Privacy Policy

This Privacy Policy describes how Cafe Rio ("we," "us," "our," or the "Company") collects, uses, discloses, retains, and protects information about you when you visit our website at caferiofood.click, use our online ordering platform, interact with our digital services, or otherwise engage with us (collectively, the "Services"). We are committed to protecting your personal information and being transparent about how we handle it.

By accessing or using our Services, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy. If you do not agree with any part of this Policy, please discontinue your use of our Services immediately.

We operate in the United States and comply with applicable federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and the Federal Trade Commission (FTC) Act governing unfair or deceptive practices in commerce.

1. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us using the details below:

We aim to respond to all privacy-related inquiries within 30 business days of receipt. For urgent matters involving data breaches or sensitive requests, please mark your email subject line as "URGENT – Privacy Request."

2. Scope of This Privacy Policy

This Privacy Policy applies to:

• Visitors and users of our website at caferiofood.click;
• Customers who place orders through our online platform;
• Individuals who register for an account with us;
• Users who subscribe to our email newsletters, promotions, or loyalty programs;
• Anyone who contacts us through our website, email, or phone;
• Individuals who interact with us through social media platforms linked to our Services.

This Policy does not apply to third-party websites, applications, or services that may be linked from our website. We encourage you to review the privacy policies of any third-party platforms you visit.

3. Information We Collect

We collect various categories of personal information depending on how you interact with our Services. Below is a detailed breakdown of the types of data we may collect:

3.1 Personal Identification Information

When you create an account, place an order, or contact us, we may collect:

• Full name;
• Email address;
• Phone number;
• Billing and shipping address;
• Date of birth (for age verification and promotional purposes);
• Username and password (in encrypted form);
• Profile photo (if optionally provided).

3.2 Payment and Financial Information

When you make a purchase through our platform, we collect payment-related information. Please note that full credit or debit card numbers are processed by our third-party payment processors and are not stored on our servers. However, we may retain:

• Last four digits of your card number;
• Card type (Visa, Mastercard, etc.);
• Billing address associated with the payment method;
• Transaction ID and order history;
• Gift card or coupon code usage.

3.3 Order and Transaction Data

We collect details about your food orders and transactions, including:

• Items ordered, customizations, and preferences;
• Order date, time, and location (restaurant or delivery address);
• Order history and frequency;
• Special dietary preferences or restrictions you provide;
• Delivery instructions and notes.

3.4 Usage and Behavioral Data

When you use our website or app, we automatically collect certain technical and behavioral data, including:

• Pages visited and time spent on each page;
• Links clicked and features used;
• Search queries entered on our platform;
• Referring URL (the website that directed you to ours);
• Browsing patterns and interaction history;
• Cart abandonment and purchase funnel behavior.

3.5 Device and Technical Information

We collect information about the device and network you use to access our Services:

• IP address;
• Browser type and version;
• Operating system and device type (desktop, tablet, mobile);
• Device identifiers (e.g., mobile advertising ID);
• Time zone and language settings;
• Network provider and connection type.

3.6 Location Data

With your permission, we may collect precise or approximate location data to help you find nearby restaurant locations, process delivery orders, and offer location-based promotions. You can disable location access through your device settings at any time.

3.7 Communications Data

If you contact our customer support team, submit a review, or communicate with us through any channel, we may collect and retain records of:

• Email correspondence;
• Customer support tickets;
• Survey responses and feedback;
• Social media messages and comments directed at us.

3.8 Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about your use of our website. For more details, please see Section 9 (Cookie Usage) of this Policy.

3.9 Information From Third Parties

We may receive information about you from third-party sources, including:

• Social media platforms (e.g., if you log in using Facebook or Google);
• Delivery partners and third-party ordering platforms;
• Analytics and advertising providers;
• Publicly available databases or records.

4. How We Use Your Information

We use the personal information we collect for a variety of business and operational purposes. We process your data only when we have a lawful basis to do so, including your consent, the performance of a contract, compliance with legal obligations, or our legitimate business interests.

4.1 Providing and Managing Our Services

• Processing and fulfilling your food orders;
• Managing your account and profile;
• Facilitating payment transactions and issuing receipts;
• Coordinating delivery or in-store pickup;
• Providing customer support and resolving complaints.

4.2 Personalization and User Experience

• Remembering your preferences and order history;
• Recommending menu items based on past purchases;
• Personalizing promotional offers and discounts;
• Customizing the content displayed to you on our website.

4.3 Marketing and Promotional Communications

• Sending you newsletters, special offers, and promotional emails with your consent;
• Notifying you about new menu items, seasonal specials, and events;
• Running loyalty and rewards programs;
• Delivering targeted advertising on our website and third-party platforms.

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any promotional email or by contacting us at [email protected].

4.4 Analytics and Service Improvement

• Analyzing usage patterns to improve website functionality and user experience;
• Monitoring website performance and identifying technical issues;
• Conducting internal research and surveys;
• Developing new features, products, and services;
• Understanding customer demographics and preferences.

4.5 Legal and Compliance Purposes

• Complying with applicable federal and state laws and regulations;
• Responding to lawful requests from government agencies and law enforcement;
• Enforcing our Terms of Service and other agreements;
• Preventing fraud, abuse, and unauthorized access;
• Protecting the rights, property, and safety of our customers, employees, and the public.

4.6 Business Operations

• Carrying out internal audits and accounting;
• Managing business transactions such as mergers, acquisitions, or asset sales;
• Communicating with investors, partners, and stakeholders (in aggregate, non-identified form).

5. Sharing Your Information With Third Parties

We do not sell your personal information to third parties for monetary compensation. However, we may share your information with trusted third parties under the following circumstances:

5.1 Service Providers and Vendors

We engage third-party companies and individuals to perform functions on our behalf. These service providers have access to your personal information only as needed to perform their functions and are contractually obligated to maintain confidentiality. They include:

• Payment processors (e.g., Stripe, Square) to handle transactions securely;
• Delivery partners to fulfill food delivery orders;
• Cloud hosting and IT infrastructure providers;
• Email marketing platforms to send newsletters and promotional campaigns;
• Analytics providers (e.g., Google Analytics) to analyze website performance;
• Customer support tools to manage inquiries and tickets;
• Loyalty program platforms to administer rewards.

5.2 Legal Requirements and Law Enforcement

We may disclose your information when required to do so by law or in response to valid legal processes, including:

• Court orders, subpoenas, or warrants;
• Requests from federal, state, or local law enforcement agencies;
• Regulatory investigations or audits;
• To protect against fraud, cybersecurity threats, or illegal activity;
• To defend ourselves in legal proceedings.

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or part of our assets, your personal information may be transferred to the acquiring or successor entity. We will provide notice of such a transfer and any material changes to this Privacy Policy.

5.4 Advertising and Marketing Partners

We may share certain usage data (such as device identifiers or browsing behavior) with advertising partners to display targeted advertisements on our platform or on third-party websites. This may constitute "sharing" of personal information under the CCPA/CPRA, and California residents have the right to opt out. See Section 10 for more details.

5.5 With Your Consent

We may share your information with other third parties when you have given us your explicit consent to do so, such as when you participate in co-branded promotions or partner programs.

6. Data Security

We take the security of your personal information seriously and implement a range of technical, administrative, and physical safeguards designed to protect your data from unauthorized access, use, alteration, or disclosure.

6.1 Security Measures We Employ

• SSL/TLS Encryption: All data transmitted between your browser and our servers is encrypted using industry-standard Secure Socket Layer (SSL) / Transport Layer Security (TLS) protocols;
• Password Hashing: User passwords are stored using strong, one-way cryptographic hashing algorithms (not in plain text);
• Access Controls: We limit access to personal information to employees and contractors who have a legitimate need to know and are bound by confidentiality obligations;
• Firewalls and Intrusion Detection: Our network infrastructure is protected by firewalls and continuously monitored for unauthorized access or anomalous activity;
• Regular Security Audits: We conduct periodic security assessments and vulnerability testing of our systems;
• Data Minimization: We collect only the information necessary for the purposes described in this Policy;
• Secure Payment Processing: Payment card data is handled by PCI-DSS compliant payment processors, and we do not store full card numbers on our servers.

6.2 Data Breach Response

In the unfortunate event of a data breach that affects your personal information, we will notify affected individuals and relevant regulatory authorities as required by applicable law, including applicable state breach notification laws. We will take immediate steps to contain the breach, assess its scope, and implement corrective measures.

7. Your Privacy Rights

Depending on your state of residence, you may have certain rights with respect to your personal information. We respect and honor these rights as described below.

7.1 Rights Available to All Users

• Right to Access: You may request a copy of the personal information we hold about you.
• Right to Correction: You may request that we correct inaccurate or incomplete information.
• Right to Deletion: You may request that we delete your personal information, subject to certain legal exceptions.
• Right to Opt Out of Marketing: You may opt out of receiving promotional communications from us at any time.

7.2 California Residents – CCPA/CPRA Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), effective January 1, 2023:

• Right to Know: The right to know what personal information we collect, use, disclose, and sell/share about you, and the business purposes for doing so;
• Right to Delete: The right to request deletion of your personal information, subject to certain exceptions;
• Right to Correct: The right to request correction of inaccurate personal information;
• Right to Opt Out of Sale/Sharing: The right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising;
• Right to Limit Use of Sensitive Personal Information: The right to limit our use of sensitive personal information (e.g., precise geolocation, financial data) to necessary purposes;
• Right to Data Portability: The right to receive a copy of your personal information in a portable, readily usable format;
• Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising any of your CCPA/CPRA rights. We will not deny you services, charge you different prices, or provide a different quality of service because you exercised your privacy rights.

7.3 How to Submit a Privacy Rights Request

To exercise any of your rights, please submit a verifiable consumer request to us by:

• Email: [email protected] with the subject line "Privacy Rights Request";
• Website: Through the contact form available at caferiofood.click.

We will acknowledge your request within 10 business days and respond fully within 45 days. In some cases, we may need up to an additional 45 days to respond, in which case we will notify you of the extension. We may need to verify your identity before processing your request to protect against fraudulent submissions.

7.4 Authorized Agents

California residents may designate an authorized agent to submit requests on their behalf. To do so, the agent must provide written proof of authorization, and we may require direct verification from you to confirm the agent's authority.

8. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required by law or necessary to resolve disputes, enforce agreements, or comply with legal obligations.

When personal information is no longer needed, we will securely delete or anonymize it in accordance with our data retention and disposal procedures.

9. Cookie Usage

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and serve relevant content and advertisements.

9.1 Types of Cookies We Use

• Strictly Necessary Cookies: Essential for the operation of our website, including session management, authentication, and shopping cart functionality. These cannot be disabled.
• Functional Cookies: Allow us to remember your preferences (such as language, location, and past orders) to provide a personalized experience.
• Analytics Cookies: Help us understand how visitors interact with our website by collecting information about page views, time spent, and navigation paths (e.g., Google Analytics).
• Marketing and Advertising Cookies: Used to deliver relevant advertisements and track the effectiveness of our marketing campaigns across our site and third-party platforms.

9.2 Managing Your Cookie Preferences

You can control and manage cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling certain cookies may impact the functionality of our website. For a comprehensive explanation of our cookie practices, please refer to our Cookie Policy, available on our website.

California residents may also opt out of cookies used for cross-context behavioral advertising by following the "Do Not Sell or Share My Personal Information" instructions on our website.

10. California "Do Not Sell or Share My Personal Information"

Under the CCPA/CPRA, California residents have the right to opt out of the "sale" or "sharing" of their personal information. While we do not sell personal information for monetary value, certain sharing of identifiers and usage data with advertising partners for targeted advertising purposes may constitute "sharing" under California law.

To exercise your right to opt out, please contact us at [email protected] with the subject line "Do Not Sell or Share My Personal Information." You may also enable the Global Privacy Control (GPC) signal in your browser, which we will honor as a valid opt-out request from California residents.

11. Children's Privacy

We are committed to complying with the Children's Online Privacy Protection Act (COPPA) and do not knowingly solicit or collect personal information from individuals under 18 years of age. If you are under 18, please do not use our Services or provide any personal information to us.

If we become aware that we have inadvertently collected personal information from a child under the age of 18 without verifiable parental consent, we will take immediate steps to delete that information from our records. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at [email protected].

12. International Data Transfers

Cafe Rio is headquartered and operates in the United States. If you access our Services from outside the United States, please be aware that your personal information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your home country.

By using our Services, you consent to the transfer of your personal information to the United States. We take appropriate safeguards to ensure that such transfers are conducted in compliance with applicable privacy laws, including through the use of data processing agreements with our service providers that incorporate standard contractual protections.

If you are located in the European Economic Area (EEA), United Kingdom, or other jurisdictions with specific data transfer requirements, please note that we process your data based on your consent or our legitimate business interests, and we implement appropriate transfer mechanisms as required by applicable law.

13. Third-Party Links and Integrations

Our website may contain links to third-party websites, applications, or services, including social media platforms (such as Facebook, Instagram, and Twitter/X), delivery aggregators, and payment platforms. These third parties operate under their own privacy policies, which we do not control and are not responsible for.

We encourage you to review the privacy policies of any third-party platform before providing personal information or engaging with their services. Our Privacy Policy applies only to data collected through our own website and Services at caferiofood.click.

14. Federal Trade Commission (FTC) Compliance

As a business operating in the United States, we are subject to the jurisdiction of the Federal Trade Commission (FTC) and comply with the FTC Act, which prohibits unfair or deceptive acts and practices in commerce. Our data collection and privacy practices are designed to be transparent, honest, and consistent with the representations we make in this Privacy Policy.

We do not engage in deceptive data collection practices, misrepresent the nature or purpose of our data use, or collect data in ways that are materially inconsistent with what is described in this Policy. If you believe our data practices are unfair or deceptive, you have the right to file a complaint with the FTC.

15. How to File Complaints With Regulatory Authorities

If you are not satisfied with how we handle your personal information or your privacy rights request, you have the right to file a complaint with the appropriate regulatory authority:

15.1 California Residents

California residents may file a complaint with the California Privacy Protection Agency (CPPA):

• Website: cppa.ca.gov
• Address: California Privacy Protection Agency, 2101 Arena Blvd, Sacramento, CA 95834

You may also contact the California Attorney General's Office at oag.ca.gov for consumer privacy enforcement matters.

15.2 All United States Residents

Residents of all US states may file a complaint with the Federal Trade Commission (FTC):

• Website: reportfraud.ftc.gov
• Phone: 1-877-FTC-HELP (1-877-382-4357)

15.3 Before Filing a Complaint

We encourage you to contact us first at [email protected] to give us the opportunity to address your concerns directly. We are committed to resolving privacy-related disputes promptly and fairly.

16. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our business practices, legal requirements, or the introduction of new features and Services. When we make material changes, we will:

• Post the updated Policy on our website with a revised "Last Updated" date at the top;
• Send an email notification to registered users whose data is affected by significant changes;
• Display a prominent notice on our website for a reasonable period following the change.

Your continued use of our Services following the posting of an updated Privacy Policy constitutes your acceptance of the revised terms. If you do not agree with the changes, you must discontinue using our Services and may request deletion of your account and personal information.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information.

17. Glossary of Key Terms

This Privacy Policy was last reviewed and updated on May 28, 2026. Cafe Rio reserves all rights with respect to this document.