Privacy Policy
This Privacy Policy describes how Cafe Rio ("we," "us," or "our") collects, uses, discloses, and protects information obtained from visitors and customers who access or use our website located at caferiomex.click (the "Site") and any related services, features, or content we offer (collectively, the "Services"). By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not use our Services.
We are committed to protecting your personal information and your right to privacy. We handle your data responsibly and transparently, in accordance with applicable United States federal and state laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Children's Online Privacy Protection Act (COPPA), and the Federal Trade Commission Act (FTC Act). Please read this policy carefully to understand our practices regarding your personal data.
1. Information We Collect
We collect several types of information from and about users of our Services, including information by which you may be personally identified and information that does not personally identify you. Understanding what data we collect helps us serve you better and ensures we are transparent about our practices.
1.1 Personal Information You Provide Directly
When you interact with our Services, you may voluntarily provide us with personal information, including but not limited to:
- Contact Information: Your full name, email address, mailing address, and telephone number when you register an account, place an order, sign up for our newsletter, or contact us for customer support.
- Account Credentials: Username and password when you create an account on our platform.
- Payment Information: Credit card numbers, debit card details, billing address, and other financial information necessary to process your food orders. Note that payment data is processed through secure third-party payment processors and we do not store full payment card numbers on our servers.
- Order Information: Details about your food orders, dietary preferences, delivery addresses, special instructions, and order history.
- Profile Information: Any additional information you choose to add to your account profile, such as profile pictures, favorite menu items, or saved delivery locations.
- Communications: Messages, reviews, feedback, and any other communications you send to us via email, contact forms, or social media.
- Marketing Preferences: Your preferences for receiving promotional communications from us.
1.2 Information Collected Automatically
When you visit our website or use our Services, we and our third-party service providers may automatically collect certain technical and usage information, including:
- Log Data: Internet Protocol (IP) address, browser type and version, operating system, referring URLs, pages visited, time and date of your visit, and time spent on each page.
- Device Information: Information about the device you use to access our Services, including hardware model, operating system and version, unique device identifiers, mobile network information, and device settings.
- Usage Data: Information about how you use our website, including your browsing patterns, search queries, items added to your cart, orders placed, and features you interact with.
- Location Information: General geographic location based on your IP address. If you grant permission through your device, we may also collect precise geolocation data to facilitate delivery services or show you nearby restaurant locations.
- Cookie and Tracking Data: Information collected through cookies, web beacons, pixel tags, and similar tracking technologies as described in Section 7 of this Privacy Policy.
1.3 Information from Third Parties
We may receive information about you from third-party sources, which we combine with information we collect directly:
- Social Media Platforms: If you connect your social media account (such as Facebook, Google, or Instagram) to our Services or log in using social media credentials, we may receive profile information such as your name, email address, and profile picture.
- Analytics Providers: Third-party analytics companies that help us understand usage patterns on our website.
- Delivery Partners: Information related to delivery status and logistics from our third-party delivery service partners.
- Marketing Partners: Information from advertising networks and marketing partners that help us reach potential customers.
- Publicly Available Sources: Publicly available information to help us maintain the accuracy of our records.
2. How We Use Your Information
We use the information we collect about you for various purposes related to operating our business, improving our Services, and communicating with you. The legal bases for processing your information include your consent, the performance of a contract, compliance with legal obligations, and our legitimate business interests.
2.1 Providing and Managing Our Services
- Processing and fulfilling your food orders, including confirming orders, coordinating delivery or pickup, and sending order confirmations and receipts.
- Creating and managing your account, authenticating your identity when you log in, and maintaining your preferences and settings.
- Processing payments and preventing fraudulent transactions.
- Facilitating delivery services and communicating estimated arrival times.
- Responding to your inquiries, resolving disputes, and providing customer support.
- Personalizing your experience on our website, including showing you menu recommendations based on your order history and preferences.
2.2 Analytics and Service Improvement
- Analyzing how users interact with our website and Services to understand usage patterns and improve functionality.
- Monitoring and improving the performance, security, and reliability of our website and systems.
- Conducting research and development to enhance our menu offerings and service quality.
- Identifying and fixing technical issues, bugs, and errors on our platform.
- Aggregating and anonymizing data for statistical analysis and business reporting.
2.3 Marketing and Communications
- Sending you promotional emails, newsletters, special offers, and information about new menu items, if you have opted in to receive such communications.
- Delivering targeted advertising on our website and on third-party platforms based on your interests and browsing behavior.
- Administering loyalty programs, contests, promotions, and surveys.
- Sending you service-related notifications, such as changes to our menu, hours of operation, or terms and conditions.
2.4 Legal and Compliance Purposes
- Complying with applicable laws, regulations, and legal processes, including responding to lawful requests from government authorities.
- Enforcing our Terms of Service and other agreements.
- Protecting the rights, property, and safety of Cafe Rio, our customers, and the public.
- Detecting, preventing, and addressing fraud, security breaches, and other harmful or illegal activities.
- Maintaining records as required by applicable federal and state food service regulations.
3. Sharing Your Information with Third Parties
We respect your privacy and do not sell your personal information to third parties for monetary compensation. However, we may share your information in certain circumstances as described below. We require all third parties to respect the security of your personal data and to treat it in accordance with the law.
3.1 Service Providers and Business Partners
We engage trusted third-party companies and individuals to perform services on our behalf or to assist us in providing our Services. These service providers have access to your personal information only to perform specific tasks on our behalf and are obligated to not disclose or use it for any other purpose. Such service providers may include:
- Payment Processors: Companies that securely process credit card and other payment transactions on our behalf.
- Delivery Services: Third-party delivery companies and couriers who fulfill food delivery orders.
- Cloud Hosting Providers: Companies that provide server infrastructure, data storage, and hosting services.
- Analytics Providers: Services such as Google Analytics that help us analyze website traffic and user behavior.
- Email Marketing Platforms: Services that help us manage and send marketing communications.
- Customer Support Tools: Platforms that facilitate our customer service operations.
- Advertising Networks: Partners who help us deliver targeted advertising.
3.2 Legal Requirements and Protection of Rights
We may disclose your personal information if we believe in good faith that such disclosure is necessary to:
- Comply with a legal obligation, court order, subpoena, or other legal process.
- Respond to lawful requests from government authorities, including law enforcement agencies.
- Enforce our Terms of Service, protect our rights, privacy, safety, or property, and that of our customers or the public.
- Investigate, prevent, or take action regarding suspected illegal activity, fraud, or situations involving potential threats to the physical safety of any person.
3.3 Business Transfers
In the event that Cafe Rio undergoes a merger, acquisition, reorganization, bankruptcy, dissolution, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.
3.4 Aggregated and Anonymized Data
We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you with third parties for research, marketing, analytics, and other purposes. This includes statistical data about our customer base, popular menu items, and website usage trends.
3.5 With Your Consent
We may share your personal information with third parties when you have given us your explicit consent to do so, such as when you participate in co-branded promotions or authorize us to share information with a particular third party.
4. Data Security Measures
We take the security of your personal information very seriously and implement a variety of technical, administrative, and physical safeguards designed to protect your data from unauthorized access, disclosure, alteration, and destruction. Our security measures include:
4.1 Technical Safeguards
- Encryption: We use industry-standard Secure Socket Layer (SSL) and Transport Layer Security (TLS) encryption to protect data transmitted between your browser and our servers. Sensitive data, including payment information, is encrypted both in transit and at rest.
- Secure Payment Processing: Payment card information is processed through PCI DSS-compliant payment processors. We do not store full credit card numbers on our systems.
- Access Controls: We implement strict access controls to ensure that only authorized personnel have access to personal information, and only to the extent necessary to perform their job functions.
- Firewalls and Intrusion Detection: We maintain firewalls and intrusion detection systems to monitor our network for unauthorized access attempts.
- Regular Security Assessments: We conduct regular security audits and vulnerability assessments to identify and address potential security risks.
4.2 Administrative Safeguards
- Employee training on data privacy and security best practices.
- Data access policies that limit employee access to personal information on a need-to-know basis.
- Confidentiality agreements with employees and contractors who handle personal data.
- Incident response procedures to address potential data breaches promptly and effectively.
5. Your Privacy Rights
Depending on your location and applicable law, you may have certain rights regarding your personal information. We are committed to honoring these rights and will respond to valid requests within the timeframes required by law.
5.1 Rights Under the California Consumer Privacy Act (CCPA/CPRA)
If you are a California resident, you have the following rights under the CCPA as amended by the CPRA:
| Right | Description |
|---|---|
| Right to Know | You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the purposes for collection, and the categories of third parties with whom we share it. |
| Right to Delete | You have the right to request deletion of personal information we have collected about you, subject to certain exceptions permitted by law. |
| Right to Correct | You have the right to request correction of inaccurate personal information that we maintain about you. |
| Right to Opt-Out of Sale/Sharing | You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising. We do not sell personal information for monetary compensation, but we may share it with advertising partners. |
| Right to Limit Use of Sensitive Information | You have the right to limit our use and disclosure of sensitive personal information to uses necessary to provide the services you request. |
| Right to Non-Discrimination | We will not discriminate against you for exercising your privacy rights, including by denying services, charging different prices, or providing a different level of quality of service. |
| Right to Data Portability | You have the right to receive your personal information in a portable, readily usable format that allows you to transmit the information to another entity. |
5.2 General Privacy Rights (All Users)
Regardless of your location, we provide all users with the following rights to the extent practicable:
- Right of Access: You may request a copy of the personal information we hold about you.
- Right to Correction: You may request that we correct inaccurate or incomplete personal information.
- Right to Deletion: You may request that we delete your personal information, subject to certain legal exceptions.
- Right to Withdraw Consent: Where we process your data based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
- Right to Opt-Out of Marketing: You may opt out of receiving marketing communications at any time by clicking the "unsubscribe" link in any marketing email or by contacting us directly.
5.3 How to Exercise Your Rights
To exercise any of your privacy rights, please submit a verifiable request to us by:
- Email: [email protected]
- Website: caferiomex.click
We will verify your identity before processing your request to protect your privacy and security. You may also designate an authorized agent to submit requests on your behalf. We will respond to verified requests within 45 days, with the possibility of a 45-day extension when reasonably necessary, as permitted by applicable law.
6. Cookie Usage
Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and deliver personalized content and advertising. Cookies are small text files that are placed on your device when you visit our website.
6.1 Types of Cookies We Use
- Strictly Necessary Cookies: These cookies are essential for the website to function properly, enabling features such as shopping cart functionality, account login, and payment processing. These cookies cannot be disabled.
- Performance and Analytics Cookies: These cookies collect information about how visitors use our website, such as which pages are visited most often and whether users receive error messages. We use this information to improve how our website works.
- Functionality Cookies: These cookies allow our website to remember choices you make, such as your preferred language, saved delivery addresses, and login information, to provide a more personalized experience.
- Targeting and Advertising Cookies: These cookies are used to deliver advertisements that are relevant to you and your interests. They also limit the number of times you see an advertisement and help measure the effectiveness of advertising campaigns.
You can manage your cookie preferences through your browser settings or through our cookie consent tool. Please note that disabling certain cookies may affect the functionality of our website. For more detailed information about the cookies we use and how to manage them, please refer to our Cookie Policy.
7. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The criteria we use to determine appropriate retention periods include:
| Type of Data | Retention Period |
|---|---|
| Account Information | For the duration of your account plus 3 years after account closure |
| Order History and Transaction Records | 7 years from the date of transaction (for tax and accounting purposes) |
| Payment Information | As required by payment processors; we do not retain full card numbers |
| Marketing Preferences and Communications | Until you opt out, plus 2 years thereafter |
| Customer Support Records | 3 years from the date of the last interaction |
| Website Usage and Analytics Data | Up to 26 months (anonymized aggregates retained indefinitely) |
| Cookie Data | Varies by cookie type; session cookies expire when you close your browser; persistent cookies last up to 2 years |
| Legal Compliance Records | As required by applicable law, typically 5-7 years |
When personal information is no longer needed, we securely delete, destroy, or anonymize it in accordance with our data retention procedures. If you request deletion of your data, we will comply subject to any legal obligations that require us to retain certain records.
8. Children's Privacy
We do not knowingly solicit or collect personal information from children under the age of 18. Our website, online ordering system, and related Services are not directed to minors. If you are under 18 years of age, you are not permitted to use our Services or provide any personal information to us.
If we become aware that we have inadvertently collected personal information from a child under the age of 18 without verifiable parental consent, we will take immediate steps to delete that information from our records. If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at [email protected].
We comply with the Children's Online Privacy Protection Act (COPPA), which requires verifiable parental consent before collecting personal information from children under the age of 13. As our Services are intended for adults aged 18 and over, we apply a higher age threshold in line with our business practices.
9. International Data Transfers
Cafe Rio is based in the United States, and our Services are primarily directed at users located within the United States. However, in the course of providing our Services and operating our business, your personal information may be transferred to, stored in, or processed in countries other than the country in which you reside.
Our third-party service providers, including cloud hosting companies, analytics providers, and payment processors, may maintain servers and operations in various countries around the world. When we transfer your personal information internationally, we take steps to ensure that appropriate safeguards are in place to protect your information and that the transfer complies with applicable data protection laws.
These safeguards may include:
- Entering into data processing agreements with our service providers that include standard contractual clauses or similar legal mechanisms approved by relevant authorities.
- Ensuring that service providers are certified under recognized data privacy frameworks.
- Conducting due diligence on the privacy and security practices of our international service providers.
By using our Services and providing your personal information, you acknowledge and understand that your information may be transferred to and processed in countries outside of your country of residence, including the United States, which may have different data protection laws than those in your jurisdiction.
10. Third-Party Links and Websites
Our website may contain links to third-party websites, applications, or services that are not operated or controlled by Cafe Rio. This Privacy Policy does not apply to such third-party websites. We are not responsible for the privacy practices of third-party websites and encourage you to review the privacy policies of any third-party sites you visit. The inclusion of a link to a third-party website on our platform does not imply our endorsement of that website or its privacy practices.
This includes links to social media platforms such as Facebook, Instagram, and Twitter, as well as links to our delivery partners, payment processors, and other business partners. Each of these third parties has its own privacy policy and data collection practices.
11. Do Not Track Signals
Some browsers include the ability to transmit "Do Not Track" (DNT) signals. Because there is not yet a uniform standard for how companies should respond to DNT signals, our website does not currently respond to DNT signals. We continue to monitor developments in this area and will update this policy if our practices change. However, you can manage your cookie preferences and opt out of certain tracking activities as described in Section 6 of this Privacy Policy.
12. FTC Act Compliance
We operate in compliance with the Federal Trade Commission Act (FTC Act), which prohibits unfair or deceptive acts or practices in commerce. Our data collection, use, and disclosure practices are designed to be fair, transparent, and consistent with consumer expectations. We honor our privacy commitments and do not engage in deceptive data practices. If you believe that we have engaged in any unfair or deceptive data practices, you have the right to file a complaint with the Federal Trade Commission as described in Section 14 below.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes to this Privacy Policy, we will notify you by:
- Posting the updated Privacy Policy on this page with a new "Last Updated" date at the top.
- Sending an email notification to the email address associated with your account (for material changes).
- Displaying a prominent notice on our website for a reasonable period after the changes are made.
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our Services after any changes to this Privacy Policy are posted will constitute your acceptance of the updated policy. If you do not agree with the changes, you should discontinue your use of our Services and may request deletion of your personal information.
14. How to File a Complaint
If you have concerns about our privacy practices or believe that we have failed to honor your privacy rights, we encourage you to first contact us directly so that we can work to resolve the matter. However, you also have the right to file a complaint with the appropriate regulatory authorities.
14.1 Contact Us First
Please reach out to us at [email protected] with a detailed description of your concern. We will investigate and respond to your complaint within a reasonable timeframe.
14.2 Federal Regulatory Authorities
-
Federal Trade Commission (FTC):
The FTC is the primary federal agency responsible for consumer protection and data privacy enforcement in the United States.
Website: www.ftc.gov/complaint
Phone: 1-877-FTC-HELP (1-877-382-4357)
14.3 State-Level Authorities
-
California Residents — California Privacy Protection Agency (CPPA):
California residents may file complaints regarding CCPA/CPRA violations with the California Privacy Protection Agency.
Website: cppa.ca.gov -
California Residents — California Attorney General:
Website: oag.ca.gov/privacy/ccpa -
Other States:
Residents of other states may contact their respective state Attorney General's office or state consumer protection agency to file privacy-related complaints.
15. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact our privacy team using the information below. We are committed to addressing your concerns promptly and transparently.
| Company Name | Cafe Rio |
|---|---|
| Email Address | [email protected] |
| Website | caferiomex.click |
When contacting us regarding your privacy rights, please include the following information to help us process your request efficiently:
- Your full name and the email address associated with your account.
- A clear description of the nature of your request or concern.
- If you are submitting a request on behalf of another person, documentation demonstrating your authority to act on their behalf.
- Your preferred method of response (email or mail).
We take all privacy inquiries seriously and will make every effort to respond within the timeframes required by applicable law — typically within 45 days for consumer rights requests under the CCPA/CPRA, with the possibility of a 45-day extension when reasonably necessary.
Governing Law: This Privacy Policy shall be governed by and construed in accordance with the laws of the United States of America and applicable state laws, without regard to conflicts of law principles.
Effective Date: This Privacy Policy is effective as of July 18, 2026. Any previous versions of this Privacy Policy are superseded by this document.