Privacy Policy
This Privacy Policy describes how Cafe Rio ("we," "us," or "our") collects, uses, discloses, and safeguards your personal information when you visit our website cafessrio.digital, place orders, use our services, or otherwise interact with us. Please read this policy carefully. By using our website or services, you acknowledge that you have read and understood the practices described herein.
We are committed to protecting your privacy and handling your personal data in an open and transparent manner. This Privacy Policy applies to all users of our website, mobile platforms, online ordering systems, loyalty programs, and any other digital or in-person touchpoints operated by Cafe Rio in the United States.
If you do not agree with the terms of this Privacy Policy, please discontinue use of our website and services immediately. If you have questions about this policy, please contact us using the information provided in the Contact Us section below.
1. Who We Are
Cafe Rio is a food service business operating in the United States. We provide restaurant services, online food ordering, catering, loyalty programs, and related digital services to our customers.
| Business Name | Cafe Rio |
|---|---|
| Website | cafessrio.digital |
| Email Address | [email protected] |
| Country of Operation | United States |
For all privacy-related matters, data access requests, or concerns, please contact us at the email address listed above or via the contact form on our website.
2. Applicable Laws and Legal Framework
As a business operating in the United States, we comply with applicable federal and state privacy laws, including but not limited to:
- The California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) — which grants California residents specific rights regarding their personal information.
- The Federal Trade Commission (FTC) Act — which prohibits unfair or deceptive acts or practices, including with respect to privacy and data security.
- The CAN-SPAM Act — which governs commercial email communications.
- The Children's Online Privacy Protection Act (COPPA) — which restricts the online collection of personal information from children under the age of 13.
- State-specific consumer protection and data privacy statutes applicable in the states where we operate.
We may update this policy as new privacy laws come into effect or as existing laws are amended. We encourage you to review this Privacy Policy periodically.
3. Information We Collect
We collect several types of information in connection with your use of our website, services, and interactions with Cafe Rio. This information falls into the following categories:
3.1 Personal Information You Provide Directly
When you interact with us — such as by creating an account, placing an order, signing up for our loyalty program, contacting customer support, or subscribing to our newsletter — you may provide us with personal information, including:
- Identity Information: Full name, username or display name.
- Contact Information: Email address, phone number, mailing or delivery address.
- Account Credentials: Username, password (stored in encrypted form), and security questions.
- Order and Transaction Information: Items ordered, order history, special dietary preferences or requests, billing information, and payment details (note: full payment card data is processed by our PCI-DSS compliant payment processors and is not stored directly by us).
- Loyalty Program Data: Points balance, redemption history, promotional interactions, and preferences.
- Communications: Messages, feedback, complaints, or inquiries you send to us via email, contact forms, or social media.
- Survey and Promotional Responses: Information you provide in response to surveys, contests, or promotions.
3.2 Information Collected Automatically
When you visit our website or use our digital platforms, we automatically collect certain technical and usage information through cookies, web beacons, pixels, and similar tracking technologies, including:
- Device Information: IP address, browser type and version, operating system, device type (desktop, mobile, tablet), screen resolution, and device identifiers.
- Usage Data: Pages visited, links clicked, time spent on pages, referring URLs, search terms entered on our site, and navigation patterns.
- Location Data: General geographic location derived from IP address; precise location data only if you grant permission through your device settings.
- Cookie and Tracking Data: Session identifiers, preferences stored in cookies, advertising identifiers, and analytics data. Please see Section 8 (Cookie Policy) for more details.
- Log Data: Server logs including access times, pages served, error logs, and similar diagnostic information.
3.3 Information from Third Parties
We may also receive information about you from third-party sources, such as:
- Social Media Platforms: If you log in using a social media account (e.g., Google, Facebook) or interact with our social media pages, we may receive profile information as permitted by your settings on those platforms.
- Third-Party Delivery Partners: If you place an order through a third-party delivery service (e.g., DoorDash, Uber Eats, Grubhub), we may receive limited order and contact information necessary to fulfill your order.
- Analytics and Advertising Partners: Partners may provide us with aggregated or de-identified data to improve our marketing efforts and website performance.
- Payment Processors: We receive limited transaction confirmation information from our payment processors to verify and fulfill your orders.
3.4 Sensitive Personal Information
In limited circumstances, we may collect information that is considered sensitive under applicable law, such as dietary needs or food allergy information that you voluntarily provide to us. We use this information solely for the purpose of fulfilling your food orders and ensuring your safety, and we do not use sensitive personal information for advertising or unrelated profiling purposes.
4. How We Use Your Information
We use the information we collect for the following purposes, each of which represents a legitimate operational, contractual, or legal basis for processing:
4.1 Providing and Managing Services
- Processing and fulfilling your food orders, whether placed online, via app, or in-store.
- Creating and managing your customer account and loyalty program membership.
- Processing payments and sending order confirmations, receipts, and delivery updates.
- Coordinating catering services and managing reservations.
- Responding to your customer service inquiries and resolving complaints.
4.2 Improving Our Services
- Analyzing usage patterns and customer feedback to improve our menu, website, and overall customer experience.
- Conducting internal research and analytics to understand customer preferences and trends.
- Testing new features, products, and promotions before broader rollout.
- Monitoring website performance and identifying technical issues.
4.3 Marketing and Communications
- Sending you promotional emails, special offers, and newsletters if you have opted in to receive them.
- Personalizing your experience on our website and in our communications based on your preferences and order history.
- Displaying targeted advertisements on our website and on third-party platforms (subject to your cookie preferences).
- Administering loyalty rewards, contests, sweepstakes, and promotional campaigns.
You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any marketing email or by contacting us at [email protected].
4.4 Legal Compliance and Safety
- Complying with applicable federal, state, and local laws and regulations.
- Responding to lawful requests from courts, law enforcement, and regulatory authorities.
- Enforcing our Terms of Service and protecting our legal rights and interests.
- Detecting, preventing, and investigating fraud, unauthorized access, and other illegal activities.
- Protecting the safety and security of our customers, employees, and business operations.
4.5 Business Operations
- Maintaining business records and financial accounting.
- Managing supplier and partner relationships.
- Conducting due diligence in connection with potential business transactions such as mergers or acquisitions.
5. Sharing Your Information with Third Parties
We do not sell your personal information to third parties for monetary compensation. However, we may share your information with carefully selected third parties in the following circumstances:
5.1 Service Providers
We work with trusted third-party service providers who perform services on our behalf. These providers are contractually obligated to use your information only for the purposes we specify and to maintain appropriate security measures. Our service providers include companies that assist with:
- Payment processing and fraud prevention (e.g., Stripe, Square, or similar processors)
- Website hosting and cloud infrastructure
- Email marketing and customer communications platforms
- Customer relationship management (CRM) systems
- Analytics and performance monitoring tools (e.g., Google Analytics)
- Online advertising and retargeting platforms
- Food delivery and logistics partners
- IT support and cybersecurity services
5.2 Legal Requirements and Law Enforcement
We may disclose your personal information if required to do so by law or in good faith belief that such action is necessary to:
- Comply with a legal obligation, court order, subpoena, or government request.
- Protect and defend our legal rights or property.
- Prevent or investigate possible wrongdoing, fraud, or illegal activity in connection with our services.
- Protect the personal safety of our users, customers, employees, or the public.
5.3 Business Transfers
In the event that Cafe Rio undergoes a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of its assets, your personal information may be transferred to the acquiring entity. We will notify you via a prominent notice on our website or via email if such a transfer occurs and if your rights under this Privacy Policy change as a result.
5.4 Aggregated or De-Identified Data
We may share aggregated, anonymized, or de-identified information — which cannot reasonably be used to identify you — with third parties for research, marketing, analytics, or other business purposes.
5.5 With Your Consent
We may share your personal information with additional third parties when you have provided your explicit consent to do so, such as when participating in co-branded promotions or integrations with partner services.
6. Data Security
We take the security of your personal information seriously and implement a range of technical, administrative, and physical safeguards to protect your data against unauthorized access, alteration, disclosure, or destruction. Our security measures include:
- Encryption: All data transmitted between your browser and our website is protected using industry-standard SSL/TLS encryption. Sensitive data such as passwords is stored using strong, one-way cryptographic hashing algorithms.
- Access Controls: Access to personal data within our organization is restricted to authorized personnel on a need-to-know basis. Employees with access to personal data receive regular privacy and security training.
- Secure Payment Processing: We use PCI-DSS compliant payment processors. We do not store full credit card numbers or CVV codes on our systems.
- Regular Security Assessments: We conduct periodic security assessments, vulnerability scans, and penetration testing to identify and address potential vulnerabilities.
- Incident Response: We maintain an incident response plan to promptly detect, investigate, and respond to data security incidents. In the event of a data breach, we will notify affected individuals and relevant authorities in accordance with applicable law.
- Physical Security: Our servers and physical infrastructure are hosted in secure, access-controlled data centers with environmental protections.
7. Your Privacy Rights
Depending on your location and applicable law, you may have the following rights regarding your personal information. We are committed to honoring these rights in a timely and transparent manner.
7.1 Rights for All Users
- Right to Access: You have the right to request a copy of the personal information we hold about you.
- Right to Correction: You have the right to request that we correct any inaccurate or incomplete personal information about you.
- Right to Deletion: You may request that we delete your personal information, subject to certain exceptions (e.g., where we are required to retain data by law or where retention is necessary for legitimate business purposes).
- Right to Opt-Out of Marketing: You may opt out of receiving marketing communications from us at any time.
7.2 Additional Rights for California Residents (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you the following additional rights:
- Right to Know: The right to know what personal information we collect, use, disclose, and sell (or share) about you, including the categories of personal information, sources of collection, business purposes, and categories of third parties with whom it is shared.
- Right to Data Portability: The right to receive your personal information in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another entity.
- Right to Opt-Out of Sale or Sharing: The right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising. Note: We do not sell personal information for monetary compensation. However, certain data shared with advertising partners may constitute "sharing" under the CPRA, and you have the right to opt out.
- Right to Limit Use of Sensitive Personal Information: The right to limit our use and disclosure of sensitive personal information to purposes specified by the CPRA.
- Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your privacy rights. We will not deny you goods or services, charge different prices, or provide a different level of service because you exercised your rights under the CCPA/CPRA.
- Right to Correct: The right to request correction of inaccurate personal information we maintain about you.
7.3 How to Exercise Your Rights
To exercise any of your privacy rights, please contact us using the following methods:
- Email: [email protected] with the subject line "Privacy Rights Request"
- Website: cafessrio.digital via our contact form
We will verify your identity before processing your request to ensure the security of your information. We will respond to verifiable consumer requests within 45 days of receipt. If we require more time (up to an additional 45 days), we will inform you of the reason and extension period in writing. We will not charge a fee for processing your request unless it is excessive, repetitive, or manifestly unfounded.
You may also designate an authorized agent to submit a request on your behalf. We will require written authorization or a power of attorney, along with verification of the agent's identity, before processing such requests.
8. Cookie Policy Overview
Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and deliver personalized content and advertisements. This section provides a brief overview. For comprehensive information, please review our full Cookie Policy.
8.1 Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential Cookies | Required for the website to function properly (e.g., login sessions, shopping cart) | Session / Up to 1 year |
| Analytics Cookies | Help us understand how visitors use our website (e.g., Google Analytics) | Up to 2 years |
| Functional Cookies | Remember your preferences (e.g., language, location, saved items) | Up to 1 year |
| Marketing/Advertising Cookies | Used to deliver relevant advertisements and track campaign performance | Up to 2 years |
You can manage your cookie preferences through our cookie consent banner when you first visit our site, or at any time through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.
To opt out of Google Analytics tracking, you may use the Google Analytics Opt-Out Browser Add-on.
9. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Our general data retention guidelines are as follows:
| Data Category | Retention Period |
|---|---|
| Customer account information | Duration of active account plus 3 years after account closure |
| Order and transaction records | 7 years (for tax and accounting purposes) |
| Marketing preferences and communications | Until opt-out, then 1 year for record-keeping |
| Website usage and analytics data | Up to 26 months |
| Customer support communications | 3 years from resolution |
| Legal compliance records | As required by applicable law (typically 5–7 years) |
| Cookie and tracking data | As specified in each cookie's expiration (see Section 8) |
When your personal information is no longer needed, we will securely delete or anonymize it in accordance with our data disposal policies. If deletion is not immediately possible (e.g., because your information is stored in backup archives), we will securely store and isolate your information from further processing until deletion is feasible.
10. Children's Privacy
Cafe Rio's online services are not directed at children under the age of 18. We do not knowingly collect, use, or disclose personal information from minors. If you are under 18 years of age, please do not use our website or provide any personal information to us.
In accordance with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect personal information from children under 13 years of age. If we become aware that we have inadvertently collected personal information from a child under the age of 13, we will take immediate steps to delete such information from our records.
If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at [email protected] so that we may take appropriate action.
11. International Data Transfers
Cafe Rio is based in the United States, and your personal information is primarily collected, stored, and processed in the United States. If you are accessing our website from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your home country.
We take steps to ensure that any international transfer of personal data is subject to appropriate safeguards. If you are located in a jurisdiction with data protection laws that restrict cross-border data transfers, we will ensure that such transfers comply with applicable requirements, which may include:
- Transferring data only to countries that provide an adequate level of data protection as recognized by the relevant authorities.
- Using standard contractual clauses, binding corporate rules, or other legally approved transfer mechanisms.
- Obtaining your explicit consent where required by applicable law.
Our third-party service providers may also process your data in countries other than the United States. We require all such providers to maintain equivalent data protection standards.
12. Third-Party Links and Services
Our website may contain links to third-party websites, apps, or services — including social media platforms, delivery partners, and advertising networks — that are not operated by us. This Privacy Policy does not apply to those third-party services.
We encourage you to review the privacy policies of any third-party services you visit or use. We have no control over and assume no responsibility for the content, privacy practices, or security of third-party websites or services.
13. Social Media and Online Ordering Platforms
When you interact with Cafe Rio through social media platforms (such as Instagram, Facebook, X/Twitter, or TikTok), or when you place orders through third-party platforms (such as DoorDash, Uber Eats, or Grubhub), those platforms may independently collect your personal information. Such data collection is governed by the respective platform's privacy policy, not by this Privacy Policy.
Information we receive from these platforms is limited to what is necessary for order fulfillment, customer service, and improving our services, and is handled in accordance with this Privacy Policy.
14. Do Not Track Signals
Some browsers have a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activities tracked. Our website currently does not respond to DNT signals from web browsers because there is no uniform standard for how such signals should be interpreted.
However, you can manage your tracking preferences through our cookie consent tool and through your browser's privacy settings. California residents may also exercise the right to opt out of the sale or sharing of personal information as described in Section 7.2.
15. California "Shine the Light" Law
California Civil Code Section 1798.83, also known as the "Shine the Light" law, permits California residents to request information about the categories of personal information (if any) that we disclosed to third parties for direct marketing purposes in the preceding calendar year, as well as the names and addresses of those third parties.
If you are a California resident and would like to make such a request, please contact us at [email protected] with the subject line "California Shine the Light Request." We will respond to your request within 30 days.
16. Nevada Privacy Rights
Nevada residents have the right to opt out of the sale of certain covered information that we have collected or will collect about them. If you are a Nevada resident and wish to submit an opt-out request, please contact us at [email protected] with the subject line "Nevada Privacy Opt-Out Request." We will respond within 60 days of receipt.
17. How to File a Complaint
If you have concerns about our privacy practices or believe that we have not handled your personal information in accordance with this Privacy Policy or applicable law, we encourage you to contact us first so that we can address your concern directly:
- Email: [email protected]
- Subject Line: Privacy Complaint
- Website: cafessrio.digital
We will acknowledge receipt of your complaint within 5 business days and aim to resolve all privacy-related complaints within 30 days.
If you are not satisfied with our response, you may file a complaint with the relevant data protection authority:
17.1 Federal Trade Commission (FTC)
The FTC is the primary federal agency responsible for consumer protection and enforcement of federal privacy laws in the United States.
- Website: www.ftc.gov/complaint
- Phone: 1-877-FTC-HELP (1-877-382-4357)
17.2 California Privacy Protection Agency (CPPA)
California residents may also contact the California Privacy Protection Agency, which enforces the CCPA/CPRA:
- Website: cppa.ca.gov
17.3 State Attorney General Offices
Residents of other states may contact their respective State Attorney General's office for consumer protection-related complaints. A directory of State Attorney General offices is available at www.naag.org.
18. Changes to This Privacy Policy
We reserve the right to update or modify this Privacy Policy at any time and for any reason. We will notify you of material changes by:
- Posting the updated Privacy Policy on this page with a revised "Last Updated" date.
- Sending an email notification to the email address associated with your account (where required by law or where the changes materially affect your rights).
- Displaying a prominent notice on our website.
Your continued use of our website or services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. If you do not agree with the changes, you should discontinue use of our services and may request deletion of your account.
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. The date at the top of this policy indicates when it was last updated.
19. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please do not hesitate to contact us:
| Business Name | Cafe Rio |
|---|---|
| Email Address | [email protected] |
| Website | cafessrio.digital |
| Country | United States |
When contacting us about a privacy matter, please include:
- Your full name
- Your email address associated with your account (if applicable)
- A clear description of your request or concern
- Your state of residence (for rights requests under state-specific laws)
We are committed to responding to all legitimate privacy inquiries promptly and in accordance with our obligations under applicable law.