Privacy Policy

Welcome to Cafe Rio. This Privacy Policy explains how Cafe Rio ("we," "us," "our," or "the Company") collects, uses, discloses, and safeguards your personal information when you visit our website at caferio-food.digital, place orders, interact with our services, or otherwise engage with us. Please read this policy carefully. By accessing or using our website and services, you acknowledge that you have read, understood, and agree to the practices described herein.

We are committed to protecting your privacy in accordance with applicable United States federal and state privacy laws, including but not limited to the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other relevant consumer protection statutes. If you do not agree with the terms of this Privacy Policy, please discontinue your use of our website and services immediately.

1. About Us and How to Contact Us

Cafe Rio is a food service company operating through its digital platform at caferio-food.digital. We provide online food ordering, menu browsing, loyalty program management, and related digital food services to our customers across the United States.

For any privacy-related inquiries, requests, or concerns, you may contact us directly at [email protected]. We aim to respond to all legitimate privacy requests within 45 days, as required by applicable law.

2. Information We Collect

We collect various types of personal information to provide and improve our services. The categories of information we collect are described below.

2.1 Personal Identification Information

When you create an account, place an order, or contact us, we may collect the following personal information:

• Full name
• Email address
• Phone number
• Billing and shipping/delivery address
• Date of birth (for age verification and promotional purposes)
• Username and password (stored in encrypted form)
• Profile picture (if voluntarily provided)
• Payment information (credit/debit card numbers, processed through secure third-party payment processors)
• Dietary preferences and food allergy information you voluntarily share

2.2 Order and Transaction Data

When you place orders through our platform, we collect:

• Order history, including items ordered, quantities, and frequency
• Order values and payment amounts
• Delivery addresses and special instructions
• Loyalty program points and reward redemptions
• Promotional codes and discount usage
• Refund and cancellation records

2.3 Usage and Browsing Data

We automatically collect certain information when you visit and interact with our website, including:

• Pages visited, links clicked, and time spent on each page
• Search queries entered within our platform
• Referral URLs (the website that directed you to ours)
• Products viewed, added to cart, or saved as favorites
• Session duration and frequency of visits
• Clickstream data reflecting your navigation path through our website
• Error logs and crash reports

2.4 Device and Technical Information

We collect technical data about the devices and software you use to access our services, including:

• IP address
• Browser type and version
• Operating system and device type (desktop, mobile, tablet)
• Device identifiers and advertising IDs
• Screen resolution
• Language and time zone settings
• Mobile network information

2.5 Location Data

If you permit location access, we may collect your precise or approximate geographic location to provide location-based services, such as finding the nearest Cafe Rio location or estimating delivery times. You may disable location services at any time through your device settings.

2.6 Communications and Customer Support Data

When you contact us, submit feedback, or participate in surveys, we may collect:

• Content of emails, chat messages, or phone calls with our support team
• Survey responses and ratings
• Feedback and reviews submitted on our platform
• Records of complaints and their resolution

2.7 Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about your interactions with our website. For detailed information about the specific cookies we use and how to manage your preferences, please refer to our Cookie Policy, available at caferio-food.digital/cookie-policy.

2.8 Information from Third Parties

We may receive information about you from third-party sources, including:

• Social media platforms, if you connect your social media account to our services or sign in using social login features (e.g., Google, Facebook)
• Third-party food delivery partners and aggregators
• Marketing and advertising partners who share analytics data
• Payment processors who confirm transaction status
• Public databases for address verification purposes

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Providing and Managing Our Services

• Processing and fulfilling your food orders
• Creating and managing your account
• Processing payments securely
• Coordinating deliveries and communicating estimated arrival times
• Administering our loyalty rewards program
• Sending order confirmations, receipts, and status updates
• Handling returns, refunds, and complaints

3.2 Personalization

• Customizing your experience on our website based on your order history and preferences
• Recommending menu items based on your past orders and browsing behavior
• Displaying relevant promotions and personalized offers
• Remembering your saved preferences, addresses, and payment methods

3.3 Marketing and Communications

• Sending promotional emails, newsletters, and special offers (with your consent where required)
• Displaying targeted advertisements on our website and third-party platforms
• Conducting marketing campaigns and measuring their effectiveness
• Notifying you about new menu items, seasonal specials, and events
• Sending push notifications (if you have opted in)

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any of our emails, adjusting your account notification settings, or contacting us at [email protected].

3.4 Analytics and Business Intelligence

• Analyzing website traffic, usage patterns, and user behavior to improve our platform
• Measuring the performance of our marketing campaigns
• Conducting market research and customer satisfaction surveys
• Generating aggregated, anonymized statistical reports
• Identifying trends in food preferences and ordering behavior

3.5 Safety, Security, and Fraud Prevention

• Detecting and preventing fraudulent transactions and unauthorized account access
• Monitoring for suspicious activity and security threats
• Verifying your identity when you contact us
• Enforcing our Terms of Service and other policies
• Maintaining the integrity and security of our systems

3.6 Legal and Regulatory Compliance

• Complying with applicable federal, state, and local laws and regulations
• Responding to lawful requests from government authorities and law enforcement
• Maintaining records required for tax, accounting, and auditing purposes
• Exercising or defending legal claims

4. Sharing Your Information with Third Parties

We do not sell, rent, or trade your personal information to third parties for their own independent marketing purposes. However, we may share your information with trusted third parties under the following circumstances:

4.1 Service Providers and Business Partners

We work with carefully selected third-party service providers who assist us in operating our business, including:

• Payment Processors: Companies that securely process your payment transactions
• Delivery Partners: Third-party logistics and delivery services that fulfill your orders
• Cloud Hosting Providers: Companies that host our website and data infrastructure
• Email and Communication Providers: Platforms used to send transactional and marketing communications
• Analytics Providers: Services such as Google Analytics that help us understand website usage
• Customer Support Tools: Platforms used to manage customer service interactions
• Advertising Networks: Partners who help us deliver targeted advertisements

All service providers are contractually obligated to use your data only for the specific purposes we authorize and to implement appropriate security measures.

4.2 Legal Requirements and Law Enforcement

We may disclose your personal information if required to do so by law or in good faith belief that such disclosure is necessary to:

• Comply with a legal obligation, court order, subpoena, or government request
• Protect and defend our rights, property, or safety
• Protect the rights, property, or safety of our customers or the public
• Investigate, prevent, or take action regarding suspected illegal activity or fraud

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your personal information may be transferred to the acquiring entity as part of the business assets. We will notify you via email and/or a prominent notice on our website before your information becomes subject to a different privacy policy.

4.4 With Your Consent

We may share your information with other third parties when you have provided explicit consent for such sharing. You may withdraw your consent at any time by contacting us at [email protected].

4.5 Aggregated and Anonymized Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you with partners, researchers, or the public for business, research, or marketing purposes.

5. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your experience, remember your preferences, analyze site traffic, and deliver relevant advertising. Cookies are small text files stored on your device when you visit our website.

The types of cookies we use include:

• Strictly Necessary Cookies: Essential for the basic functionality of our website, such as shopping cart management and account authentication
• Performance and Analytics Cookies: Help us understand how visitors use our website so we can improve it
• Functional Cookies: Remember your preferences and settings for a more personalized experience
• Targeting and Advertising Cookies: Used to deliver relevant advertisements and track campaign effectiveness

You can manage your cookie preferences through our cookie consent tool or through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. For complete details, please review our Cookie Policy at caferio-food.digital/cookie-policy.

6. Your Privacy Rights

Depending on your state of residence, you may have specific legal rights regarding your personal information. We honor these rights for all users, regardless of location.

6.1 Rights Under the California Consumer Privacy Act (CCPA/CPRA)

If you are a California resident, you have the following rights under the CCPA, as amended by the CPRA:

6.2 General Rights for All United States Users

Regardless of your state of residence, we provide all users the following options:

• Access and Review: You may log into your account at any time to review the personal information associated with your profile.
• Correction: You may update or correct your personal information directly through your account settings.
• Deletion: You may request the deletion of your account and associated personal data by contacting us.
• Marketing Opt-Out: You may unsubscribe from marketing communications at any time.
• Cookie Preferences: You may manage your cookie settings through our consent tool.

6.3 How to Submit a Privacy Request

To exercise any of the rights described above, you may:

• Send an email to: [email protected] with the subject line "Privacy Rights Request"
• Visit our website at caferio-food.digital and use the privacy request form available on our Privacy page

We will verify your identity before processing your request. We may ask you to provide information such as your name, email address, and account details to confirm your identity. We will respond to verifiable consumer requests within 45 days. If we require additional time (up to 90 days total), we will notify you within the initial 45-day period.

You may designate an authorized agent to submit requests on your behalf. Authorized agents must provide written authorization signed by you, and we may require you to verify your identity directly with us.

7. Data Security

We take the security of your personal information seriously and have implemented a range of technical, administrative, and physical safeguards designed to protect your information from unauthorized access, disclosure, alteration, or destruction.

7.1 Security Measures We Employ

• Encryption: All data transmitted between your browser and our servers is protected using industry-standard Transport Layer Security (TLS) encryption (HTTPS). Sensitive data, including passwords and payment information, is encrypted at rest.
• Access Controls: Access to personal data is restricted to authorized personnel on a need-to-know basis. All employees with access to personal data are required to complete privacy and security training.
• Secure Payment Processing: We do not store full credit card numbers on our servers. Payment processing is handled by PCI DSS-compliant third-party payment processors.
• Regular Security Audits: We conduct regular security assessments, vulnerability scans, and penetration tests to identify and remediate potential weaknesses.
• Intrusion Detection: We use automated systems to monitor for suspicious activity and potential security incidents.
• Data Minimization: We collect only the data necessary for the purposes described in this policy.
• Incident Response Plan: We maintain a documented data breach response plan and will notify affected users and relevant authorities in the event of a security breach, as required by applicable law.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements.

When data is no longer required for the purposes outlined above, we will securely delete or anonymize it in accordance with our data destruction procedures.

9. Children's Privacy

Cafe Rio's online platform is designed for adult consumers. We do not knowingly solicit, collect, or maintain personal information from children under 18 years of age. Our services are not directed at, marketed to, or intended for minors. If you are under 18 years old, please do not use our website or provide any personal information to us.

If you are a parent or guardian and believe that your child under the age of 18 has provided us with personal information without your consent, please contact us immediately at [email protected]. Upon verification, we will take prompt action to delete such information from our records.

We comply with the Children's Online Privacy Protection Act (COPPA) and do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will delete such information immediately.

10. International Data Transfers

Cafe Rio is based in the United States, and our primary data processing activities occur within the United States. If you are accessing our services from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your home country.

In cases where personal information is transferred to or processed by third-party service providers located outside the United States, we take appropriate steps to ensure that adequate protections are in place. These steps may include:

• Entering into data processing agreements that include standard contractual clauses or equivalent protections
• Ensuring that service providers implement security measures equivalent to those described in this policy
• Conducting due diligence on the data protection practices of international service providers

By using our website and services, you consent to the transfer and processing of your personal information in the United States and other countries where we operate or engage service providers.

11. Third-Party Links and Services

Our website may contain links to third-party websites, applications, or services that are not owned or controlled by Cafe Rio. This Privacy Policy applies only to our website and services. We have no control over and assume no responsibility for the privacy practices, content, or security of third-party websites.

We encourage you to review the privacy policies of any third-party websites you visit. The inclusion of links to third-party websites on our platform does not constitute our endorsement of those websites or their privacy practices.

Additionally, if you access our services through a third-party food delivery platform or aggregator, that platform's privacy policy will govern the data they collect from you, and we encourage you to review it.

12. Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. Our website does not currently respond to DNT signals, as there is no uniform standard for how DNT signals should be interpreted across the internet. However, you can manage tracking preferences through our cookie consent tool and your browser settings.

California residents may also have rights under the California Shine the Light Law (California Civil Code Section 1798.83) to request information about the disclosure of personal information to third parties for direct marketing purposes. To make such a request, please contact us at [email protected].

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page
• Post the revised policy on our website at caferio-food.digital
• Send you an email notification if we have your email address and the changes are significant
• Display a prominent notice on our website for a reasonable period following the update

Your continued use of our website and services after the effective date of any updated Privacy Policy constitutes your acceptance of the changes. We encourage you to review this policy periodically to stay informed about how we protect your information.

14. Filing a Complaint

If you believe that we have not complied with this Privacy Policy or applicable privacy laws in handling your personal information, we encourage you to first contact us directly so that we have the opportunity to address your concerns.

14.1 Contact Us First

Please submit your complaint or concern in writing to:
Email: [email protected]
Subject Line: Privacy Complaint

We will acknowledge receipt of your complaint within 10 business days and aim to provide a full response within 30 days. If your complaint is complex, we will notify you of the expected timeline for resolution.

14.2 Regulatory Authorities

If you are not satisfied with our response, or if you prefer to raise concerns directly with a regulatory authority, you may contact:

15. Legal Basis for Processing (FTC Act Compliance)

In accordance with the Federal Trade Commission Act and our commitment to fair and transparent data practices, we process your personal information on the following legal bases:

• Performance of a Contract: Processing necessary to fulfill your orders, manage your account, and deliver services you have requested
• Legitimate Business Interests: Processing for fraud prevention, security, business analytics, and service improvement, where such interests do not override your privacy rights
• Consent: Processing based on your explicit consent, such as for marketing communications and non-essential cookies
• Legal Obligation: Processing required to comply with applicable federal, state, or local laws and regulations

16. Contact Information for Privacy Inquiries

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to reach out to us. Our privacy team is dedicated to addressing your inquiries promptly and transparently.