Back to home
Privacy Policy

Privacy Policy.

This policy describes how DJR Foods (operator of djrfoods.com) collects, uses, and protects information from wholesale buyers and visitors to our site.

Last updated May 21, 2026

1. Overview

DJR Foods (“DJR,” “we,” “us”) operates the wholesale ordering portal at djrfoods.com. We supply authentic Asian groceries by the case and pallet to grocery stores, cash-and-carry buyers, and independent retailers. This Privacy Policy explains what data we collect, how we use it, and the choices you have.

By using djrfoods.com, registering a wholesale account, or contacting us, you agree to the practices described here. If you don't agree, please don't use the site.

2. Information we collect

We collect three categories of information:

Information you provide

  • Account & contact details — name, business name, email address, phone number, and shipping/billing address when you register a wholesale account or submit a quote request.
  • Order & quote data — items, quantities, pricing, notes, and delivery preferences for each cart, quote request, or completed order.
  • Communications — the contents of messages you send through our contact form, support emails, or sales calls.
  • Verification info — any documentation you submit to verify you are a legitimate wholesale buyer (e.g. resale certificates, business licenses) when applicable.

Information collected automatically

  • Usage data — pages viewed, products browsed, clicked buttons/links, search terms, referring URL, UTM campaign parameters, and similar event data.
  • Device data — browser type and version, operating system, screen/viewport size, and approximate location derived from hosting/IP headers. We use a one-way IP hash for analytics integrity rather than displaying raw IP addresses in the analytics dashboard.
  • Cookies & storage — small files stored in your browser to keep you signed in, remember preferences, and measure site usage. See Cookie Policy.

Information from third parties

  • Email delivery — bounce, open, and click events from our transactional email provider.
  • Hosting & infrastructure — server logs from our hosting platform (Vercel) and database provider used to keep the site operational.
  • Lead enrichment — for outbound sales prospecting only, we may receive publicly-available business information (company name, public contact info, website) from grounded AI search tools we use to find potential wholesale buyers.

3. How we use information

We use the information we collect to:

  • Operate the site, your wholesale account, your cart, and your orders.
  • Show pricing personalized to your account once you are approved.
  • Generate, send, and follow up on quotes and order confirmations.
  • Communicate with you about your account, deliveries, product availability, and policy changes.
  • Verify that you qualify as a wholesale buyer (we only sell to retailers and resellers).
  • Detect, prevent, and respond to fraud, abuse, or security incidents.
  • Analyze how the site is used so we can improve product, design, and performance.
  • Comply with legal obligations and enforce our Terms of Service.

4. When we share information

DJR Foods does not sell your personal information. We share information only with the following categories of recipients, and only as needed:

  • Service providers — vendors that host our site (Vercel), store our database, deliver email, process payments, and provide analytics. They may only use your data to perform services for us.
  • Freight & logistics partners — carriers and 3PL operators who fulfill and deliver your orders.
  • Legal & safety — law enforcement, regulators, or other parties when required by law, subpoena, or to protect rights, safety, or property.
  • Business transfers — if we sell, merge, or transfer all or part of our business, your information may be transferred to the new owner under terms consistent with this policy.

5. Third-party platform integrations

DJR Foods operates an internal admin portal that allows our authorized staff to connect third-party business accounts they own (or have admin access to) in order to schedule social media posts, view advertising performance, and respond to customer messages from a single dashboard. We use only official OAuth flows and platform APIs — we never ask for or store user passwords for any third-party platform. The sections below describe each integration in detail.

Important: all third-party integrations are used by DJR Foods' internal marketing team to manage DJR Foods' own business accounts on those platforms. We do not collect data from end-users of those platforms, do not resell platform data, and do not share platform data with any external party.

Meta (Facebook + Instagram + Meta Ads)

When a DJR Foods admin connects a Facebook Page, Instagram Business Account, or Meta Ads account, we receive (via the Meta Graph API and Marketing API):

  • Page/account identifiers (Page ID, Instagram Business Account ID, Meta Ads account ID)
  • Page/account display name, profile picture, follower count, and category
  • OAuth access tokens (encrypted at rest) and the list of granted scopes
  • Post-level engagement metrics (impressions, reach, likes, comments) for posts that we publish
  • Ad campaign performance (spend, impressions, clicks, conversions) for Meta Ads accounts
  • Inbound page messages and comments, only for pages where the admin enabled the inbox feature

We use this data exclusively to power the scheduling, analytics, and inbox features the admin user explicitly enabled. We do not transfer this data to advertising networks, brokers, or any third party. Use of information received from Meta APIs adheres to Meta's Platform Terms and Developer Policies, including the limited-use requirements.

TikTok (Login Kit + Marketing API)

When an admin connects a TikTok Business account or TikTok Ads (Marketing API) account, we receive:

  • TikTok user ID, display name, profile picture, follower count
  • List of the user's public videos (titles, thumbnails, IDs)
  • Aggregate engagement statistics for the connected account
  • For TikTok Ads: advertiser ID, campaign metadata, and aggregated performance metrics
  • OAuth access tokens (encrypted at rest) and scopes

Data received from TikTok APIs is used only to display analytics in our admin dashboard and to publish content the admin has scheduled. Our use of TikTok data complies with the TikTok Developer Terms of Service.

Google (Google Ads + Google Business Profile + YouTube + Gmail OAuth)

When an admin connects a Google Ads, Google Business Profile, YouTube, or Gmail account via OAuth, we receive:

  • Google account identifier (email address, name, profile picture)
  • For Google Ads: customer ID, campaign data, ad group / ad / keyword performance metrics, recommendations
  • For Google Business Profile: business location IDs, reviews, and posts on locations the user manages
  • For YouTube: channel ID, video list, video performance metrics
  • For Gmail OAuth: send-on-behalf access to the connected mailbox for transactional emails configured by the admin
  • OAuth access + refresh tokens (encrypted at rest) and granted scopes

DJR Foods' use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not transfer Google user data to third parties except as necessary to provide the features the admin enabled, do not use Google user data for serving advertising, and do not allow humans to read Google user data unless the user provided explicit consent or it is required for security or legal reasons.

LinkedIn, X (Twitter), Pinterest, Threads, Bluesky, Mastodon

For each of these platforms, when an admin connects an account via OAuth, we receive: the user's platform-specific account identifier, display name, profile picture, follower count (where available), and OAuth tokens (encrypted at rest). We use this data only to publish content the admin scheduled and to display engagement metrics for those published posts.

Token storage and revocation

All OAuth access tokens and refresh tokens stored by DJR Foods are encrypted at rest using AES-256 with a key managed outside the database. Tokens are only decrypted in-memory at the moment of an API call. Admin users can disconnect any platform at any time via Admin → Social → Connections → Disconnect, which immediately deletes the stored tokens and ends our access. Users can also revoke our access directly from each platform's own security/connected-apps settings page.

Data deletion for connected platforms

To request deletion of any data we hold from a third-party platform integration, see our Data Deletion page. We will delete all stored OAuth tokens, cached metadata, and historical metrics for the requested platform within 30 days of a verified request.

6. Cookies & tracking

We use first-party cookies and similar technologies to keep you signed in, remember preferences (e.g. cart contents), and measure site performance. We do not run third-party advertising trackers. You can disable cookies in your browser, but parts of the site (sign-in, cart) may not work without them. See our Cookie Policy for the full list.

7. Data security

We use commercially reasonable safeguards to protect your information, including encrypted connections (HTTPS/TLS) for all traffic, hashed passwords, scoped database access, and audit logging on admin actions. No method of transmission or storage is perfectly secure — if you believe your account has been compromised, contact us at sales@djrfoods.com immediately.

8. Data retention

We retain account and order data for as long as your wholesale account is active, plus a reasonable period after closure to comply with tax, accounting, and legal obligations. Quote requests and contact-form messages are retained for the lifetime of the related sales relationship. Aggregated, de-identified analytics may be retained indefinitely.

9. Your rights & choices

Depending on where you live (e.g. California, EU/UK), you may have rights to:

  • Request a copy of the personal information we hold about you.
  • Correct or update inaccurate information.
  • Request deletion of your information, subject to legal exceptions.
  • Opt out of certain uses or marketing communications.
  • Lodge a complaint with a supervisory authority.

To exercise any of these rights, email us at sales@djrfoods.com. We will respond within the timeframes required by applicable law.

10. Children's privacy

djrfoods.com is a B2B wholesale platform and is not intended for children under 16. We do not knowingly collect personal information from children. If we learn we have, we will delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page reflects the most recent revision. Material changes will be highlighted on the site or emailed to active wholesale account holders.

12. Contact us

Questions about this Privacy Policy or how we handle your data?