Privacy Policy

Effective Date: March 26, 2026 | Last Updated: March 26, 2026

This Privacy Policy describes how Cafe Rio ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you visit our website at rios-cafes.click, place orders, use our services, or otherwise interact with us. We are committed to protecting your privacy and handling your personal information with transparency, integrity, and care.

Please read this Privacy Policy carefully. By accessing or using our website, purchasing our products or services, or providing us with your personal information, you acknowledge that you have read, understood, and agree to the practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not use our website or services.

This Privacy Policy applies to all users of our website, mobile platforms, and any associated digital services operated by Cafe Rio. We encourage you to review this policy periodically, as we may update it from time to time to reflect changes in our practices, technology, legal requirements, or business operations.

1. About Us and Contact Information

Cafe Rio is a food service business operating in the United States. For any questions, concerns, or requests related to this Privacy Policy or our data practices, you may contact us using the following information:

Company Name	Cafe Rio
Address	United States
Phone	Not provided
Email	[email protected]
Website	rios-cafes.click

We designate the above contact as our primary point of contact for all privacy-related inquiries. We will make every effort to respond to your inquiry within thirty (30) calendar days of receipt.

2. Information We Collect

We collect various types of information to provide, improve, and personalize our services. The categories of personal information we collect are described below.

2.1 Personal Information You Provide Directly

When you interact with us—whether by placing an order, creating an account, subscribing to our newsletter, contacting us, or participating in promotions—you may voluntarily provide us with the following personal information:

Identity Information: First name, last name, username or display name.
Contact Information: Email address, telephone number, mailing or delivery address.
Account Credentials: Password and security questions (stored in encrypted form).
Payment Information: Credit or debit card details, billing address, and other financial data necessary to process transactions. Note that payment card data is processed through secure third-party payment processors and is not stored on our servers.
Order and Transaction Information: Details about the food items you order, dietary preferences, special instructions, order history, and purchase amounts.
Communications: Any messages, feedback, reviews, or correspondence you send us through our website, email, or other channels.
Promotional Participation: Information provided when you enter sweepstakes, contests, surveys, or other promotional activities.
Dietary and Preference Data: Any food preferences, allergen information, or dietary restrictions you choose to share with us.

2.2 Information Collected Automatically

When you visit our website or interact with our digital services, we automatically collect certain technical and usage data, including:

Device Information: Device type, operating system, browser type and version, screen resolution, unique device identifiers, and mobile network information.
Log Data: Internet Protocol (IP) address, browser activity, pages viewed, links clicked, referring URLs, and time stamps of your visit.
Usage Data: Information about how you interact with our website, including navigation paths, features used, session duration, and error reports.
Location Data: General geographic location derived from your IP address. If you grant us explicit permission, we may collect more precise location data (e.g., GPS coordinates) to help you locate the nearest Cafe Rio location or to fulfill delivery orders.
Cookies and Tracking Technologies: Information collected through cookies, web beacons, pixel tags, and similar technologies. Please see Section 8 (Cookie Usage) for more details.

2.3 Information Received from Third Parties

We may also receive information about you from third-party sources, including:

Social Media Platforms: If you connect your social media account (e.g., Facebook, Instagram, Google) to our website or log in using a social sign-on feature, we may receive profile information such as your name, profile photo, and email address, as permitted by your privacy settings on those platforms.
Delivery and Ordering Partners: Third-party delivery platforms and food ordering aggregators may share order and contact information with us to fulfill your delivery requests.
Analytics Providers: We receive aggregated or anonymized insights from analytics service providers about how users interact with our website.
Advertising Partners: We may receive information from advertising networks and partners to help us tailor marketing communications and measure the effectiveness of our campaigns.

2.4 Sensitive Personal Information

We do not intentionally collect sensitive categories of personal information such as Social Security numbers, government-issued identification numbers, race or ethnicity, political opinions, religious beliefs, or biometric data. If such information is inadvertently submitted to us, we will promptly delete it. Dietary restriction information that may indicate religious or health status is treated with heightened care and used only for the purpose of fulfilling your orders.

3. How We Use Your Information

We use the personal information we collect for the following lawful purposes:

3.1 Service Provision and Order Fulfillment

To process and fulfill your food orders, including delivery or pickup coordination.
To create and manage your user account.
To process payments and prevent fraudulent transactions.
To communicate with you about your orders, including confirmation emails, updates, and receipts.
To handle complaints, returns, refunds, and customer service inquiries.
To accommodate your dietary preferences or allergen requirements.

3.2 Analytics and Service Improvement

To analyze how users interact with our website and digital services to improve functionality and user experience.
To monitor and analyze trends, usage, and activities in connection with our services.
To conduct internal research and development activities, including menu development and operational improvements.
To detect, investigate, and prevent technical issues, security breaches, and fraudulent activity.

3.3 Marketing and Communications

To send you promotional emails, newsletters, special offers, and information about new menu items, events, and loyalty programs, where you have opted in or where we are otherwise permitted to do so under applicable law.
To personalize your experience and present content, products, and offers tailored to your interests and preferences.
To administer contests, promotions, surveys, and other marketing activities.
To display relevant advertising on our website and third-party platforms using retargeting and interest-based advertising technologies.

3.4 Legal Compliance and Safety

To comply with applicable federal and state laws and regulations, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission (FTC) Act, and other relevant U.S. consumer protection laws.
To respond to lawful requests from governmental authorities, law enforcement agencies, or courts.
To enforce our Terms of Service and other legal agreements.
To protect the rights, property, and safety of Cafe Rio, our customers, employees, and the public.

4. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes without your explicit consent. However, we may share your information in the following circumstances:

4.1 Service Providers and Business Partners

We share personal information with trusted third-party vendors and service providers who perform services on our behalf. These include:

Payment Processors: To securely handle credit and debit card transactions.
Delivery Partners: To coordinate food delivery to your location.
Cloud Hosting and IT Services: To store and manage data on our behalf.
Email and Communication Platforms: To send transactional and marketing communications.
Analytics Providers: Such as Google Analytics, to help us understand website usage.
Customer Support Tools: To manage and respond to customer service inquiries.
Marketing and Advertising Platforms: To help us deliver targeted advertising and measure campaign performance.

All third-party service providers are required to maintain the confidentiality and security of your personal information and are contractually prohibited from using your data for any purpose other than providing services to us.

4.2 Business Transfers

In the event of a merger, acquisition, corporate restructuring, sale of assets, or similar business transaction, your personal information may be transferred to the acquiring or successor entity. We will notify you of any such transfer and any changes to privacy practices through the contact information you have provided or through a notice on our website.

4.3 Legal Requirements and Protection of Rights

We may disclose your personal information if required to do so by law, or if we believe in good faith that such disclosure is reasonably necessary to:

Comply with a legal obligation, court order, subpoena, or governmental request.
Enforce our Terms of Service or other agreements.
Detect, prevent, or address fraud, security, or technical issues.
Protect the rights, property, or safety of Cafe Rio, our customers, employees, or the public.

4.4 With Your Consent

We may share your personal information with additional third parties when we have obtained your explicit consent to do so, or when you instruct us to share data on your behalf.

5. Data Security

The security of your personal information is of paramount importance to us. We implement a range of technical, administrative, and physical security measures designed to protect your data from unauthorized access, disclosure, alteration, loss, or destruction.

5.1 Security Measures We Employ

Encryption: All data transmitted between your browser and our website is protected using Secure Socket Layer (SSL) / Transport Layer Security (TLS) encryption. Stored sensitive data is encrypted using industry-standard encryption protocols.
Access Controls: Access to personal information is restricted to authorized personnel who require it for legitimate business purposes. We use role-based access control and multi-factor authentication for internal systems.
Firewalls and Intrusion Detection: We employ firewalls, intrusion detection systems, and regular security monitoring to protect our network infrastructure.
Regular Security Assessments: We conduct periodic security audits and vulnerability assessments to identify and address potential risks.
Employee Training: Our staff receive regular training on data privacy and security best practices.
Data Minimization: We collect only the personal information necessary for the purposes described in this policy.

5.2 Data Breach Response

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify affected individuals and relevant authorities in accordance with applicable federal and state laws, including applicable U.S. state data breach notification laws. We will provide timely and transparent information about the nature of the breach, data affected, and steps taken to mitigate harm.

Please Note: While we take all reasonable precautions to protect your personal information, no method of electronic transmission or storage is 100% secure. We cannot guarantee the absolute security of your data and encourage you to take steps to protect yourself, such as using strong passwords and keeping your account credentials confidential.

6. Your Privacy Rights

Depending on your state of residence within the United States, you may have certain rights regarding your personal information. We are committed to honoring these rights in accordance with applicable law.

6.1 Rights Under the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA)

If you are a California resident, you have the following rights under the CCPA as amended by the CPRA:

Right to Know: You have the right to request that we disclose information about the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for collecting it, and the categories of third parties with whom we share it.
Right to Delete: You have the right to request the deletion of personal information we have collected from you, subject to certain exceptions.
Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you.
Right to Opt-Out of Sale or Sharing: You have the right to opt out of the "sale" or "sharing" of your personal information for cross-context behavioral advertising purposes. We do not sell personal information in the traditional sense; however, if our use of advertising technology constitutes "sharing" under the CPRA, you may opt out by contacting us.
Right to Limit Use of Sensitive Personal Information: You have the right to limit our use of sensitive personal information to what is necessary to perform our services.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge different prices, or provide a different level of service because you exercised your privacy rights.

6.2 Rights Available to All U.S. Users

Regardless of your state of residence, we extend the following rights to all users:

Right to Access: You may request a copy of the personal information we hold about you.
Right to Correction: You may request that we update or correct inaccurate or incomplete personal information.
Right to Deletion: You may request that we delete your personal information, subject to our legal obligations and legitimate business needs.
Right to Data Portability: Where technically feasible, you may request that we provide your personal information in a structured, commonly used, machine-readable format.
Right to Withdraw Consent: Where our processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal.
Right to Opt-Out of Marketing: You may opt out of receiving marketing communications from us at any time by clicking the "unsubscribe" link in any marketing email, or by contacting us directly at [email protected].

6.3 How to Exercise Your Rights

To exercise any of the rights described above, please submit a verifiable consumer request to us by:

Email: [email protected]
Website: rios-cafes.click

We will need to verify your identity before processing your request to protect your information and prevent unauthorized access. Verification may require you to provide information consistent with what we have on file for you. We will respond to verifiable consumer requests within forty-five (45) days, with the possibility of a single extension of an additional forty-five (45) days where reasonably necessary and with prior notification.

You may designate an authorized agent to make a request on your behalf. The authorized agent must submit proof of authorization, and we may still require you to verify your own identity directly with us.

7. Data Retention

We retain your personal information only for as long as is necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting obligations, resolve disputes, and enforce our agreements.

Category of Data	Retention Period
Account and registration information	Duration of account plus 3 years after account closure
Transaction and order history	7 years (for tax and financial record-keeping purposes)
Customer service communications	3 years from the date of last contact
Marketing preferences and opt-out records	Indefinitely (to honor your preferences)
Website usage and analytics data	26 months (anonymized thereafter)
Payment information	As required by payment card industry standards (PCI-DSS); tokenized data only
Legal and compliance records	As required by applicable law, typically 5–10 years

When personal information is no longer required, we will securely delete, destroy, or anonymize it in accordance with our data retention schedule and applicable legal requirements.

8. Cookie Usage

Our website uses cookies, web beacons, pixel tags, and similar tracking technologies to enhance your browsing experience, analyze site traffic, and support our marketing activities. Cookies are small text files placed on your device when you visit a website.

8.1 Types of Cookies We Use

Strictly Necessary Cookies: These cookies are essential for the operation of our website. They enable core functions such as security, session management, and account authentication.
Performance and Analytics Cookies: These cookies collect information about how visitors use our website, such as which pages are visited most often and whether error messages are received. This data is used to improve how our website works.
Functionality Cookies: These cookies allow our website to remember choices you make (such as your language preferences, saved items, and login details) to provide a more personalized experience.
Targeting and Advertising Cookies: These cookies are used to deliver advertisements that are relevant to you and your interests. They also help us measure the effectiveness of our advertising campaigns.

8.2 Your Cookie Choices

When you first visit our website, you will be presented with a cookie consent banner that allows you to accept or decline non-essential cookies. You may also manage your cookie preferences at any time through your browser settings. Please be aware that disabling certain cookies may impact the functionality of our website and your ability to use some of its features.

For more detailed information about the specific cookies we use, the purposes for which they are used, and how to manage your preferences, please refer to our Cookie Policy.

9. Children's Privacy

Our website and services are not intended for, directed at, or designed to attract individuals under the age of eighteen (18). We do not knowingly collect, use, or disclose personal information from children under 18 years of age.

If you are under 18 years of age, please do not use our website or provide any personal information to us. If you are a parent or legal guardian and believe that your child under the age of 18 has provided us with personal information without your consent, please contact us immediately at [email protected]. Upon verification, we will promptly delete such information from our records.

We comply with the Children's Online Privacy Protection Act (COPPA), which prohibits the collection of personal information from children under the age of 13 without verifiable parental consent. Our strict policy of not serving users under 18 provides an additional layer of protection beyond COPPA's minimum requirements.

10. International Data Transfers

Cafe Rio is headquartered in the United States, and our operations are primarily based in the United States. The personal information we collect is primarily stored and processed on servers located within the United States.

However, some of our third-party service providers and partners may operate in other countries, which means your personal information may be transferred to, stored in, or processed in countries outside of your country of residence. These countries may have data protection laws that differ from those in your home country.

When we transfer personal information internationally, we take appropriate steps to ensure that such transfers are conducted lawfully and that your information remains protected to a standard consistent with this Privacy Policy. These steps may include entering into data processing agreements with service providers that incorporate standard contractual clauses or other legally recognized safeguards.

By using our website and services, you acknowledge and consent to the potential transfer of your personal information to the United States and other countries as described in this section.

11. Third-Party Links and Platforms

Our website may contain links to third-party websites, applications, and platforms that are not operated or controlled by Cafe Rio. This Privacy Policy applies only to our website and services and does not extend to any third-party sites. We are not responsible for the privacy practices or content of third-party sites, and we encourage you to review the privacy policies of any third-party websites you visit.

This includes, but is not limited to, social media platforms, food delivery partner applications, review platforms, and payment gateway sites. When you leave our website through a third-party link, you do so at your own risk and subject to the terms and privacy policies of that third party.

12. Marketing Communications and Opt-Out

With your consent or as otherwise permitted by applicable law, we may send you promotional emails, newsletters, special offers, and other marketing communications related to Cafe Rio's products, services, and events.

You may opt out of receiving marketing communications from us at any time by:

Clicking the "unsubscribe" or "opt-out" link included in any marketing email we send.
Logging into your account and updating your communication preferences.
Contacting us directly at [email protected] with your opt-out request.

Please note that even if you opt out of marketing communications, we may still send you transactional and service-related communications, such as order confirmations, receipts, and important account notices. These communications are necessary for the fulfillment of our services and are not subject to opt-out.

We comply with the CAN-SPAM Act and other applicable U.S. laws governing commercial electronic mail communications.

13. Your Rights Under the FTC Act and U.S. Consumer Protection Law

The Federal Trade Commission (FTC) Act prohibits unfair or deceptive acts or practices in or affecting commerce. We are committed to fair information practices and transparent data handling. We will not engage in deceptive practices regarding the collection, use, or disclosure of your personal information.

Additionally, if you are located in a state with comprehensive consumer privacy legislation (such as California under the CCPA/CPRA, Virginia under the Consumer Data Protection Act, Colorado under the Colorado Privacy Act, or similar state laws), you may have additional rights specific to your jurisdiction. We are committed to complying with all applicable state privacy laws and will process any rights requests submitted to us in accordance with the applicable law of your state.

14. How to File a Privacy Complaint

If you have a concern or complaint about our privacy practices, we encourage you to contact us first so that we can work to resolve the matter directly:

Email: [email protected]
Website: rios-cafes.click

We take all privacy complaints seriously and will investigate and respond to your complaint within a reasonable timeframe.

14.1 Filing a Complaint with Regulatory Authorities

If you are not satisfied with our response, or if you believe we are processing your personal information in violation of applicable law, you have the right to file a complaint with the appropriate regulatory authority. In the United States, the following agencies may be relevant:

Federal Trade Commission (FTC): The FTC is responsible for consumer protection and enforcement of privacy-related laws at the federal level.
Website: www.ftc.gov/complaint
Phone: 1-877-FTC-HELP (1-877-382-4357)
California Office of the Attorney General (for California residents): California residents may submit privacy-related complaints to the California Attorney General's office.
Website: oag.ca.gov/privacy/ccpa
California Privacy Protection Agency (CPPA): The CPPA is the primary agency responsible for enforcing the CPRA in California.
Website: cppa.ca.gov
State Attorney General Offices: Residents of other states may also file complaints with their respective state attorney general offices for violations of applicable state privacy laws.

15. Changes to This Privacy Policy

We reserve the right to modify or update this Privacy Policy at any time to reflect changes in our business practices, technology, legal requirements, or other factors. When we make material changes to this policy, we will:

Update the "Last Updated" date at the top of this page.
Post the revised policy on our website at rios-cafes.click.
Where required by law or where we deem it appropriate, provide notice to you via email or through a prominent notice on our website.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website and services following the posting of any changes to this policy constitutes your acceptance of those changes.

16. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the United States of America and applicable state laws, including but not limited to the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Children's Online Privacy Protection Act (COPPA), the CAN-SPAM Act, and the Federal Trade Commission Act. Any disputes arising under or in connection with this Privacy Policy shall be resolved in accordance with applicable federal and state law.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data handling practices, please do not hesitate to contact our privacy team:

Email: [email protected]
Website: rios-cafes.click
Business: Cafe Rio — United States