Skip to main content

Privacy policy

Last Updated November 5, 2025

This Privacy Policy describes how the Good Food Institute, Inc. (“GFI”, “we” or “us”)  collects, uses, and handles your personal data (“Personal Data”), and what choices you have when you use our website. By using this website you agree to the collection and use of information in accordance with this Privacy Policy.

GFI is the controller of your Personal Data unless otherwise stated. Our address is:

2503 D. N Harrison St. #19
Arlington, VA  22207
United States

  1. Information We Collect

We collect several different types of information for various purposes to respond to your inquiries. When submitting your inquiry via this website, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personal Data may include without limitation:

  • Email address
  • First name and last name
  • Phone number
  • Company

Any other Personal Data that you voluntarily provide to us

  1. Use of Data

GFI may use Personal Data for the following purposes: 

  • Communication: To respond to your inquiries and submissions, to send related emails and communications. 
  • Compliance. To comply with applicable laws and regulations or a court or other legal order.
  • Other. For other lawful purposes with your consent.

‍Our lawful basis to collect and use your Personal Data will depend on the type of information and the context in which we process it. We may process your information to enter into or perform a contract with you, for the purposes of our legitimate interests (unless your rights and freedoms override those interests), with your consent, or to comply with our legal obligations (e.g. to comply with applicable laws and regulations or a court or other legal order).‍

  1. Retention of Data

We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. We will either delete or anonymize Personal Data once it is no longer needed or after expiration of the applicable retention periods.

  1. Sharing With Others

Your information, including Personal Data, may be shared with our trusted parties, including: 

Our global affiliates, agents, and representatives in the course of our operations. Our affiliates may only process your data for the purposes specified in our data sharing agreements with them, and are required to implement technical and administrative measures to appropriately safeguard your data. We rely on legitimate interest as the lawful basis to share your data for operational purposes.

Third-party companies, service providers or individuals that we employ to process information on our behalf based on our instructions and only for the purposes specified. These data processors are contractually bound to keep your data secure. We rely on legitimate interest as the lawful basis for sharing information with these third parties.

Related entities. If we were to engage in a merger, acquisition, bankruptcy, dissolution or other proceeding that involves the transfer of the information, we will notify you before we share your data with a party involved in such a process. We rely on legitimate interest as the lawful basis to share your data in reorganization.

Law enforcement and government agencies. We are legally obligated to share your information in some circumstances, such as (1) to respond to a subpoena, court order or legal process; (2) to detect, prevent, or otherwise address fraud, security or technical issues; (3) to exercise or protect our rights, property or personal safety or that of others. We rely on legitimate interest and legal obligations as the lawful bases for such sharing.

Except for the purposes outlined herein, we will not trade, share or sell your personal information to anyone else.

  1. Transfer of Data 

Your Personal Data may be transferred to – and maintained on – computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to the United States and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

GFI will take steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and personal information.‍

  1. How We Protect Your Information

We care about the security and integrity of your information. We implement and maintain industry standard physical, technical, and administrative safeguards, including performing regular self-assessments to prevent unauthorized disclosure of, or access to, personal data. We limit access to personal data and require that employees and agents authorized to access personal data maintain the confidentiality of that data. We hold our service providers to at least the same data privacy and security standards to which we hold ourselves.

However, no security system is impenetrable, and we cannot guarantee the security of our systems 100%. If, despite our efforts, we learn of a security breach involving your personal information, we will take reasonable steps to investigate the situation and notify you as required by law so appropriate protective steps can be taken.

  1. Your Data Protection Rights 

If you are a resident of the European Union (EU) and European Economic Area (EEA), you have certain data protection rights. We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data. If you wish to be informed what Personal Data we hold about you and if you want it to be removed from our systems, please email us at dataprivacy@gfi.org.

In certain circumstances, you have the following data protection rights to:

  • access, update or to delete the information we have on you;
  • have your information rectified if that information is inaccurate or incomplete;
  • object to our processing of your Personal Data;
  • request that we restrict the processing of your personal information;
  • be provided with a copy of your Personal Data in a structured, machine-readable and commonly used format;
  • withdraw your consent at any time where we rely on your consent to process your personal information.

Please note that we may ask you to verify your identity before responding to such requests.

If you have a concern about our privacy practices, including the way we handle your personal data, you can report it to the data protection authority in your jurisdiction.

  1. Children’s Personal Data

We do not knowingly collect or store any personal data of persons under the age of 16 and we do not offer any of our services directly to children under the age 16. 

  1. Changes to This Privacy Policy

We’ll update this Privacy Policy from time to time. When we make changes, we’ll update the date at the top of the Privacy Policy. Modifications will not apply retroactively. We encourage you to check back periodically to review this Privacy Policy for any changes since your last visit. 

  1. Contact Us

If you have any questions about this Privacy Policy, please contact us by email at dataprivacy@gfi.org.