Privacy Policy

Effective Date: May 21, 2026 | Last Updated: May 21, 2026

Important Notice: This Privacy Policy explains how Cafe Rio collects, uses, shares, and protects your personal information when you visit our website at caferio-meal.digital, use our online ordering services, or otherwise interact with us. Please read this document carefully before using our services.

At Cafe Rio, we deeply value your privacy and are committed to protecting your personal information in accordance with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other relevant regulations. This Privacy Policy describes our practices regarding data collection, use, disclosure, and your rights as a user or consumer.

By accessing or using our website located at caferio-meal.digital, placing an order, creating an account, or otherwise engaging with Cafe Rio's digital or physical services, you acknowledge that you have read and understood the terms of this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of our services immediately.

1. About Us

Cafe Rio is a food service business operating in the United States. We provide online food ordering, delivery, and related services through our website caferio-meal.digital. For all privacy-related matters, you may contact us at:

Company Name: Cafe Rio
Website: caferio-meal.digital
Email: [email protected]

2. Information We Collect

We collect various categories of personal information in order to provide you with our food ordering and delivery services, improve our platform, and communicate with you. The categories of information we collect are outlined below.

2.1 Personal Identification Information

When you create an account, place an order, or contact us directly, we may collect the following personal identification details:

Full name
Email address
Phone number
Billing address and delivery address
Date of birth (where provided for age verification or promotional purposes)
Username and password (stored in encrypted form)
Profile picture (if voluntarily uploaded)

2.2 Payment and Financial Information

To process transactions, we collect payment-related information. However, full payment card details are processed by our trusted third-party payment processors and are not stored directly on our servers. We may collect:

Payment card type (e.g., Visa, MasterCard)
Last four digits of your card number
Billing name and billing address
Transaction ID and purchase history

2.3 Order and Transaction Data

We collect information related to the orders you place through our platform, including:

Items ordered and quantities
Order history and frequency
Special dietary preferences or instructions you provide
Delivery instructions
Order value and payment confirmation details

2.4 Usage and Behavioral Data

We automatically collect information about how you interact with our website and services, including:

Pages and content you view
Search queries entered on our platform
Links and buttons you click
Time spent on pages and features used
Shopping cart behavior and abandoned carts
Referring websites or URLs

2.5 Device and Technical Information

When you access our website, we automatically receive certain technical information about your device and browser, including:

IP address
Browser type and version
Operating system and platform
Device type (desktop, mobile, tablet)
Screen resolution
Time zone setting and language preferences
Plug-ins and browser extensions installed

2.6 Location Data

With your consent, we may collect precise or approximate geolocation data to facilitate delivery services, suggest nearby pickup locations, and improve your ordering experience. You may disable location tracking through your device settings at any time.

2.7 Communications Data

When you contact our customer service team, submit a form, or engage with us via email, chat, or social media, we collect the content of those communications, including:

Messages and inquiries sent to us
Feedback and reviews submitted
Customer support tickets and resolution records
Social media handles (if you contact us through social channels)

2.8 Information from Third Parties

We may receive information about you from third-party sources such as:

Social media platforms (if you use social login features)
Marketing partners and advertising networks
Analytics providers
Fraud prevention and identity verification services
Delivery partner platforms

3. How We Use Your Information

Cafe Rio uses the personal information we collect for a variety of lawful purposes necessary to operate our business and serve our customers. Specifically, we use your information for the following purposes:

3.1 Service Provision and Order Fulfillment

To process and fulfill your food orders
To coordinate delivery or pickup services
To manage your account and authenticate your identity
To communicate with you about your orders, including confirmations, updates, and delivery notifications
To process payments and issue refunds where applicable

3.2 Customer Support

To respond to your inquiries, complaints, and feedback
To resolve disputes and troubleshoot issues
To maintain records of your interactions with our support team

3.3 Personalization

To personalize your experience on our platform, including recommending menu items based on your order history
To remember your preferences and settings
To display relevant content and promotions tailored to your interests

3.4 Analytics and Service Improvement

To analyze usage patterns and understand how customers interact with our website
To identify technical issues, bugs, or performance problems
To develop new features and improve existing functionality
To conduct market research and customer satisfaction surveys

3.5 Marketing and Promotional Communications

To send you promotional emails, newsletters, and special offers if you have opted in to receive marketing communications
To notify you about new menu items, seasonal promotions, and loyalty rewards
To conduct targeted advertising campaigns through online advertising networks
To measure the effectiveness of our marketing efforts

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any marketing email we send, or by contacting us at [email protected].

3.6 Legal Compliance and Safety

To comply with applicable federal, state, and local laws and regulations
To detect, prevent, and investigate fraudulent transactions, abuse, or illegal activity
To enforce our Terms of Service and other agreements
To protect the rights, property, and safety of Cafe Rio, our customers, and the public

4. Cookies and Tracking Technologies

Our website uses cookies, web beacons, pixel tags, and similar tracking technologies to enhance your experience, analyze website performance, and deliver personalized content and advertisements.

4.1 Types of Cookies We Use

Cookie Type	Purpose	Duration
Essential Cookies	Required for the website to function properly (e.g., shopping cart, login sessions)	Session / Short-term
Performance Cookies	Collect anonymous data about website usage and visitor behavior	Up to 2 years
Functional Cookies	Remember your preferences such as language, location, and previously selected items	Up to 1 year
Marketing/Advertising Cookies	Track your browsing habits to serve relevant ads across other websites	Up to 2 years

4.2 Managing Your Cookie Preferences

You have the right to accept or decline non-essential cookies. You may manage your cookie preferences through your browser settings or through our cookie consent tool available on our website. Note that disabling certain cookies may affect the functionality of our platform.

For more detailed information about the specific cookies we use and how to manage them, please refer to our Cookie Policy.

5. Sharing Your Information with Third Parties

Cafe Rio does not sell your personal information to third parties for monetary compensation. However, we may share your information with trusted third parties in the following circumstances:

5.1 Service Providers and Business Partners

We share your information with third-party companies and individuals who assist us in operating our business and delivering our services, including:

Payment processors – to securely process your transactions
Delivery partners – to coordinate food delivery to your address
Cloud hosting providers – to store and manage our data infrastructure
Email and communication platforms – to send transactional and marketing communications
Analytics providers – such as Google Analytics, to help us understand website usage
Customer support tools – to manage and resolve customer inquiries
Fraud prevention services – to protect against unauthorized transactions

All third-party service providers are contractually obligated to protect your personal information and use it only for the purposes for which it was disclosed.

5.2 Business Transfers

In the event of a merger, acquisition, asset sale, or other business restructuring, your personal information may be transferred as part of the business assets. We will provide notice before your information becomes subject to a different privacy policy.

5.3 Legal Requirements and Law Enforcement

We may disclose your personal information if required to do so by law or in response to valid legal requests from public authorities, including:

Compliance with federal, state, or local laws
Response to court orders, subpoenas, or legal process
Cooperation with law enforcement agencies or government bodies
Protection of the legal rights of Cafe Rio or its users
Prevention of fraud, security threats, or illegal activity

5.4 Advertising Networks

We may share certain usage and behavioral data with online advertising networks and social media platforms (such as Meta and Google) to display targeted advertisements. Under the CCPA/CPRA, sharing data with advertising networks for cross-context behavioral advertising may constitute a "sale" or "sharing" of personal information, and California residents have the right to opt out of such practices. Please see Section 9 for more information about your rights.

6. Data Security

Cafe Rio takes the security of your personal information seriously and implements a range of technical, administrative, and physical security measures to protect your data from unauthorized access, disclosure, alteration, or destruction.

6.1 Security Measures We Implement

Encryption: All data transmitted between your browser and our servers is protected using Secure Socket Layer (SSL) / Transport Layer Security (TLS) encryption.
Password hashing: User passwords are stored using industry-standard cryptographic hashing algorithms and are never stored in plain text.
Access controls: Access to personal data is restricted to authorized personnel on a need-to-know basis.
Firewalls and intrusion detection: Our systems are protected by firewalls and continuously monitored for suspicious activity.
Regular security audits: We conduct regular security assessments and vulnerability testing of our systems.
Data minimization: We only collect the personal information that is necessary for the stated purposes.

6.2 Data Breach Response

In the event of a data security breach that affects your personal information, we will notify you and relevant regulatory authorities as required by applicable law, including state data breach notification laws. Notification will be provided in a timely manner and will include the nature of the breach, the data affected, and the steps we are taking to address it.

Please Note: While we implement robust security measures, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of your personal information.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements. The following table outlines our general data retention periods:

Data Category	Retention Period
Account and registration information	For the duration of the account, plus 3 years after account closure
Order history and transaction records	7 years (for tax and accounting compliance)
Customer support communications	3 years from last interaction
Marketing preferences and consent records	Until opt-out, plus 3 years for compliance purposes
Usage and analytics data	Up to 26 months (anonymized after this period)
Payment information (partial)	As required by PCI-DSS standards and applicable law
Legal and compliance records	As required by applicable law (typically 5–7 years)

When your personal information is no longer required, we will securely delete, destroy, or anonymize it in accordance with our data retention procedures.

8. Children's Privacy

Age Restriction: Our services are intended for individuals who are 18 years of age or older. We do not knowingly collect personal information from children under the age of 18.

Cafe Rio's website, online ordering platform, and related services are not directed to individuals under the age of 18. We do not knowingly collect, process, or store personal information from minors. In accordance with the Children's Online Privacy Protection Act (COPPA) and applicable state laws, if we become aware that we have inadvertently collected personal information from a child under 18 without verifiable parental consent, we will take immediate steps to delete such information from our records.

If you are a parent or legal guardian and believe that your child under the age of 18 has provided us with personal information without your consent, please contact us immediately at [email protected] so that we can investigate and take appropriate action.

9. Your Privacy Rights

Depending on your state of residence, you may have specific rights regarding your personal information. Cafe Rio is committed to honoring these rights in compliance with applicable law.

9.1 Rights for All United States Users

Under the FTC Act and general consumer protection principles, all users have the right to:

Receive clear and accurate notice about our data collection and use practices
Opt out of receiving marketing and promotional communications
Request information about the personal data we hold about you

9.2 Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

Right	Description
Right to Know	Request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, purposes, and third parties with whom we share it.
Right to Delete	Request deletion of your personal information, subject to certain exceptions permitted by law.
Right to Correct	Request correction of inaccurate personal information we maintain about you.
Right to Opt-Out of Sale/Sharing	Opt out of the sale or sharing of your personal information for cross-context behavioral advertising.
Right to Limit Use of Sensitive Data	Limit our use of sensitive personal information to what is necessary for providing our services.
Right to Data Portability	Receive a copy of your personal information in a portable, machine-readable format.
Right to Non-Discrimination	Not be discriminated against for exercising your privacy rights (e.g., denial of service, different pricing).

To exercise your California privacy rights, please submit a verifiable consumer request to us at [email protected]. We will respond to your request within 45 days as required by the CCPA/CPRA, with a possible extension of an additional 45 days where necessary.

9.3 Rights for Residents of Other States

Residents of other states, including Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and Texas (TDPSA), may have additional privacy rights under their respective state laws, including rights to access, correct, delete, and port their data, as well as rights to opt out of targeted advertising and the sale of personal data. We honor these rights where applicable. Please contact us at [email protected] to submit a request.

9.4 How to Submit a Privacy Rights Request

You may submit a privacy rights request through the following methods:

Email: [email protected]
Website: caferio-meal.digital (via the contact form)

To protect your privacy and verify your identity, we may ask you to provide certain identifying information before processing your request. We will not fulfill requests unless we can reasonably verify your identity. Authorized agents may submit requests on your behalf with appropriate written authorization.

10. International Data Transfers

Cafe Rio operates primarily within the United States. However, some of our third-party service providers, including cloud hosting and analytics providers, may process your personal information in countries outside the United States. If your information is transferred internationally, we take appropriate steps to ensure that such transfers are conducted in compliance with applicable law and that your data receives an adequate level of protection.

These safeguards may include:

Entering into data processing agreements with service providers that include appropriate data protection clauses
Using providers that have adopted recognized privacy frameworks or obtained relevant certifications
Assessing the privacy laws of the destination country to ensure adequate protection

By using our services, you acknowledge and consent to the potential transfer of your personal information to countries outside your country of residence, where data protection laws may differ from those in your state or country.

11. Third-Party Links and Services

Our website may contain links to third-party websites, applications, or services that are not operated or controlled by Cafe Rio. This Privacy Policy does not apply to third-party websites. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites.

We encourage you to review the privacy policies of any third-party websites you visit. The inclusion of any link on our website does not imply our endorsement of that website or its privacy practices.

12. Do Not Track Signals

Some web browsers offer a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activities tracked. At this time, our website does not respond to DNT signals, as there is no universally accepted standard for how websites should respond to such signals. We will update our practices and this policy if a standardized industry approach is adopted in the future.

However, California residents have the right to opt out of the sale or sharing of their personal information for cross-context behavioral advertising. Please see Section 9 for more information on how to exercise this right.

13. Marketing Communications and Opt-Out

Cafe Rio may send you promotional emails, SMS messages, or push notifications about new menu items, limited-time offers, loyalty program updates, and other marketing content. We will only send you marketing communications if you have opted in or if we have a legitimate interest in doing so.

13.1 How to Opt Out of Marketing

Email marketing: Click the "unsubscribe" link in any marketing email or contact us at [email protected]
SMS messages: Reply "STOP" to any SMS marketing message
Push notifications: Disable push notifications through your device or browser settings
Account settings: Update your communication preferences through your account dashboard on caferio-meal.digital

Please note that even if you opt out of marketing communications, we will still send you essential transactional communications related to your orders, account, and security.

14. Filing a Complaint with a Data Protection Authority

If you believe that Cafe Rio has violated your privacy rights or failed to comply with applicable privacy laws, you have the right to file a complaint with the relevant regulatory authority.

14.1 Federal Complaints

You may file a complaint with the Federal Trade Commission (FTC), which enforces consumer protection and data privacy laws at the federal level:

Website: www.ftc.gov/complaint
Phone: 1-877-382-4357

14.2 California Residents

California residents may file a complaint with the California Privacy Protection Agency (CPPA) or the California Attorney General's Office:

CPPA Website: cppa.ca.gov
California AG Website: oag.ca.gov/privacy

14.3 Other State Residents

Residents of other states should contact their respective state Attorney General's office or relevant data protection authority. Before filing a formal complaint, we encourage you to contact us directly at [email protected] so we can attempt to resolve your concern.

15. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, legal requirements, or business operations. When we make material changes to this policy, we will:

Update the "Last Updated" date at the top of this page
Post a prominent notice on our website homepage
Send an email notification to registered users (where required by law or deemed appropriate)

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal information. Your continued use of our services after the effective date of any changes constitutes your acceptance of the updated policy.

16. Contact Us

If you have any questions, concerns, or requests related to this Privacy Policy or our privacy practices, please do not hesitate to contact us. We are committed to addressing your inquiries in a timely and transparent manner.

Privacy Inquiries — Cafe Rio

Company: Cafe Rio
Email: [email protected]
Website: caferio-meal.digital

We aim to respond to all privacy-related inquiries within 30 days of receipt. For urgent matters or complaints, please clearly indicate the nature of your concern in your message so we can prioritize your request appropriately.