Privacy Policy

Effective Date: May 28, 2026 | Last Updated: May 28, 2026

This Privacy Policy describes how Cafe Rio ("we," "us," "our," or "the Company") collects, uses, discloses, retains, and protects information about you when you visit our website at caferiofood.rest, place orders, use our digital services, or otherwise interact with us. We are committed to protecting your personal information and your right to privacy. Please read this policy carefully. If you have questions or concerns about this policy or our practices with regard to your personal information, please contact us at [email protected].

By accessing or using our website, mobile applications, or any of our services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.

1. About Us

Cafe Rio is a food service business operating in the United States. We provide fresh, quality food products and dining experiences to our customers, both in-person and through our digital platforms.

Company Name	Cafe Rio
Website	caferiofood.rest
Email Address	[email protected]
Country of Operation	United States

For any privacy-related inquiries, please direct your correspondence to our email address provided above. We will respond to all verified requests within the timeframes required by applicable law.

2. Scope of This Privacy Policy

This Privacy Policy applies to all personal information we collect through:

Our website at caferiofood.rest and any subdomains thereof
Our mobile applications (if applicable)
Our online ordering platforms and third-party delivery integrations
Email, telephone, and other electronic communications
In-store interactions, loyalty programs, and promotions
Social media platforms and advertising networks
Any other digital or physical touchpoint where this policy is referenced

This policy does not apply to third-party websites, applications, or services that may be linked to from our website. We encourage you to review the privacy policies of any third-party services you visit.

3. Information We Collect

We collect several types of information from and about users of our services, including information by which you may be personally identified ("personal information") and information that does not directly identify you ("non-personal information").

3.1 Personal Information You Provide Directly

When you interact with us voluntarily, we may collect the following categories of personal information:

Identity Information: First name, last name, username or similar identifier, date of birth, and gender
Contact Information: Email address, telephone number, billing address, delivery address, and postal address
Account Credentials: Username, password, and security questions and answers used to create and secure your account
Payment Information: Credit card numbers, debit card numbers, billing details, and other payment-related information (processed securely through third-party payment processors)
Order Information: Details about the food items you have ordered, dietary preferences, special instructions, and order history
Profile Information: Your preferences, feedback, survey responses, and communications with us
Loyalty and Rewards Data: Points balances, redemption history, and participation in promotional offers
Communications: Records of correspondence you have had with us, including emails, chat messages, and support tickets

3.2 Information Collected Automatically

When you visit our website or use our digital services, we automatically collect certain technical and usage information, including:

Device Information: IP address, device type, operating system and version, browser type and version, device identifiers, and mobile network information
Usage Data: Pages you visit, links you click, features you use, time spent on pages, referring and exit pages, and search queries entered on our site
Location Data: General geographic location based on IP address; precise geolocation if you grant permission through your device settings
Cookies and Tracking Technologies: Information collected through cookies, web beacons, pixel tags, local storage, and similar technologies (see Section 8 for full details)
Log Data: Server log files, error reports, and diagnostic information related to your use of our services
Transaction Data: Details about payments to and from you, including the date, time, amount, and method of payment

3.3 Information From Third Parties

We may also receive personal information about you from third-party sources, including:

Social Media Platforms: If you connect a social media account (e.g., Facebook, Google) to our services, we may receive your public profile information and email address
Third-Party Delivery Partners: Delivery platforms and services that facilitate food orders placed through their apps or websites
Analytics Providers: Aggregated and anonymized data from analytics services that help us understand how users interact with our website
Marketing Partners: Information about your interests and interactions from advertising and marketing partners
Payment Processors: Confirmation of payment transactions and fraud screening results

4. How We Use Your Information

We use the information we collect for a variety of business and operational purposes, consistent with applicable law. Specifically, we use your personal information to:

4.1 Provide and Manage Our Services

Process and fulfill your food orders, including online and in-store purchases
Create, manage, and secure your account
Process payments and prevent fraudulent transactions
Facilitate delivery services and communicate estimated delivery or pickup times
Administer loyalty programs, promotions, contests, and rewards
Provide customer support and resolve disputes or complaints

4.2 Analytics and Service Improvement

Analyze user behavior, preferences, and trends to improve our website, app, and services
Conduct internal research and development to create new features and menu items
Monitor and analyze the effectiveness of our marketing campaigns
Measure website performance, troubleshoot technical issues, and ensure platform stability
Compile aggregated, anonymized statistics about user demographics and usage patterns

4.3 Marketing and Communications

Send you promotional emails, newsletters, and special offers about our food, events, and services — with your consent where required by law
Personalize the content, recommendations, and advertisements you see based on your preferences and order history
Deliver targeted advertisements through social media platforms and third-party advertising networks
Communicate important updates about your account, orders, or changes to our policies
Invite you to complete surveys or provide feedback about your experience

4.4 Legal Compliance and Safety

Comply with applicable federal and state laws and regulations in the United States
Respond to lawful requests from government authorities, courts, or law enforcement agencies
Enforce our Terms of Service and other agreements
Detect, investigate, and prevent fraudulent transactions, abuse, or illegal activities
Protect the rights, property, and safety of Cafe Rio, our customers, and the public

Legal Basis: We rely on several legal bases for processing your personal information under applicable U.S. law, including the performance of a contract with you, our legitimate business interests, your consent, and compliance with legal obligations. Where required, we will seek your explicit consent before processing your data for specific purposes.

5. Sharing Your Information With Third Parties

We do not sell your personal information to third parties for their own marketing purposes without your explicit consent. However, we do share your information in the following circumstances:

5.1 Service Providers and Business Partners

We engage trusted third-party service providers to perform functions on our behalf. These parties are contractually obligated to protect your information and use it only for the specified purpose. Such service providers include:

Payment processors (e.g., Stripe, Square, or similar platforms) for secure transaction processing
Delivery and logistics companies that facilitate order fulfillment
Cloud hosting and data storage providers
Email marketing platforms and customer relationship management (CRM) systems
Analytics providers such as Google Analytics
Customer support software and live chat providers
Advertising and retargeting platforms
Fraud prevention and identity verification services

5.2 Social Media and Advertising Networks

We may share anonymized or pseudonymized data with social media platforms (such as Meta/Facebook and Google) to deliver targeted advertising to you and to reach similar audiences. These platforms may combine our data with information they already hold about you.

5.3 Legal Requirements and Protection of Rights

We may disclose your personal information when required by law or when we believe in good faith that disclosure is necessary to:

Comply with a subpoena, court order, legal process, or government request
Enforce our Terms of Service or other agreements
Investigate, prevent, or take action regarding suspected illegal activity or fraud
Protect the rights, safety, or property of Cafe Rio, its employees, customers, or the public

5.4 Business Transfers

In the event that Cafe Rio undergoes a merger, acquisition, reorganization, asset sale, or bankruptcy proceeding, your personal information may be transferred to the acquiring entity or successor as part of the transaction. We will notify you of any such change in ownership or transfer of assets through a prominent notice on our website or via email prior to the completion of such a transaction.

5.5 With Your Consent

We may share your personal information with other parties not described above when we have obtained your express consent to do so.

6. Data Security

We take the security of your personal information seriously and have implemented a range of technical, administrative, and physical safeguards designed to protect your data against unauthorized access, disclosure, alteration, and destruction.

6.1 Security Measures We Employ

Encryption: We use industry-standard SSL/TLS encryption to protect data in transit between your browser and our servers. Payment card information is encrypted and processed by PCI-DSS compliant payment processors.
Access Controls: Access to personal information is restricted to employees, contractors, and service providers who need it to perform their job functions. All staff with access to personal data are trained in data protection practices.
Firewalls and Intrusion Detection: We employ firewalls, intrusion detection systems, and regular security audits to monitor and protect our infrastructure.
Password Security: Passwords are stored in hashed and salted form and are never stored in plain text.
Regular Security Assessments: We conduct regular vulnerability assessments and penetration testing to identify and remediate potential security weaknesses.
Incident Response: We have a data breach response plan in place and will notify affected users and relevant authorities as required by law in the event of a security incident.

Important Notice: While we employ robust security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee the absolute security of your personal information. You are responsible for maintaining the confidentiality of your account credentials and for any activities conducted under your account.

7. Your Privacy Rights

Depending on your state of residence within the United States, you may have certain rights regarding your personal information. We are committed to honoring these rights in accordance with applicable law, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other applicable state privacy laws.

7.1 Rights Available to All U.S. Residents

Right to Know: You have the right to know what categories of personal information we collect about you, the purposes for which we use it, and the categories of third parties with whom we share it.
Right to Access: You have the right to request a copy of the specific pieces of personal information we hold about you.
Right to Correction: You have the right to request that we correct inaccurate or incomplete personal information we hold about you.
Right to Deletion: You have the right to request that we delete the personal information we have collected about you, subject to certain legal exceptions.
Right to Opt-Out of Marketing: You have the right to opt out of receiving promotional emails and marketing communications from us at any time.

7.2 Additional Rights for California Residents (CCPA/CPRA)

If you are a resident of California, you have the following additional rights under the CCPA/CPRA:

Right to Opt-Out of Sale or Sharing: You have the right to direct us not to sell or share your personal information with third parties. To exercise this right, please contact us at [email protected].
Right to Limit Use of Sensitive Personal Information: You have the right to limit our use and disclosure of sensitive personal information (such as precise geolocation, health information, or financial data) to purposes strictly necessary for providing our services.
Right to Data Portability: You have the right to receive a copy of your personal information in a portable, machine-readable format.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. This means we will not deny you services, charge you a different price, or provide you with a lower quality of service because you exercised your privacy rights.

7.3 How to Exercise Your Rights

To exercise any of the rights described above, you may submit a verifiable consumer request by:

Email: Sending a request to [email protected] with the subject line "Privacy Rights Request"
Website: Submitting a request through the contact form available at caferiofood.rest

We will acknowledge receipt of your request within 10 business days and respond to your verified request within 45 calendar days. If we require additional time (up to 90 days total), we will notify you of the extension and the reason for it. We may need to verify your identity before processing your request to protect your privacy and security.

You may designate an authorized agent to submit requests on your behalf. We will require proof of the authorized agent's written authorization and may require additional verification of your identity.

8. Cookie Policy and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and deliver personalized content and advertisements. This section provides a summary of our cookie practices.

8.1 Types of Cookies We Use

Cookie Type	Purpose	Duration
Strictly Necessary	Essential for the website to function, including session management, shopping cart functionality, and security features	Session / Short-term
Performance & Analytics	Collect information about how visitors use our site, including page views, traffic sources, and user journeys	Up to 2 years
Functional	Remember your preferences, such as language settings, saved addresses, and personalization options	Up to 1 year
Marketing & Advertising	Track your activity across websites to deliver relevant ads and measure campaign effectiveness	Up to 2 years

8.2 Managing Your Cookie Preferences

You can control and manage cookies in several ways:

Browser Settings: Most web browsers allow you to refuse or delete cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.
Cookie Consent Tool: When you first visit our website, you will be presented with a cookie consent banner that allows you to accept or decline non-essential cookies.
Opt-Out Links: You may opt out of interest-based advertising by visiting the Digital Advertising Alliance opt-out page or the Network Advertising Initiative opt-out page.
Google Analytics Opt-Out: You may install the Google Analytics Opt-out Browser Add-on to prevent your data from being collected by Google Analytics.

For more detailed information about our use of cookies, please refer to our full Cookie Policy, which is available on our website at caferiofood.rest.

9. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Our retention periods are determined based on the following criteria:

Data Category	Retention Period
Account and profile information	Duration of account activity, plus 3 years after account closure
Order and transaction history	7 years (for tax and accounting compliance)
Payment information	Retained by payment processors per their policies; we store only tokenized references
Marketing and communication preferences	Until you opt-out or request deletion, plus 1 year
Customer support records	3 years from the date of the last interaction
Website usage and analytics data	Up to 26 months in anonymized or aggregated form
Legal compliance and dispute records	As required by applicable law, typically 5–10 years

After the applicable retention period expires, we will securely delete, anonymize, or aggregate your personal information so that it can no longer be associated with you.

10. Children's Privacy

Age Restriction: Our services are intended for individuals who are 18 years of age or older. We do not knowingly collect personal information from children under the age of 13, and we do not direct our services to minors.

We do not knowingly collect, solicit, or maintain personal information from persons under the age of 13. Our website and services are not directed to children under 13. This practice is consistent with the Children's Online Privacy Protection Act (COPPA), which imposes special requirements on the online collection of information from children under 13.

If you are between the ages of 13 and 17, please do not use our services without the involvement and consent of a parent or legal guardian. We encourage parents and guardians to monitor the online activities of their minor children and to help us enforce this Privacy Policy by instructing their children never to provide personal information through our website or services without parental permission.

If we become aware that we have collected personal information from a child under the age of 13 without appropriate consent, we will take immediate steps to delete that information from our systems. If you believe we may have inadvertently collected personal information from a child under 13, please contact us immediately at [email protected].

11. International Data Transfers

Cafe Rio is based in the United States, and your personal information is primarily stored and processed within the United States. However, some of our service providers and partners may be located in or operate from countries outside the United States. When we transfer personal information internationally, we take steps to ensure that adequate protections are in place to safeguard your information in accordance with this Privacy Policy and applicable law.

If you are accessing our services from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country of residence. By using our services, you acknowledge and consent to this transfer, storage, and processing of your information in the United States.

For international transfers involving users in jurisdictions with specific data transfer requirements (such as the European Economic Area, the United Kingdom, or other regions with adequacy decisions or standard contractual clauses), we implement appropriate safeguards as required by applicable law. Please contact us at [email protected] for more information about the mechanisms we use to transfer data internationally.

12. Do Not Track Signals

Some web browsers include a "Do Not Track" (DNT) feature or setting that you can activate to signal your preference not to have data about your online browsing activities monitored and collected. Currently, there is no uniform technology standard for recognizing and implementing DNT signals. As a result, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online.

If a standard for online tracking is adopted that we must follow in the future, we will update this Privacy Policy accordingly. In the meantime, you may use the opt-out mechanisms described in our Cookie Policy section to manage your tracking preferences.

13. Third-Party Links and Services

Our website and services may contain links to third-party websites, applications, and services that are not owned or controlled by Cafe Rio. These include social media platforms, food delivery apps, and payment processors. This Privacy Policy applies only to our own services and does not govern the practices of any third party.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites or services. We encourage you to review the privacy policies of every site you visit and service you use. Linking to a third-party website does not constitute our endorsement of that site or its privacy practices.

14. Opt-Out of Marketing Communications

You have the right to opt out of receiving marketing communications from us at any time. You can exercise this right by:

Clicking the "Unsubscribe" link located at the bottom of any marketing email we send you
Emailing us at [email protected] with the subject line "Unsubscribe" or "Marketing Opt-Out"
Updating your communication preferences in your account settings (if applicable)

Please note that even if you opt out of marketing communications, we may still send you transactional and service-related emails, such as order confirmations, account notifications, and important policy updates. These communications are necessary for the operation of our services and cannot be opted out of while you maintain an active account with us.

Processing your opt-out request may take up to 10 business days. During this time, you may continue to receive communications that were already in progress.

15. Applicable Law and Regulatory Framework

As a business operating in the United States, Cafe Rio complies with all applicable federal and state privacy and data protection laws, including but not limited to:

Federal Trade Commission Act (FTC Act), 15 U.S.C. § 45: We adhere to the FTC's standards for fair and non-deceptive practices in the collection and use of consumer data.
California Consumer Privacy Act (CCPA), Cal. Civ. Code § 1798.100 et seq., as amended by the California Privacy Rights Act (CPRA): We honor the privacy rights of California residents as described in Section 7 of this policy.
Children's Online Privacy Protection Act (COPPA), 15 U.S.C. §§ 6501–6506: We do not knowingly collect personal information from children under 13.
CAN-SPAM Act, 15 U.S.C. § 7701 et seq.: All commercial email communications we send comply with the CAN-SPAM Act's requirements, including clear identification, a physical mailing address, and an opt-out mechanism.
State-Specific Privacy Laws: We monitor and comply with privacy laws enacted by other U.S. states, including Virginia, Colorado, Connecticut, and Utah, as those laws apply to our operations and users.

16. Filing a Complaint

If you believe that we have not handled your personal information in accordance with this Privacy Policy or applicable law, we encourage you to contact us first so that we can attempt to resolve your concern directly.

You may also have the right to file a complaint with relevant regulatory authorities, including:

Federal Trade Commission (FTC): The FTC enforces federal consumer protection and privacy laws. You can file a complaint at www.ftc.gov or by calling 1-877-FTC-HELP (1-877-382-4357).
California Privacy Protection Agency (CPPA): California residents may file complaints with the CPPA at cppa.ca.gov.
California Attorney General's Office: Complaints related to CCPA violations may also be submitted to the California Office of the Attorney General at oag.ca.gov/privacy/ccpa.
Your State Attorney General: Residents of other U.S. states may have the right to file complaints with their state's Attorney General or consumer protection office.

17. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our business practices, legal requirements, or industry standards. When we make material changes to this policy, we will:

Post the updated Privacy Policy on our website at caferiofood.rest with a new "Last Updated" date at the top
Send an email notification to registered users at the email address associated with their account
Display a prominent notice on our website homepage for a reasonable period following the update

Your continued use of our services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. We encourage you to review this policy periodically to stay informed about how we protect your information.

18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact our privacy team using the details below:

Cafe Rio — Privacy Inquiries

Email: [email protected]
Website: caferiofood.rest
Subject Line for Privacy Requests: "Privacy Policy Inquiry" or "Privacy Rights Request"

We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. We will respond to all legitimate inquiries within the timeframes required by applicable law.