Privacy Policy
Welcome to Cafe Rio. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website cafexrio.digital, place an order, sign up for our loyalty program, or otherwise interact with us. Please read this policy carefully. If you disagree with the terms of this Privacy Policy, please discontinue use of our website and services.
This Privacy Policy applies to all users of cafexrio.digital and any related services, applications, or platforms operated by Cafe Rio (collectively, the "Services"). By using our Services, you acknowledge that you have read, understood, and agree to the practices described in this policy.
1. Who We Are
Cafe Rio is a food and dining business operating in the United States. We are responsible for the collection and processing of your personal data in connection with our website and services. For all privacy-related inquiries, you may contact us using the details provided at the end of this document.
| Business Name | Cafe Rio |
|---|---|
| Website | cafexrio.digital |
| Email Address | [email protected] |
| Address | United States |
| Phone | Not provided |
2. Applicable Laws and Legal Framework
As a business operating in the United States, we comply with all applicable federal and state privacy laws, including but not limited to:
- The California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), which grants California residents specific rights regarding their personal information.
- The Federal Trade Commission (FTC) Act, which prohibits unfair or deceptive practices in connection with the collection and use of consumer data.
- The CAN-SPAM Act, governing commercial email communications.
- The Children's Online Privacy Protection Act (COPPA), which restricts the online collection of personal information from children under 13.
- Other applicable federal, state, and local privacy statutes and regulations.
If you are a California resident, you have additional rights as described in Section 11 of this policy. We encourage all users to review the full policy to understand their rights and our obligations.
3. Information We Collect
We collect various types of information in connection with the operation of our business and the provision of our Services. The categories of information we collect are described below.
3.1 Personal Information You Provide Directly
When you interact with us directly — whether by placing an order, creating an account, signing up for our newsletter, contacting customer support, or participating in a promotion — you may provide us with personal information such as:
- Identification Data: Your full name, username, and account credentials.
- Contact Information: Email address, phone number, and mailing or billing address.
- Payment Information: Credit or debit card details, billing address, and other financial information. Note: Payment card data is processed securely by third-party payment processors and is not stored directly on our servers.
- Order and Transaction Data: Details of food orders you have placed, including items ordered, special instructions, order history, and purchase amounts.
- Account Profile Data: Profile photographs, dietary preferences, loyalty points, and other preferences you choose to include in your account.
- Communications: Messages, feedback, complaints, and other communications you send to us via email, contact forms, or customer support channels.
- Survey and Promotional Data: Information you provide when you participate in contests, promotions, surveys, or other marketing activities.
3.2 Information Collected Automatically
When you visit our website or use our digital services, we and our technology partners may automatically collect certain technical and usage data, including:
- Device Information: Device type, operating system, browser type and version, screen resolution, device identifiers, and hardware configuration.
- Log Data: IP address, access times and dates, pages viewed, time spent on pages, links clicked, referring URLs, and exit pages.
- Location Data: General geographic location inferred from your IP address, or more precise location data if you grant permission through your device settings.
- Usage Data: Information about how you navigate and interact with our website, including features used, search queries, and content viewed.
- Cookie and Tracking Data: Information collected through cookies, pixel tags, web beacons, and similar tracking technologies. Please refer to Section 8 for more details on our use of cookies.
3.3 Information From Third-Party Sources
We may also receive information about you from third parties, including:
- Social Media Platforms: If you connect your social media account to our Services or interact with our social media pages, we may receive profile information, public posts, and other data permitted by your social media account settings.
- Third-Party Delivery and Ordering Platforms: If you place an order through a third-party delivery or food ordering platform that is integrated with our Services, we may receive your order and contact information.
- Marketing and Analytics Partners: We may receive aggregated demographic and behavioral data from marketing partners to help us better understand our customer base and improve our services.
- Publicly Available Sources: We may collect information from publicly available sources to supplement or verify data we already hold.
4. How We Use Your Information
We use the personal information we collect for a variety of legitimate business purposes. These include:
4.1 Providing and Managing Our Services
- Processing and fulfilling your food orders, including coordinating delivery or pickup.
- Managing your account, including authentication and customer profile management.
- Processing payments and maintaining transaction records.
- Operating our loyalty programs and tracking rewards.
- Providing customer support and responding to your inquiries, complaints, and requests.
4.2 Improving Our Services
- Analyzing usage patterns and trends to improve the functionality and user experience of our website.
- Conducting market research and customer satisfaction surveys.
- Developing new menu items, promotions, and features based on customer feedback and preferences.
- Testing, maintaining, and troubleshooting our digital platforms.
4.3 Marketing and Communications
- Sending you promotional offers, special deals, new menu announcements, and newsletters, where you have consented or where we have a legitimate interest in doing so.
- Personalizing the content and advertisements you see based on your preferences and order history.
- Running targeted advertising campaigns on third-party platforms, including social media.
- Informing you of changes to our menu, hours of operation, locations, or policies.
You have the right to opt out of marketing communications at any time. You can do so by clicking the "unsubscribe" link in any promotional email, or by contacting us directly at [email protected].
4.4 Legal Compliance and Business Operations
- Complying with applicable laws, regulations, and legal processes.
- Enforcing our Terms of Service and other applicable policies.
- Preventing fraud, unauthorized access, and other illegal activities.
- Protecting the rights, property, and safety of Cafe Rio, our customers, and the public.
- Conducting internal audits, financial reporting, and other administrative purposes.
5. Sharing Your Information With Third Parties
We do not sell your personal information to third parties for their own direct marketing purposes. However, we do share your information in specific circumstances, as described below.
5.1 Service Providers and Business Partners
We share personal information with trusted third-party service providers who assist us in operating our business and delivering our Services. These providers are contractually obligated to use your information only for the purposes for which it was disclosed and to maintain appropriate security measures. These may include:
- Payment processing companies
- Cloud hosting and data storage providers
- Food delivery and logistics partners
- Email marketing and communication platforms
- Customer relationship management (CRM) software providers
- Analytics and performance monitoring services
- Advertising networks and marketing technology platforms
- IT support and cybersecurity providers
5.2 Legal Requirements and Law Enforcement
We may disclose your personal information when we believe in good faith that such disclosure is necessary to:
- Comply with a legal obligation, court order, or governmental request under applicable United States federal or state law.
- Protect and defend the rights or property of Cafe Rio.
- Prevent or investigate possible wrongdoing in connection with our Services.
- Protect the personal safety of our users, customers, or the general public.
- Protect against legal liability.
5.3 Business Transfers
In the event that Cafe Rio undergoes a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of its assets, your personal information may be transferred to the acquiring entity as part of that transaction. We will notify you via prominent notice on our website and/or email prior to your information becoming subject to a different privacy policy.
5.4 Aggregated and De-Identified Data
We may share aggregated or de-identified information — which cannot reasonably be used to identify you — with third parties for research, marketing, analytics, and other business purposes. This type of sharing does not constitute a "sale" of personal information under applicable law.
6. Data Security
We take the protection of your personal data seriously and implement a range of technical, administrative, and physical security measures designed to protect your information from unauthorized access, use, alteration, or disclosure. These measures include:
- Encryption: We use SSL/TLS encryption to protect data transmitted between your browser and our servers.
- Access Controls: Access to personal data is restricted to authorized personnel on a need-to-know basis. All staff with access to personal data are trained on data privacy and security practices.
- Secure Payment Processing: Payment card information is processed through PCI-DSS compliant third-party payment processors. We do not store raw payment card data on our systems.
- Regular Security Assessments: We conduct periodic security reviews, vulnerability assessments, and penetration testing to identify and address potential security risks.
- Incident Response: We maintain a data breach response procedure to quickly identify, contain, and report data security incidents in accordance with applicable laws.
While we implement these safeguards, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data, and you use our Services at your own risk. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant authorities as required by applicable law.
7. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The specific retention periods we apply are as follows:
| Category of Data | Retention Period |
|---|---|
| Account and profile information | Duration of account existence, plus 3 years after account closure |
| Order and transaction records | 7 years (for tax and financial compliance purposes) |
| Customer communications and support records | 3 years from the date of last communication |
| Marketing and communication preferences | Until opt-out or account deletion, whichever is earlier |
| Website usage and analytics data | Up to 26 months (in line with standard analytics practices) |
| Cookie data | Varies by cookie type (session cookies expire when browser is closed; persistent cookies up to 2 years) |
| Legal and compliance records | As required by applicable law, typically 5–7 years |
After the applicable retention period expires, personal data is securely deleted or anonymized so that it can no longer be linked to an individual. You may request early deletion of your data subject to certain legal limitations — see Section 9 for details.
8. Cookies and Tracking Technologies
We use cookies, web beacons, pixel tags, and similar tracking technologies to enhance your browsing experience, analyze website traffic, and deliver personalized content and advertising. Cookies are small text files stored on your device when you visit our website.
8.1 Types of Cookies We Use
- Strictly Necessary Cookies: Required for the basic operation of our website, such as enabling you to log in, add items to your cart, and complete transactions.
- Performance and Analytics Cookies: Help us understand how visitors interact with our website by collecting anonymous usage statistics.
- Functionality Cookies: Remember your preferences (such as location, language, or dietary filters) to provide a personalized experience.
- Marketing and Advertising Cookies: Track your browsing behavior across our website and third-party sites to deliver targeted advertising relevant to your interests.
8.2 Managing Your Cookie Preferences
You can control and manage cookies through your browser settings. Most browsers allow you to refuse cookies or delete existing cookies. Please note that disabling certain cookies may affect the functionality of our website. You may also opt out of interest-based advertising through the Digital Advertising Alliance or the Network Advertising Initiative.
For full details on the cookies we use and how to manage them, please refer to our Cookie Policy available on our website.
9. Your Rights and Choices
Depending on your location and applicable laws, you may have certain rights regarding your personal information. We are committed to honoring these rights and providing a clear and accessible process for exercising them.
9.1 Right to Access
You have the right to request confirmation of whether we process personal information about you, and if so, to receive a copy of that information in a structured, commonly used format.
9.2 Right to Correction
If any personal information we hold about you is inaccurate, incomplete, or outdated, you have the right to request that we correct or update it.
9.3 Right to Deletion
You have the right to request the deletion of your personal information in certain circumstances, such as when the data is no longer necessary for the purpose it was collected, or when you withdraw consent. Please note that certain legal obligations may require us to retain some data despite a deletion request.
9.4 Right to Data Portability
Where applicable, you may request a copy of your personal information in a machine-readable format so that it can be transferred to another service provider.
9.5 Right to Opt Out of Marketing
You have the right to opt out of receiving marketing communications from us at any time. You can do so by clicking "unsubscribe" in any email we send or by contacting us at [email protected].
9.6 Right to Withdraw Consent
Where we process your data based on consent, you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before your withdrawal.
9.7 How to Exercise Your Rights
To exercise any of the rights listed above, please contact us at:
We will respond to your request within 45 days of receipt. In complex or high-volume cases, we may extend this period by an additional 45 days with prior notice. We may ask you to verify your identity before processing your request to protect your privacy and security.
10. Children's Privacy
Our Services are intended for individuals who are 18 years of age or older. We do not knowingly collect, solicit, or process personal information from children under the age of 13. If we become aware that we have inadvertently collected personal information from a child under 13 without verifiable parental consent, we will take immediate steps to delete that information from our records.
If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at [email protected] so we can take appropriate action.
In compliance with the Children's Online Privacy Protection Act (COPPA), we do not direct our website or any digital services toward children under the age of 13, and we do not create profiles of or engage in targeted advertising toward children.
11. California Privacy Rights (CCPA/CPRA)
If you are a resident of California, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you additional rights with respect to your personal information.
11.1 Categories of Personal Information We Collect
Under the CCPA/CPRA, the categories of personal information we collect include:
- Identifiers (name, email address, IP address, account credentials)
- Commercial information (order history, purchasing behavior)
- Internet or other electronic network activity (browsing history on our website)
- Geolocation data (general location inferred from IP address)
- Inferences drawn from personal information to create consumer profiles
- Sensitive personal information (payment card data processed by third parties)
11.2 Your California Privacy Rights
As a California resident, you have the right to:
- Know what personal information we collect, use, disclose, and sell (we do not sell your data).
- Delete personal information we have collected about you, subject to certain exceptions.
- Correct inaccurate personal information.
- Opt Out of the sale or sharing of personal information (we do not sell personal information, but we may share it for cross-context behavioral advertising).
- Limit the use of sensitive personal information to specific purposes.
- Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.
11.3 Submitting a California Privacy Request
To submit a verifiable consumer request under CCPA/CPRA, please contact us at [email protected] with the subject line "California Privacy Request." We will verify your identity before processing your request and respond within the timeframes required by law.
You may also authorize an agent to make a request on your behalf. Authorized agents must provide proof of their authorization, and we may still require you to verify your identity directly.
12. International Data Transfers
Cafe Rio is based in the United States and our Services are primarily intended for users located within the United States. However, some of our third-party service providers and technology partners may be located in countries outside the United States. If we transfer personal information internationally, we ensure that appropriate safeguards are in place to protect your information in accordance with applicable data protection laws.
These safeguards may include:
- Contractual clauses and data processing agreements that require recipients to apply equivalent levels of protection.
- Ensuring that international vendors are certified under recognized data protection frameworks.
- Applying technical and organizational measures to protect your data during and after transfer.
If you access our Services from outside the United States, please be aware that your information may be transferred to and stored in the United States or other countries, which may have different data protection laws than those in your country of residence.
13. Third-Party Websites and Links
Our website may contain links to third-party websites, social media platforms, delivery apps, and other external services. Once you click on a third-party link and leave our website, this Privacy Policy no longer applies. We are not responsible for the privacy practices or content of those external sites. We strongly encourage you to review the privacy policy of every website you visit.
14. Changes to This Privacy Policy
We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our business practices, legal requirements, or the Services we provide. When we make material changes to this policy, we will:
- Update the "Last Updated" date at the top of this page.
- Post a prominent notice on our website.
- Where required by law or where we deem it appropriate, notify you by email.
Your continued use of our Services after the effective date of the updated Privacy Policy constitutes your acceptance of the changes. We encourage you to periodically review this policy to stay informed about how we are protecting your information.
15. How to File a Complaint
If you have concerns about our privacy practices and are not satisfied with our response to your inquiry, you have the right to file a complaint with the relevant regulatory authority.
15.1 United States — Federal Trade Commission (FTC)
The FTC is the primary federal consumer protection authority in the United States. You may file a complaint about our data practices through the FTC's online complaint portal:
Website: www.ftc.gov
Complaint Portal: reportfraud.ftc.gov
Phone: 1-877-382-4357
15.2 California Residents — California Privacy Protection Agency (CPPA)
California residents who wish to file a complaint related to their CCPA/CPRA rights may contact the California Privacy Protection Agency:
Before filing a complaint with a regulatory authority, we encourage you to contact us first so we have the opportunity to address your concerns directly and promptly.
16. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to reach out to our privacy team. We are committed to addressing your inquiries as quickly as possible.
Privacy Inquiries — Cafe Rio
Business Name: Cafe Rio
Email: [email protected]
Website: cafexrio.digital
Location: United States
We are dedicated to ensuring your personal information is handled with the highest level of care and respect. Your trust is important to us, and we continuously strive to uphold the best standards in data privacy and protection.
This Privacy Policy was last reviewed and updated on April 17, 2026. © 2026 Cafe Rio. All rights reserved.