Privacy Policy

Effective Date: April 1, 2026 | Last Updated: April 1, 2026

Important Notice: This Privacy Policy explains how Cafe Rio collects, uses, discloses, and protects your personal information when you visit our website at riosscafe.digital, use our online ordering services, or interact with us in any other way. Please read this document carefully before using our services.

1. Introduction and Identity of the Data Controller

Welcome to the Privacy Policy of Cafe Rio ("we," "us," "our," or "the Company"). We are committed to protecting the privacy and security of your personal information. This Privacy Policy applies to all personal data collected through our website located at riosscafe.digital, our digital ordering platforms, in-store interactions, loyalty programs, and any other services we provide.

As a food service business operating in the United States, we are subject to applicable federal and state privacy laws, including but not limited to the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other relevant state and federal regulations governing the protection of consumer data.

For the purposes of this Privacy Policy, the data controller responsible for your personal information is:

Company Name	Cafe Rio
Website	riosscafe.digital
Email Address	[email protected]

By accessing or using our website and services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of our services immediately.

2. Scope of This Privacy Policy

This Privacy Policy covers all personal information that Cafe Rio collects, processes, stores, and shares in connection with:

Visitors to our website at riosscafe.digital
Customers who place online food orders through our digital platforms
Individuals who register for our loyalty or rewards program
Individuals who sign up for our email or SMS marketing communications
Users who contact our customer support team
Individuals who participate in promotions, contests, or surveys
Business partners, vendors, and suppliers
Any other individual whose data we collect in connection with our business operations

This policy does not apply to third-party websites, applications, or services that may be linked from our website. We encourage you to review the privacy policies of any third-party services you visit.

3. Information We Collect

We collect various categories of personal information depending on how you interact with Cafe Rio. Below is a detailed breakdown of the types of data we may collect:

3.1 Personal Identification Information

When you create an account, place an order, or contact us, we may collect:

Full name (first and last name)
Email address
Phone number
Home or delivery address
Date of birth (for age verification and promotional purposes)
Username and password for your account
Profile picture (if voluntarily provided)

3.2 Order and Transaction Information

When you place an order or make a purchase, we collect:

Order history and details (items ordered, quantity, customizations)
Billing and payment information (credit/debit card details processed through secure payment processors)
Delivery address and delivery preferences
Special dietary requirements or food preferences you provide
Transaction dates, times, and amounts
Loyalty points and reward redemption history

3.3 Usage Data and Online Activity

When you visit our website or use our digital services, we automatically collect:

IP address and approximate geographic location
Browser type and version
Operating system information
Pages visited and time spent on each page
Links clicked and navigation patterns
Referring website or source
Search queries made within our website
Date and time of each visit
Error logs and crash reports

3.4 Device Information

We collect information about the devices you use to access our services, including:

Device type (smartphone, tablet, desktop, laptop)
Device identifiers (advertising ID, device ID)
Mobile network information
Screen resolution and display settings
Language and regional settings
Installed fonts and browser plugins

3.5 Communication Data

When you contact us or communicate with us, we may collect:

Content of messages, emails, or chat conversations
Records of your communication preferences
Customer service interaction logs
Survey responses and feedback submissions
Social media posts and messages directed at our accounts

3.6 Location Data

With your permission, we may collect:

Precise GPS location data when using our mobile application
General location data derived from your IP address
Location preferences you manually enter for delivery purposes

3.7 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience. For more information, please see Section 9 of this Privacy Policy dedicated to cookie usage.

4. How We Use Your Personal Information

Cafe Rio uses the personal information we collect for a variety of purposes, all of which are aimed at providing you with the best possible food ordering and dining experience. The specific purposes include:

4.1 Service Provision and Order Fulfillment

Processing and fulfilling your food orders, including delivery and pickup requests
Managing your customer account and profile
Processing payments and issuing receipts
Sending order confirmations, updates, and delivery notifications
Managing loyalty program enrollment, points accumulation, and rewards redemption
Providing customer support and resolving complaints
Responding to your inquiries and requests

4.2 Analytics and Service Improvement

Analyzing website traffic and usage patterns to improve our digital experience
Conducting internal research and data analytics to understand customer preferences
Testing new features, menus, and service offerings
Monitoring and improving the performance of our website and applications
Identifying and fixing technical issues and bugs
Developing new products and menu items based on customer feedback and preferences

4.3 Marketing and Promotional Communications

Sending you promotional emails, newsletters, and special offers (with your consent where required)
Delivering personalized marketing content based on your order history and preferences
Running targeted advertising campaigns on social media and third-party platforms
Sending SMS notifications about deals, discounts, and new menu items (where you have opted in)
Inviting you to participate in surveys, contests, and promotional events
Retargeting you with relevant advertisements after you have visited our website

4.4 Legal Compliance and Security

Complying with applicable federal and state laws and regulations
Preventing, detecting, and investigating fraud, unauthorized access, and other illegal activities
Protecting the rights, property, and safety of Cafe Rio, our customers, and the public
Enforcing our Terms of Service and other agreements
Responding to legal processes, court orders, and government requests
Maintaining records as required by applicable food safety regulations and tax laws

5. Legal Basis for Processing Personal Information

As a business operating in the United States, we rely on the following legal bases for processing your personal information:

Legal Basis	Examples of Use
Contractual Necessity	Processing your orders, managing your account, fulfilling delivery requests
Legitimate Interests	Fraud prevention, website analytics, improving our services, internal business operations
Consent	Marketing emails, SMS promotions, non-essential cookies, location tracking
Legal Obligation	Tax record-keeping, responding to lawful government requests, compliance with food safety regulations

Where we rely on your consent to process personal information, you have the right to withdraw that consent at any time by contacting us at [email protected].

6. Sharing Your Personal Information with Third Parties

Cafe Rio does not sell your personal information to third parties for monetary compensation. However, we may share your data with certain third parties in specific circumstances as described below:

6.1 Service Providers and Vendors

We work with trusted third-party service providers who assist us in operating our business and delivering our services. These include:

Payment Processors: To securely process credit card and digital payment transactions
Delivery Partners: Third-party delivery services that fulfill your food delivery orders
Cloud Hosting Providers: Companies that host our website and store data securely
Email Marketing Platforms: Services used to send promotional emails and newsletters
Analytics Providers: Tools such as Google Analytics that help us understand website usage
Customer Support Software: Platforms that manage our customer service interactions
SMS and Notification Services: Providers that send text message notifications

All service providers are required to handle your data in accordance with applicable privacy laws and our contractual instructions. They are prohibited from using your data for their own independent purposes.

6.2 Business Transfers

In the event that Cafe Rio undergoes a merger, acquisition, sale of assets, reorganization, or bankruptcy proceeding, your personal information may be transferred to the successor entity as part of the business assets. We will notify you of any such transfer and any material changes to this Privacy Policy in advance where legally required.

6.3 Legal Requirements and Law Enforcement

We may disclose your personal information to government authorities, law enforcement agencies, or other third parties when we believe in good faith that disclosure is necessary to:

Comply with a legal obligation, subpoena, court order, or government request
Protect and defend the rights or property of Cafe Rio
Prevent or investigate possible wrongdoing in connection with our services
Protect the personal safety of our customers, employees, or the public
Protect against legal liability

6.4 Advertising and Marketing Partners

We may share limited data (such as hashed email addresses or device identifiers) with advertising platforms, including social media networks, to deliver targeted advertisements. This sharing is conducted in compliance with applicable law and your consent preferences. Under the CCPA/CPRA, sharing data for targeted advertising may constitute a "sale" or "sharing" of personal information, and California residents have the right to opt out of such activities. Please see Section 10 for more information on your rights.

7. Data Security Measures

Cafe Rio takes the security of your personal information seriously. We implement a comprehensive range of technical, administrative, and physical security measures to protect your data against unauthorized access, alteration, disclosure, or destruction.

7.1 Technical Safeguards

SSL/TLS encryption for all data transmitted between your browser and our servers
Encryption of sensitive data stored in our databases, including payment information
Firewall protection and intrusion detection systems
Regular security vulnerability assessments and penetration testing
Multi-factor authentication (MFA) for access to internal systems
Secure payment processing through PCI-DSS compliant payment providers

7.2 Administrative Safeguards

Access to personal data is restricted to authorized employees on a need-to-know basis
Regular staff training on data privacy and security practices
Data processing agreements with all third-party service providers
Internal privacy and data governance policies and procedures
Designated personnel responsible for overseeing data security compliance

7.3 Data Breach Response

In the event of a data security breach that affects your personal information, we will take immediate steps to contain and investigate the breach. Where required by applicable law, including state breach notification laws, we will notify affected individuals and relevant regulatory authorities within the legally mandated timeframes. Notifications will include details about the nature of the breach, the types of data affected, and steps you can take to protect yourself.

Please Note: While we take all reasonable precautions to protect your personal information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, and we encourage you to take precautions to protect your personal information, such as using strong passwords and keeping your account credentials confidential.

8. Data Retention Periods

We retain your personal information only for as long as is necessary to fulfill the purposes for which it was collected, including satisfying legal, accounting, and reporting requirements. The specific retention periods depend on the type of data and the purpose for which it is held:

Category of Data	Retention Period
Account registration information	Duration of account plus 3 years after account closure
Order and transaction records	7 years (for tax and accounting compliance)
Customer support communications	3 years from last interaction
Marketing preferences and consent records	Until consent is withdrawn plus 3 years
Website usage and analytics data	26 months from collection
Cookie and tracking data	As specified in our Cookie Policy (typically 12–24 months)
Fraud prevention records	Up to 5 years
Legal claims and disputes	Duration of proceedings plus applicable statute of limitations

When data is no longer needed, we securely delete or anonymize it in accordance with our data retention schedule. You may request earlier deletion of your data subject to the conditions outlined in Section 10 of this Privacy Policy.

9. Cookie Usage and Tracking Technologies

Our website at riosscafe.digital uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, personalize content, and support our marketing activities.

9.1 Types of Cookies We Use

Strictly Necessary Cookies: Essential for the website to function properly, including maintaining your login session and enabling the shopping cart
Functional Cookies: Remember your preferences such as language settings, saved addresses, and favorite menu items
Analytics Cookies: Help us understand how visitors interact with our website using tools such as Google Analytics
Marketing and Advertising Cookies: Used to track your visits and serve you relevant advertisements on other platforms
Social Media Cookies: Enable sharing of content on social media platforms and support social login features

9.2 Managing Your Cookie Preferences

You can manage your cookie preferences through our Cookie Consent banner, which appears when you first visit our website. You may also adjust cookie settings through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.

For complete information about the specific cookies we use, their duration, and how to opt out, please refer to our full Cookie Policy.

10. Your Privacy Rights

Depending on your location and applicable law, you may have certain rights regarding your personal information. Cafe Rio is committed to honoring these rights and making them easy to exercise.

10.1 Rights Available to All Users

Right to Access: You have the right to request a copy of the personal information we hold about you
Right to Correction: You have the right to request that we correct any inaccurate or incomplete personal information
Right to Deletion: You have the right to request that we delete your personal information, subject to certain legal exceptions
Right to Opt Out of Marketing: You may opt out of receiving promotional communications from us at any time
Right to Data Portability: Where applicable, you may request a copy of your data in a structured, machine-readable format

10.2 California Resident Rights (CCPA/CPRA)

If you are a resident of California, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

Right to Know: The right to know what categories of personal information we collect, the sources, the purposes for collection, and the third parties with whom we share it
Right to Delete: The right to request deletion of personal information we have collected, subject to certain exceptions
Right to Correct: The right to request correction of inaccurate personal information
Right to Opt Out of Sale or Sharing: The right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising
Right to Limit Use of Sensitive Personal Information: The right to limit our use of sensitive personal information to necessary purposes
Right to Non-Discrimination: The right not to be discriminated against for exercising your privacy rights

Do Not Sell or Share My Personal Information: California residents may submit a request to opt out of the sale or sharing of their personal information by emailing us at [email protected] with the subject line "Do Not Sell or Share My Personal Information."

10.3 How to Exercise Your Rights

To exercise any of the rights described in this section, please contact us using the following methods:

Email: [email protected] (Subject line: "Privacy Rights Request")
Website: riosscafe.digital

We will respond to verifiable consumer requests within the timeframes required by applicable law:

Under the CCPA/CPRA: within 45 days, with a possible extension of an additional 45 days where reasonably necessary
Under other applicable state laws: within the timeframes specified by those laws

To protect your privacy and security, we may need to verify your identity before fulfilling your request. This may involve confirming details associated with your account, such as your email address or order history.

10.4 Authorized Agents

California residents may designate an authorized agent to submit privacy requests on their behalf. Authorized agents must provide written authorization signed by the consumer, and we may require you to verify your identity directly with us even when using an authorized agent.

11. Children's Privacy

Age Restriction: Our website and online ordering services are intended for use by individuals who are 18 years of age or older. We do not knowingly collect personal information from children under the age of 18.

Cafe Rio does not direct its services to children and does not knowingly collect, use, or disclose personal information from individuals under 18 years of age. Our online services, including account registration, online ordering, and loyalty programs, require users to confirm that they are at least 18 years old.

We comply with the Children's Online Privacy Protection Act (COPPA), which prohibits the collection of personal information from children under the age of 13 without verifiable parental consent. If you are a parent or guardian and believe that your child under 18 has provided us with personal information without your knowledge or consent, please contact us immediately at [email protected]. We will take prompt steps to delete such information from our records.

If we discover that we have inadvertently collected personal information from a child under the age of 18, we will delete that information as soon as possible. We reserve the right to terminate accounts belonging to individuals who misrepresent their age.

12. International Data Transfers

Cafe Rio is based in the United States, and your personal information is primarily processed and stored on servers located within the United States. If you are accessing our services from outside the United States, please be aware that your information may be transferred to and processed in the United States, where data protection laws may differ from those in your country of residence.

By using our services, you consent to the transfer of your personal information to the United States. Where we transfer data internationally to service providers or partners located in other countries, we take appropriate steps to ensure that such transfers are conducted in compliance with applicable laws and that your data remains protected to a standard consistent with this Privacy Policy.

Such safeguards may include:

Contractual clauses requiring recipients to protect personal information in accordance with applicable standards
Verification that the recipient country provides an adequate level of data protection
Implementation of appropriate technical and organizational security measures by the recipient

13. Third-Party Links and Services

Our website may contain links to third-party websites, social media platforms, delivery partner websites, or other external services that are not operated or controlled by Cafe Rio. This Privacy Policy does not apply to those third-party websites or services. We have no control over the privacy practices of third parties and strongly encourage you to review the privacy policies of any third-party services you access.

Common third-party services that may be linked from our website include:

Social media platforms (Instagram, Facebook, Twitter/X, TikTok)
Third-party food delivery platforms (DoorDash, Uber Eats, Grubhub)
Payment processors and financial institutions
Review platforms (Yelp, Google Reviews)

Cafe Rio is not responsible for the privacy practices or content of these third-party sites and services.

14. Marketing Communications and Opt-Out

With your consent, we may send you marketing communications by email or SMS regarding promotions, new menu items, special offers, and events at Cafe Rio. You can opt out of receiving these communications at any time using the following methods:

Email: Click the "Unsubscribe" link included in the footer of any marketing email we send you
SMS: Reply "STOP" to any text message you receive from us
Account Settings: Adjust your communication preferences in your account settings on our website
Direct Contact: Email us at [email protected] and request removal from our marketing lists

Please note that even if you opt out of marketing communications, we may still send you transactional and service-related communications, such as order confirmations, payment receipts, and important account notifications. These communications are necessary for the operation of our services and cannot be opted out of while you maintain an active account.

15. How to File a Complaint with a Data Protection Authority

If you have concerns about how Cafe Rio handles your personal information and you are not satisfied with our response to your privacy request or complaint, you have the right to lodge a complaint with an appropriate regulatory authority.

15.1 Federal Trade Commission (FTC)

The Federal Trade Commission (FTC) enforces consumer protection laws in the United States, including provisions related to unfair or deceptive practices in data privacy. You may file a complaint with the FTC at:

Website: reportfraud.ftc.gov
Phone: 1-877-FTC-HELP (1-877-382-4357)
Address: Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580

15.2 California Privacy Protection Agency (CPPA)

If you are a California resident, you may also file a complaint with the California Privacy Protection Agency, which enforces the CCPA/CPRA:

Website: cppa.ca.gov
Address: California Privacy Protection Agency, 2101 Arena Blvd, Sacramento, CA 95834

15.3 State Attorney General Offices

Residents of other states may also have the right to file privacy complaints with their respective State Attorney General offices, which may have jurisdiction over local data privacy laws. We encourage you to contact your state's consumer protection division for guidance.

Before contacting regulatory authorities, we encourage you to first contact us directly at [email protected] so that we have the opportunity to address your concerns directly and promptly.

16. Changes to This Privacy Policy

Cafe Rio reserves the right to update or modify this Privacy Policy at any time to reflect changes in our data practices, legal requirements, or business operations. When we make material changes to this policy, we will take appropriate steps to notify you, which may include:

Posting a prominent notice on our website at riosscafe.digital
Sending an email notification to registered users at their email address on file
Displaying a pop-up or banner on our website for a period following the update
Updating the "Last Updated" date at the top of this Privacy Policy

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. If you do not agree with the updated terms, you should stop using our services and may request deletion of your account and personal data.

17. Contact Information for Privacy Inquiries

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal information, please do not hesitate to contact our privacy team using the details below:

Company Name	Cafe Rio
Website	riosscafe.digital
Privacy Inquiries Email	[email protected]
Subject Line for Privacy Requests	"Privacy Policy Inquiry" or "Privacy Rights Request"

We are committed to responding to all privacy-related inquiries in a timely and thorough manner. You can expect an initial acknowledgment of your inquiry within 5 business days and a full response within the timeframes required by applicable law.

Summary: At Cafe Rio, your privacy is a top priority. We collect only the information necessary to provide you with excellent food service experiences, we protect your data with robust security measures, and we respect your rights to access, correct, and delete your personal information. If you ever have questions or concerns about your privacy, our team is ready to help at [email protected].