Privacy Policy

Effective Date: May 22, 2026 | Last Updated: May 22, 2026

This Privacy Policy describes how Cafe Rio ("we," "us," or "our") collects, uses, discloses, and safeguards your personal information when you visit our website food-caferio.top, place an order, use our services, or otherwise interact with us. Please read this policy carefully. If you do not agree with the terms of this Privacy Policy, please discontinue use of our website and services immediately.

We are committed to protecting your privacy and handling your personal data in an open and transparent manner. This Privacy Policy is intended to comply with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other applicable consumer protection regulations.

1. Who We Are

Cafe Rio is a food service business operating in the United States. We provide food ordering, delivery, catering, and related culinary services to our customers through our website and in-person operations.

Company Name	Cafe Rio
Website	food-caferio.top
Email Address	[email protected]
Address	United States
Phone	Available upon request via email

For all privacy-related inquiries, you may contact us directly at [email protected].

2. Information We Collect

We collect various types of information in connection with the services we provide. The categories of personal information we may collect include, but are not limited to, the following:

2.1 Personal Identification Information

When you register an account, place an order, subscribe to our newsletter, or contact us, we may collect:

Full name
Email address
Phone number
Mailing and billing address (including ZIP code, city, and state)
Username and password (stored in encrypted form)
Date of birth or age verification data (for compliance purposes)
Profile photo or avatar (if uploaded voluntarily)

2.2 Payment and Transaction Information

When you make a purchase through our website or in-store, we or our payment processors may collect:

Credit or debit card details (processed securely via third-party payment gateways; we do not store full card numbers)
Billing address
Transaction history and order details
Purchase preferences and loyalty program information

2.3 Usage and Behavioral Data

We automatically collect certain information when you visit and interact with our website, including:

Pages viewed and time spent on each page
Clickstream data and navigation paths
Search queries entered on our website
Menu items viewed, added to cart, or purchased
Referring URLs (the website that directed you to ours)
Date and time of access
Frequency of visits and session duration

2.4 Device and Technical Information

We may automatically collect the following technical information about the device you use to access our website:

IP address
Browser type and version
Operating system and platform
Device type (desktop, mobile, tablet)
Screen resolution
Unique device identifiers
Mobile network information
Language settings

2.5 Location Data

With your consent, we may collect your precise or approximate geographic location to facilitate delivery services, show nearby locations, and tailor content to your region. You may opt out of location tracking through your browser or device settings at any time.

2.6 Communications and Feedback

If you contact us via email, our contact form, or any other communication channel, we collect:

The content of your message
Your name and email address
Any attachments or images you voluntarily provide
Customer reviews, ratings, and feedback submitted on our platform

2.7 Cookie and Tracking Data

We use cookies and similar tracking technologies (such as pixels, web beacons, and local storage) to enhance your browsing experience, analyze website traffic, and deliver targeted advertising. Please see Section 8 of this policy for detailed information on our use of cookies.

2.8 Information from Third Parties

We may receive information about you from third-party sources, including:

Social media platforms (if you log in or interact with us via social media)
Third-party delivery partners
Marketing and analytics service providers
Publicly available sources

3. How We Use Your Information

We use the personal information we collect for the following purposes:

3.1 Provision of Services

Processing and fulfilling your food orders and catering requests
Managing your account and providing customer support
Coordinating delivery and pickup logistics
Sending order confirmations, receipts, and delivery updates via email or SMS
Managing loyalty programs and promotional rewards

3.2 Business Operations and Improvement

Analyzing usage patterns to improve our website design, menu offerings, and overall customer experience
Conducting internal research and analytics
Monitoring and preventing fraudulent transactions and unauthorized access
Ensuring the security and integrity of our IT infrastructure
Training staff and improving service quality

3.3 Marketing and Communications

Sending promotional emails, newsletters, and special offers (with your consent or as permitted by law)
Personalizing your experience based on your order history and preferences
Running targeted advertising campaigns on third-party platforms such as Google and Meta
Conducting surveys and collecting customer feedback
Notifying you of changes to our menu, pricing, policies, or terms

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any marketing email, contacting us at [email protected], or updating your communication preferences in your account settings.

3.4 Legal and Compliance Purposes

Complying with applicable federal, state, and local laws and regulations
Responding to lawful requests, subpoenas, court orders, or legal proceedings
Enforcing our Terms of Service and other contractual agreements
Protecting the rights, property, and safety of Cafe Rio, our customers, and the public

4. Legal Basis for Processing (Where Applicable)

Where required by applicable law, we rely on the following legal bases to process your personal information:

Contractual Necessity: Processing necessary to fulfill your orders and provide the services you have requested.
Legitimate Interests: Processing necessary for our legitimate business interests, such as fraud prevention, security, and business analytics, provided these interests are not overridden by your rights.
Consent: Where you have provided explicit consent, such as for marketing communications or the use of non-essential cookies.
Legal Obligation: Processing required to comply with applicable laws and regulations.

5. Sharing Your Information with Third Parties

We do not sell your personal information to third parties for monetary compensation. However, we may share your information in the following circumstances:

5.1 Service Providers and Business Partners

We share personal information with trusted third-party service providers who assist us in operating our website and delivering our services. These may include:

Payment processors (e.g., Stripe, Square, PayPal) for secure transaction processing
Delivery logistics partners for coordinating food delivery to your location
Email and SMS marketing platforms for sending communications on our behalf
Analytics providers (e.g., Google Analytics) for website performance analysis
Cloud hosting and IT infrastructure providers for data storage and website operation
Customer support software providers for managing inquiries and complaints

All third-party service providers are contractually obligated to use your personal information only as directed by us and in accordance with this Privacy Policy. They may not use your data for their own marketing purposes.

5.2 Legal Disclosures

We may disclose your personal information when we believe disclosure is required or permitted by law, including to:

Comply with a subpoena, court order, legal process, or governmental request
Investigate, prevent, or take action regarding suspected illegal activities, fraud, or violations of our Terms of Service
Protect the rights, safety, and property of Cafe Rio, our employees, customers, and the public
Respond to emergencies involving risk to life or safety

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred to the acquiring entity. We will notify you via email or prominent notice on our website before your information becomes subject to a different privacy policy.

5.4 Advertising and Analytics Partners

We may share aggregated or de-identified data with advertising networks and analytics partners to improve our marketing efforts and measure campaign performance. This data does not identify you personally.

5.5 With Your Consent

We may share your information with other third parties when you have provided explicit consent to do so.

6. Data Security

We take the security of your personal information seriously and implement a range of technical, administrative, and physical safeguards to protect your data from unauthorized access, disclosure, alteration, or destruction.

6.1 Technical Measures

Transport Layer Security (TLS/SSL) encryption for all data transmitted between your browser and our servers
Encryption of sensitive data at rest, including passwords (stored using bcrypt or equivalent hashing)
Regular security audits, vulnerability assessments, and penetration testing
Firewalls and intrusion detection systems to monitor for unauthorized access
Two-factor authentication (2FA) available for user accounts

6.2 Administrative Measures

Access to personal data is restricted to employees who need it to perform their job functions
All employees with access to personal data are required to sign confidentiality agreements
Regular privacy and data security training for staff
Incident response procedures in place for data breach notification

6.3 Limitations

Despite our best efforts, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security. In the event of a data breach that affects your rights and freedoms, we will notify affected users and relevant authorities as required by applicable law.

7. Your Privacy Rights

Depending on your state of residence, you may have specific rights regarding your personal information. We are committed to honoring these rights in accordance with applicable United States privacy laws.

7.1 Rights Under the California Consumer Privacy Act (CCPA/CPRA)

If you are a California resident, you have the following rights:

Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected it, our business or commercial purposes for collecting it, and the categories of third parties with whom we share it.
Right to Delete: You have the right to request deletion of personal information we have collected about you, subject to certain exceptions.
Right to Correct: You have the right to request correction of inaccurate personal information that we maintain about you.
Right to Opt-Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising. We do not sell personal information for monetary value, but we may share data with advertising partners. You may opt out by contacting us at [email protected].
Right to Limit Use of Sensitive Personal Information: Where applicable, you may request that we limit the use and disclosure of your sensitive personal information to what is necessary to perform the services you have requested.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge different prices, or provide a lower quality of service because you exercised your rights.

7.2 General Privacy Rights (All Users)

Regardless of your state of residence, we endeavor to provide all users with the following rights:

Right of Access: Request a copy of the personal information we hold about you.
Right of Rectification: Request correction of any inaccurate or incomplete personal information.
Right of Erasure: Request deletion of your personal information where it is no longer necessary for the purpose it was collected.
Right to Data Portability: Request that we provide your personal data in a structured, commonly used, machine-readable format.
Right to Withdraw Consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
Right to Object to Marketing: Object to the use of your personal information for direct marketing purposes at any time.

7.3 How to Exercise Your Rights

To exercise any of your privacy rights, please submit a verifiable request to us using one of the following methods:

Email: [email protected]
Website: food-caferio.top

We will acknowledge receipt of your request within 10 business days and respond substantively within 45 calendar days. If we require additional time, we will notify you of the extension and the reason for the delay. We may need to verify your identity before processing your request to protect your security and prevent unauthorized disclosure.

You may designate an authorized agent to submit a request on your behalf. The authorized agent must provide written proof of authorization, and we may verify the identity of both the agent and the consumer.

8. Cookie Policy

We use cookies and similar tracking technologies to enhance your experience on our website. Cookies are small text files placed on your device that allow us to recognize your browser, remember your preferences, and analyze how our website is used.

8.1 Types of Cookies We Use

Cookie Type	Purpose	Duration
Strictly Necessary	Essential for website functionality (e.g., login sessions, shopping cart)	Session / Up to 1 year
Performance / Analytics	Collect anonymous data on website usage to improve performance (e.g., Google Analytics)	Up to 2 years
Functional	Remember your preferences (e.g., language, location, saved orders)	Up to 1 year
Marketing / Targeting	Deliver relevant advertisements based on your browsing behavior	Up to 2 years

8.2 Managing Your Cookie Preferences

You can control and manage cookies in several ways:

Through our cookie consent banner displayed on your first visit to our website
By adjusting your browser settings to block or delete cookies
By using opt-out tools provided by advertising networks (e.g., the NAI opt-out tool or Google's Ad Settings)

Please note that disabling certain cookies may affect the functionality of our website and your ability to use some of our services. For more detailed information about the specific cookies we use, please refer to our full Cookie Policy available on our website.

9. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements.

9.1 Retention Periods

Data Category	Retention Period
Account registration information	Duration of account + 3 years after account closure
Order and transaction records	7 years (for tax and financial compliance)
Marketing and communication preferences	Until opt-out + 1 year
Customer support communications	3 years from date of interaction
Website analytics and usage data	Up to 26 months
Cookie and tracking data	As specified in cookie settings (up to 2 years)
Security logs and audit trails	12 months

When personal information is no longer required for its original purpose and there is no legal obligation to retain it, we will securely delete or anonymize it. Anonymized data that cannot be used to identify you may be retained indefinitely for research and analytics purposes.

10. Children's Privacy

Important Notice: Our website and services are intended for individuals who are 18 years of age or older. We do not knowingly collect, use, or disclose personal information from children under the age of 18.

If you are under 18 years of age, please do not use our website, create an account, or submit any personal information to us. If you are a parent or legal guardian and believe that your child under 18 has provided us with personal information without your consent, please contact us immediately at [email protected].

Upon receiving such a notification, we will take prompt steps to verify the claim and, if confirmed, delete the child's personal information from our records. Our practices are designed to comply with the Children's Online Privacy Protection Act (COPPA) and applicable state laws governing the privacy of minors.

11. International Data Transfers

Cafe Rio is based in the United States, and our primary data processing activities take place within the United States. By using our website and services, you acknowledge that your personal information will be processed and stored in the United States.

If you are accessing our website from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where privacy laws may differ from those in your home country. We take steps to ensure that any such transfers are conducted in compliance with applicable laws and that appropriate safeguards are in place to protect your personal information.

Where we transfer data to third-party service providers located outside the United States, we require those parties to maintain equivalent data protection standards through contractual agreements and data processing addenda.

12. Third-Party Links and Services

Our website may contain links to third-party websites, social media platforms, delivery services, or other external resources that are not operated or controlled by Cafe Rio. When you click on a third-party link, you will be directed to that third party's website. We strongly encourage you to review the privacy policy of every website you visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites or services. The inclusion of a link on our website does not constitute an endorsement of that third party's privacy practices or services.

13. Do Not Track Signals

Some web browsers offer a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activities tracked. At this time, our website does not respond to DNT signals because there is no universally accepted standard for how websites should respond to such signals. However, you can manage your tracking preferences through our cookie consent tool and your browser settings as described in Section 8.

14. California Shine the Light Law

Under California Civil Code Section 1798.83 (the "Shine the Light" law), California residents who have an established business relationship with us may request information about the categories of personal information we disclosed to third parties for their direct marketing purposes in the preceding calendar year.

To make such a request, please contact us at [email protected] with the subject line "California Shine the Light Request." We will respond to such requests within 30 days.

15. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, legal requirements, or business operations. When we make material changes, we will:

Update the "Last Updated" date at the top of this page
Post the updated Privacy Policy on our website at food-caferio.top
Send an email notification to registered users (for significant changes)
Display a prominent notice on our homepage or login screen

Your continued use of our website and services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. If you do not agree with the updated policy, you must discontinue your use of our services and may request deletion of your account and personal data.

16. Filing Complaints with Data Protection Authorities

If you believe that we have violated your privacy rights or failed to handle your personal information in accordance with applicable law, we encourage you to contact us first so that we can attempt to resolve your concern.

However, if you are not satisfied with our response, you have the right to file a complaint with the relevant data protection authority or regulatory body:

16.1 For California Residents

The California Privacy Protection Agency (CPPA) is the primary state authority responsible for enforcing the CCPA/CPRA. You may file a complaint with:

California Privacy Protection Agency (CPPA)
Website: cppa.ca.gov
Email: [email protected]

16.2 For All US Consumers

The Federal Trade Commission (FTC) enforces federal consumer protection laws, including those relating to privacy and data security. You may file a complaint with:

Federal Trade Commission (FTC)
Website: reportfraud.ftc.gov
Phone: 1-877-382-4357

16.3 State Attorneys General

You may also file a complaint with the Attorney General of your state of residence, as many state attorneys general have authority to enforce state consumer protection and privacy laws.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to reach out to us. We will make every effort to respond promptly and thoroughly.

Company Name	Cafe Rio
Privacy Inquiries Email	[email protected]
Website	food-caferio.top
Location	United States

We aim to acknowledge all privacy-related inquiries within 5 business days and to resolve substantive concerns within 30 days. For complex requests, we will keep you informed of our progress and any applicable extensions.

Summary of Your Key Rights: You have the right to access, correct, delete, and port your personal data. You may opt out of marketing communications and data sharing for advertising purposes at any time. We do not sell your personal information. For any concerns, contact us at [email protected].

This Privacy Policy was last reviewed and updated on May 22, 2026. It supersedes all previous versions of our Privacy Policy.