our Services may permit you to interact with social media networks operated by unaffiliated parties, for example, if you “like” or “follow” us on those platforms (“Social Features”). If you choose to “like” or share content or post information using Social Features, that information may be publicly displayed, and the party operating the social media platform may receive information about you and your use of our Services. Similarly, if you interact with us through Social Features, we may have access to information about you from the social media platform. In addition, we may track when you like us, follow us, or share our content through Facebook, Twitter, or other social media platforms.

Please note that if you mention us, or comment about or in response to us, in your post on a social media platform, that platform may allow us to publish your post on our Services or public social media pages or otherwise use your post about us. You should review the terms, policies, and settings of these platforms to learn more about their data practices and adjust your settings accordingly.

We may update or modify this Privacy Policy from time to time at our discretion. We will indicate changes to this Privacy Policy by updating the “Last Updated” date at the beginning of the Privacy Policy. Please review this Privacy Policy periodically and especially before you provide any personal information to us. Your continued use of our Services after any update will constitute your acceptance of our changes.

If you have questions about this Privacy Policy or our privacy practices, please contact us at Privacy@Cinnabon.com or by mail at 5620 Glenridge Drive NE, Atlanta, GA 30342.