Privacy Policy

This Privacy Policy describes how Cafe Rio ("we," "us," or "our") collects, uses, discloses, and safeguards your personal information when you visit our website at riocafes.rest, place orders, participate in our loyalty programs, or otherwise interact with our services. Please read this policy carefully. If you do not agree with the terms of this Privacy Policy, please discontinue use of our website and services immediately.

We are committed to protecting your privacy and handling your personal data with transparency, integrity, and respect. This policy is designed to comply with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and the Federal Trade Commission Act (FTC Act) governing unfair or deceptive practices in commerce.

1. Who We Are

Cafe Rio is a food and dining establishment operating in the United States. We provide restaurant services, online ordering, catering, loyalty rewards, and related food services to our customers. For the purposes of this Privacy Policy, Cafe Rio is the data controller responsible for your personal information.

Business Name Cafe Rio
Website riocafes.rest
Email Address [email protected]
Country United States

For any questions, concerns, or requests related to this Privacy Policy or your personal data, you may contact us at the email address listed above. We will make every effort to respond to your inquiry within 30 days of receipt.

2. Information We Collect

We collect various types of information in connection with your use of our website, mobile application, in-store visits, online ordering, and other interactions with our business. The categories of personal information we collect are described below.

2.1 Personal Identification Information

When you create an account, place an order, sign up for our loyalty program, or contact us, we may collect the following personal identification information:

  • Full name
  • Email address
  • Telephone number
  • Mailing address or delivery address
  • Date of birth (for age verification and birthday rewards)
  • Username and password for account access
  • Profile photo (if uploaded voluntarily)

2.2 Payment and Financial Information

When you make a purchase through our website or mobile app, we collect payment-related information necessary to process your transaction. This may include:

  • Credit or debit card number (last four digits only, stored securely)
  • Billing address
  • Payment method type (Visa, Mastercard, Apple Pay, etc.)
  • Transaction history and purchase records

Full payment card details are processed through PCI-DSS-compliant third-party payment processors. We do not store your full credit card number on our servers.

2.3 Order and Transaction Data

We maintain records of your orders and transactions with us, including:

  • Items ordered and customizations
  • Order dates, times, and frequency
  • Pickup or delivery preferences
  • Special dietary requests or preferences you have provided
  • Catering order details
  • Loyalty points earned and redeemed

2.4 Usage and Technical Data

When you visit our website or use our digital services, we automatically collect certain technical and usage information, including:

  • IP address
  • Browser type and version
  • Operating system
  • Device type and identifiers
  • Pages visited and time spent on each page
  • Referring URLs (websites that directed you to ours)
  • Links clicked within our website
  • Search terms used on our website
  • Session duration and bounce rates
  • Geolocation data (at city or region level, based on IP address)

2.5 Communications Data

If you communicate with us through email, live chat, social media, or any other channel, we collect and store those communications, including:

  • Customer service inquiries and our responses
  • Feedback and reviews you submit
  • Survey responses
  • Social media comments or messages directed to our official accounts

2.6 Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about your browsing behavior on our website. Please refer to Section 9 of this Privacy Policy for more detailed information on our use of cookies and how to manage your cookie preferences.

2.7 Information from Third Parties

We may receive information about you from third-party sources, including:

  • Social media platforms (if you connect your account or interact with our social media pages)
  • Third-party delivery partners (such as DoorDash, Uber Eats, Grubhub) when you place orders through their platforms
  • Analytics providers and advertising partners
  • Data enrichment services that help us keep our records accurate and up to date

3. How We Use Your Information

We use the personal information we collect for a variety of legitimate business purposes, as described below.

3.1 Providing and Managing Our Services

  • Processing and fulfilling your food orders (online, mobile, or in-store)
  • Managing your customer account and loyalty program membership
  • Processing payments and handling refund or return requests
  • Coordinating delivery or pickup logistics
  • Responding to your customer service inquiries and resolving complaints
  • Sending order confirmations, receipts, and status updates

3.2 Improving Our Products and Services

  • Analyzing usage patterns to improve website functionality and user experience
  • Conducting internal research and data analytics
  • Monitoring and improving the performance and security of our digital platforms
  • Developing new menu items, promotions, and service features based on customer preferences
  • Testing new features and website updates

3.3 Marketing and Communications

With your consent or as otherwise permitted by applicable law, we may use your information to send you:

  • Promotional emails about new menu items, special offers, and discounts
  • Loyalty program updates, reward notifications, and birthday offers
  • Newsletters and announcements about Cafe Rio
  • Targeted advertisements on social media platforms and third-party websites
  • SMS or push notifications (if you have opted in)

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any marketing email, adjusting your notification settings in your account, or contacting us directly at [email protected]. Please note that opting out of marketing communications does not affect transactional messages related to your orders.

3.4 Legal Compliance and Safety

  • Complying with applicable federal and state laws and regulations
  • Responding to lawful requests from government authorities or law enforcement
  • Preventing and detecting fraud, abuse, or other illegal activity
  • Enforcing our Terms of Service and other agreements
  • Protecting the rights, property, and safety of Cafe Rio, our customers, and the public

3.5 Business Operations

  • Maintaining accurate business and financial records
  • Supporting internal audits and compliance reviews
  • Managing mergers, acquisitions, or business restructuring activities

4. Sharing Your Information with Third Parties

We do not sell your personal information to third parties. However, we may share your information in the following limited circumstances:

4.1 Service Providers and Business Partners

We engage trusted third-party companies and individuals to assist us in operating our business and providing services to you. These service providers may have access to your personal information only as necessary to perform their functions and are obligated by contract to maintain the confidentiality and security of your data. Categories of service providers include:

  • Payment processors – to securely handle financial transactions
  • Delivery platforms – to fulfill delivery orders (e.g., DoorDash, Uber Eats)
  • Cloud hosting providers – to store and manage our data and digital infrastructure
  • Email and SMS marketing platforms – to send communications on our behalf
  • Analytics providers – to help us understand how our website is used (e.g., Google Analytics)
  • Customer support software providers – to manage customer service interactions
  • Loyalty and rewards platform providers – to operate our rewards program

4.2 Legal Requirements and Law Enforcement

We may disclose your personal information if required to do so by law or in good faith belief that such disclosure is necessary to:

  • Comply with a legal obligation, court order, or government request
  • Enforce our Terms of Service or protect our legal rights
  • Investigate potential violations of law or our policies
  • Protect the safety of our customers, employees, or the general public

4.3 Business Transfers

In the event that Cafe Rio undergoes a merger, acquisition, sale of assets, bankruptcy, or other business transition, your personal information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website before your personal information becomes subject to a different privacy policy.

4.4 Aggregate and De-Identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you with third parties for research, marketing, analytics, or other business purposes. This type of data sharing does not constitute a disclosure of personal information.

4.5 With Your Consent

We may share your information with other parties when you have explicitly provided your consent to do so, such as when participating in co-branded promotions or partner loyalty programs.

5. Data Security

We take the security of your personal information seriously and implement a variety of technical, administrative, and physical safeguards to protect your data from unauthorized access, use, disclosure, alteration, or destruction.

5.1 Technical Security Measures

  • SSL/TLS encryption for all data transmitted between your browser and our servers
  • Encryption of sensitive data at rest, including passwords (stored as hashed values) and payment information
  • Firewalls and intrusion detection systems
  • Regular security vulnerability assessments and penetration testing
  • Multi-factor authentication for administrative access to our systems
  • Secure, access-controlled cloud infrastructure

5.2 Administrative and Organizational Measures

  • Strict access controls limiting employee access to personal data on a need-to-know basis
  • Regular staff training on data privacy and security best practices
  • Documented data handling procedures and internal privacy policies
  • Vendor due diligence and data processing agreements with all third-party processors

5.3 Limitation of Liability

Despite our best efforts, no method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security. In the event of a data breach affecting your personal information, we will notify you as required by applicable law, including applicable state breach notification statutes.

6. Your Privacy Rights

Depending on your state of residence, you may have certain rights regarding your personal information. We honor the rights described below and will respond to verified requests within the timeframes required by applicable law.

6.1 Rights Under the California Consumer Privacy Act (CCPA/CPRA)

If you are a California resident, you have the following rights under the CCPA as amended by the CPRA:

Right Description
Right to Know You have the right to request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, our business purposes for collecting it, and the categories of third parties with whom we share it.
Right to Delete You have the right to request that we delete personal information we have collected from you, subject to certain exceptions.
Right to Correct You have the right to request that we correct inaccurate personal information we maintain about you.
Right to Opt-Out of Sale/Sharing You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising.
Right to Limit Use of Sensitive Information You have the right to limit our use and disclosure of sensitive personal information to purposes permitted by the CPRA.
Right to Data Portability You have the right to receive a copy of your personal information in a portable, readily usable format.
Right to Non-Discrimination We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny goods or services, charge different prices, or provide a different level of quality because you exercised your privacy rights.

6.2 Rights Available to All United States Residents

Regardless of your state of residence, you have the right to:

  • Access and Review: Request a summary of the personal information we hold about you
  • Correction: Request that we correct inaccurate information in your account
  • Opt-Out of Marketing: Unsubscribe from promotional communications at any time
  • Account Deletion: Request deletion of your account and associated personal data

6.3 How to Submit a Privacy Request

To exercise any of your privacy rights, you may:

  • Email us at [email protected] with the subject line "Privacy Rights Request"
  • Submit a request through your online account settings (where available)

We will need to verify your identity before processing your request. Verification may involve confirming your email address, account credentials, or providing additional identifying information. We will respond to verified requests within 45 days of receipt. If we require additional time (up to 90 days total), we will notify you of the extension and the reason for the delay.

You may designate an authorized agent to submit privacy rights requests on your behalf. Authorized agents must provide written authorization or proof of power of attorney, and we may require you to verify your own identity directly with us.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, as described in this Privacy Policy, and to comply with our legal obligations, resolve disputes, and enforce our agreements. The following general retention periods apply:

Category of Data Typical Retention Period
Account and profile information For the duration of your account, plus 3 years after account closure
Order and transaction records 7 years (for tax and financial compliance)
Payment processing records 7 years (per IRS and financial regulations)
Customer service communications 3 years from the date of the interaction
Marketing preferences and consent records 3 years from last interaction or until consent is withdrawn
Website usage and analytics data 26 months (standard analytics retention)
Cookie and tracking data As specified in our Cookie Policy (typically 1–2 years)
Legal hold or dispute records Until the matter is fully resolved, plus applicable statute of limitations

When your personal information is no longer required for any legitimate purpose, we will securely delete, anonymize, or destroy it in accordance with our data retention schedules and applicable law.

8. Children's Privacy

Cafe Rio's website, mobile ordering, and loyalty program are intended for use by individuals who are 18 years of age or older. We do not knowingly solicit, collect, or process personal information from minors under the age of 18. If you are under 18, please do not use our website or provide any personal information to us.

If we become aware that we have inadvertently collected personal information from a child under 18 without verifiable parental consent, we will take prompt steps to delete that information from our systems. If you are a parent or guardian and believe that your child has provided personal information to us, please contact us immediately at [email protected] so we can investigate and take appropriate action.

We comply with the Children's Online Privacy Protection Act (COPPA) and do not engage in the knowing collection of personal data from children under the age of 13. For individuals between the ages of 13 and 17, parental or guardian consent is required for any account registration or data submission.

9. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and support our marketing efforts. Cookies are small text files placed on your device when you visit a website.

9.1 Types of Cookies We Use

  • Essential Cookies: Necessary for the website to function properly, including session management, security features, and shopping cart functionality. These cookies cannot be disabled.
  • Performance and Analytics Cookies: Help us understand how visitors interact with our website by collecting information about pages visited, time spent, and errors encountered (e.g., Google Analytics).
  • Functional Cookies: Allow the website to remember your preferences, such as language settings, saved addresses, and login status.
  • Marketing and Advertising Cookies: Used to deliver relevant advertisements and track the effectiveness of our marketing campaigns across third-party platforms.
  • Social Media Cookies: Placed by social media platforms when you interact with our social sharing buttons or embedded content.

9.2 Managing Your Cookie Preferences

You can control and manage cookies through your browser settings. Most browsers allow you to refuse or delete cookies. However, disabling certain cookies may affect the functionality and performance of our website. You may also opt out of interest-based advertising through the Digital Advertising Alliance's opt-out tool at www.aboutads.info/choices or the Network Advertising Initiative's opt-out page.

For full details on the cookies we use, the specific purposes they serve, and instructions on how to manage your cookie preferences, please review our Cookie Policy, which is available on our website at riocafes.rest.

10. International Data Transfers

Cafe Rio is based in the United States and primarily processes personal information within the United States. However, some of our third-party service providers may operate in or transfer data to other countries. If your personal information is transferred outside the United States, we take appropriate steps to ensure that such transfers comply with applicable law and that adequate safeguards are in place to protect your data.

Safeguards for international data transfers may include:

  • Standard contractual clauses approved by relevant data protection authorities
  • Ensuring that recipient countries have adequate data protection frameworks
  • Obtaining your explicit consent for certain transfers where required
  • Binding corporate rules or other legally recognized transfer mechanisms

By using our website and services, you acknowledge that your personal information may be processed in the United States or other countries where data protection laws may differ from those in your country of residence.

11. Third-Party Links and Services

Our website may contain links to third-party websites, applications, or services that are not operated or controlled by Cafe Rio. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party sites you visit. We have no responsibility or liability for the content, privacy practices, or policies of third-party websites.

Third-party services integrated into our platform may include but are not limited to payment gateways, delivery platforms, social media plugins, and advertising networks. Each of these services has its own privacy policy that governs the collection and use of your personal information on their platforms.

12. California Privacy Rights — Additional Disclosures

In addition to the rights described in Section 6, California residents are entitled to certain additional disclosures under California law, including the Shine the Light Law (California Civil Code § 1798.83), which permits California residents to request information about the disclosure of personal information to third parties for direct marketing purposes. To make such a request, please contact us at [email protected].

We do not sell personal information as defined under the CCPA/CPRA. We do not engage in profiling that produces legal or similarly significant effects on consumers without their knowledge or consent.

12.1 Categories of Personal Information Collected (CCPA Disclosure)

CCPA Category Examples Collected?
Identifiers Name, email, IP address, account username Yes
Customer Records Information Address, phone number, payment information Yes
Commercial Information Purchase history, order preferences Yes
Internet/Electronic Network Activity Browsing history, cookies, device identifiers Yes
Geolocation Data City-level location based on IP address Yes (approximate only)
Inferences Customer preferences inferred from purchase behavior Yes
Sensitive Personal Information Dietary restrictions (only if voluntarily provided) Limited
Biometric Data Fingerprints, facial recognition No

13. FTC Act Compliance and Consumer Protection

In accordance with the Federal Trade Commission Act and FTC guidelines on consumer privacy and data security, Cafe Rio is committed to the following principles:

  • Notice: We inform consumers about our data collection and use practices through this Privacy Policy before or at the time of collection.
  • Choice: We provide consumers with meaningful choices about how their data is used, including opt-out mechanisms for marketing communications.
  • Access: We provide consumers with reasonable access to personal information and the ability to review, correct, or delete it.
  • Security: We take reasonable steps to protect personal information from unauthorized access, use, or disclosure.
  • Enforcement: We hold ourselves accountable to our stated privacy practices and take corrective action when necessary.

We do not engage in unfair, deceptive, or abusive acts or practices in connection with the collection and use of consumer data, in compliance with the FTC Act (15 U.S.C. § 45).

14. How to File a Complaint

If you believe that your privacy rights have been violated or that we have not handled your personal information in accordance with this Privacy Policy or applicable law, we encourage you to contact us first so that we can address your concern.

We will acknowledge your complaint within 10 business days and aim to resolve it within 30 to 45 days.

14.1 Regulatory Complaints

If you are not satisfied with our response, you have the right to file a complaint with the appropriate regulatory authority:

  • Federal Trade Commission (FTC):
    The FTC handles consumer complaints about unfair or deceptive business practices, including privacy violations.
    Website: www.ftc.gov/complaint
    Phone: 1-877-FTC-HELP (1-877-382-4357)
  • California Privacy Protection Agency (CPPA) — for California Residents:
    California residents may file a complaint with the California Privacy Protection Agency if they believe their CCPA/CPRA rights have been violated.
    Website: cppa.ca.gov
  • State Attorney General — for Residents of Other States:
    Residents of other states may contact their state's Attorney General office for privacy-related complaints. Many states have established consumer protection divisions that handle data privacy issues.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes to this policy, we will:

  • Update the "Last Updated" date at the top of this page
  • Post a prominent notice on our website informing users of the changes
  • Send an email notification to registered users (where required by law or where we consider the changes to be significant)

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website and services after the effective date of any revised Privacy Policy constitutes your acceptance of the updated terms.

If we make changes that materially reduce your rights or significantly alter how we use your personal information, we will seek your consent where required by applicable law before implementing those changes.

16. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal information, please do not hesitate to contact us. We are committed to addressing your inquiries promptly and transparently.

Privacy Inquiries — Cafe Rio
Business Name Cafe Rio
Website riocafes.rest
Email [email protected]
Country United States

When contacting us regarding a privacy matter, please include your full name, email address, a description of your concern or request, and your state of residence (if applicable) so that we can respond appropriately. We take all privacy inquiries seriously and will do our best to assist you in a timely and professional manner.