Privacy Policy

This Privacy Policy describes how Cafe Rio ("we," "us," "our," or "the Company") collects, uses, stores, shares, and protects your personal information when you visit our website at cafenrio.click, place orders, subscribe to our services, or interact with us in any other way. Please read this policy carefully before using our website or providing us with any personal information.

By accessing or using our website and services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please discontinue use of our website immediately.

We are committed to protecting your privacy and handling your personal data in a transparent, fair, and lawful manner, in full compliance with applicable United States federal and state privacy laws, including but not limited to the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), the CAN-SPAM Act, and other applicable federal and state regulations.

1. About Us

Cafe Rio is a food service business operating in the United States. We operate the website cafenrio.click, through which customers can learn about our menu offerings, place orders, make reservations, and interact with our brand online.

For all privacy-related inquiries, questions, or requests, you may contact us directly at the email address listed above.

2. Information We Collect

We collect various categories of information from and about our users, depending on how you interact with our website and services. Below is a detailed breakdown of the types of data we collect.

2.1 Personal Identification Information

When you create an account, place an order, sign up for our newsletter, or contact us, we may collect personally identifiable information, including but not limited to:

• Full name
• Email address
• Phone number
• Billing and delivery address
• Date of birth (where required for age verification)
• Username and password (for registered accounts)
• Payment information (processed securely through third-party payment processors)
• Profile photo (if voluntarily provided)
• Any other information you choose to provide when contacting us or completing forms on our website

2.2 Order and Transaction Data

When you place an order through our website, we collect transaction-related information, including:

• Items purchased and quantities
• Order value and payment method (type only — full card details are not stored by us)
• Order history and frequency
• Special dietary preferences or requests you provide
• Delivery instructions and preferences

2.3 Usage and Behavioral Data

We automatically collect certain information about how you use our website. This may include:

• Pages visited and time spent on each page
• Links clicked and features used
• Search queries entered on our website
• Referring URLs and exit pages
• Session duration and visit frequency
• Interaction with promotional banners, pop-ups, or emails

2.4 Device and Technical Information

We collect technical data related to the device and browser you use to access our website, including:

• IP address
• Browser type and version
• Operating system and device type (desktop, mobile, tablet)
• Screen resolution and language settings
• Time zone
• Unique device identifiers
• Mobile network information (where applicable)

2.5 Location Data

With your permission, we may collect precise or approximate geographic location data to facilitate delivery services, suggest nearby menu items, or display relevant promotions. You may disable location sharing in your browser or device settings at any time.

2.6 Communications Data

When you contact us via email, online forms, or other channels, we retain records of those communications, including the content of your messages, your contact details, and our responses.

2.7 Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your browsing behavior. Please refer to Section 8 of this policy for detailed information about our cookie practices.

2.8 Information from Third Parties

We may receive information about you from third-party sources, such as:

• Social media platforms (if you choose to connect your account or log in via social media)
• Delivery and logistics partners
• Analytics providers
• Payment processors
• Advertising networks

3. How We Use Your Information

We use the personal information we collect for a variety of legitimate business purposes. We only use your data in ways that are consistent with the reason it was originally collected, or where we have a lawful basis to do so under applicable law.

3.1 Service Provision and Order Fulfillment

• Processing and fulfilling your orders
• Managing your account and preferences
• Communicating order confirmations, updates, and delivery status
• Providing customer support and resolving disputes
• Processing payments and refunds

3.2 Website Operation and Improvement

• Maintaining and improving the functionality of our website
• Diagnosing technical issues and bugs
• Conducting research and analytics to understand user behavior
• Testing new features and enhancements
• Personalizing your experience based on preferences and history

3.3 Marketing and Promotions

• Sending you promotional emails, special offers, and newsletters (with your consent)
• Informing you about new menu items, seasonal specials, or loyalty program updates
• Displaying personalized advertisements on our website and third-party platforms
• Conducting surveys and gathering feedback

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any email we send, or by contacting us at [email protected]. Please note that opting out of marketing emails will not affect transactional communications related to your orders or account.

3.4 Legal Compliance and Safety

• Complying with applicable laws, regulations, and legal processes
• Responding to lawful requests from government authorities
• Enforcing our Terms of Service and other agreements
• Detecting, preventing, and addressing fraud, security breaches, and other harmful activities
• Protecting the rights, property, and safety of Cafe Rio, our customers, and the public

3.5 Business Operations

• Conducting internal audits and business analysis
• Managing relationships with suppliers and partners
• Facilitating corporate transactions such as mergers, acquisitions, or reorganizations

4. Sharing Your Information with Third Parties

We do not sell your personal information to third parties for their own commercial purposes, except where disclosure is required or permitted by law, or where you have provided explicit consent. We may share your data in the following circumstances:

4.1 Service Providers and Business Partners

We engage trusted third-party companies and individuals to perform services on our behalf, including:

• Payment processors — to securely process transactions
• Delivery and logistics companies — to fulfill orders
• Cloud hosting and IT infrastructure providers — to store and manage data
• Email marketing platforms — to send communications on our behalf
• Analytics providers (e.g., Google Analytics) — to help us understand website usage
• Customer support tools — to manage inquiries and support tickets

All service providers are contractually obligated to use your data solely for the purposes of providing services to us, and to implement appropriate security measures to protect your information.

4.2 Legal Requirements and Law Enforcement

We may disclose your personal information to law enforcement agencies, regulatory bodies, courts, or other government authorities when we are legally required to do so, or when we believe in good faith that such disclosure is necessary to:

• Comply with applicable laws or regulations
• Respond to a valid legal process (e.g., subpoena, court order, or search warrant)
• Protect the rights and safety of Cafe Rio, our users, or the public
• Investigate or prevent fraud, security incidents, or illegal activity

4.3 Business Transfers

In the event of a merger, acquisition, sale of assets, reorganization, or other business transfer, your personal information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website prior to your data being transferred and subjected to a different privacy policy.

4.4 Advertising and Analytics Partners

With your consent, we may share certain data with advertising networks and social media platforms (such as Meta or Google) to deliver targeted advertisements. You may opt out of interest-based advertising through your device settings or by using tools provided by the Digital Advertising Alliance (DAA) at optout.aboutads.info.

4.5 Aggregated and De-Identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify any individual with third parties for research, analytics, or marketing purposes.

5. Data Security

We take the security of your personal information seriously and have implemented a range of technical, organizational, and administrative measures to protect it from unauthorized access, loss, alteration, or disclosure.

5.1 Technical Safeguards

• Encryption of data in transit using SSL/TLS protocols
• Encryption of sensitive data at rest
• Secure, access-controlled servers and databases
• Firewalls and intrusion detection systems
• Regular security patching and vulnerability assessments

5.2 Organizational Safeguards

• Access to personal data is restricted to authorized personnel on a need-to-know basis
• Staff training on data protection and privacy best practices
• Confidentiality agreements for employees and contractors who handle personal data
• Incident response procedures for data breaches

5.3 Payment Security

All payment transactions are processed through PCI DSS-compliant third-party payment processors. We do not store complete credit or debit card numbers on our systems.

6. Your Privacy Rights

Depending on your state of residence, you may have various rights regarding your personal information under applicable U.S. law. We are committed to honoring these rights in accordance with our legal obligations.

6.1 Rights Under the California Consumer Privacy Act (CCPA/CPRA)

If you are a California resident, you have the following rights under the CCPA as amended by the CPRA:

• Right to Know: You have the right to request information about the categories and specific pieces of personal data we have collected about you, the purposes for which it is used, and the categories of third parties with whom it is shared.
• Right to Delete: You have the right to request deletion of personal information we have collected from you, subject to certain exceptions permitted by law.
• Right to Correct: You have the right to request correction of inaccurate personal information we maintain about you.
• Right to Opt Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising purposes.
• Right to Limit Use of Sensitive Personal Information: You have the right to limit our use and disclosure of sensitive personal information to purposes strictly necessary to provide the requested services.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge different prices, or provide a different quality of service because you exercised your rights.

6.2 General Privacy Rights (All U.S. Residents)

• Right to Access: You may request a copy of the personal information we hold about you.
• Right to Correction: You may request that we correct any inaccurate or incomplete personal information.
• Right to Deletion: You may request that we delete your personal data, subject to legal retention requirements.
• Right to Data Portability: Where technically feasible, you may request that we provide your personal data in a structured, machine-readable format.
• Right to Withdraw Consent: Where we rely on your consent to process your data, you may withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal.
• Right to Opt Out of Marketing: You may unsubscribe from marketing communications at any time.

6.3 How to Exercise Your Rights

To exercise any of the rights described above, please submit a verifiable consumer request by:

• Email: [email protected]

We will respond to your request within 45 days of receipt. In certain cases, we may extend this period by an additional 45 days where reasonably necessary, and we will notify you of any such extension. We may need to verify your identity before processing your request to protect against fraudulent or unauthorized requests.

You may also designate an authorized agent to submit requests on your behalf, provided that the agent presents written authorization and you verify your identity directly with us.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, to comply with our legal obligations, resolve disputes, and enforce our agreements. The following general retention principles apply:

When personal data is no longer required, we will securely delete or anonymize it in accordance with our data destruction procedures.

8. Cookie Policy Overview

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze site performance, and deliver relevant content and advertisements. This section provides a brief overview; we encourage you to review our full Cookie Policy for comprehensive information.

8.1 What Are Cookies?

Cookies are small text files placed on your device by a website when you visit it. They help the website remember your preferences, login status, and browsing behavior over time.

8.2 Types of Cookies We Use

• Strictly Necessary Cookies: Essential for the website to function correctly. These cannot be disabled.
• Performance and Analytics Cookies: Help us understand how visitors interact with our website by collecting anonymous usage data.
• Functional Cookies: Remember your preferences (such as language, location, or menu choices) to provide a more personalized experience.
• Marketing and Advertising Cookies: Used to deliver relevant advertisements based on your interests and to track the effectiveness of our marketing campaigns.

8.3 Managing Your Cookie Preferences

You can control and manage cookies through your browser settings or via the cookie consent banner displayed when you first visit our website. Please note that disabling certain cookies may affect the functionality of our website.

You may also opt out of certain third-party advertising cookies by visiting:

• Digital Advertising Alliance (DAA) – optout.aboutads.info
• Network Advertising Initiative (NAI) – optout.networkadvertising.org
• Google Analytics Opt-Out – tools.google.com/dlpage/gaoptout

9. Children's Privacy

We do not knowingly collect personal information from children under 13 years of age in compliance with the Children's Online Privacy Protection Act (COPPA). If we learn that we have inadvertently collected personal data from a child under the age of 13 (or under 18 where applicable), we will promptly delete that information from our records.

If you are a parent or legal guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at [email protected]. We will take appropriate steps to remove the information and, if necessary, terminate the associated account.

Parents and guardians are encouraged to monitor their children's online activities and usage of websites and applications to help enforce this policy.

10. International Data Transfers

Cafe Rio is based in the United States, and your personal information is primarily collected, processed, and stored within the United States. However, in certain circumstances, your data may be transferred to, stored, or processed in other countries where our service providers, partners, or cloud infrastructure may be located.

If we transfer personal data to countries outside the United States, we will take appropriate steps to ensure that such transfers comply with applicable U.S. privacy laws and that your data receives adequate protection. These measures may include:

• Entering into data processing agreements with recipients that require them to protect your data in accordance with standards comparable to those in the United States
• Verifying that recipient countries maintain adequate data protection frameworks
• Implementing technical and organizational safeguards for transferred data

By using our website and services, you acknowledge and consent to the transfer of your personal information to the United States and, where applicable, to other countries in accordance with this Privacy Policy.

11. Third-Party Links and Services

Our website may contain links to third-party websites, applications, or services that are not operated or controlled by Cafe Rio. This Privacy Policy does not apply to those third-party platforms. We are not responsible for the privacy practices or content of any third-party websites and encourage you to review the privacy policies of any sites you visit via links on our website.

Examples of third-party services we may integrate with include:

• Social media platforms (Facebook, Instagram, X/Twitter)
• Online payment gateways
• Delivery and mapping services (Google Maps)
• Review and ratings platforms

12. Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that sends a signal to websites requesting that your browsing activity not be tracked. At this time, there is no universal standard for how websites should respond to DNT signals. Our website does not currently respond to DNT signals from browsers. However, you may manage your privacy preferences using the cookie controls and opt-out tools described in Section 8.

13. Your California Privacy Rights — Additional Disclosures

In addition to the rights described in Section 6, California residents have the following rights and disclosures under California law:

13.1 Shine the Light Law (California Civil Code Section 1798.83)

California residents who have an established business relationship with us may request, once per year, information about the categories of personal information we have shared with third parties for their direct marketing purposes during the immediately preceding calendar year. To make such a request, please contact us at [email protected].

13.2 Categories of Personal Information Collected

As required by the CCPA, we disclose that in the preceding 12 months, we have collected the following categories of personal information:

• Identifiers (name, email address, IP address, account username)
• Commercial information (purchase records, order history)
• Internet or other electronic network activity (browsing history on our website)
• Geolocation data (with consent)
• Inferences drawn from personal information to create a profile about your preferences
• Financial information (payment method type, via secure third-party processor)

13.3 Business or Commercial Purpose for Collection

The personal information listed above was collected for the business and commercial purposes described in Section 3 of this Privacy Policy, including order fulfillment, website improvement, customer service, and marketing communications.

14. FTC Act Compliance

In accordance with the Federal Trade Commission Act (FTC Act), Cafe Rio is committed to maintaining fair and non-deceptive privacy and data practices. We do not engage in unfair or deceptive acts or practices in connection with the collection, use, or disclosure of your personal information. Our privacy representations in this policy and on our website are accurate, and we implement reasonable security measures to protect your data as described herein.

If you believe that our data practices are unfair or deceptive, you have the right to file a complaint with the Federal Trade Commission (FTC) as described in Section 16 below.

15. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or other business needs. When we make material changes to this policy, we will notify you by:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending you an email notification (if you have an account or are subscribed to communications)
• Displaying a prominent notice on our homepage or at the point of login

Your continued use of our website after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. We encourage you to review this page periodically to stay informed about how we protect your information.

If you disagree with any changes to this Privacy Policy, you should discontinue use of our website and, if applicable, request deletion of your account and personal data.

16. How to File a Complaint

If you believe that we have violated your privacy rights or handled your personal data improperly, we encourage you to first contact us directly so that we may address your concerns.

16.1 Contact Us First

Please send your complaint or concern to:

• Email: [email protected]
• Website: cafenrio.click

We will acknowledge receipt of your complaint within 10 business days and aim to resolve the matter within 30 days. If your complaint requires additional time, we will notify you of the expected resolution timeline.

16.2 Federal Trade Commission (FTC)

If you are not satisfied with our response, or if you believe we have engaged in unfair or deceptive data practices, you may file a complaint with the Federal Trade Commission (FTC):

• Website: reportfraud.ftc.gov
• Phone: 1-877-FTC-HELP (1-877-382-4357)
• Address: Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580

16.3 California Residents — California Privacy Protection Agency (CPPA)

California residents who believe their CCPA/CPRA rights have been violated may also file a complaint with the California Privacy Protection Agency (CPPA):

• Website: cppa.ca.gov
• Email: [email protected]

16.4 State Attorneys General

Residents of states with applicable privacy laws may also contact their state's Attorney General office to file a privacy-related complaint. Contact information for your state's Attorney General can be found through the National Association of Attorneys General at www.naag.org.

17. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to reach out to us through any of the following channels:

We take all privacy inquiries seriously and will respond to your questions as promptly as possible, and in any event within the timeframes required by applicable law.