Privacy Policy

This Privacy Policy describes how Cafe Rio ("we," "us," or "our") collects, uses, discloses, and safeguards your personal information when you visit our website at caferio-food.click, use our online ordering services, or otherwise interact with us. Please read this policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access or use our services.

We are committed to protecting your privacy and handling your personal data in an open and transparent manner. This Privacy Policy applies to all users located in the United States and is designed to comply with applicable federal and state privacy laws, including the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), and the Federal Trade Commission (FTC) Act governing unfair or deceptive practices in commerce.

1. Who We Are

Cafe Rio is a food service business operating in the United States. We provide food ordering, delivery, and dining-related services through our website and associated platforms. For all privacy-related matters, you may contact us using the details below:

2. Information We Collect

We collect various categories of personal information depending on how you interact with us. The types of information we collect include, but are not limited to, the following:

2.1 Personal Identification Information

When you create an account, place an order, make a reservation, or contact us, we may collect:

• Full name
• Email address
• Phone number
• Billing and shipping address
• Date of birth (where required for age verification)
• Username and password (stored in encrypted form)
• Profile photo (if voluntarily uploaded)

2.2 Payment and Transaction Information

When you make a purchase or payment through our platform, we may collect:

• Credit or debit card details (processed securely through third-party payment processors)
• Billing address associated with your payment method
• Transaction history and order details
• Gift card or promotional code usage

Please note that we do not directly store full payment card numbers. All payment processing is handled by PCI-DSS-compliant third-party processors.

2.3 Usage Data and Behavioral Information

We automatically collect certain information about how you interact with our website and services, including:

• Pages viewed and features used
• Time and date of your visits
• Links clicked and menus browsed
• Search queries entered on our platform
• Referring URLs (the page you came from before visiting ours)
• Session duration and frequency of visits
• Cart activity and abandoned order information

2.4 Device and Technical Information

We collect certain technical information from the device you use to access our website, including:

• IP address
• Browser type and version
• Operating system and platform
• Device identifiers (e.g., mobile device ID)
• Screen resolution and display settings
• Language settings
• Cookie identifiers and similar tracking technologies

2.5 Location Data

With your consent, we may collect precise or approximate geolocation data to help you find nearby locations, facilitate delivery services, or customize your experience. You may disable location services through your device settings at any time.

2.6 Communications and Feedback

When you contact our customer service team, leave a review, submit a complaint, or respond to a survey, we collect:

• The content of your messages or feedback
• Records of your correspondence with us
• Customer satisfaction ratings and reviews

2.7 Information from Third Parties

We may receive information about you from third parties, such as:

• Social media platforms (if you log in using a social account or interact with our social pages)
• Analytics providers
• Advertising partners
• Delivery platform partners
• Fraud detection and identity verification services

3. How We Use Your Information

We use the personal information we collect for a variety of lawful purposes, including:

3.1 Providing and Managing Our Services

• Processing and fulfilling food orders, including delivery and pickup arrangements
• Creating and managing your account
• Sending order confirmations, receipts, and updates
• Facilitating payments and refunds
• Providing customer support and resolving disputes
• Verifying your identity and ensuring account security

3.2 Personalization and User Experience

• Remembering your preferences, saved addresses, and favorite items
• Recommending menu items based on your past orders
• Customizing the content displayed to you on our website
• Delivering location-based services and offers

3.3 Marketing and Communications

• Sending promotional emails, newsletters, and special offers with your consent
• Notifying you about new menu items, seasonal specials, or limited-time promotions
• Conducting loyalty program management and rewards tracking
• Delivering targeted advertising on our platform and third-party platforms (subject to your preferences)

You may opt out of marketing communications at any time by clicking the "Unsubscribe" link in any email or by contacting us at [email protected].

3.4 Analytics and Business Improvement

• Analyzing usage patterns to improve our website and app functionality
• Understanding customer preferences to enhance our menu offerings
• Monitoring website traffic and performance metrics
• Conducting market research and customer satisfaction surveys
• Identifying and fixing technical issues

3.5 Legal Compliance and Safety

• Complying with applicable federal and state laws and regulations
• Responding to legal requests, subpoenas, or court orders
• Preventing fraud, unauthorized access, and other illegal activities
• Protecting the rights, property, and safety of Cafe Rio, our users, and the public
• Enforcing our Terms of Service and other agreements

4. Sharing Your Information with Third Parties

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. However, we may share your information in the following circumstances:

4.1 Service Providers and Business Partners

We work with trusted third-party service providers who assist us in operating our business. These may include:

• Payment processors and financial institutions
• Delivery and logistics partners
• Cloud hosting and data storage providers
• Email marketing and communication platforms
• Customer relationship management (CRM) software providers
• Website analytics providers (e.g., Google Analytics)
• Fraud prevention and identity verification services
• IT support and cybersecurity providers

All service providers are contractually required to process your personal information only on our behalf, in accordance with our instructions, and in compliance with applicable privacy laws.

4.2 Advertising and Marketing Partners

With your consent where required, we may share data with advertising networks and social media platforms (such as Meta, Google, and others) for the purpose of delivering targeted advertisements. You may opt out of interest-based advertising through the Digital Advertising Alliance's opt-out tool at www.aboutads.info or by adjusting your browser and device settings.

4.3 Legal Requirements and Law Enforcement

We may disclose your personal information when we believe disclosure is necessary or required to:

• Comply with applicable laws, regulations, or legal processes
• Respond to lawful requests from government agencies or law enforcement
• Protect national security or public safety
• Enforce our legal rights or defend against legal claims

4.4 Business Transfers

In the event of a merger, acquisition, sale of assets, restructuring, or bankruptcy, your personal information may be transferred to the successor entity. We will notify you via email or prominent notice on our website before your information is transferred and becomes subject to a different privacy policy.

4.5 With Your Consent

We may share your information with other third parties when you have given us explicit consent to do so, such as when you participate in co-branded promotions or referral programs.

5. Cookies and Tracking Technologies

Our website uses cookies, web beacons, pixel tags, and similar tracking technologies to enhance your browsing experience, analyze site traffic, and deliver personalized content and advertisements.

5.1 Types of Cookies We Use

You can control cookie settings through your browser preferences. Note that disabling certain cookies may affect the functionality of our website. For more information, please refer to our full Cookie Policy available on our website.

6. Data Security

We take the security of your personal information seriously and implement a range of technical, administrative, and physical safeguards to protect your data from unauthorized access, disclosure, alteration, or destruction. Our security measures include:

• Encryption: All data transmitted between your browser and our servers is protected using Secure Socket Layer (SSL) / Transport Layer Security (TLS) encryption.
• Access Controls: Access to personal data is restricted to authorized personnel only, on a need-to-know basis. All employees with data access undergo privacy training.
• Password Hashing: User passwords are stored using industry-standard cryptographic hashing algorithms and are never stored in plain text.
• Payment Security: Payment transactions are processed through PCI-DSS-compliant payment processors. We do not store full card numbers on our servers.
• Regular Security Audits: We conduct periodic security assessments, vulnerability scans, and penetration testing to identify and address potential risks.
• Incident Response: We maintain a data breach response plan and will notify affected users and relevant authorities in accordance with applicable law in the event of a confirmed breach.

Despite our best efforts, no method of data transmission or storage is 100% secure. We cannot guarantee absolute security. If you suspect any unauthorized access to your account, please contact us immediately at [email protected].

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The specific retention periods we apply are as follows:

When data is no longer required, we securely delete or anonymize it in accordance with our internal data disposal procedures.

8. Your Privacy Rights

Depending on your state of residence, you may have certain rights with respect to your personal information. We are committed to honoring these rights and responding to verified requests in a timely manner.

8.1 Rights Under California Law (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):

• Right to Know: You have the right to request that we disclose what personal information we collect, use, disclose, and sell about you.
• Right to Delete: You have the right to request that we delete personal information we have collected about you, subject to certain exceptions.
• Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising. To exercise this right, you may use our "Do Not Sell or Share My Personal Information" link on our website.
• Right to Limit Use of Sensitive Personal Information: You have the right to limit our use and disclosure of sensitive personal information to only what is necessary to provide requested services.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you services, charge you different prices, or provide a different level of service based on your exercise of privacy rights.
• Right to Data Portability: You may request a copy of your personal information in a portable, readily usable format.

8.2 Rights Available to All U.S. Users

Regardless of your state of residence, we extend the following rights to all users of our services:

• Access: You may request a copy of the personal information we hold about you.
• Correction: You may request that we correct inaccurate or incomplete personal information.
• Deletion: You may request that we delete your personal information, subject to applicable legal and business retention obligations.
• Opt-Out of Marketing: You may unsubscribe from marketing communications at any time.
• Account Closure: You may close your account at any time by contacting our support team.

8.3 How to Submit a Privacy Request

To exercise any of your privacy rights, please contact us by:

• Email: [email protected] (subject line: "Privacy Rights Request")

We will verify your identity before processing your request. This may involve confirming details associated with your account or requesting additional documentation. We will respond to verified requests within 45 days, with the possibility of an extension for complex requests (with notification provided).

You may also designate an authorized agent to submit a request on your behalf, provided the agent provides written authorization and you confirm the agent's authority.

9. Children's Privacy

Cafe Rio's website, online ordering platform, and related services are directed to adults and are not intended for use by individuals under the age of 18. We do not knowingly solicit or collect personal information from minors. If you believe that a child under 18 has provided us with personal information without parental consent, please contact us immediately at [email protected]. Upon verification, we will promptly delete such information from our records.

We also comply with the Children's Online Privacy Protection Act (COPPA), which prohibits the collection of personal information from children under 13 without verifiable parental consent. If we become aware that we have inadvertently collected such information, we will take immediate steps to delete it.

10. International Data Transfers

Cafe Rio is based in the United States, and all data we collect is primarily processed and stored on servers located within the United States. If you are accessing our services from outside the United States, please be aware that your information will be transferred to and processed in the United States, where data protection laws may differ from those in your country of residence.

By using our services, you acknowledge and consent to the transfer of your personal information to the United States. We take appropriate measures to ensure that any such transfers comply with applicable legal requirements and that your information remains protected in accordance with this Privacy Policy.

Where we transfer data to third-party service providers located internationally, we implement appropriate safeguards, such as contractual clauses or data processing agreements, to ensure your information is adequately protected.

11. Third-Party Links and Services

Our website may contain links to third-party websites, applications, or services that are not operated by Cafe Rio. If you click on a third-party link, you will be directed to that third party's website. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites or services.

We strongly advise you to review the Privacy Policy of every website you visit. This Privacy Policy applies solely to information collected through our website at caferio-food.click and our associated platforms.

12. Do Not Track Signals

Some web browsers offer a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activities tracked. Currently, there is no universally accepted standard for how companies should respond to DNT signals. As a result, our website does not currently respond to DNT signals. However, you can manage your tracking preferences through our cookie settings and by opting out of interest-based advertising as described in Section 5 of this policy.

13. Automated Decision-Making and Profiling

We may use automated tools and algorithms to analyze data we collect in order to personalize your experience, detect fraud, or make recommendations. These processes do not typically involve solely automated decisions that produce legal or similarly significant effects on you. Where any such automated decision-making may have a significant impact, you have the right to request human review of the decision. Please contact us at [email protected] if you have concerns about automated decisions made about you.

14. FTC Compliance

We conduct our data practices in accordance with the Federal Trade Commission (FTC) Act, which prohibits unfair or deceptive acts or practices in or affecting commerce. Our commitments under the FTC Act include:

• Being transparent and honest about how we collect and use your personal information
• Honoring the privacy promises and representations we make to you
• Implementing reasonable safeguards to protect your personal information
• Providing you with meaningful choices about the use of your data
• Not engaging in deceptive or misleading privacy practices

15. How to File a Complaint

If you believe that we have not handled your personal information in accordance with this Privacy Policy or applicable law, we encourage you to contact us first so we can attempt to resolve the issue:

We will acknowledge your complaint within 10 business days and aim to resolve it within 30 business days.

If you are not satisfied with our response, you may escalate your complaint to the relevant authorities:

• Federal Trade Commission (FTC): You may file a complaint with the FTC at www.ftc.gov/complaint or by calling 1-877-FTC-HELP (1-877-382-4357). The FTC is the primary federal agency responsible for enforcing consumer protection and privacy laws in the United States.
• California Residents: California residents may contact the California Privacy Protection Agency (CPPA) at www.cppa.ca.gov or the California Attorney General's Office at oag.ca.gov/privacy to report privacy-related complaints or violations of the CCPA/CPRA.
• State Attorney General Offices: Residents of other states may contact their respective state Attorney General's office to report privacy-related concerns.

16. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our business practices, legal requirements, or technological developments. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page
• Post a prominent notice on our website notifying users of the update
• Send an email notification to registered users (where required by law or where the change is significant)

Your continued use of our services after any changes to this Privacy Policy constitutes your acceptance of the updated terms. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data handling practices, please do not hesitate to reach out to us:

We are committed to working with you to resolve any privacy concerns fairly and efficiently. Our team will respond to your inquiry within 10 business days of receipt.