Privacy Policy

Effective Date: May 20, 2026 | Last Updated: May 20, 2026

This Privacy Policy describes how Cafe Rio ("we," "us," or "our") collects, uses, discloses, and safeguards your personal information when you visit our website caferio-meal.click, place orders, or otherwise interact with our services. Please read this policy carefully. By accessing or using our website or services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy.

We are committed to protecting your privacy and handling your personal data in an open and transparent manner. This Privacy Policy is designed to comply with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other applicable consumer protection regulations.

If you do not agree with the terms of this Privacy Policy, please do not access or use our website or services.

1. About Us

Cafe Rio is a food service business operating through our online platform at caferio-meal.click. We provide food ordering, delivery coordination, and related culinary services to our valued customers across the United States. For any privacy-related questions or concerns, please contact us using the details provided below:

Company Name	Cafe Rio
Website	caferio-meal.click
Email Address	[email protected]
Country	United States

2. Information We Collect

We collect various types of information in connection with your use of our website and services. The categories of personal information we collect include, but are not limited to, the following:

2.1 Personal Identification Information

When you create an account, place an order, or contact us, we may collect the following personal identification information:

Full name
Email address
Phone number
Billing and delivery address (street address, city, state, ZIP code)
Account username and password (stored in encrypted form)
Profile picture (if voluntarily provided)
Date of birth or age verification information

2.2 Payment and Transaction Information

When you place an order or make a purchase, we collect financial and transaction-related information, including:

Credit or debit card details (processed through secure third-party payment processors; we do not store full card numbers)
Billing address associated with your payment method
Order history and transaction records
Refund and dispute records
Loyalty points or rewards account information

2.3 Usage Data and Behavioral Information

We automatically collect certain information about how you interact with our website and services, including:

Pages visited, time spent on each page, and navigation paths
Search queries entered on our website
Menu items browsed and added to cart
Click-through rates and interaction with promotional content
Frequency and duration of visits
Referring URLs (the page that linked you to our website)
Exit pages

2.4 Device and Technical Information

We collect technical information about the device and internet connection you use to access our website:

IP address
Device type (desktop, mobile, tablet)
Operating system and version
Browser type and version
Device identifiers (e.g., IDFA, Android Advertising ID)
Screen resolution and language settings
Time zone settings

2.5 Location Information

With your consent, we may collect precise or approximate geolocation data to facilitate delivery services and provide location-based features. You may disable location sharing through your device settings at any time, though this may affect the functionality of certain services.

2.6 Communications and Customer Support Data

When you contact us for customer support, provide feedback, or communicate with us through any channel, we collect:

Content of messages, emails, and chat transcripts
Records of complaints and resolutions
Survey responses and review submissions
Social media interactions involving our brand

2.7 Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect data about your browsing behavior on our website. For detailed information about the cookies we use and how to manage your preferences, please refer to Section 9 of this Privacy Policy (Cookie Usage).

3. How We Use Your Information

We use the personal information we collect for a variety of legitimate business purposes. Specifically, we use your data for the following purposes:

3.1 Service Provision and Order Fulfillment

Processing and fulfilling your food orders and delivery requests
Creating and managing your customer account
Sending order confirmations, receipts, and delivery status updates
Coordinating with delivery partners and restaurant staff
Processing payments and managing billing
Administering loyalty rewards and promotional programs

3.2 Customer Support and Communications

Responding to your inquiries, complaints, and support requests
Sending important service-related notifications and updates
Notifying you about changes to our policies, menu, or services
Facilitating feedback collection and satisfaction surveys

3.3 Analytics and Service Improvement

Analyzing usage patterns to improve our website functionality and user experience
Conducting internal research and data analysis
Identifying and fixing technical issues and errors
Optimizing menu offerings and pricing strategies based on customer preferences
Developing new features, products, and services

3.4 Marketing and Advertising

With your consent (where required by law) or based on our legitimate interests, we may use your information for:

Sending promotional emails, newsletters, and special offers
Providing personalized menu recommendations based on your order history
Displaying targeted advertisements on our website and third-party platforms
Conducting promotional campaigns and loyalty programs
Retargeting campaigns through platforms such as Google Ads and Meta (Facebook/Instagram)

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any of our emails or by contacting us directly at [email protected].

3.5 Legal and Compliance Purposes

Complying with applicable laws, regulations, and legal obligations
Enforcing our Terms of Service and other agreements
Detecting, investigating, and preventing fraudulent transactions and other illegal activities
Protecting the rights, property, and safety of Cafe Rio, our customers, and the public
Responding to lawful requests from governmental authorities

4. How We Share Your Information

We do not sell your personal information to third parties for monetary consideration. However, we may share your information in the following circumstances:

4.1 Service Providers and Business Partners

We engage trusted third-party service providers who assist us in operating our business and delivering our services. These parties are contractually bound to use your information only for specified purposes and to maintain appropriate security measures. Categories of service providers include:

Payment processors (e.g., Stripe, Square) – to handle payment transactions securely
Delivery and logistics partners – to fulfill food delivery orders
Cloud hosting and infrastructure providers – to store and process data securely
Email and communication service providers – to send transactional and marketing communications
Analytics providers (e.g., Google Analytics) – to help us understand how our website is used
Customer support platforms – to manage support tickets and communications
Marketing and advertising platforms – to deliver targeted promotional content

4.2 Business Transfers

In the event that Cafe Rio undergoes a merger, acquisition, asset sale, reorganization, or any other form of business transfer, your personal information may be transferred to the acquiring entity. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.

4.3 Legal Requirements and Protection of Rights

We may disclose your personal information when we believe in good faith that such disclosure is necessary to:

Comply with a legal obligation, court order, or lawful governmental request
Enforce our Terms of Service or other contractual agreements
Investigate suspected or actual fraudulent activity
Protect the safety, rights, or property of Cafe Rio, our users, or the public
Respond to emergencies involving a risk to life or physical safety

4.4 With Your Consent

We may share your information with third parties when you have explicitly consented to such sharing. You retain the right to withdraw your consent at any time.

4.5 Aggregated and De-identified Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you with partners, advertisers, and for research purposes. This type of information is not considered personal information under applicable law.

5. Data Security

The security of your personal information is of paramount importance to us. We implement a comprehensive set of technical, administrative, and physical security measures designed to protect your data from unauthorized access, disclosure, alteration, destruction, or misuse.

5.1 Technical Security Measures

SSL/TLS Encryption: All data transmitted between your browser and our website is encrypted using industry-standard Secure Socket Layer (SSL) or Transport Layer Security (TLS) protocols.
Data Encryption at Rest: Sensitive data stored in our databases is encrypted using AES-256 or equivalent encryption standards.
Password Hashing: User passwords are stored using one-way cryptographic hashing algorithms (e.g., bcrypt) and are never stored in plain text.
Firewalls and Intrusion Detection: We employ network firewalls and intrusion detection/prevention systems to monitor and protect our infrastructure.
Access Controls: Access to personal data is restricted to authorized personnel on a need-to-know basis, enforced through role-based access controls.
Regular Security Audits: We conduct periodic security assessments, vulnerability scans, and penetration testing.

5.2 Administrative and Organizational Measures

Employee training on data privacy and security best practices
Strict internal data handling policies and confidentiality agreements
Incident response procedures for managing potential data breaches
Vendor security assessments before engaging third-party service providers

5.3 Limitations

While we take every reasonable precaution to protect your personal information, no method of electronic transmission or data storage is completely secure. We cannot guarantee absolute security of your data. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected individuals and relevant authorities in accordance with applicable legal requirements, including those established under state breach notification laws.

6. Your Privacy Rights

Depending on your state of residence, you may have certain rights regarding your personal information. We are committed to honoring these rights in accordance with applicable law.

6.1 Rights for California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) provides you with the following rights:

Right	Description
Right to Know	You have the right to request information about the categories and specific pieces of personal information we have collected about you, the sources of collection, our business purposes for collecting, and the categories of third parties with whom we share it.
Right to Delete	You have the right to request deletion of personal information we have collected about you, subject to certain exceptions permitted by law.
Right to Correct	You have the right to request correction of inaccurate personal information we maintain about you.
Right to Opt-Out of Sale/Sharing	You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising.
Right to Limit Use of Sensitive Data	You have the right to limit our use and disclosure of sensitive personal information to specific permitted purposes.
Right to Non-Discrimination	We will not discriminate against you for exercising any of your CCPA/CPRA rights.
Right to Data Portability	You have the right to receive your personal information in a portable, readily usable format that allows you to transmit it to another entity.

6.2 General Privacy Rights (All U.S. Residents)

Regardless of your state of residence, we provide the following privacy rights to all users:

Access: You may request access to the personal information we hold about you.
Correction: You may request correction of inaccurate or incomplete information.
Deletion: You may request deletion of your personal information, subject to legal retention requirements.
Opt-Out of Marketing: You may opt out of receiving promotional communications at any time.
Account Deactivation: You may request deactivation of your account at any time.

6.3 How to Exercise Your Rights

To exercise any of your privacy rights, please submit a verifiable request to us using the following contact methods:

Email: [email protected] with the subject line "Privacy Rights Request"
Website: caferio-meal.click

We will acknowledge your request within 10 business days and respond substantively within 45 calendar days of receiving a verifiable request. If we require additional time, we will notify you of the extension and the reason for it. We may need to verify your identity before processing your request to ensure the security of your information. We will not charge a fee for processing your request unless it is excessive, repetitive, or manifestly unfounded.

Authorized agents may submit requests on your behalf, provided they present written proof of authorization, and we may require verification directly from you.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The following general retention guidelines apply:

Category of Data	Retention Period
Account information	Duration of account plus 3 years after account closure
Order and transaction records	7 years (for tax and accounting compliance)
Payment processing records	7 years (in accordance with financial regulations)
Customer support communications	3 years from the date of last interaction
Marketing preferences and consent records	Until withdrawal of consent plus 3 years
Website usage and analytics data	26 months (rolling)
Cookie and tracking data	As specified in our Cookie Policy (typically 13 months)
Legal compliance records	As required by applicable law (typically 5–10 years)

Upon the expiration of the applicable retention period, we will securely delete, anonymize, or aggregate your personal information in a manner that prevents re-identification.

8. Children's Privacy

Important Notice: Our services are intended exclusively for individuals who are 18 years of age or older. We do not knowingly collect personal information from children under the age of 18.

Cafe Rio's website and services are not directed to individuals under the age of 18, and we do not knowingly collect, use, or disclose personal information from minors. Our platform involves food ordering and payment processing, which requires users to be of legal age.

This policy is also consistent with the Children's Online Privacy Protection Act (COPPA), which regulates the collection of information from children under 13 years of age. In compliance with COPPA, we do not intentionally collect data from children under 13.

If you are a parent or guardian and believe that your child has provided personal information to us without your consent, please contact us immediately at [email protected]. Upon verification, we will promptly delete such information from our records.

We reserve the right to verify the age of users when necessary and to suspend or terminate accounts that we discover belong to minors.

9. Cookie Usage

Our website uses cookies and similar tracking technologies (such as web beacons, pixel tags, and local storage) to enhance your browsing experience, analyze website traffic, and deliver personalized content and advertisements.

9.1 Types of Cookies We Use

Strictly Necessary Cookies: Essential for the operation of our website, enabling core functionalities such as user authentication, shopping cart management, and security features. These cannot be disabled.
Performance and Analytics Cookies: Help us understand how visitors interact with our website by collecting and reporting anonymous statistical data (e.g., Google Analytics).
Functional Cookies: Enable enhanced functionality and personalization, such as remembering your preferences, language settings, and previously viewed items.
Targeting and Advertising Cookies: Used to deliver relevant advertisements and marketing messages based on your browsing behavior and interests, both on our website and across third-party platforms.

9.2 Managing Your Cookie Preferences

Upon your first visit to our website, you will be presented with a cookie consent banner allowing you to accept or decline non-essential cookies. You may change your cookie preferences at any time through:

The cookie settings panel on our website
Your browser settings (to block or delete cookies)
Opt-out tools provided by third-party analytics and advertising providers (e.g., Digital Advertising Alliance)

Please note that disabling certain cookies may affect the functionality and performance of our website.

For full details about the specific cookies we use, their purposes, durations, and how to manage them, please refer to our dedicated Cookie Policy available on our website at caferio-meal.click.

10. International Data Transfers

Cafe Rio is based in the United States and primarily processes data within the United States. However, some of our third-party service providers and technology partners may be located in or operate from other countries. As a result, your personal information may be transferred to, stored in, and processed in countries outside of the United States.

When we transfer personal information internationally, we take appropriate steps to ensure that such transfers comply with applicable law and that adequate protections are in place for your data, including:

Ensuring that receiving parties are located in countries recognized as providing an adequate level of data protection
Implementing contractual safeguards, such as Standard Contractual Clauses (SCCs), with international service providers
Conducting due diligence on third-party vendors to assess their data protection practices
Applying data minimization principles to limit the amount of information transferred internationally

By using our website and services, you acknowledge and consent to the transfer of your personal information to the United States and other countries as described in this Privacy Policy.

11. Third-Party Websites and Links

Our website may contain links to third-party websites, applications, or services that are not operated or controlled by Cafe Rio. This Privacy Policy does not apply to those third-party sites, and we are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party sites you visit.

The presence of a link to a third-party website does not constitute our endorsement of that site, its content, or its privacy practices.

12. Legal Basis for Processing (FTC Act Compliance)

As a business operating in the United States, our data processing activities are governed by applicable federal and state laws. Under the Federal Trade Commission Act (FTC Act), we are required to engage in fair and honest data practices and to refrain from deceptive or unfair acts in connection with the collection and use of consumer data. Our data processing is based on the following legal grounds:

Contractual necessity: Processing required to perform a contract with you (e.g., fulfilling your food order)
Legitimate business interests: Processing necessary for our legitimate business purposes, such as fraud prevention, analytics, and service improvement
Legal compliance: Processing required to comply with applicable laws and regulations
Consent: Processing based on your explicit consent, such as marketing communications and optional data collection

13. Do Not Track Signals

Some web browsers offer a "Do Not Track" (DNT) feature that signals to websites that you do not wish to have your browsing activity tracked. Currently, there is no universally accepted standard for how websites should respond to DNT signals, and our website does not currently alter its data collection practices in response to DNT signals from your browser. We will continue to monitor developments in this area and update our practices as necessary.

California residents may also use the Global Privacy Control (GPC) signal to opt out of the sale or sharing of their personal information. Where technically feasible, we will honor GPC signals as required by California law.

14. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, services, or legal requirements. When we make material changes, we will:

Update the "Last Updated" date at the top of this page
Post a prominent notice on our website notifying users of the changes
Where required by law or appropriate given the nature of the change, send an email notification to registered users

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website or services after the posting of changes constitutes your acceptance of the revised Privacy Policy.

15. Filing Complaints with Data Protection Authorities

If you believe that your privacy rights have been violated and you have not received a satisfactory response from us after contacting us directly, you have the right to file a complaint with the appropriate regulatory authority.

15.1 Federal Level – Federal Trade Commission (FTC)

The Federal Trade Commission (FTC) is the primary federal agency responsible for consumer protection and privacy enforcement in the United States. You may file a complaint with the FTC through the following channels:

Online: reportfraud.ftc.gov
Phone: 1-877-FTC-HELP (1-877-382-4357)
Mail: Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, D.C. 20580

15.2 California Residents – California Privacy Protection Agency (CPPA)

California residents may also file complaints with the California Privacy Protection Agency (CPPA), which is responsible for enforcing the CCPA/CPRA:

Online: cppa.ca.gov
Email: [email protected]
Mail: California Privacy Protection Agency, 2101 Arena Boulevard, Sacramento, CA 95834

15.3 Other State Residents

Residents of other states may have the right to file complaints with their state's attorney general office or applicable consumer protection agency. We encourage you to identify and contact the appropriate authority for your state of residence.

Before filing a complaint with any regulatory authority, we strongly encourage you to first contact us directly so that we may attempt to resolve the matter promptly and amicably.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us. Our privacy team is available to assist you with any privacy-related inquiries.

Privacy Contact Information – Cafe Rio

Company Name	Cafe Rio
Website	caferio-meal.click
Privacy Inquiries Email	[email protected]
Country of Operation	United States
Response Time	Within 10 business days for acknowledgment; 45 calendar days for substantive response

Note: When contacting us regarding a privacy rights request, please include your full name, email address associated with your account, a description of your request, and any relevant supporting information to help us process your request efficiently. We may need to verify your identity before fulfilling your request.

This Privacy Policy was last updated on May 20, 2026, and is effective as of that date. Cafe Rio reserves the right to amend this policy at any time. The most current version will always be available at caferio-meal.click.