Privacy Policy

Effective Date: March 21, 2026 | Last Updated: March 21, 2026

This Privacy Policy describes how Cafe Rio ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you visit our website at cafes-rios.digital, use our online ordering services, interact with our digital platforms, or otherwise engage with our business. We are committed to protecting your privacy and handling your personal data in a transparent, responsible, and lawful manner in accordance with applicable United States federal and state privacy laws.

Please read this Privacy Policy carefully. By accessing or using our website and services, you acknowledge that you have read, understood, and agree to the practices described herein. If you do not agree with any part of this policy, please discontinue use of our services immediately.

1. Who We Are

Cafe Rio is a food service business operating in the United States. We provide restaurant services, online food ordering, catering inquiries, and related digital services through our website cafes-rios.digital.

Business Contact Information:

Company Name	Cafe Rio
Website	cafes-rios.digital
Email Address	[email protected]

For any privacy-related questions, concerns, or requests, please contact us using the information provided above or refer to Section 14 of this policy for detailed contact instructions.

2. Scope of This Privacy Policy

This Privacy Policy applies to all personal information collected through the following channels:

Our website at cafes-rios.digital and any associated subdomains
Online ordering platforms and food delivery integrations
Email communications and newsletters
Customer loyalty programs or rewards systems
Catering inquiry forms and reservation requests
Social media interactions and campaigns
In-store digital touchpoints (kiosks, Wi-Fi registration, etc.)
Any other digital service or application we operate

This policy does not apply to third-party websites, applications, or services that may be linked from our website. We encourage you to review the privacy policies of any third-party platforms you visit.

3. Information We Collect

We collect various categories of personal information depending on how you interact with us. Below is a comprehensive overview of the data we may gather:

3.1 Personal Identification Information

When you create an account, place an order, sign up for our newsletter, or contact us, we may collect:

Full name and display name
Email address
Phone number
Mailing or delivery address
Date of birth (for age verification purposes)
Profile photograph (if provided voluntarily)
Username and password (stored in encrypted form)

3.2 Payment and Financial Information

When you make purchases through our platform, we or our authorized payment processors collect:

Credit card or debit card information (processed securely by third-party payment processors)
Billing address
Transaction history and order records
Payment confirmation numbers and receipts

Important: We do not store full credit card numbers on our servers. All payment data is handled by PCI DSS-compliant third-party payment processors.

3.3 Order and Transaction Data

We collect information related to your food orders and interactions with our services, including:

Items ordered and customizations requested
Order frequency and history
Delivery preferences and special instructions
Loyalty points balance and redemption history
Coupon or promotional code usage
Customer feedback, ratings, and reviews

3.4 Usage Data and Behavioral Information

When you visit our website or use our digital services, we automatically collect certain technical and behavioral data, including:

IP address and approximate geographic location
Browser type, version, and language settings
Operating system and device type
Pages visited, time spent on each page, and navigation paths
Referring website URLs
Search queries made within our website
Click-through rates on links and buttons
Session duration and frequency of visits
Error logs and crash reports

3.5 Device Information

We may collect technical information about the devices you use to access our services, such as:

Device identifiers (e.g., mobile advertising IDs)
Hardware model and specifications
Network carrier information
Time zone and locale settings
App version (if applicable)

3.6 Location Data

With your consent, we may collect precise or approximate location data to enable features such as:

Finding the nearest Cafe Rio location
Facilitating accurate food delivery
Providing location-based promotions

You may disable location services at any time through your device settings.

3.7 Communications Data

If you contact us through email, chat, or our contact forms, we retain records of:

The content of your messages and inquiries
Our responses to your communications
Support ticket history
Feedback and survey responses

3.8 Cookies and Tracking Data

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about your interactions with our website. For a comprehensive overview of our cookie practices, please refer to Section 10 of this policy and our dedicated Cookie Policy available on our website.

4. How We Use Your Information

We use the personal information we collect for the following purposes:

4.1 Service Provision and Order Fulfillment

Processing and fulfilling your food orders
Managing your account and providing customer support
Facilitating payment processing and issuing receipts
Coordinating delivery or pickup services
Managing loyalty programs and reward redemption
Responding to your inquiries, complaints, and feedback

4.2 Business Operations and Improvement

Analyzing usage patterns to improve our website and menu offerings
Conducting internal research and data analytics
Monitoring website performance and security
Troubleshooting technical issues and errors
Developing new features, products, and services
Training our staff based on aggregated customer feedback

4.3 Marketing and Communications

Sending promotional emails, newsletters, and special offers (with your consent where required)
Delivering personalized recommendations based on your order history
Running targeted advertising campaigns through digital platforms
Notifying you about new menu items, limited-time offers, and events
Conducting customer satisfaction surveys

You may opt out of marketing communications at any time by clicking the "Unsubscribe" link in any promotional email or by contacting us at [email protected].

4.4 Legal Compliance and Safety

Complying with applicable federal, state, and local laws and regulations
Responding to lawful requests from law enforcement or government authorities
Enforcing our Terms of Service and other agreements
Protecting the rights, safety, and property of Cafe Rio, our customers, and the public
Detecting and preventing fraud, unauthorized access, and other illegal activities

4.5 Legal Basis for Processing (Where Applicable)

Where required by applicable law, we process your personal information based on one or more of the following legal grounds:

Contractual Necessity: Processing required to fulfill your orders and provide our services
Consent: Where you have given explicit consent (e.g., marketing communications, location tracking)
Legitimate Interests: Where processing is necessary for our legitimate business interests and does not override your rights
Legal Obligation: Where processing is required to comply with applicable laws

5. Sharing Your Information with Third Parties

We do not sell your personal information to third parties. However, we may share your information in the following circumstances:

5.1 Service Providers and Vendors

We engage trusted third-party companies and individuals to assist in operating our business. These service providers have access to your personal information only to perform specific tasks on our behalf and are contractually obligated to protect your data. Categories of service providers include:

Payment Processors: For secure transaction processing (e.g., Stripe, Square)
Cloud Hosting Providers: For website and data infrastructure
Email Marketing Platforms: For sending newsletters and promotional campaigns
Analytics Providers: For website traffic analysis (e.g., Google Analytics)
Delivery Partners: For coordinating food delivery services
Customer Support Tools: For managing support tickets and inquiries
Advertising Networks: For displaying targeted advertisements

5.2 Business Transfers

In the event of a merger, acquisition, sale of assets, reorganization, or other business transfer, your personal information may be transferred to the acquiring entity. We will provide notice before your personal information is subject to a different privacy policy.

5.3 Legal Requirements and Law Enforcement

We may disclose your personal information if we believe in good faith that such disclosure is necessary to:

Comply with a legal obligation, court order, or government request
Enforce our Terms of Service or other legal agreements
Protect and defend the rights or property of Cafe Rio
Prevent or investigate potential wrongdoing in connection with our services
Protect the personal safety of users of our services or the public

5.4 With Your Consent

We may share your information with other parties when you have provided explicit consent to do so, such as when you participate in co-branded promotions or partner programs.

5.5 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you with third parties for marketing, research, or business development purposes.

6. Data Security

We take the security of your personal information seriously and implement a range of technical, administrative, and physical safeguards to protect your data from unauthorized access, disclosure, alteration, or destruction.

6.1 Technical Security Measures

SSL/TLS encryption for all data transmitted between your browser and our servers
Encryption of sensitive data at rest using industry-standard algorithms
Secure password hashing using bcrypt or equivalent algorithms
Regular security audits and vulnerability assessments
Firewalls, intrusion detection systems, and malware protection
Two-factor authentication options for user accounts
PCI DSS compliance for all payment-related data handling

6.2 Administrative Security Measures

Access controls limiting employee access to personal data on a need-to-know basis
Regular employee training on data privacy and security best practices
Background checks for employees with access to sensitive data
Data processing agreements with all third-party service providers
Incident response plan for potential data breaches

6.3 Data Breach Notification

In the event of a data breach that poses a significant risk to your rights and freedoms, we will notify affected individuals and relevant authorities as required by applicable law. Notification will be provided without undue delay, and no later than 72 hours of becoming aware of the breach, where required by law.

Please Note: No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security.

7. Your Privacy Rights

Depending on your location and applicable law, you may have the following rights regarding your personal information:

7.1 Rights Under U.S. Federal and State Law

We comply with the Federal Trade Commission (FTC) Act and applicable state privacy laws. Specifically, if you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

Right	Description
Right to Know	You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of collection, the purposes for which it is used, and the categories of third parties with whom it is shared.
Right to Delete	You have the right to request deletion of personal information we have collected from you, subject to certain exceptions permitted by law.
Right to Correct	You have the right to request correction of inaccurate personal information we maintain about you.
Right to Opt-Out of Sale/Sharing	You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising purposes. We do not sell personal information as defined under the CCPA/CPRA.
Right to Limit Use of Sensitive Data	You have the right to limit the use and disclosure of sensitive personal information to purposes necessary to provide the services you requested.
Right to Non-Discrimination	You have the right not to receive discriminatory treatment for exercising your privacy rights. We will not deny you services, charge different prices, or provide a different quality of service based on your exercise of these rights.
Right to Data Portability	You have the right to receive your personal information in a portable, readily usable format.

7.2 General Privacy Rights (All Users)

Regardless of your state of residence, all users of our services may exercise the following rights:

Access: Request a copy of the personal information we hold about you
Correction: Request correction of inaccurate or incomplete data
Deletion: Request erasure of your personal data where it is no longer necessary
Objection: Object to processing of your data for marketing purposes
Withdrawal of Consent: Withdraw consent at any time where processing is based on consent

7.3 How to Exercise Your Rights

To exercise any of your privacy rights, please submit a request to us using one of the following methods:

Email: [email protected] with the subject line "Privacy Rights Request"
Website: Through the contact form available at cafes-rios.digital

We will verify your identity before processing your request and will respond within the timeframe required by applicable law (typically 45 days for CCPA requests, with the possibility of a 45-day extension when reasonably necessary). We may require additional information to verify your identity and fulfill your request.

You may designate an authorized agent to submit requests on your behalf. Authorized agents must provide written permission signed by you, and we may require you to verify your identity directly with us.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. The following general retention periods apply:

Data Category	Retention Period
Account information	Duration of account + 3 years after account closure
Order and transaction records	7 years (for tax and accounting compliance)
Payment information	As required by PCI DSS standards (typically 12 months)
Customer support communications	3 years from last interaction
Marketing preferences and consent records	Until opt-out + 3 years
Website usage and analytics data	26 months from collection
Cookie data	As specified in our Cookie Policy (typically 1–2 years)
Legal claim records	Duration of claim + applicable statute of limitations

When personal information is no longer required, we securely delete, destroy, or anonymize it in accordance with our data retention procedures and applicable legal requirements.

9. Children's Privacy

Age Requirement: Our website and services are intended for users who are 18 years of age or older. We do not knowingly collect personal information from individuals under the age of 18.

Cafe Rio's online services are not directed to, and we do not knowingly collect personal information from, children under the age of 18. Our online ordering, account registration, and marketing services are designed for adults only.

If you are a parent or guardian and believe that your minor child has provided us with personal information without your consent, please contact us immediately at [email protected]. Upon verification, we will take prompt steps to delete such information from our records.

We comply with the Children's Online Privacy Protection Act (COPPA), which prohibits the collection of personal information from children under 13 without verifiable parental consent. However, as our services are restricted to users 18 and older, we apply a higher age standard as a matter of policy.

10. Cookie Policy Summary

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and deliver relevant advertising. This section provides a brief overview of our cookie practices.

10.1 Types of Cookies We Use

Strictly Necessary Cookies: Essential for the website to function properly (e.g., session management, shopping cart)
Performance and Analytics Cookies: Help us understand how visitors interact with our website (e.g., Google Analytics)
Functional Cookies: Enable personalized features such as remembering your preferences and login status
Targeting and Advertising Cookies: Used to deliver relevant advertisements and track campaign effectiveness

10.2 Managing Your Cookie Preferences

You can manage or disable cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. You can also manage your cookie preferences through our cookie consent tool available on our website.

For a detailed description of every cookie we use, including their names, providers, purposes, and retention periods, please refer to our full Cookie Policy available at cafes-rios.digital.

11. International Data Transfers

Cafe Rio operates primarily within the United States, and the personal information we collect is generally stored and processed on servers located within the United States. However, some of our third-party service providers may be located in or may transfer data to countries outside the United States.

If we transfer your personal information internationally, we take appropriate steps to ensure that your data receives an adequate level of protection in accordance with this Privacy Policy and applicable law. These measures may include:

Transferring data only to countries that provide an adequate level of data protection as determined by applicable authorities
Implementing standard contractual clauses approved by relevant data protection authorities
Ensuring our service providers participate in recognized data protection frameworks
Obtaining your explicit consent for certain transfers where required

By using our services and providing us with your personal information, you acknowledge and consent to the processing and transfer of your data as described in this section.

12. Third-Party Links and Services

Our website may contain links to third-party websites, applications, or services that are not operated or controlled by Cafe Rio. This Privacy Policy applies solely to information collected by our own website and services. We are not responsible for the privacy practices of any third-party sites or services.

When you click on a third-party link and leave our website, you do so at your own risk. We strongly encourage you to review the privacy policy of every website you visit. Third-party services we may integrate with include, but are not limited to, food delivery platforms, social media networks, payment processors, and mapping services.

13. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our data practices, applicable laws, or business operations. When we make material changes to this policy, we will:

Update the "Last Updated" date at the top of this page
Post the revised policy on our website at cafes-rios.digital
Send an email notification to registered users (for material changes)
Display a prominent notice on our website homepage (where appropriate)

Your continued use of our website and services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. We encourage you to review this policy periodically to stay informed about how we protect your information.

14. Contact Us for Privacy Inquiries

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact our privacy team using the following information:

Privacy Contact Information

Business Name	Cafe Rio
Privacy Inquiries Email	[email protected]
Website	cafes-rios.digital

We are committed to addressing your privacy concerns promptly and professionally. We will respond to all privacy-related inquiries within a reasonable timeframe and no later than the period required by applicable law.

15. Filing Complaints with Data Protection Authorities

If you believe that your privacy rights have been violated and are not satisfied with our response to your concerns, you have the right to file a complaint with the relevant data protection or consumer protection authority.

15.1 Federal Authorities (United States)

At the federal level, privacy and consumer protection matters are overseen by the Federal Trade Commission (FTC). The FTC enforces consumer protection laws, including those relating to unfair or deceptive practices involving personal data.

Federal Trade Commission (FTC)
Website: www.ftc.gov
Report a complaint: reportfraud.ftc.gov
Phone: 1-877-382-4357

15.2 California Residents

California residents may file complaints regarding CCPA/CPRA violations with the California Privacy Protection Agency (CPPA) or the California Attorney General's Office:

California Privacy Protection Agency (CPPA)
Website: cppa.ca.gov
Email: [email protected]

California Attorney General's Office
Website: oag.ca.gov/privacy
File a complaint: oag.ca.gov

15.3 Other State Residents

Residents of other U.S. states with applicable privacy laws may contact their respective state Attorney General's office or consumer protection agency for guidance on filing a privacy complaint. Many states, including Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and Texas (TDPSA), have enacted their own comprehensive privacy legislation with corresponding enforcement mechanisms.

Our Commitment: Before filing a formal complaint with a regulatory authority, we encourage you to contact us directly at [email protected] to allow us the opportunity to address your concerns. We are committed to resolving privacy issues promptly, fairly, and transparently.

16. Specific Provisions for California Residents

In addition to the rights described in Section 7 above, California residents are entitled to the following disclosures pursuant to the CCPA/CPRA:

16.1 Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information as defined by the CCPA:

Identifiers (name, email, IP address, account ID)
Customer records information (billing address, payment information)
Commercial information (order history, products purchased)
Internet and electronic network activity information (browsing history, interaction data)
Geolocation data (with consent)
Inferences drawn from the above to create a profile

16.2 "Shine the Light" Disclosure

California Civil Code Section 1798.83 permits California residents to request information about disclosures of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for their own direct marketing purposes without your consent. To make such a request, please contact us at [email protected].

16.3 Do Not Sell or Share My Personal Information

As stated in this policy, we do not sell your personal information as defined by the CCPA/CPRA. If our practices change, we will update this policy and provide the required opt-out mechanism on our website homepage.

This Privacy Policy was last reviewed and updated on March 21, 2026. Cafe Rio is committed to protecting your privacy and complying with all applicable data protection laws in the United States. For questions, please contact us at [email protected].