Privacy Policy

Effective Date: April 1, 2026  |  Last Updated: April 1, 2026

1. Introduction and Overview

Welcome to Cafe Rio. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy has been drafted in compliance with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other relevant consumer protection statutes.

Cafe Rio operates as a food service business in the United States and takes the privacy of its customers, website visitors, and business contacts seriously. We understand that when you share your personal information with us, you are placing trust in our ability to handle that information responsibly. This policy describes the types of data we collect, why we collect it, how we use it, with whom we share it, and the rights you have regarding your personal data.

By accessing or using our website at riosscafe.world, placing an order, signing up for our newsletter, or otherwise engaging with our services, you acknowledge that you have read and understood the terms of this Privacy Policy. If you do not agree with this policy, please refrain from using our website or services and contact us at [email protected] with any questions.

2. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact us using the information provided below:

We aim to respond to all privacy-related inquiries within 30 calendar days of receipt. For California residents exercising rights under the CCPA/CPRA, we will respond within 45 days, with an optional 45-day extension when reasonably necessary.

3. Information We Collect

We collect several categories of personal information depending on how you interact with us. Below is a comprehensive breakdown of the types of data we may collect from you.

3.1 Personal Identification Information

When you create an account, place an order, make a reservation, participate in a loyalty program, or contact us, we may collect the following personal identification details:

• Full name (first and last name)
• Email address
• Phone number
• Mailing or delivery address
• Date of birth (for age verification or birthday promotions)
• Username and account credentials
• Profile photo (if voluntarily provided)

3.2 Payment and Financial Information

When you make purchases through our website or affiliated ordering platforms, we may collect:

• Credit or debit card type and last four digits
• Billing address
• Transaction history and order details
• Digital wallet identifiers (e.g., Apple Pay, Google Pay)

3.3 Usage and Behavioral Data

When you browse our website at riosscafe.world, we automatically collect certain information about your interactions, including:

• Pages visited and time spent on each page
• Links clicked and navigation paths
• Search queries entered on our website
• Products viewed, added to cart, and purchased
• Frequency and duration of visits
• Referring website or source (how you found us)
• Timestamps of visits and actions

3.4 Device and Technical Information

We collect certain technical information from the devices you use to access our website:

• IP address (Internet Protocol address)
• Browser type and version (e.g., Chrome, Firefox, Safari)
• Operating system (e.g., Windows, macOS, iOS, Android)
• Device type (desktop, mobile, tablet)
• Screen resolution and display settings
• Device identifiers and hardware model
• Time zone settings and language preferences
• Network service provider information

3.5 Location Data

We may collect location-related information to improve your experience and facilitate food delivery services:

• Precise geolocation data (with your explicit permission)
• General location inferred from your IP address
• Delivery addresses you provide during the ordering process
• Nearest store or restaurant location preferences

3.6 Communications and Feedback

When you contact us directly, we collect:

• Content of emails, messages, and support tickets
• Customer reviews and ratings you submit
• Survey responses and feedback forms
• Social media interactions and mentions
• Call recordings (where permitted by law and with prior notice)

3.7 Information from Third Parties

We may receive information about you from third-party sources, including:

• Social media platforms when you connect or log in using social accounts
• Third-party food delivery platforms (e.g., DoorDash, Uber Eats, Grubhub)
• Analytics and advertising partners
• Public databases and commercially available information
• Business partners and referral sources

4. How We Use Your Information

We use the personal information we collect for a variety of legitimate business purposes. Below is a detailed explanation of how your data is utilized.

4.1 Service Provision and Order Fulfillment

The primary purpose of collecting your data is to provide you with our food services, including:

• Processing and fulfilling your food orders
• Arranging delivery or pick-up services
• Managing your customer account and loyalty rewards
• Sending order confirmations, receipts, and delivery updates
• Responding to customer service inquiries and complaints
• Processing refunds, exchanges, and returns

4.2 Personalization and User Experience

We use behavioral and preference data to enhance your experience:

• Personalizing menu recommendations based on past orders
• Saving your favorite items and reorder preferences
• Displaying location-specific promotions and menu items
• Customizing website content based on your interests
• Remembering your preferences for future visits

4.3 Marketing and Promotional Communications

With your consent or as otherwise permitted by law, we may use your contact information to:

• Send promotional emails about new menu items, special offers, and seasonal deals
• Deliver targeted advertising on our website and third-party platforms
• Notify you about loyalty program rewards and points balances
• Conduct contests, sweepstakes, and promotional campaigns
• Share relevant content and updates via SMS (with prior opt-in consent)

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any email, replying "STOP" to any SMS, or contacting us at [email protected].

4.4 Analytics and Business Intelligence

We analyze usage data to improve our business operations and services:

• Understanding customer preferences and purchasing patterns
• Evaluating website performance and user experience
• Conducting market research and trend analysis
• Measuring the effectiveness of marketing campaigns
• Identifying and resolving technical issues on our website

4.5 Legal Compliance and Safety

We may process your data to comply with our legal obligations, including:

• Complying with applicable federal, state, and local laws
• Responding to lawful requests from government authorities
• Enforcing our Terms of Service and other agreements
• Protecting the rights, property, and safety of Cafe Rio, our customers, and the public
• Detecting and preventing fraud, abuse, and unauthorized access
• Maintaining records required by health and food safety regulations

5. Cookies and Tracking Technologies

Our website at riosscafe.world uses cookies and similar tracking technologies to enhance your browsing experience, analyze traffic, and support our marketing efforts.

5.1 Types of Cookies We Use

You can manage your cookie preferences through your browser settings or our cookie consent tool available on our website. Please note that disabling certain cookies may affect the functionality of our website. For detailed information about our use of cookies, please refer to our Cookie Policy.

6. Sharing Your Information with Third Parties

We do not sell your personal information to third parties for monetary compensation. However, we may share your data in the following circumstances:

6.1 Service Providers and Vendors

We engage trusted third-party service providers who process data on our behalf to support our business operations. These include:

• Payment processors (e.g., Stripe, Square) for secure transaction processing
• Delivery platforms (e.g., DoorDash, Uber Eats) for order fulfillment
• Email marketing services (e.g., Mailchimp, Klaviyo) for promotional communications
• Analytics providers (e.g., Google Analytics) for website traffic analysis
• Cloud hosting services for website infrastructure and data storage
• Customer support platforms for managing service inquiries
• Fraud prevention services for security monitoring

All service providers are bound by contractual obligations to handle your data securely and only for specified purposes consistent with this Privacy Policy.

6.2 Business Partners

We may share certain information with carefully selected business partners who offer products or services that may be of interest to you. Any such sharing will be done in accordance with applicable law and with appropriate safeguards in place.

6.3 Legal Requirements and Law Enforcement

We may disclose your personal information when required by law or when we believe in good faith that such disclosure is necessary to:

• Comply with a legal obligation, subpoena, court order, or government request
• Enforce our Terms of Service or other applicable agreements
• Protect the rights, property, or safety of Cafe Rio, its employees, customers, or the public
• Detect, prevent, or address fraud, security issues, or technical problems
• Respond to lawful requests by public authorities, including national security requirements

6.4 Business Transfers

In the event that Cafe Rio undergoes a merger, acquisition, reorganization, sale of assets, or bankruptcy, your personal information may be transferred to the successor entity. We will provide notice of such a transfer and any applicable changes to this Privacy Policy.

6.5 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you with third parties for research, marketing, analytics, and other purposes. Such sharing does not constitute a sale of personal information.

7. Data Security Measures

Cafe Rio takes the security of your personal information seriously and employs industry-standard technical, administrative, and physical safeguards to protect your data from unauthorized access, disclosure, alteration, or destruction.

7.1 Technical Safeguards

• SSL/TLS Encryption: All data transmitted between your browser and our website is encrypted using Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols
• Data Encryption at Rest: Sensitive data stored in our systems is encrypted using industry-standard encryption algorithms
• Secure Payment Processing: Payment transactions are processed through PCI-DSS compliant payment gateways
• Firewalls and Intrusion Detection: We maintain robust network security infrastructure to detect and prevent unauthorized access
• Regular Security Audits: We conduct periodic security assessments and vulnerability testing
• Access Controls: Data access is restricted to authorized personnel on a need-to-know basis

7.2 Administrative Safeguards

• Employee training on data privacy and security best practices
• Confidentiality agreements with all staff and contractors who handle personal data
• Data minimization practices — we only collect information necessary for stated purposes
• Incident response procedures for managing potential data breaches
• Vendor security assessments for third-party service providers

7.3 Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and relevant regulatory authorities as required by applicable law. We will provide timely notifications in accordance with state breach notification laws applicable in our jurisdiction, including those governing businesses operating in the United States.

8. Your Privacy Rights

Depending on your location and applicable laws, you may have several rights regarding your personal information. Cafe Rio is committed to honoring these rights in accordance with the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and other applicable U.S. privacy laws.

8.1 Right to Know and Access

You have the right to request that we disclose the following information about our collection and use of your personal data over the past 12 months:

• The categories and specific pieces of personal information we have collected about you
• The categories of sources from which personal information is collected
• The business or commercial purpose for collecting, using, or sharing your personal information
• The categories of third parties with whom we share personal information

8.2 Right to Correction

You have the right to request that we correct inaccurate personal information we hold about you. We will use commercially reasonable efforts to correct your information upon receiving a verified request.

8.3 Right to Deletion

You have the right to request that we delete the personal information we have collected about you, subject to certain exceptions. We may retain your data when necessary to:

• Complete a transaction or fulfill an ongoing service
• Detect and protect against security incidents or fraud
• Comply with a legal obligation
• Exercise or defend legal claims
• Perform tasks in the public interest

8.4 Right to Data Portability

You have the right to receive a copy of your personal information in a structured, commonly used, and machine-readable format, and to request the transfer of that information to another entity where technically feasible.

8.5 Right to Opt Out of Sale or Sharing

Under the CCPA/CPRA, California residents have the right to opt out of the sale or sharing of their personal information for cross-context behavioral advertising purposes. To exercise this right, please contact us at [email protected] or use the "Do Not Sell or Share My Personal Information" link on our website.

8.6 Right to Limit Use of Sensitive Personal Information

California residents have the right to limit the use and disclosure of sensitive personal information (as defined under the CPRA) to only those uses necessary to perform the services you requested.

8.7 Right to Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. This means we will not:

• Deny you goods or services
• Charge you different prices or rates
• Provide you a different level or quality of goods or services
• Suggest that you may receive a different price or rate for goods or services

8.8 How to Submit a Privacy Rights Request

To exercise any of your privacy rights, please submit a verifiable consumer request by:

• Email: [email protected]
• Website: riosscafe.world

We will acknowledge receipt of your request within 10 business days and respond within 45 calendar days. We may need to verify your identity before processing your request. You may authorize an agent to submit requests on your behalf, provided they present written authorization and you verify your identity with us directly.

9. Data Retention Periods

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements. The following table provides guidance on typical retention periods:

When personal information is no longer required, we will securely delete, anonymize, or de-identify it in accordance with our data disposal procedures and applicable law.

10. Children's Privacy

Cafe Rio's website at riosscafe.world is not directed toward minors. We do not intentionally market our online services to children under the age of 18. If you are under 18 years old, please do not use our website, create an account, or submit any personal information to us.

If we become aware that we have inadvertently collected personal information from a child under 18 years of age without parental consent, we will take immediate steps to delete such information from our records. If you believe that we may have collected information from or about a minor, please contact us immediately at [email protected].

In compliance with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect personal information from children under 13. If we discover that we have collected information from a child under 13, we will delete that information promptly.

11. International Data Transfers

Cafe Rio is based in the United States and primarily processes personal information within the United States. However, some of our service providers and technology partners may operate in other countries, which may result in the transfer of your personal data to jurisdictions outside of the United States.

When we transfer personal data internationally, we take appropriate measures to ensure that such transfers comply with applicable data protection laws and that your information receives an adequate level of protection. These measures may include:

• Ensuring that receiving countries have adequate data protection frameworks
• Implementing Standard Contractual Clauses (SCCs) or equivalent data transfer agreements
• Requiring third-party recipients to implement appropriate technical and organizational security measures
• Obtaining your explicit consent where required by applicable law

By using our services, you acknowledge that your personal information may be transferred to, stored, and processed in the United States and other countries where our service providers operate. We take all reasonably necessary steps to ensure that your data is treated securely and in accordance with this Privacy Policy.

12. Third-Party Links and Services

Our website may contain links to third-party websites, applications, or services, including social media platforms, food delivery apps, and partner websites. These third-party services operate independently and have their own privacy policies.

We are not responsible for the privacy practices, content, or security of third-party websites or services. We encourage you to review the privacy policies of any third-party services you access through links on our website before providing any personal information. The inclusion of a link to a third-party website does not imply our endorsement of that website or its privacy practices.

13. Do Not Track Signals

Some web browsers offer a "Do Not Track" (DNT) feature that sends a signal to websites requesting that your browsing not be tracked. Currently, there is no universally accepted standard for how websites should respond to DNT signals. Our website does not currently respond to DNT browser signals in a standardized way. However, you can manage your tracking preferences through our cookie consent tool and browser settings.

14. California Privacy Rights (CCPA/CPRA)

California residents have specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). In addition to the rights described in Section 8 above, California residents are entitled to:

14.1 Categories of Personal Information Disclosed

In the preceding 12 months, Cafe Rio may have collected and disclosed for business purposes the following categories of personal information as defined under the CCPA:

• Identifiers (name, email, phone, IP address)
• Commercial information (purchase history, products ordered)
• Internet or other electronic network activity information (browsing behavior, interactions with our website)
• Geolocation data (delivery addresses, general location)
• Inferences drawn from personal information (profile information, preferences)
• Audio, electronic, or visual information (photos voluntarily submitted)

14.2 Shine the Light Law

California Civil Code Section 1798.83 permits California residents to request information regarding the disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us at [email protected].

15. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Post a prominent notice on our website at riosscafe.world
• Send you an email notification if you have an account with us (where required by law)

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information. Your continued use of our website or services after any changes to this policy constitutes your acceptance of the updated terms. If you do not agree with the revised policy, please discontinue use of our services and contact us to close your account.

16. How to File a Complaint

If you believe that we have not complied with this Privacy Policy or applicable privacy laws, we encourage you to contact us first so that we can attempt to resolve the issue.

16.1 Contact Cafe Rio

Submit your complaint or concern to:

• Email: [email protected]
• Website: riosscafe.world

We will acknowledge your complaint within 5 business days and work to resolve it within 30 days.

16.2 Filing a Complaint with Regulatory Authorities

If you are not satisfied with our response, you have the right to file a complaint with relevant data protection and consumer protection authorities:

17. Summary of Key Points

This Privacy Policy was last updated on April 1, 2026 and is effective as of that date. This document constitutes the complete privacy notice for Cafe Rio and supersedes all prior versions.