Privacy Policy

This Privacy Policy describes how Cafe Rio ("we," "us," or "our") collects, uses, discloses, and protects information about you when you visit our website at caferio-fresh.click, place orders, interact with our services, or otherwise engage with us. We are committed to protecting your personal information and your right to privacy. Please read this policy carefully to understand our practices regarding your personal data.

By accessing or using our website and services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please discontinue use of our website and services immediately.

If you have questions or concerns about this policy or our practices, please contact us at [email protected].

1. Who We Are

Cafe Rio is a food service business operating in the United States. We are dedicated to providing fresh, high-quality food and dining experiences to our customers. Our contact details are as follows:

For all privacy-related inquiries, requests, or complaints, please direct your communications to our email address listed above.

2. Scope of This Privacy Policy

This Privacy Policy applies to all personal information collected through or in connection with:

• Our website located at caferio-fresh.click and any subdomains thereof;
• Online food ordering and delivery services we offer;
• Customer loyalty programs, promotions, and contests;
• Email, telephone, or other electronic communications with us;
• In-person interactions at our food service locations (where applicable);
• Any other services, products, or features offered by Cafe Rio.

This policy does not apply to third-party websites, applications, or services that may be linked to or from our website. We encourage you to review the privacy policies of any third-party sites you visit.

3. Information We Collect

We collect various types of information in connection with your use of our services. The categories of personal information we collect include:

3.1 Personal Identification Information

When you register an account, place an order, sign up for our newsletter, or contact us, we may collect:

• Full name;
• Email address;
• Phone number;
• Mailing or delivery address;
• Date of birth (for age verification or promotional purposes);
• Username and password (for account creation);
• Profile picture or avatar (if you choose to provide one).

3.2 Payment and Financial Information

When you make a purchase through our website or mobile ordering platform, we collect:

• Credit or debit card details (processed securely through our payment processors);
• Billing address;
• Transaction history and order details;
• Gift card or promotional code information.

Please note that full payment card numbers are not stored on our servers. Payment processing is handled by PCI-DSS compliant third-party payment processors.

3.3 Order and Transaction Data

We collect information related to your orders and interactions with our food services, including:

• Items ordered and customizations;
• Order history and frequency;
• Delivery preferences and instructions;
• Feedback, ratings, and reviews submitted;
• Customer service communications and records.

3.4 Usage Data and Online Activity

When you visit our website, we automatically collect certain information about your device and browsing activity, including:

• IP address;
• Browser type and version;
• Operating system and device type;
• Pages visited and time spent on each page;
• Referring URLs and exit pages;
• Clickstream data;
• Search queries made within our site;
• Date and time of your visit.

3.5 Location Data

With your permission, we may collect precise or approximate location data from your device to:

• Identify the nearest Cafe Rio location;
• Facilitate delivery services to your address;
• Provide location-based promotions and offers.

You may disable location services on your device at any time through your device settings.

3.6 Cookie and Tracking Data

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about your interactions with our website and digital services. For more information, please refer to Section 9 – Cookies and Tracking Technologies of this policy.

3.7 Communications Data

We collect and retain records of communications you have with us, including:

• Emails sent to and from our support team;
• Chat transcripts;
• Phone call records (where permitted by law);
• Social media messages and interactions.

3.8 Information from Third Parties

We may receive personal information about you from third parties, including:

• Social media platforms (if you choose to connect your account or log in via social media);
• Third-party delivery platforms and partners;
• Marketing and analytics providers;
• Fraud prevention and identity verification services.

4. How We Use Your Information

We use the personal information we collect for the following purposes:

4.1 Service Provision and Order Fulfillment

• To process and fulfill your food orders and transactions;
• To manage your account and provide customer support;
• To send order confirmations, receipts, and status updates;
• To facilitate delivery services and coordinate with delivery partners;
• To process payments and prevent fraudulent transactions.

4.2 Marketing and Promotional Communications

• To send you promotional emails, newsletters, and special offers (with your consent);
• To notify you of new menu items, seasonal specials, and events;
• To administer loyalty programs, contests, and giveaways;
• To deliver personalized advertisements based on your preferences and order history.

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any email we send, or by contacting us at [email protected]. Please note that even if you opt out of marketing communications, we may still send you transactional and operational messages related to your orders and account.

4.3 Analytics and Service Improvement

• To analyze usage patterns and improve our website and mobile experience;
• To conduct research and develop new products, services, and menu offerings;
• To monitor and analyze trends in customer preferences;
• To test new features and assess the effectiveness of our promotions.

4.4 Legal Compliance and Safety

• To comply with applicable federal and state laws, including food safety regulations and the FTC Act;
• To respond to lawful requests from government authorities;
• To enforce our Terms of Service and other agreements;
• To detect, prevent, and address fraud, security breaches, and other illegal activities;
• To protect the rights, property, and safety of Cafe Rio, our customers, and the public.

4.5 Personalization

• To personalize your experience on our website and app;
• To recommend menu items based on your past orders and preferences;
• To tailor promotions and content relevant to your location and interests.

5. Legal Basis for Processing

As a business operating in the United States, we rely on the following legal bases for processing your personal information:

• Contractual Necessity: Processing required to fulfill your orders and provide the services you have requested;
• Legitimate Interests: Processing that serves our legitimate business interests, such as fraud prevention, analytics, and service improvement, provided such interests are not overridden by your rights;
• Consent: Where you have provided explicit consent, such as for marketing communications or the use of non-essential cookies;
• Legal Obligation: Processing required to comply with applicable laws and regulations, including federal and state requirements.

For California residents, please also refer to Section 10 – California Privacy Rights for additional disclosures under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

6. Sharing Your Information with Third Parties

We do not sell your personal information to third parties for their independent marketing purposes. However, we may share your information with the following categories of recipients:

6.1 Service Providers and Business Partners

We engage trusted third-party companies and individuals to assist in operating our business. These service providers have access to your personal information only to perform specific tasks on our behalf and are contractually obligated to protect your data. Such providers include:

• Payment processors and financial institutions;
• Delivery and logistics partners;
• Email marketing and communication platforms;
• Cloud hosting and data storage providers;
• Analytics and data insights companies;
• Customer relationship management (CRM) software providers;
• Fraud detection and cybersecurity services.

6.2 Legal Requirements and Law Enforcement

We may disclose your personal information if required to do so by law or in response to valid legal processes, including:

• Court orders, subpoenas, or other legal demands;
• Requests from law enforcement or government agencies;
• Compliance with applicable federal or state regulations;
• Protection of the rights and safety of Cafe Rio, our customers, or the public.

6.3 Business Transfers

In the event that Cafe Rio is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of company assets, your personal information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website if such a transfer occurs and your data becomes subject to a different privacy policy.

6.4 With Your Consent

We may share your personal information with additional third parties when we have obtained your explicit consent to do so, such as for joint marketing programs or co-branded initiatives.

7. Data Security

We take the security of your personal information seriously and implement a range of technical, administrative, and physical safeguards to protect it from unauthorized access, disclosure, alteration, or destruction. Our security measures include:

7.1 Technical Safeguards

• Secure Sockets Layer (SSL) and Transport Layer Security (TLS) encryption for data transmitted between your browser and our website;
• Encrypted storage of sensitive data, including passwords (stored as hashed values);
• Firewalls and intrusion detection systems;
• Regular security audits and vulnerability assessments;
• Multi-factor authentication for access to sensitive systems.

7.2 Administrative Safeguards

• Employee training on data privacy and security best practices;
• Strict access controls ensuring that only authorized personnel can access personal information;
• Confidentiality agreements with employees and contractors;
• Incident response procedures for handling potential data breaches.

7.3 Physical Safeguards

• Secure physical access to server infrastructure and data centers;
• Locked storage for physical documents containing personal information.

In the event of a data breach that is likely to affect your rights and freedoms, we will notify affected individuals and, where required, relevant authorities in accordance with applicable federal and state laws, including state data breach notification statutes.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including to comply with legal, regulatory, accounting, or reporting requirements. The specific retention periods we apply are as follows:

When personal information is no longer needed, we will securely delete or anonymize it in accordance with our data retention policies. If deletion is not technically feasible (for example, because your information has been stored in backup archives), we will isolate your data from further processing until deletion is possible.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website, analyze usage patterns, and deliver relevant marketing content.

9.1 What Are Cookies?

Cookies are small text files that are placed on your device when you visit a website. They allow the website to recognize your device on subsequent visits and store certain information about your preferences and activities.

9.2 Types of Cookies We Use

• Strictly Necessary Cookies: These cookies are essential for the operation of our website, enabling core functionality such as user authentication and shopping cart management. You cannot opt out of these cookies.
• Performance and Analytics Cookies: These cookies collect anonymous information about how visitors use our website, such as which pages are visited most often. We use this data to improve our website's performance.
• Functionality Cookies: These cookies allow our website to remember choices you make (such as your preferred language or location) and provide enhanced, personalized features.
• Targeting and Advertising Cookies: These cookies are used to deliver advertisements that are relevant to you and your interests, and to limit the number of times you see an ad. They also help measure the effectiveness of advertising campaigns.

9.3 Third-Party Cookies

Some cookies on our website are placed by third-party services, including analytics providers (such as Google Analytics), advertising networks, and social media platforms. These third parties may use cookies and similar technologies to collect information about your online activities across different websites over time.

9.4 Managing Your Cookie Preferences

You can control and manage cookies in several ways:

• Through your browser settings, where you can refuse some or all cookies;
• Through our cookie consent tool, which appears when you first visit our website;
• By visiting opt-out platforms such as the Network Advertising Initiative (NAI) opt-out page or the Digital Advertising Alliance (DAA) opt-out page.

Please note that disabling certain cookies may affect the functionality of our website and your ability to use certain features, including online ordering.

For more detailed information about the cookies we use and your choices, please refer to our Cookie Policy, available on our website.

10. California Privacy Rights (CCPA/CPRA)

If you are a resident of California, you have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). These rights include:

10.1 Right to Know

You have the right to request that we disclose to you the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collect your personal information, the business or commercial purpose for collecting it, and the categories of third parties with whom we share it.

10.2 Right to Delete

You have the right to request the deletion of personal information we have collected from you, subject to certain exceptions permitted by law (for example, information needed to complete a transaction or comply with a legal obligation).

10.3 Right to Correct

Under the CPRA, you have the right to request that we correct inaccurate personal information we maintain about you.

10.4 Right to Opt Out of Sale or Sharing

You have the right to opt out of the sale of your personal information or the sharing of your personal information for cross-context behavioral advertising. To exercise this right, please contact us at [email protected].

10.5 Right to Limit Use of Sensitive Personal Information

To the extent we collect sensitive personal information (as defined under the CPRA), you have the right to limit our use and disclosure of such information to purposes necessary to provide the services you request.

10.6 Right to Non-Discrimination

We will not discriminate against you for exercising your California privacy rights. We will not deny you goods or services, charge different prices, or provide a different level of service because you exercised your rights under the CCPA/CPRA.

10.7 How to Submit a California Privacy Request

To exercise your California privacy rights, please contact us using the following methods:

• Email: [email protected] (include "California Privacy Request" in the subject line)

We will respond to verifiable consumer requests within 45 days of receipt. If we require more time, we will inform you of the reason and the extension period in writing. We will deliver our written response by mail or electronically, at your option.

11. Your Privacy Rights (All Users)

Regardless of your location within the United States, we respect your rights concerning your personal information. You may exercise the following rights:

11.1 Right of Access

You have the right to request a copy of the personal information we hold about you and to check that we are lawfully processing it. We will provide this information in a clear, accessible format.

11.2 Right to Correction

You have the right to request that inaccurate or incomplete personal information we hold about you be corrected or updated. You may update much of your account information directly through your account settings on our website.

11.3 Right to Deletion

You have the right to request that we delete your personal information. We will honor such requests subject to our legal obligations to retain certain data (for example, for tax, fraud prevention, or legal compliance purposes).

11.4 Right to Withdraw Consent

Where we process your personal information based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing carried out before the withdrawal.

11.5 Right to Data Portability

You have the right to receive your personal information in a structured, commonly used, machine-readable format, and to request that we transmit that data to another service provider where technically feasible.

11.6 Right to Object to Marketing

You have the right to object to the processing of your personal information for direct marketing purposes. You can exercise this right by unsubscribing from our marketing emails or by contacting us directly.

11.7 How to Exercise Your Rights

To exercise any of the above rights, please contact us at:

We may ask you to verify your identity before responding to such requests. We will make every reasonable effort to respond to your request within 30 days. In certain circumstances, we may be unable to fulfill your request, in which case we will explain the reason.

12. Children's Privacy

Our website and services are not directed at children under the age of 18. We do not knowingly collect, use, or disclose personal information from anyone under 18 years of age. If you are under 18, please do not use our services or provide any personal information to us.

If we become aware that we have inadvertently collected personal information from a child under 18 without appropriate parental consent, we will take steps to delete that information as soon as reasonably possible. If you believe we may have collected information from a child under 18, please contact us immediately at [email protected].

We comply with the Children's Online Privacy Protection Act (COPPA) and do not knowingly market to, or collect information from, children under 13 years of age. Parents and guardians are encouraged to monitor their children's online activities and to help enforce this policy by instructing their children never to provide personal information through our website without permission.

13. International Data Transfers

Cafe Rio is based in the United States, and your personal information is primarily collected, stored, and processed in the United States. However, some of our third-party service providers, including cloud hosting services and analytics providers, may operate in other countries. By using our services, you acknowledge that your information may be transferred to and processed in countries outside of your country of residence, which may have different data protection laws than your home jurisdiction.

Where we transfer personal information outside the United States, we take steps to ensure that appropriate safeguards are in place to protect your personal information, including:

• Entering into data processing agreements with our international service providers that include appropriate contractual protections;
• Ensuring that service providers are certified under recognized frameworks or adhere to equivalent data protection standards;
• Implementing technical and organizational measures to protect data during international transfers.

For more information about international data transfer safeguards, please contact us at [email protected].

14. Third-Party Links and Services

Our website may contain links to third-party websites, plug-ins, and applications, including social media platforms, delivery service partners, and other third-party services. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices. We encourage you to read the privacy policy of every website you visit and every application you use.

If you access our website through a social media platform or connect your social media account to our services, please be aware that the social media provider may have access to certain information about your activity on our website, depending on your privacy settings on that platform.

15. Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want to have your online activity tracked. Currently, there is no universally accepted standard for how companies should respond to DNT signals. Our website does not currently respond to DNT signals. However, you can manage your cookie and tracking preferences as described in Section 9 – Cookies and Tracking Technologies above.

16. FTC Act Compliance

As a consumer-facing business operating in the United States, we are subject to the Federal Trade Commission Act (FTC Act), which prohibits unfair or deceptive acts or practices in or affecting commerce. We are committed to transparency in our data practices and will not engage in any deceptive or misleading privacy-related practices. Our privacy disclosures are consistent with our actual data practices, and we will honor the commitments and representations made in this Privacy Policy.

We also comply with the FTC's guidelines on endorsements and testimonials, email marketing (CAN-SPAM Act), and other consumer protection requirements that may apply to our online food service business.

17. How to File a Complaint

If you believe that we have not handled your personal information in accordance with this Privacy Policy or applicable law, we encourage you to first contact us directly so that we may address your concerns.

17.1 Contact Us Directly

Please reach out to our privacy team at:

We will acknowledge receipt of your complaint within 5 business days and will endeavor to respond fully within 30 days. If your complaint is complex, we will inform you of the expected timeline for resolution.

17.2 Filing a Complaint with Authorities

If you are not satisfied with our response to your complaint, or if you believe we are processing your personal information in violation of applicable law, you have the right to file a complaint with the relevant data protection or consumer protection authority. In the United States, you may contact:

• Federal Trade Commission (FTC): The FTC is responsible for protecting consumers against unfair or deceptive business practices, including privacy violations.
  Website: www.ftc.gov
  Phone: 1-877-382-4357
• California Attorney General (for California residents): California residents may contact the California Attorney General's office to report violations of the CCPA/CPRA.
  Website: oag.ca.gov/privacy
• California Privacy Protection Agency (CPPA): The CPPA enforces the CPRA and accepts complaints from California residents.
  Website: cppa.ca.gov
• State Attorney General: Residents of other states may also file complaints with their state's Attorney General or consumer protection office.

18. Changes to This Privacy Policy

We reserve the right to update, modify, or revise this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:

• Update the "Last Updated" date at the top of this policy;
• Post the revised policy on our website at caferio-fresh.click;
• Notify you by email (if we have your email address) or by a prominent notice on our website when changes are material.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website and services after any changes to this policy constitutes your acceptance of the revised policy.

19. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us:

We aim to respond to all privacy inquiries within 10 business days. For urgent security or data breach concerns, please clearly indicate the nature of your inquiry in the subject line of your email.