Privacy Policy

Effective Date: May 20, 2026 | Last Updated: May 20, 2026

Important Notice: This Privacy Policy explains how Cafe Rio collects, uses, discloses, and protects your personal information when you visit our website at caferio-meal.rest, place orders, or interact with our food services. Please read this policy carefully before using our services.

1. Introduction and Overview

Welcome to Cafe Rio ("we," "us," "our," or the "Company"). We are committed to protecting your privacy and ensuring that your personal information is handled in a safe and responsible manner. This Privacy Policy describes our practices regarding the collection, use, storage, sharing, and protection of your personal information in connection with your use of our website located at caferio-meal.rest, our online ordering platform, and all related food and restaurant services we provide.

By accessing or using our website, placing an order, subscribing to our newsletter, or otherwise interacting with Cafe Rio, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of our website and services immediately.

This Privacy Policy is governed by applicable United States federal and state privacy laws, including but not limited to the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other relevant federal and state regulations. We are committed to full compliance with all applicable laws and regulations concerning the protection of personal data.

If you have any questions, concerns, or requests related to this Privacy Policy or your personal information, please contact us using the details provided in the Contact section at the end of this document.

2. Business Information and Data Controller

The entity responsible for your personal data (the data controller) is:

Company Name	Cafe Rio
Website	caferio-meal.rest
Email Address	[email protected]
Country of Operation	United States of America

3. Information We Collect

We collect various types of information in connection with your interactions with Cafe Rio. The categories of personal information we collect include the following:

3.1 Personal Identification Information

When you create an account, place an order, sign up for our loyalty program, or contact us for support, we may collect the following personal identification information:

Full name (first and last name)
Email address
Phone number or mobile number
Billing and delivery addresses (including street address, city, state, ZIP code)
Username and encrypted password for your account
Date of birth (for age verification and birthday promotions)
Profile picture or avatar (if voluntarily provided)
Dietary preferences and food allergy information (if voluntarily provided)

3.2 Payment and Financial Information

When you make a purchase through our platform, we collect payment-related information necessary to process your transaction. This may include:

Credit card or debit card number (last four digits only — full card numbers are processed by secure third-party payment processors)
Billing address associated with your payment method
Payment method type (e.g., Visa, Mastercard, PayPal, Apple Pay)
Transaction history and order history

Please note: We do not store full credit card numbers or CVV codes on our servers. All sensitive payment data is processed and stored by our PCI DSS-compliant third-party payment processors.

3.3 Order and Transaction Information

We collect information about your orders and transactions with us, including:

Items ordered and their quantities
Order date, time, and location (delivery address or pickup location)
Special instructions and customizations
Order status and delivery tracking information
Loyalty points earned and redeemed
Customer feedback, ratings, and reviews submitted

3.4 Usage Data and Technical Information

When you visit our website or use our services, we automatically collect certain technical and usage information, including:

IP address and approximate geographic location derived from IP
Browser type and version
Operating system and device type
Pages visited on our website and time spent on each page
Referring URL (the page you visited before arriving at our site)
Search queries entered on our website
Links clicked and features interacted with
Date and time of website visits
Error logs and crash reports
Mobile device identifiers (for mobile app users)

3.5 Cookie and Tracking Technology Data

We use cookies, web beacons, pixel tags, local storage, and similar tracking technologies to collect information about your browsing behavior on our website. This data includes:

Session cookies to maintain your login status
Persistent cookies to remember your preferences
Analytics cookies to understand how visitors use our site
Marketing and advertising cookies to deliver relevant promotional content
Third-party cookies from services such as Google Analytics, Meta Pixel, and others

For detailed information about our use of cookies, please refer to our Cookie Policy.

3.6 Communications and Customer Support Data

When you contact us through email, phone, our website contact form, or social media platforms, we collect:

The content of your messages and correspondence
Your contact details as provided in the communication
Records of support tickets and resolutions
Call recordings (where permitted by law and disclosed at the time of the call)

3.7 Social Media and Third-Party Login Data

If you choose to create an account or log in using a third-party social media platform (such as Google, Facebook, or Apple), we may receive certain profile information from that platform as permitted by your privacy settings on that platform, including your name, email address, and profile picture.

3.8 Location Data

With your consent, we may collect precise geolocation data from your mobile device or browser to provide location-based services such as finding the nearest Cafe Rio location, estimating delivery times, or tracking food delivery.

4. How We Use Your Information

We use the personal information we collect for a variety of legitimate business purposes, including the following:

4.1 Service Provision and Order Fulfillment

Processing and fulfilling your food orders
Managing your account and providing access to our online platform
Coordinating food delivery or pickup arrangements
Sending order confirmations, receipts, and delivery notifications
Responding to your inquiries, complaints, and customer support requests
Administering our loyalty and rewards program

4.2 Payment Processing

Verifying and processing payment transactions
Preventing fraudulent transactions and unauthorized account access
Complying with financial regulations and maintaining transaction records

4.3 Analytics and Service Improvement

Analyzing website traffic and user behavior to improve our website's design and functionality
Understanding customer preferences to refine our menu offerings
Conducting internal research and statistical analysis
Monitoring the performance and security of our website and systems
Testing new features and improvements before full deployment

4.4 Marketing and Communications

Sending promotional emails, newsletters, and special offers (with your consent where required)
Sending SMS or push notifications about promotions, new menu items, or exclusive deals (with your consent)
Personalizing marketing messages based on your order history and preferences
Displaying targeted advertisements on our website and third-party platforms
Inviting you to participate in surveys, contests, or promotional events

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any promotional email, by contacting us at [email protected], or by adjusting your account notification preferences.

4.5 Legal and Compliance Purposes

Complying with applicable federal, state, and local laws and regulations
Responding to lawful requests from law enforcement or government authorities
Enforcing our Terms of Service and other agreements
Protecting the rights, property, and safety of Cafe Rio, our customers, and the public
Resolving disputes and managing legal claims

5. Legal Basis for Processing (California Residents)

For residents of California, we process your personal information under the following legal grounds as recognized by the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

Contract Performance: Processing necessary to fulfill your orders and provide the services you have requested.
Legitimate Business Interests: Processing for fraud prevention, system security, and business analytics where our interests are not overridden by your rights.
Legal Obligation: Processing required by applicable law or regulatory requirements.
Consent: For marketing communications, cookies, and other processing where we have obtained your explicit consent.

6. Sharing Your Information with Third Parties

We do not sell your personal information to third parties. However, we may share your information in the following circumstances:

6.1 Service Providers and Business Partners

We engage trusted third-party service providers who assist us in operating our business and delivering services to you. These providers are contractually obligated to use your information only for the purposes for which it was disclosed and to maintain appropriate security measures. Categories of service providers include:

Payment Processors: To securely process payment transactions (e.g., Stripe, Square, PayPal)
Delivery Partners: To coordinate food delivery to your address
Cloud Hosting Providers: To store and manage our data infrastructure
Email and SMS Marketing Platforms: To send promotional and transactional communications
Analytics Providers: Such as Google Analytics to analyze website usage
Customer Support Platforms: To manage support tickets and communications
Fraud Prevention Services: To detect and prevent fraudulent activity

6.2 Legal Requirements and Law Enforcement

We may disclose your personal information to governmental authorities, law enforcement agencies, or other third parties when:

Required to do so by applicable law, regulation, or court order
We believe disclosure is necessary to investigate, prevent, or take action regarding illegal activities or fraud
Necessary to protect the vital interests of you or another person
Required to cooperate with a governmental or regulatory investigation

6.3 Business Transfers

In the event of a merger, acquisition, sale of assets, reorganization, or other business transfer, your personal information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website before your information is transferred and becomes subject to a different privacy policy.

6.4 With Your Consent

We may share your personal information with other third parties when we have obtained your explicit consent to do so.

7. Data Security Measures

Cafe Rio takes the security of your personal information seriously and employs a variety of industry-standard technical, administrative, and physical security measures to protect your data against unauthorized access, disclosure, alteration, or destruction. Our security measures include:

7.1 Technical Safeguards

SSL/TLS Encryption: All data transmitted between your browser and our website is encrypted using Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols.
Database Encryption: Sensitive data stored in our databases is encrypted at rest.
Firewalls and Intrusion Detection: We use firewalls and intrusion detection systems to monitor and protect our network infrastructure.
Password Hashing: User passwords are stored using strong cryptographic hashing algorithms, not in plain text.
Two-Factor Authentication (2FA): Available for user accounts to provide an additional layer of security.
Regular Security Audits: We conduct regular security assessments and penetration testing of our systems.

7.2 Administrative Safeguards

Access to personal data is restricted to authorized personnel who need the information to perform their job functions.
All employees and contractors handling personal data receive privacy and security training.
We maintain data processing agreements with all third-party service providers who handle personal data on our behalf.
We have documented incident response procedures in place for potential data breaches.

7.3 Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights or freedoms, we will notify you and any applicable regulatory authorities in accordance with applicable law. We will provide notification without undue delay, and where feasible, within the timeframes required by state law (e.g., California requires notification within 30 days of discovery for certain types of breaches).

Important: While we take all reasonable precautions to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

8. Your Privacy Rights

Depending on your state of residence and applicable law, you may have certain rights regarding your personal information. We are committed to honoring these rights and provide the following mechanisms for you to exercise them.

8.1 Rights Under the California Consumer Privacy Act (CCPA/CPRA)

If you are a resident of California, you have the following rights under the CCPA as amended by the CPRA:

Right	Description
Right to Know	You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the purposes for which it was collected, and the categories of third parties with whom it has been shared.
Right to Delete	You have the right to request deletion of personal information we have collected about you, subject to certain exceptions permitted by law (such as information needed to complete a transaction or comply with a legal obligation).
Right to Correct	You have the right to request correction of inaccurate personal information we maintain about you.
Right to Opt-Out of Sale/Sharing	You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising. We do not sell personal information in the traditional sense, but you may exercise this right through our privacy settings.
Right to Limit Use of Sensitive Information	You have the right to limit our use of sensitive personal information (such as health/dietary data) to uses necessary to provide the services you requested.
Right to Non-Discrimination	You have the right not to be discriminated against for exercising your privacy rights. We will not deny you services, charge different prices, or provide a lower quality of service because you exercised your rights.
Right to Data Portability	You have the right to receive a copy of your personal information in a portable, readily usable format that allows you to transmit the data to another entity.

8.2 General Privacy Rights (All Users)

Regardless of your state of residence, all users of our services have the following rights:

Right of Access: You may access and review the personal information we hold about you by logging into your account or submitting a request to us.
Right to Correction: You may update or correct your personal information through your account settings or by contacting us directly.
Right to Withdraw Consent: Where our processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
Right to Opt-Out of Marketing: You may unsubscribe from marketing emails at any time using the unsubscribe link in our communications.

8.3 How to Exercise Your Rights

To exercise any of the rights described above, please submit a verifiable request to us by:

Sending an email to: [email protected] with the subject line "Privacy Rights Request"
Visiting our website at: caferio-meal.rest and using the privacy request form (if available)

We will respond to verifiable requests within 45 days. If we require more time (up to 90 days), we will notify you in writing. We may need to verify your identity before processing your request to protect your information from unauthorized access. You may also designate an authorized agent to make requests on your behalf, subject to identity verification requirements.

9. Cookie Policy Summary

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and deliver personalized content and advertisements. Cookies are small text files placed on your device that allow our website to recognize your browser and remember your preferences.

9.1 Types of Cookies We Use

Essential Cookies: Necessary for the website to function properly (e.g., maintaining your shopping cart and login session). These cannot be disabled.
Performance/Analytics Cookies: Help us understand how visitors interact with our website (e.g., Google Analytics). These are enabled by default but can be disabled.
Functionality Cookies: Remember your preferences and settings to enhance your experience.
Marketing/Advertising Cookies: Used to deliver relevant advertisements and track the effectiveness of our marketing campaigns. Require your consent.

You can manage your cookie preferences through your browser settings or through our cookie consent banner. Please note that disabling certain cookies may affect the functionality of our website. For complete information about our use of cookies, please review our full Cookie Policy.

10. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, to comply with our legal obligations, resolve disputes, and enforce our agreements. The following retention periods apply:

Data Category	Retention Period	Reason
Account Information	Duration of account plus 3 years after account closure	Business records and legal compliance
Order History and Transaction Records	7 years	Financial and tax compliance requirements
Payment Records	7 years	Financial regulations and dispute resolution
Customer Support Communications	3 years from date of last communication	Business records and dispute resolution
Marketing Preferences and Consent Records	5 years from consent or opt-out date	Compliance with marketing regulations
Website Analytics Data	26 months	Business analytics and improvement
Cookie Data	Session cookies: deleted when browser closes; Persistent cookies: up to 2 years	Website functionality and analytics

When personal information is no longer needed and retention periods have expired, we will securely delete, anonymize, or destroy it in accordance with our data disposal procedures.

11. Children's Privacy

Age Restriction: Our website and services are intended for users who are 18 years of age or older. We do not knowingly collect, use, or disclose personal information from individuals under the age of 18.

Our services are not directed to, and we do not knowingly collect personal information from, children under the age of 18. If you are a parent or guardian and believe that your child under the age of 18 has provided us with personal information without your consent, please contact us immediately at [email protected]. We will promptly investigate the matter and take appropriate steps to delete any such information from our records.

We comply with the Children's Online Privacy Protection Act (COPPA), which requires that operators of websites directed to children under 13 obtain verifiable parental consent before collecting personal information from children. As our services are intended for adults, we take active steps to prevent the collection of data from minors.

12. International Data Transfers

Cafe Rio is headquartered and operates primarily in the United States. Your personal information is collected, stored, and processed in the United States. By using our services, you acknowledge and consent to the transfer of your personal information to the United States, where data protection laws may differ from those in your country of residence.

If you are accessing our services from outside the United States (including from countries in the European Economic Area, the United Kingdom, or other regions with data protection laws), please be aware that your information will be transferred to and processed in the United States. We take appropriate safeguards to protect your information during such transfers, including the use of data processing agreements with contractual clauses where applicable.

If you have questions about international data transfers or the safeguards we use, please contact us at [email protected].

13. Third-Party Links and Websites

Our website may contain links to third-party websites, social media platforms, or other online services. These links are provided for your convenience and informational purposes only. We are not responsible for the privacy practices or the content of those third-party sites. We encourage you to review the privacy policies of any third-party websites you visit. This Privacy Policy applies solely to information collected by Cafe Rio through our own website and services.

14. Do Not Track Signals

Some web browsers have a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. Because there is no universally accepted standard for how websites should respond to DNT signals, our website does not currently respond to DNT browser signals. However, you can manage your tracking preferences through our cookie consent settings and opt out of analytics tracking as described in this policy.

15. State-Specific Privacy Rights

In addition to California rights described in Section 8, residents of other states may have privacy rights under state-specific laws, including:

Virginia (VCDPA): Virginia residents have rights to access, correct, delete, and port their data, as well as to opt out of targeted advertising and profiling.
Colorado (CPA): Colorado residents have similar rights, including the right to opt out of targeted advertising and profiling.
Connecticut (CTDPA): Connecticut residents have the right to access, correct, delete, and obtain a portable copy of their personal data.
Texas, Florida, and Other States: Various additional state privacy laws may apply depending on your location. We will honor applicable state privacy rights to the extent required by law.

To exercise rights under any applicable state privacy law, please contact us at [email protected].

16. Federal Trade Commission (FTC) Compliance

We operate in accordance with the Federal Trade Commission Act (FTC Act), which prohibits unfair or deceptive acts or practices in or affecting commerce. Our privacy practices are designed to be transparent, honest, and consistent with the representations we make to you. We do not engage in deceptive data collection or use practices. If you believe we have acted in a manner inconsistent with this policy or in violation of applicable law, you may file a complaint with the FTC at www.ftc.gov/complaint.

17. How to File a Complaint with a Data Protection Authority

If you have concerns about how we handle your personal information that we have not adequately resolved, you have the right to lodge a complaint with the appropriate regulatory authority.

17.1 Federal Authorities

Federal Trade Commission (FTC): If you believe your rights as a consumer have been violated, you may file a complaint with the FTC online at reportfraud.ftc.gov or by calling 1-877-FTC-HELP (1-877-382-4357).

17.2 California Residents

California residents may file a complaint with the California Privacy Protection Agency (CPPA), which is responsible for enforcing the CCPA/CPRA:

California Privacy Protection Agency (CPPA): cppa.ca.gov
California Attorney General: oag.ca.gov/privacy/ccpa

17.3 Other State Residents

Residents of other states may contact their respective state attorney general's office or consumer protection agency to report privacy concerns. We encourage you to first contact us directly to resolve any issues before filing a formal complaint.

18. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our data practices, legal requirements, or business operations. When we make material changes to this policy, we will:

Post the updated Privacy Policy on this page with a revised "Last Updated" date
Send an email notification to registered users (where required by law or where the changes are significant)
Display a prominent notice on our website informing you of the changes

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our services after any changes to this policy constitutes your acceptance of the updated terms.

19. Contact Us for Privacy Inquiries

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal information, please do not hesitate to contact our privacy team using the information below. We are committed to addressing your concerns promptly and transparently.

Privacy Contact Information

Company	Cafe Rio
Privacy Email	[email protected]
Website	caferio-meal.rest
Subject Line for Privacy Requests	"Privacy Policy Inquiry" or "Privacy Rights Request"
Response Time	We aim to respond to all privacy inquiries within 15 business days, and within 45 days for formal rights requests as required by law.

Privacy Policy Version: 1.0

Effective Date: May 20, 2026

Governing Law: This Privacy Policy is governed by the laws of the United States, including applicable federal and state privacy regulations including the CCPA/CPRA and the FTC Act.