Privacy Policy

This Privacy Policy describes how Cafe Rio ("we," "us," "our," or the "Company") collects, uses, stores, shares, and protects your personal information when you visit our website at foodcaferio.digital, place orders, interact with our digital services, or otherwise engage with us. We are committed to protecting your privacy and handling your personal data with transparency, integrity, and in full compliance with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other relevant data protection regulations.

Please read this Privacy Policy carefully before using our website or providing us with any personal information. By accessing or using our services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of our website and services immediately.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the new policy on this page with an updated effective date. We encourage you to review this policy periodically.

1. Who We Are

Cafe Rio is a food service business operating in the United States. We provide food-related products and services through our website and related digital platforms. Our contact details are as follows:

For all privacy-related inquiries, requests, or complaints, please contact us using the information provided above or refer to Section 14 of this policy for detailed contact instructions.

2. Information We Collect

We collect various categories of personal information depending on how you interact with us. The information we collect can be broadly grouped into the following categories:

2.1 Personal Identification Information

When you create an account, place an order, sign up for our newsletter, participate in promotions, or contact our customer service team, we may collect:

• Full name
• Email address
• Phone number
• Mailing address and delivery address
• Date of birth (for age verification and birthday rewards)
• Username and password (encrypted)
• Profile picture (if voluntarily provided)

2.2 Payment and Financial Information

When you make a purchase or complete a transaction through our platform, we collect:

• Credit or debit card information (processed securely by third-party payment processors)
• Billing address
• Transaction history and order details
• Digital wallet identifiers (e.g., Apple Pay, Google Pay)

Please note that we do not directly store complete credit card numbers on our servers. All payment data is handled by PCI-DSS compliant third-party payment processors.

2.3 Usage Data and Behavioral Information

As you navigate and interact with our website and digital services, we automatically collect certain technical and behavioral data, including:

• Pages visited and time spent on each page
• Links clicked and features used
• Search queries entered on our platform
• Menu items viewed or added to cart
• Order history and frequency of purchases
• Referral source (how you arrived at our website)
• Session duration and bounce rate

2.4 Device and Technical Information

We collect information about the device and technology you use to access our services, including:

• IP address
• Browser type and version
• Operating system and version
• Device type (desktop, tablet, mobile)
• Screen resolution
• Language preferences
• Time zone settings
• Unique device identifiers

2.5 Location Data

With your permission, we may collect precise or approximate geolocation data to provide location-based services, such as finding the nearest Cafe Rio location or enabling accurate food delivery. You can disable location access at any time through your device settings.

2.6 Communications and Feedback

When you contact us via email, telephone, live chat, or social media, we collect and retain records of that communication, including:

• The content of your messages and inquiries
• Customer service interaction records
• Survey responses and feedback submissions
• Reviews and ratings you submit

2.7 Cookie and Tracking Data

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect data about your browsing behavior on our website. For more information, please refer to Section 9 of this policy regarding our Cookie Usage.

2.8 Information from Third Parties

We may receive information about you from third-party sources, including:

• Social media platforms (if you connect your account or log in via social login)
• Marketing partners and advertising networks
• Analytics providers
• Delivery partner platforms
• Publicly available data sources

3. How We Use Your Information

We use the personal information we collect for a variety of legitimate business purposes. Specifically, we use your data to:

3.1 Service Provision and Order Fulfillment

• Process and fulfill your food orders and transactions
• Create and manage your customer account
• Send order confirmations, receipts, and delivery updates
• Facilitate payments and manage billing
• Coordinate with delivery partners to ensure timely delivery
• Provide customer support and resolve disputes

3.2 Personalization and User Experience

• Personalize your experience on our website based on your preferences and history
• Display relevant menu items and promotions tailored to your tastes
• Remember your dietary preferences, saved addresses, and payment methods
• Offer loyalty rewards and personalized discounts

3.3 Marketing and Promotional Communications

• Send you promotional emails, newsletters, and special offers (with your consent)
• Notify you about new menu items, seasonal specials, and events
• Deliver targeted advertising through third-party platforms based on your interests
• Conduct contests, sweepstakes, and loyalty programs

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in our emails or contacting us directly at [email protected].

3.4 Analytics and Business Improvement

• Analyze website traffic patterns and user behavior to improve our platform
• Conduct market research and customer satisfaction surveys
• Evaluate the effectiveness of our marketing campaigns
• Develop new products, features, and services
• Generate aggregated, anonymized statistics for business reporting

3.5 Safety, Security, and Fraud Prevention

• Verify your identity and authenticate your account
• Detect, prevent, and investigate fraud, unauthorized access, and security incidents
• Monitor our systems for vulnerabilities and threats
• Enforce our Terms of Service and other applicable policies

3.6 Legal and Regulatory Compliance

• Comply with applicable federal and state laws and regulations
• Respond to lawful requests from government authorities and law enforcement
• Establish, exercise, or defend legal claims
• Maintain required business records

4. Legal Basis for Processing

Under applicable U.S. law and consistent with privacy principles recognized by regulators including the FTC, we process your personal information based on the following legal grounds:

• Contractual Necessity: Processing required to fulfill orders and provide services you have requested.
• Legitimate Interests: Processing necessary for our legitimate business interests, such as fraud prevention, security, and improving our services, provided that such interests are not overridden by your rights and freedoms.
• Consent: Where you have provided explicit consent, such as for receiving marketing communications or the use of non-essential cookies.
• Legal Obligation: Processing required to comply with applicable laws and regulations.

5. Sharing Your Information with Third Parties

We do not sell your personal information to third parties for monetary compensation. However, we may share your information with trusted third parties in the following circumstances:

5.1 Service Providers and Business Partners

We engage carefully vetted third-party service providers who assist us in operating our business and delivering services to you. These parties are contractually obligated to protect your data and use it only for the specified purposes. Categories of service providers include:

• Payment Processors: To securely process payments and prevent fraud
• Delivery Partners: To fulfill food delivery orders to your location
• Cloud Hosting Providers: To store and manage our website infrastructure
• Email Service Providers: To send transactional and marketing emails
• Analytics Providers: To analyze website performance and user behavior (e.g., Google Analytics)
• Customer Support Platforms: To manage support tickets and live chat
• Marketing and Advertising Platforms: To run targeted advertising campaigns
• SMS and Push Notification Providers: To send order alerts and promotional messages

5.2 Business Transfers

In the event of a merger, acquisition, sale of assets, reorganization, or bankruptcy, your personal information may be transferred to the acquiring entity as part of that transaction. We will notify you via email and/or a prominent notice on our website before your data is transferred and becomes subject to a different privacy policy.

5.3 Legal Requirements and Law Enforcement

We may disclose your personal information when required by law, subpoena, court order, or other governmental authority, or when we believe in good faith that such disclosure is reasonably necessary to:

• Comply with a legal obligation or regulation
• Protect the rights or property of Cafe Rio
• Prevent or investigate possible wrongdoing in connection with our services
• Protect the personal safety of users or the public

5.4 Aggregated and Anonymized Data

We may share aggregated, de-identified, or anonymized data with third parties for research, analytics, industry reports, and marketing purposes. This data cannot be reasonably used to identify you personally.

5.5 With Your Consent

We may share your information with other third parties when you have given us your explicit consent to do so.

6. Data Security

We take the security of your personal information seriously and have implemented a range of technical, administrative, and physical security measures designed to protect your data from unauthorized access, disclosure, alteration, loss, or destruction. These measures include:

6.1 Technical Safeguards

• SSL/TLS Encryption: All data transmitted between your browser and our servers is encrypted using industry-standard SSL/TLS protocols.
• Data Encryption at Rest: Sensitive personal information stored on our servers is encrypted using AES-256 encryption standards.
• Firewalls and Intrusion Detection: We employ firewall protection and intrusion detection systems to monitor and block suspicious activity.
• Secure Payment Processing: All payment transactions are processed through PCI-DSS compliant payment gateways.
• Regular Security Audits: We conduct periodic security assessments and vulnerability testing of our systems.
• Multi-Factor Authentication: We offer and encourage multi-factor authentication for account access.

6.2 Administrative Safeguards

• Access to personal information is restricted to authorized employees and contractors who need it to perform their job duties.
• All staff with access to personal data receive privacy and security training.
• We maintain data processing agreements with all third-party service providers.
• We have documented incident response procedures in the event of a data breach.

6.3 Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected individuals and relevant regulatory authorities in accordance with applicable state and federal breach notification laws. We will provide notification without undue delay and, where feasible, within the timeframes required by applicable law.

7. Your Privacy Rights

Depending on your state of residence, you may have specific rights regarding your personal information. We are committed to honoring these rights in accordance with applicable law.

7.1 Rights Under the California Consumer Privacy Act (CCPA/CPRA)

If you are a California resident, you have the following rights under the CCPA as amended by the CPRA:

• Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for which it is used, and the categories of third parties with whom we share it.
• Right to Delete: You have the right to request the deletion of personal information we have collected about you, subject to certain exceptions.
• Right to Correct: You have the right to request correction of inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising. We do not sell personal information for monetary consideration, but we may share data for targeted advertising.
• Right to Limit Use of Sensitive Personal Information: You have the right to limit our use and disclosure of sensitive personal information to purposes necessary for providing our services.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights. You will receive the same quality of service regardless of whether you exercise your CCPA rights.
• Right to Data Portability: You may request a copy of your personal information in a portable and, to the extent technically feasible, readily usable format.

7.2 General Privacy Rights (All Users)

Regardless of your state of residence, we provide all users with the ability to:

• Access Your Data: Request a copy of the personal information we hold about you.
• Update or Correct Your Data: Log into your account settings to update or correct inaccurate personal information, or contact us to request corrections.
• Delete Your Account: Request the deletion of your account and associated personal data, subject to our legal retention obligations.
• Withdraw Consent: Where processing is based on your consent, you may withdraw consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
• Opt Out of Marketing: Unsubscribe from marketing communications at any time via the link in emails or by contacting us.

7.3 How to Exercise Your Rights

To exercise any of your privacy rights, please submit a verifiable consumer request by:

• Email: [email protected] with the subject line "Privacy Rights Request"
• Website: foodcaferio.digital

We will respond to your request within 45 days of receipt. If we require additional time, we will notify you of the extension and the reason for it. We may need to verify your identity before processing certain requests to protect against fraudulent submissions.

8. Data Retention

We retain your personal information only for as long as is necessary to fulfill the purposes for which it was collected, to comply with our legal obligations, resolve disputes, and enforce our agreements. Our general retention periods are as follows:

Upon expiration of the applicable retention period, we will securely delete or anonymize your personal information. In some cases, we may retain anonymized, aggregated data indefinitely for analytical purposes, as this data cannot be used to identify you.

9. Cookie Usage

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and support our marketing efforts. Cookies are small text files placed on your device when you visit our website.

9.1 Types of Cookies We Use

• Strictly Necessary Cookies: Essential for the website to function properly. These cannot be disabled.
• Performance and Analytics Cookies: Help us understand how visitors interact with our website by collecting anonymous data.
• Functional Cookies: Allow our website to remember your preferences (e.g., language, location, saved items).
• Marketing and Advertising Cookies: Used to deliver relevant advertisements and track the effectiveness of our campaigns.

9.2 Managing Your Cookie Preferences

You can manage your cookie preferences through our cookie consent tool displayed when you first visit our website. You may also configure your browser settings to block or delete cookies. However, please note that disabling certain cookies may affect the functionality of our website and your user experience.

For detailed information about the specific cookies we use, their purposes, and how to manage them, please refer to our full Cookie Policy available on our website at foodcaferio.digital.

10. Children's Privacy

Our website and services are not directed at, marketed to, or designed for use by individuals under the age of 18. In compliance with the Children's Online Privacy Protection Act (COPPA) and our own privacy standards, we do not knowingly collect personal information from children under 18 years of age.

If you are a parent or guardian and you believe that your child under the age of 18 has provided us with personal information without your consent, please contact us immediately at [email protected]. Upon receiving such notification and verifying the claim, we will take prompt steps to delete the child's information from our records.

If we discover that we have inadvertently collected personal information from a child under 18, we will delete such information from our systems without delay.

11. International Data Transfers

Cafe Rio is based in the United States, and your personal information is primarily stored and processed on servers located within the United States. However, in the course of our business operations, your data may be transferred to, stored, or processed in countries other than your country of residence.

Some of our third-party service providers, including analytics providers, cloud hosting companies, and marketing platforms, may operate in or transfer data to countries outside the United States. These countries may have data protection laws that differ from those in your jurisdiction.

When we transfer personal information internationally, we take appropriate steps to ensure that your data receives an adequate level of protection. These steps may include:

• Entering into data processing agreements with third-party providers that include appropriate data protection clauses
• Using service providers who maintain certifications under recognized international privacy frameworks
• Implementing contractual safeguards consistent with applicable privacy requirements
• Ensuring service providers adhere to security standards comparable to those we apply internally

By using our services and providing us with your personal information, you acknowledge and consent to the potential transfer of your data to countries outside the United States as described in this section.

12. Third-Party Websites and Links

Our website may contain links to third-party websites, social media platforms, partner services, and other external resources. This Privacy Policy applies only to our website at foodcaferio.digital and our directly operated services. We are not responsible for the privacy practices or content of third-party websites.

When you click on a link to a third-party website, you leave our site and are subject to the privacy policy of that third party. We strongly encourage you to review the privacy policies of any third-party websites you visit before providing any personal information.

Common third-party integrations on our website may include:

• Social media sharing buttons (Facebook, Instagram, Twitter/X)
• Google Maps for location services
• Google Analytics for website analytics
• Payment processor interfaces
• Delivery platform integrations

13. Your State-Specific Privacy Rights

In addition to the rights described above, residents of certain U.S. states may have additional privacy rights under state law. We are committed to honoring your rights under applicable state privacy legislation, including but not limited to:

• California (CCPA/CPRA): Rights to know, delete, correct, opt-out of sale/sharing, and limit use of sensitive personal information.
• Virginia (CDPA): Rights to access, correct, delete, portability, and opt-out of targeted advertising and profiling.
• Colorado (CPA): Rights to access, correct, delete, portability, and opt-out of targeted advertising.
• Connecticut (CTDPA): Rights to access, correct, delete, portability, and opt-out of targeted advertising and profiling.
• Utah (UCPA): Rights to access, delete, portability, and opt-out of sale and targeted advertising.

To exercise any state-specific privacy rights, please contact us using the details provided in Section 14. We will respond to all requests in accordance with the requirements of your applicable state law.

14. How to Contact Us for Privacy Inquiries

If you have any questions, concerns, or requests relating to this Privacy Policy or our data practices, please do not hesitate to reach out to us. Our team is dedicated to addressing privacy inquiries promptly and thoroughly.

When contacting us regarding a privacy matter, please include the following information in your request:

• Your full name and contact information
• The nature of your privacy inquiry or request
• The specific right you wish to exercise (if applicable)
• Any relevant account information to help us identify your records

We aim to acknowledge all privacy inquiries within 5 business days and to fully respond within 45 days of receiving a verifiable request.

15. Filing a Complaint with a Data Protection Authority

If you are not satisfied with our response to your privacy inquiry or believe that we are not handling your personal information in accordance with applicable law, you have the right to file a complaint with the relevant regulatory authority.

15.1 Federal Trade Commission (FTC)

The Federal Trade Commission (FTC) is the primary federal agency responsible for consumer protection and privacy enforcement in the United States. You may file a complaint with the FTC through the following channels:

• Online: reportfraud.ftc.gov
• Phone: 1-877-FTC-HELP (1-877-382-4357)
• Mail: Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580

15.2 California Privacy Protection Agency (CPPA)

If you are a California resident, you may also file a complaint with the California Privacy Protection Agency (CPPA), which enforces the CCPA/CPRA:

• Website: cppa.ca.gov
• Email: [email protected]

15.3 State Attorney General Offices

Residents of other states may contact their state Attorney General's office to report privacy violations and seek guidance on their rights under applicable state law. Most state Attorney General offices have consumer protection divisions that handle privacy-related complaints.

We strongly encourage you to contact us first before filing a regulatory complaint, as we are committed to resolving any concerns directly and to your satisfaction.

16. Changes to This Privacy Policy

We reserve the right to update, modify, or revise this Privacy Policy at any time to reflect changes in our business practices, legal requirements, technology, or other factors. When we make material changes to this policy, we will:

• Post the updated Privacy Policy on this page with a revised "Last Updated" date
• Send an email notification to registered users where required by law or where changes are material
• Display a prominent notice on our website alerting users to significant changes

Your continued use of our website and services after any changes to this Privacy Policy constitutes your acceptance of the updated terms. If you do not agree with the revised policy, you should discontinue your use of our services and may request deletion of your account and personal data.

We encourage you to periodically review this page to stay informed about how we are protecting your information. The date at the top of this policy indicates when it was last revised.

17. Supplemental Information for Specific Features

17.1 Loyalty Programs and Rewards

If you participate in our loyalty or rewards program, we collect and use additional information related to your participation, including your purchase history, points balance, reward redemptions, and program preferences. This information is used to administer the program, calculate and apply rewards, and communicate program updates to you. Loyalty program data is retained for the duration of your program membership and for a reasonable period following termination.

17.2 Mobile Applications

If we offer a mobile application, that application may collect additional data such as push notification tokens, app usage statistics, in-app behavior data, and crash reports. Our mobile app may request access to device features such as your camera (for scanning QR codes), location services, and contact list (for referral features), subject to your device permissions. You can manage these permissions at any time through your device settings.

17.3 Social Media Integration

When you interact with us on social media platforms or use social login features, the relevant social media platform may share certain profile information with us, such as your name, email address, profile photo, and friend list (depending on your privacy settings). We use this information to create or link your account and personalize your experience. Please review the privacy policy of each social media platform for information about their data practices.

17.4 Online Reviews and User-Generated Content

If you submit a review, rating, photo, or other user-generated content through our platform, that content may be publicly visible to other users. Please exercise caution when including personal information in public submissions. We may use your reviews and feedback for internal quality improvement purposes and may display them publicly on our website or marketing materials.