Privacy Policy

Effective Date: June 12, 2026 | Last Updated: June 12, 2026

Welcome to Cafe Rio. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website caferiomeals.rest, place food orders, use our services, or otherwise interact with us. Please read this policy carefully. If you disagree with its terms, please discontinue use of our site and services immediately.

This Privacy Policy applies to all information collected through our website, mobile features, online ordering platform, loyalty programs, and any related services, sales, marketing, or events (collectively referred to as the "Services").

1. Who We Are

Cafe Rio is a food service business operating in the United States. We operate the website located at caferiomeals.rest and provide food ordering, delivery, catering, and related services to our customers. As the operator of this website, we act as the data controller responsible for your personal information collected through our Services.

Business Name	Cafe Rio
Website	caferiomeals.rest
Email Address	[email protected]
Country of Operation	United States

2. Information We Collect

We collect information about you in a variety of ways depending on how you interact with our Services. Below is a detailed breakdown of the categories of personal information we may collect.

2.1 Personal Information You Provide Directly

When you register an account, place an order, sign up for our newsletter, contact customer support, or otherwise engage with our Services, you may voluntarily provide us with the following:

Identity Information: Full name, username, or similar identifier.
Contact Information: Email address, phone number, billing address, delivery address.
Account Credentials: Password or security questions used to protect your account.
Payment Information: Credit card or debit card numbers, billing details, and transaction history. Note: Full payment card details are processed by our secure third-party payment processors and are not stored on our servers.
Order Information: Food preferences, dietary restrictions, special instructions, and order history.
Communications: Any messages, feedback, or complaints you send us through email, contact forms, or live chat features.
Loyalty Program Data: Enrollment information, reward points, redemption history, and preferences associated with any loyalty or rewards program we operate.
Marketing Preferences: Your choices regarding receiving marketing communications from us and our partners.

2.2 Information Collected Automatically

When you visit our website or use our digital Services, certain information is collected automatically through cookies, web beacons, pixel tags, and similar technologies:

Device Information: IP address, device type, operating system, browser type and version, device identifiers, and hardware model.
Usage Data: Pages visited, links clicked, time spent on pages, referring URLs, search queries made on our site, and navigation paths through our website.
Location Data: General geographic location inferred from your IP address. We may also request more precise location data (GPS) to assist with delivery services, subject to your device permissions.
Log Data: Server logs that automatically record details about your use of our Services, including access times, error reports, and activity logs.
Cookie and Tracking Data: Information stored or accessed using cookies, including session cookies, persistent cookies, and third-party analytics cookies. Please see Section 9 of this policy for more details about our cookie practices.

2.3 Information From Third Parties

We may receive information about you from the following third-party sources:

Social Media Platforms: If you connect your social media account (such as Facebook, Google, or Apple) to our Services or sign in using a social login, we may receive basic profile information such as your name, email address, and profile picture.
Analytics Providers: We use third-party analytics tools such as Google Analytics to understand how users interact with our website.
Payment Processors: Our payment processing partners may share transaction confirmation details with us.
Delivery Partners: Third-party delivery services may share delivery confirmation and address details with us to facilitate your order.
Marketing Partners: We may receive information from advertising and marketing partners to enhance our promotional activities.

3. How We Use Your Information

We use the personal information we collect for a variety of business and operational purposes, including but not limited to the following:

3.1 Providing and Managing Our Services

Processing and fulfilling your food orders, including managing delivery and pickup logistics.
Creating and managing your customer account.
Processing payments and preventing fraudulent transactions.
Sending order confirmations, receipts, and delivery notifications.
Responding to your inquiries, complaints, and customer support requests.
Administering loyalty and rewards programs.

3.2 Improving Our Services

Analyzing usage patterns and trends to improve our website design, menus, and ordering experience.
Conducting research and data analysis to enhance our food offerings and service delivery.
Testing new features and technologies before broader deployment.
Monitoring the technical performance of our website and resolving technical issues.

3.3 Marketing and Promotional Communications

Sending you promotional emails, newsletters, special offers, and information about new menu items, subject to your marketing preferences.
Personalizing your experience on our website and in communications based on your order history and preferences.
Delivering targeted advertisements on our website, on social media platforms, and on third-party websites through online advertising networks.
Conducting surveys, promotions, contests, and sweepstakes in which you choose to participate.

3.4 Legal and Compliance Purposes

Complying with applicable laws, regulations, legal processes, and governmental requests.
Enforcing our Terms of Service and other agreements.
Protecting the rights, property, and safety of Cafe Rio, our customers, employees, and the public.
Detecting, investigating, and preventing fraudulent transactions and other illegal activities.

Legal Bases Under Applicable Law: For users in California or other jurisdictions with specific legal requirements, the legal bases upon which we process your personal information include: performance of a contract (to fulfill your orders), our legitimate business interests (to improve our Services and conduct marketing), compliance with legal obligations, and your consent where required.

4. Sharing and Disclosure of Your Information

We do not sell your personal information in the traditional sense. However, as described in this section, we may share your information with trusted third parties under specific circumstances. If you are a California resident, please note that certain sharing of information for cross-context behavioral advertising may constitute a "sale" or "sharing" under the California Consumer Privacy Act (CCPA/CPRA). Please see Section 11 for more details on your California privacy rights.

4.1 Service Providers and Business Partners

We share your information with third-party vendors and service providers who perform services on our behalf, including:

Payment Processors: Companies such as Stripe, Square, or similar processors who handle payment transactions securely.
Delivery and Logistics Partners: Third-party delivery companies and couriers who fulfill food delivery orders.
Cloud and Hosting Providers: Companies that provide web hosting, data storage, and cloud infrastructure services.
Analytics Providers: Google Analytics, Hotjar, and similar platforms that help us understand website traffic and user behavior.
Email and Marketing Platforms: Services like Mailchimp or similar platforms used to send marketing and transactional emails.
Customer Support Tools: Platforms that help us manage customer inquiries and support tickets.

All service providers are required to use your information only for the purpose of providing services to us and are bound by confidentiality agreements and applicable data protection obligations.

4.2 Legal Requirements and Law Enforcement

We may disclose your personal information if we believe disclosure is necessary or required to:

Comply with applicable law, regulation, legal process, or enforceable governmental request.
Respond to subpoenas, court orders, or legal process served on Cafe Rio.
Protect and defend the rights or property of Cafe Rio or our users.
Prevent or investigate possible wrongdoing in connection with the Services.
Protect the personal safety of users of the Services or the general public.

4.3 Business Transfers

In the event that Cafe Rio is involved in a merger, acquisition, reorganization, bankruptcy, dissolution, or sale of all or substantially all of its assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your personal information.

4.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so, such as when you choose to participate in joint promotions, refer-a-friend programs, or social sharing features.

5. Data Security

We take the security of your personal information seriously and implement a range of technical, administrative, and physical security measures designed to protect your information from unauthorized access, disclosure, alteration, or destruction. These measures include:

Encryption: We use Secure Socket Layer (SSL) / Transport Layer Security (TLS) encryption to protect data transmitted between your browser and our servers. Payment data is encrypted using industry-standard PCI DSS-compliant protocols.
Access Controls: Access to personal information is restricted to employees, contractors, and agents who need to know that information in order to process it on our behalf and who are subject to strict confidentiality obligations.
Secure Data Storage: Your data is stored on secure servers with firewalls, intrusion detection systems, and regular security audits.
Password Protection: Account passwords are stored using industry-standard hashing algorithms. We never store plaintext passwords.
Regular Security Assessments: We conduct periodic vulnerability assessments and security reviews of our systems and practices.
Incident Response: We maintain a data breach response plan and will notify affected users and relevant authorities as required by applicable law in the event of a confirmed data security incident.

Important Notice: While we implement safeguards designed to protect your information, no security system is impenetrable. We cannot guarantee the absolute security of your information. You are responsible for maintaining the confidentiality of your account credentials and for any activities that occur under your account.

6. Data Retention

We retain your personal information only for as long as is necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The following general retention guidelines apply:

Type of Data	Retention Period
Account Information	Duration of active account plus 3 years after account closure
Order and Transaction History	7 years (to comply with tax and financial record-keeping laws)
Customer Support Communications	3 years from date of last communication
Marketing Preferences and Consent Records	Until withdrawal of consent plus 1 year
Website Usage and Analytics Data	Up to 26 months (in line with Google Analytics default retention)
Cookie and Session Data	As specified in our Cookie Policy (session cookies expire at end of browsing session; persistent cookies as specified)
Legal and Compliance Records	As required by applicable federal and state laws

When your information is no longer needed for the purposes set out in this policy, we will securely delete or anonymize it. In some cases, we may retain anonymized data indefinitely for statistical and research purposes where it can no longer be used to identify you.

7. Your Privacy Rights

Depending on your location and applicable laws, you may have certain rights with respect to your personal information. We are committed to honoring these rights. To exercise any of the rights described below, please contact us using the information provided in Section 13 of this policy.

7.1 Right to Access

You have the right to request a copy of the personal information we hold about you. We will provide this information in a commonly used, machine-readable format where technically feasible.

7.2 Right to Correction (Rectification)

If any of the personal information we hold about you is inaccurate, incomplete, or outdated, you have the right to request that we correct or update it. You may also update much of your account information directly through your account settings on our website.

7.3 Right to Deletion

You have the right to request the deletion of your personal information, subject to certain exceptions. We may be required to retain certain information to comply with legal obligations, resolve disputes, enforce our agreements, or for other legitimate business purposes.

7.4 Right to Data Portability

You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit that data to another data controller, where technically feasible and where the processing is based on your consent or a contract.

7.5 Right to Opt-Out of Marketing

You may opt out of receiving promotional communications from us at any time by clicking the "unsubscribe" link in any marketing email we send you, or by contacting us at [email protected]. Please note that even if you opt out of marketing emails, we will continue to send you transactional and service-related communications (such as order confirmations and account notifications).

7.6 Right to Restrict Processing

In certain circumstances, you have the right to request that we restrict the processing of your personal information while retaining it on our systems (for example, while you contest the accuracy of the data or while a complaint is being investigated).

7.7 Right to Object

You may object to the processing of your personal information where we rely on legitimate interests as the legal basis for processing, including for direct marketing purposes.

We will respond to all verified requests within 45 days of receipt. In complex cases, we may extend this period by an additional 45 days with prior notice to you. We do not charge a fee to process reasonable requests, though we may charge a fee or decline to respond to requests that are manifestly unfounded, repetitive, or excessive.

8. Children's Privacy

Age Restriction: Our Services are intended for individuals who are 18 years of age or older. We do not knowingly collect, solicit, or process personal information from children under the age of 13, and we do not direct our Services to children.

In compliance with the Children's Online Privacy Protection Act (COPPA) and other applicable laws, if we discover that we have inadvertently collected personal information from a child under the age of 13, we will promptly take steps to delete that information from our records. If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately at [email protected].

Additionally, some features of our Services, including the creation of accounts, participation in loyalty programs, and placing online orders, are only available to individuals who are 18 years of age or older. By using our Services, you represent and warrant that you are at least 18 years old.

9. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies such as web beacons, pixel tags, and local storage objects to enhance your browsing experience, analyze website traffic, and deliver personalized content and advertisements.

9.1 Types of Cookies We Use

Strictly Necessary Cookies: Essential for the operation of our website, including enabling you to log into your account, add items to your cart, and complete checkout. These cookies cannot be disabled.
Performance and Analytics Cookies: Help us understand how visitors interact with our website by collecting information about page visits, time spent, and error messages. We use tools like Google Analytics for this purpose.
Functional Cookies: Allow us to remember your preferences such as language, delivery address, and saved menu favorites to provide a personalized experience.
Targeting and Advertising Cookies: Used to deliver relevant advertisements to you on our site and across the internet, including on social media platforms. These cookies track your browsing habits and may be set by our advertising partners.

9.2 Managing Your Cookie Preferences

You may control and manage cookies through your browser settings. Most browsers allow you to refuse or delete cookies. However, please note that if you disable or refuse cookies, some parts of our website may become inaccessible or not function properly. You can also opt out of certain advertising cookies through the Digital Advertising Alliance (DAA) opt-out tool or the Network Advertising Initiative (NAI) opt-out tool.

For more detailed information about the specific cookies we use and how to manage them, please refer to our full Cookie Policy available on our website.

10. International Data Transfers

Cafe Rio is based in the United States and primarily processes and stores data within the United States. However, given the global nature of some of our service providers and technology partners, your personal information may be transferred to, stored, or processed in countries outside of the United States.

If your information is transferred internationally, we take appropriate steps to ensure that it receives an adequate level of protection in accordance with applicable data protection laws. Such safeguards may include:

Using service providers located in countries that have been deemed to provide an adequate level of protection for personal data.
Implementing contractual protections (such as Standard Contractual Clauses) with our international service providers.
Relying on binding corporate rules or other approved transfer mechanisms where applicable.

By using our Services, you acknowledge and consent to the transfer of your information to the United States and potentially other countries, where data protection laws may differ from those in your home country.

11. California Privacy Rights (CCPA/CPRA)

If you are a resident of California, you have specific rights under the California Consumer Privacy Act of 2018 (CCPA) as amended by the California Privacy Rights Act of 2020 (CPRA). These rights are in addition to those described in Section 7 above.

11.1 Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information from California consumers, as defined under the CCPA/CPRA:

Identifiers (name, email address, IP address, account name)
Customer records information (name, address, telephone number, payment card information)
Commercial information (products ordered, purchasing history)
Internet or other electronic network activity information (browsing history, interactions with our website)
Geolocation data (approximate or precise location)
Inferences drawn from the above categories to create profiles about consumer preferences and behavior

11.2 Your California Rights

As a California resident, you have the right to:

Know: Request disclosure of the categories and specific pieces of personal information we collect, use, disclose, and sell/share about you.
Delete: Request deletion of your personal information, subject to certain exceptions.
Correct: Request correction of inaccurate personal information we hold about you.
Opt-Out of Sale/Sharing: Opt out of the sale or sharing of your personal information for cross-context behavioral advertising purposes. To opt out, please contact us at [email protected] or use the "Do Not Sell or Share My Personal Information" link on our website.
Limit Use of Sensitive Personal Information: Request that we limit the use and disclosure of your sensitive personal information to what is necessary for the performance of services.
Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge different prices, provide a different quality of service, or suggest that you will receive a different price or quality as a result of exercising your rights.

To submit a verifiable consumer request under the CCPA/CPRA, please contact us at [email protected]. We will need to verify your identity before processing your request. You may also designate an authorized agent to make a request on your behalf, subject to our verification requirements.

11.3 Shine the Light Law

Under California Civil Code Section 1798.83 (the "Shine the Light" law), California residents may request information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us at [email protected].

12. Federal Consumer Protection

Our privacy practices are designed to comply with the Federal Trade Commission (FTC) Act, which prohibits unfair or deceptive acts or practices in commerce. We are committed to maintaining transparency about our data practices, honoring the privacy choices and preferences of our users, and protecting consumer information from unauthorized access and misuse. If you believe our practices violate FTC regulations, you may file a complaint directly with the FTC at reportfraud.ftc.gov.

13. Filing Complaints with Authorities

While we encourage you to contact us directly to resolve any privacy concerns, you have the right to file a complaint with the appropriate data protection authority. Depending on your location, the following options may be available to you:

California Residents: You may file a complaint with the California Privacy Protection Agency (CPPA) at cppa.ca.gov or with the California Attorney General's Office at oag.ca.gov/privacy.
All U.S. Residents: You may file a complaint with the Federal Trade Commission (FTC) at reportfraud.ftc.gov or by calling 1-877-FTC-HELP (1-877-382-4357).
Other State Residents: Many U.S. states have their own consumer protection offices and attorney general offices that handle privacy-related complaints. We encourage you to consult your state's specific regulatory bodies for guidance.

We would appreciate the opportunity to address your concerns before you approach any regulatory authority. Please contact us first at [email protected].

14. Third-Party Links and Services

Our website may contain links to third-party websites, applications, and services that are not owned or controlled by Cafe Rio. This Privacy Policy does not apply to those external websites or services. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites or services. We encourage you to review the privacy policies of any third-party sites you visit.

Please be aware that when you use social login features (such as "Log in with Google" or "Log in with Facebook"), you are also subject to the privacy policies of those social media platforms. We are not responsible for the data practices of those platforms.

15. Do Not Track Signals

Some browsers have a "Do Not Track" (DNT) feature that signals to websites that you do not want to have your online activities tracked. Currently, we do not respond to browser DNT signals, as there is no industry-standard framework for honoring DNT requests. However, you may opt out of certain tracking activities through the cookie management tools described in Section 9 and the CCPA/CPRA opt-out rights described in Section 11.

16. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes to this policy, we will:

Update the "Last Updated" date at the top of this policy.
Post the revised policy on our website at caferiomeals.rest.
Where required by law or where we deem it appropriate, notify you by email or through a prominent notice on our website.

We encourage you to review this Privacy Policy periodically to stay informed about our data practices. Your continued use of our Services after the effective date of any changes constitutes your acknowledgment and acceptance of the updated policy.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, your personal information, or our data practices, please do not hesitate to contact our privacy team using the information below:

Privacy Contact Information — Cafe Rio

Business Name	Cafe Rio
Email	[email protected]
Website	caferiomeals.rest
Country	United States

We aim to respond to all privacy-related inquiries within 30 days of receipt. For complex requests or those involving the exercise of legal rights under applicable law, we may require up to 45 days, as permitted by applicable regulations.

When contacting us about a privacy request, please provide sufficient information to allow us to identify you in our systems and verify your identity before processing your request. This is necessary to protect the privacy and security of all our users.

Summary: This Privacy Policy describes how Cafe Rio collects, uses, and protects your personal information. We are committed to maintaining your trust and transparency in all our data practices. Your privacy matters to us, and we will always strive to handle your information with the utmost care and respect.