Privacy Policy

This Privacy Policy describes how Cafe Rio ("we," "us," "our," or "the Company") collects, uses, discloses, and protects the personal information of individuals ("you," "your," or "user") who visit our website at eat-caferio.digital, place orders, subscribe to communications, or otherwise interact with our food services. We are committed to protecting your privacy and handling your personal data with transparency, integrity, and full compliance with applicable United States federal and state privacy laws.

Please read this Privacy Policy carefully. By accessing or using our website, submitting an order, or interacting with any of our digital services, you acknowledge that you have read, understood, and agree to the practices described herein. If you do not agree with this policy, please discontinue use of our website and services immediately.

1. About Us and Contact Information

Cafe Rio is a food service business operating in the United States. We provide online ordering, food delivery information, catering inquiries, and related digital services through our website. Our primary point of contact for privacy-related matters is as follows:

For all privacy-related inquiries, requests to exercise your data rights, or complaints, please contact us at the email address listed above. We are committed to responding to all legitimate privacy requests within the timeframes required by applicable law.

2. Scope of This Privacy Policy

This Privacy Policy applies to all personal information collected through:

• Our website located at eat-caferio.digital and any subdomains thereof;
• Online ordering systems, reservation or catering request forms accessible via our website;
• Email newsletters, promotional communications, and marketing campaigns;
• Customer support communications, whether submitted by email, contact form, or other digital means;
• Cookies, web beacons, tracking pixels, and other automated data collection technologies deployed on our website;
• Third-party platforms or services through which you interact with Cafe Rio, to the extent that information is shared back to us.

This policy does not apply to the practices of third-party websites, applications, or services that may be linked from our website. We encourage you to review the privacy policies of any third-party platforms you visit.

3. Information We Collect

We collect several categories of personal information depending on how you interact with our website and services. The categories below describe the types of data we may collect, the sources from which we collect it, and the purposes for collection.

3.1 Personal Identification Information

When you place an online order, create an account, sign up for our mailing list, or contact us for support, we may collect the following personal identification data:

• Full name;
• Email address;
• Phone number;
• Delivery address or billing address;
• Date of birth (if provided for promotional purposes or age verification);
• Username and password (for registered account holders).

3.2 Transaction and Order Information

When you place an order or make a purchase through our website or connected platforms, we collect:

• Order history and food item selections;
• Payment method type (e.g., credit card, debit card) — note: full payment card numbers are processed by our PCI-compliant third-party payment processors and are not stored on our servers;
• Transaction amounts, dates, and confirmation numbers;
• Delivery preferences and special instructions;
• Loyalty program points or rewards information, if applicable.

3.3 Usage and Behavioral Data

We automatically collect certain information about how you interact with our website. This usage data may include:

• IP address;
• Browser type and version;
• Operating system and device type;
• Pages visited, links clicked, and time spent on each page;
• Search terms entered on our website;
• Referring URL (the website that directed you to ours);
• Date and time of your visit;
• Session identifiers and click-stream data.

3.4 Device Information

In connection with your use of our website, we may collect technical information about your device, including:

• Device identifiers or advertising IDs;
• Screen resolution and display settings;
• Language settings;
• Mobile network information (if accessing via a mobile device);
• Geolocation data (if you grant location permissions through your browser or device settings).

3.5 Communications and Feedback Data

If you contact our customer support team or submit feedback, we may retain:

• The content of your message or inquiry;
• Attachments or files you provide;
• Records of our correspondence with you;
• Survey or review responses submitted voluntarily.

3.6 Cookie and Tracking Technology Data

We use cookies and similar tracking technologies to collect data about your browsing behavior on our website. Please refer to Section 9 of this Privacy Policy for a detailed description of our cookie practices.

4. How We Use Your Information

Cafe Rio uses the personal information we collect for a variety of legitimate business purposes. These include, but are not limited to:

4.1 Service Provision and Order Fulfillment

• Processing and fulfilling your food orders, including coordinating delivery or pickup;
• Creating and managing your customer account;
• Sending order confirmations, receipts, and status updates;
• Facilitating catering requests and large-group orders;
• Handling refunds, adjustments, or complaints related to your orders.

4.2 Customer Support

• Responding to your inquiries, questions, and requests;
• Resolving disputes and troubleshooting issues;
• Maintaining records of our customer service interactions for quality assurance.

4.3 Marketing and Promotional Communications

• Sending you email newsletters, special offers, promotions, and loyalty program updates — but only if you have opted in to receive such communications;
• Personalizing marketing content based on your order history and preferences;
• Running targeted advertising campaigns on third-party platforms (e.g., social media) using anonymized or aggregated audience data;
• Conducting contests, sweepstakes, or other promotional activities in which you choose to participate.

4.4 Analytics and Website Improvement

• Analyzing website traffic, user behavior, and engagement metrics to improve our website's functionality and user experience;
• Conducting A/B testing, usability studies, and product research;
• Generating aggregated statistical reports for internal business planning.

4.5 Legal Compliance and Safety

• Complying with applicable federal, state, and local laws and regulations;
• Responding to lawful requests from government authorities, courts, or law enforcement agencies;
• Detecting, preventing, and responding to fraud, security incidents, or illegal activities;
• Enforcing our Terms of Service and other applicable agreements;
• Protecting the rights, property, and safety of Cafe Rio, our customers, and the public.

5. Sharing Your Information with Third Parties

Cafe Rio does not sell your personal information to third parties. However, we may share your information with trusted third parties in the following circumstances:

5.1 Service Providers and Business Partners

We engage carefully vetted third-party service providers who assist us in operating our business, including:

• Payment Processors: PCI DSS-compliant processors that handle payment card transactions securely on our behalf;
• Delivery Partners: Third-party delivery platforms or courier services used to fulfill your food orders;
• Email Service Providers: Platforms used to send transactional emails, newsletters, and promotional campaigns;
• Analytics Providers: Tools such as Google Analytics or similar services that help us understand website usage and performance;
• Cloud Hosting and IT Infrastructure: Providers that store our data and power our website and database systems;
• Customer Relationship Management (CRM) Platforms: Software used to manage customer data, support tickets, and loyalty programs.

All service providers are contractually required to use your personal information only for the purposes specified by us, to maintain appropriate security measures, and to comply with applicable data protection laws.

5.2 Legal Requirements and Law Enforcement

We may disclose your personal information if we believe in good faith that such disclosure is necessary to:

• Comply with a legal obligation, court order, subpoena, or governmental request;
• Enforce our Terms of Service or defend against legal claims;
• Protect the rights, property, or safety of Cafe Rio, our users, or others;
• Detect, prevent, or address fraud, security breaches, or technical issues.

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy involving Cafe Rio, your personal information may be transferred to the acquiring or successor entity. We will notify you via email or a prominent notice on our website if such a transfer occurs and will describe any changes to privacy practices that may result.

5.4 Aggregated or De-identified Data

We may share aggregated or de-identified data — data that cannot reasonably be used to identify you — with business partners, advertisers, or for research and analytics purposes. This does not constitute a "sale" of personal information under applicable law.

6. Data Security Measures

Cafe Rio takes the security of your personal information seriously and implements a range of technical, administrative, and physical safeguards designed to protect your data against unauthorized access, disclosure, alteration, or destruction.

6.1 Technical Safeguards

• All data transmitted between your browser and our website is encrypted using industry-standard TLS (Transport Layer Security) protocols;
• Payment information is processed through PCI DSS-compliant third-party processors; we do not store complete payment card numbers on our servers;
• Access to personal data is restricted to authorized personnel only, using role-based access controls;
• Our systems are monitored regularly for vulnerabilities and intrusion attempts;
• We use firewalls, intrusion detection systems, and other security tools to protect our infrastructure.

6.2 Administrative Safeguards

• Employees and contractors with access to personal data are required to complete privacy and security training;
• We maintain internal data handling policies and procedures;
• Third-party service providers are vetted for security compliance prior to engagement.

6.3 Incident Response

In the event of a data breach that is likely to result in risk to your rights and freedoms, we will notify affected individuals and relevant authorities as required by applicable law, including state breach notification laws in effect across the United States.

Despite our best efforts, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security.

7. Your Privacy Rights

Depending on your state of residence within the United States, you may have certain rights regarding your personal information. We are committed to honoring these rights in accordance with applicable law.

7.1 Rights Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)

If you are a California resident, you have the following rights under the CCPA/CPRA:

• Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the purposes for collection, and the categories of third parties with whom we share it;
• Right to Delete: You may request that we delete the personal information we have collected from you, subject to certain exceptions permitted by law;
• Right to Correct: You may request that we correct inaccurate personal information we maintain about you;
• Right to Opt-Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising. Cafe Rio does not sell personal information; however, you may still request to opt out of any data sharing that constitutes a "sale" under California law;
• Right to Limit Use of Sensitive Personal Information: You may request that we limit our use of sensitive personal information to purposes authorized by the CPRA;
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge you different prices, or provide you a lower quality of service as a result of your exercise of these rights.

To submit a verifiable consumer request under California law, please contact us at [email protected]. We will respond to verified requests within 45 days, with possible extensions as permitted by law.

7.2 Rights Under Other State Privacy Laws

Many other U.S. states have enacted or are implementing consumer privacy laws, including (but not limited to) Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), and others. If you are a resident of a state with applicable privacy legislation, you may have rights similar to those described above, including:

• Right to access your personal data;
• Right to correct inaccurate personal data;
• Right to delete personal data you have provided or that we have collected about you;
• Right to data portability (to receive your data in a usable format);
• Right to opt out of targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects.

To exercise any of these rights, please contact us at [email protected]. We will process your request in accordance with the applicable law for your state.

7.3 How to Submit a Privacy Rights Request

To exercise any of the rights described in this section, you may:

• Send an email to [email protected] with the subject line "Privacy Rights Request";
• Include your full name, state of residence, and a clear description of the right you wish to exercise.

We may need to verify your identity before processing your request. Verification may require you to provide information that matches what we have on file for you. Authorized agents acting on behalf of a consumer must provide written proof of authorization.

8. Data Retention

We retain your personal information only for as long as is necessary to fulfill the purposes outlined in this Privacy Policy, or as required by applicable law. The following general retention principles apply:

• Account Information: Retained for as long as your account remains active, plus an additional period as required for legal or business purposes (typically 3–5 years following account closure);
• Order and Transaction Records: Retained for a minimum of 7 years to comply with tax, accounting, and financial recordkeeping requirements under U.S. federal and state law;
• Marketing and Communication Preferences: Retained until you opt out or withdraw consent, and for a reasonable period thereafter to document your preference;
• Customer Support Records: Retained for up to 3 years following resolution of the relevant inquiry or dispute;
• Usage and Analytics Data: Typically retained in aggregated or anonymized form indefinitely for business analysis purposes; individual-level usage logs may be retained for up to 24 months;
• Legal Hold Data: Data subject to a legal hold, ongoing litigation, or regulatory investigation will be retained until the matter is resolved, regardless of standard retention schedules.

Once personal information is no longer required, we securely destroy, delete, or anonymize it in accordance with our internal data governance procedures.

9. Cookie Policy Overview

Our website uses cookies and similar tracking technologies to enhance your browsing experience, remember your preferences, analyze website traffic, and support our marketing efforts. This section provides a brief overview of our cookie practices.

9.1 Types of Cookies We Use

9.2 Managing Your Cookie Preferences

You can manage or disable non-essential cookies through our cookie consent banner, which appears when you first visit our website. You can also adjust your browser settings to refuse or delete cookies at any time. Please note that disabling certain cookies may affect the functionality of our website.

For more detailed information about the specific cookies we use, the data they collect, and how to manage your preferences, please review our full Cookie Policy available on our website.

10. Children's Privacy

Cafe Rio's website and digital services are intended for use by individuals who are 18 years of age or older. We do not knowingly collect, use, or disclose personal information from children under the age of 18.

If you are a parent or guardian and believe that your child under the age of 18 has provided personal information to us without your consent, please contact us immediately at [email protected]. We will take prompt steps to investigate and delete any such information from our records.

We comply with the Children's Online Privacy Protection Act (COPPA) and do not direct any features, marketing, or content specifically toward children. If we become aware that we have collected personal information from a child under 13 without verifiable parental consent, we will delete that information as quickly as possible.

11. International Data Transfers

Cafe Rio is based in the United States and primarily processes personal information within the United States. However, some of our third-party service providers — including cloud hosting providers, analytics platforms, and email marketing tools — may operate in or transfer data to jurisdictions outside the United States.

If your personal information is transferred to, stored in, or processed in a country other than the United States, we take steps to ensure that adequate protections are in place to safeguard your data in accordance with this Privacy Policy and applicable law. These safeguards may include:

• Contractual clauses or data processing agreements with our international service providers;
• Ensuring that recipient countries provide an adequate level of data protection as recognized under U.S. law;
• Implementing appropriate technical and organizational security measures.

By using our website and services, you acknowledge that your personal information may be transferred to and processed in countries outside your state or country of residence. We are committed to ensuring that such transfers are conducted lawfully and securely.

12. Federal Consumer Protection and Legal Framework

In addition to applicable state privacy laws, our data practices are guided by and comply with relevant federal legal frameworks, including:

• FTC Act (Section 5): We comply with the Federal Trade Commission's standards for unfair or deceptive trade practices, including prohibitions on deceptive privacy policies or data practices;
• CAN-SPAM Act: All commercial email communications sent by Cafe Rio comply with the CAN-SPAM Act, including clear sender identification, honest subject lines, and a functioning opt-out mechanism;
• COPPA (Children's Online Privacy Protection Act): As described in Section 10, we do not knowingly collect data from children under 13;
• CCPA/CPRA (California Consumer Privacy Act / California Privacy Rights Act): As described in Section 7, we honor the privacy rights of California residents.

13. Third-Party Links and Services

Our website may contain links to third-party websites, social media platforms, or embedded content (such as delivery partner portals or map services). These third-party services operate independently from Cafe Rio and have their own privacy policies. We are not responsible for the privacy practices or content of third-party websites.

We encourage you to review the privacy policies of any third-party services before submitting personal information to them. The inclusion of a link to a third-party website on our website does not constitute an endorsement of that website or its privacy practices.

14. Marketing Communications and Opt-Out

We may send you promotional emails, newsletters, and special offers related to Cafe Rio's food services, seasonal promotions, or loyalty program updates. You will only receive these communications if you have expressly opted in to receive them (e.g., by subscribing to our newsletter, creating an account, or checking an opt-in box during the ordering process).

You may unsubscribe from marketing communications at any time by:

• Clicking the "Unsubscribe" link at the bottom of any marketing email;
• Sending an email request to [email protected] with "Unsubscribe" in the subject line.

Please note that even if you opt out of marketing communications, we may still send you transactional emails related to your orders, account activity, or important legal notices. These communications are necessary for service delivery and cannot be opted out of while you maintain an active account or pending orders with us.

15. How to File a Privacy Complaint

If you have a concern about how Cafe Rio handles your personal information, we encourage you to contact us first so that we can work to resolve the issue directly.

To submit a privacy complaint:

1. Email us at [email protected] with the subject line "Privacy Complaint";
2. Describe the nature of your complaint in as much detail as possible;
3. Include your name and contact information so we can respond to you;
4. We will acknowledge receipt of your complaint within 10 business days and provide a substantive response within 30–45 days, depending on the complexity of the issue.

15.1 Complaints to Regulatory Authorities

If you are a California resident and believe we have violated your rights under the CCPA/CPRA and have not been able to resolve the issue directly with us, you may submit a complaint to:

If you believe we have engaged in unfair or deceptive practices in violation of the FTC Act, you may also submit a complaint to the Federal Trade Commission:

Residents of other states may also have the right to submit complaints to their state's Attorney General or dedicated privacy regulator. We encourage you to consult the relevant authority for your state.

16. Changes to This Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our data practices, applicable laws, or business operations. When we make material changes to this policy, we will:

• Update the "Last Updated" date at the top of this page;
• Post a prominent notice on our website homepage or via a banner notification;
• Send an email notification to registered users or active customers, where feasible and appropriate.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website following the posting of changes constitutes your acceptance of the revised Privacy Policy.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to reach out to us. Our privacy contact information is:

We are dedicated to protecting your privacy and will make every reasonable effort to address your concerns promptly and in compliance with applicable law. Thank you for trusting Cafe Rio with your personal information.