Privacy Policy

Effective Date: May 2, 2026 | Last Updated: May 2, 2026

Important Notice: This Privacy Policy explains how Cafe Rio collects, uses, stores, and protects your personal information when you visit our website at eat-caferio.rest or use any of our services. Please read this document carefully before using our services.

1. Introduction and Overview

Welcome to Cafe Rio ("we," "us," "our," or "the Company"). We are a food service business operating in the United States, and we are deeply committed to protecting your privacy and safeguarding any personal information you share with us. This Privacy Policy has been drafted in compliance with applicable United States federal and state privacy laws, including but not limited to the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), and the Federal Trade Commission Act (FTC Act).

This Privacy Policy applies to all visitors, customers, and users (collectively, "you" or "users") who interact with our website located at eat-caferio.rest, our online ordering platform, loyalty programs, promotional campaigns, and any other digital or physical services we provide. By accessing or using our services, you acknowledge that you have read, understood, and agree to the terms outlined in this Privacy Policy.

If you do not agree with this Privacy Policy, please discontinue your use of our website and services immediately. We reserve the right to modify this policy at any time, and any changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically to stay informed about how we protect your information.

Our contact information for all privacy-related inquiries is as follows:

Company Name	Cafe Rio
Address	United States
Phone	Not provided
Email	[email protected]
Website	eat-caferio.rest

2. Information We Collect

We collect various types of information to provide you with excellent food service, personalize your experience, and improve our business operations. The categories of information we collect are described in detail below.

2.1 Personal Identification Information

When you create an account, place an order, sign up for our loyalty program, or contact us directly, we may collect the following personal identification information:

Full name – to identify you and personalize your experience
Email address – for order confirmations, account management, and marketing communications
Phone number – for order updates, delivery coordination, and customer support
Mailing and delivery address – for processing and delivering food orders
Date of birth – for age verification and loyalty program benefits
Username and password – for account security and access control
Profile preferences – including dietary restrictions, favorite items, and order history

2.2 Payment and Financial Information

To process transactions for food orders, catering bookings, or gift card purchases, we collect payment-related information, which may include:

Credit card or debit card number (last four digits only stored on our servers)
Billing address associated with your payment method
Transaction ID and purchase history
Digital wallet identifiers (such as Apple Pay or Google Pay tokens)

Please note that full payment card details are processed by our certified third-party payment processors and are not stored on our systems in unencrypted form.

2.3 Usage and Behavioral Data

When you browse our website or use our digital services, we automatically collect certain usage data, including:

Pages visited and time spent on each page
Menu items viewed, added to cart, or ordered
Search queries entered on our website
Click patterns and navigation paths through our site
Order frequency, preferences, and spending patterns
Referral sources (e.g., the website or advertisement that directed you to us)

2.4 Device and Technical Information

Our website automatically collects technical information about the devices and software you use to access our services, including:

IP address and approximate geographic location derived from it
Browser type and version (e.g., Chrome, Firefox, Safari)
Operating system and version (e.g., Windows, macOS, iOS, Android)
Device type (desktop, mobile, tablet) and device identifiers
Screen resolution and display settings
Time zone settings and language preferences
Network connection type and speed

2.5 Location Data

With your consent, we may collect precise geolocation data to facilitate food delivery services, help you find the nearest Cafe Rio location, and provide localized promotions. You may disable location services on your device at any time through your browser or operating system settings.

2.6 Communications and Feedback

When you contact our customer service team, leave a review, participate in a survey, or communicate with us through any channel, we collect the content of those communications, including:

Customer service inquiries and our responses
Online reviews and ratings submitted through our platform
Survey responses and feedback forms
Social media interactions related to our brand

2.7 Cookie and Tracking Data

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about your interactions with our website. For detailed information about our use of cookies, please refer to Section 8 of this policy.

3. How We Use Your Information

Cafe Rio uses the information we collect for a variety of legitimate business purposes. We are committed to using your data responsibly and only for purposes that are necessary, proportionate, and aligned with your reasonable expectations as a customer.

3.1 Service Provision and Order Fulfillment

The primary purpose for collecting your personal information is to provide you with our food services. This includes:

Processing and fulfilling your food orders, whether in-store, online, or via delivery
Coordinating delivery logistics with third-party delivery partners
Managing your loyalty rewards account and applying points or discounts
Sending order confirmations, receipts, and status updates via email or SMS
Facilitating catering bookings and large group orders
Processing payments and issuing refunds when applicable

3.2 Account Management and Customer Support

Creating and maintaining your customer account
Verifying your identity when you contact us or reset your password
Responding to your questions, complaints, or service requests
Notifying you of important changes to your account or our services
Maintaining records of your interactions with us for quality assurance

3.3 Personalization and User Experience

Remembering your food preferences and dietary requirements
Recommending menu items based on your past orders
Personalizing the content and layout of our website for you
Saving your favorite orders and delivery addresses for faster checkout

3.4 Marketing and Promotional Communications

With your consent, or where we have a legitimate interest, we may use your contact information to send you:

Promotional emails about new menu items, seasonal offerings, and special deals
Loyalty program updates, bonus point opportunities, and reward redemption reminders
Birthday rewards and personalized offers
Surveys and invitations to participate in research or focus groups
News about Cafe Rio restaurant openings and events

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any marketing email, adjusting your communication preferences in your account settings, or contacting us at [email protected].

3.5 Analytics and Business Improvement

Analyzing website traffic, user behavior, and conversion rates
Understanding which menu items are most popular in different regions
Evaluating the effectiveness of our marketing campaigns
Conducting internal research to improve our products and services
Generating aggregated, anonymized reports for business planning purposes

3.6 Legal Compliance and Safety

Complying with applicable federal, state, and local laws and regulations
Responding to lawful requests from law enforcement or regulatory authorities
Detecting, investigating, and preventing fraudulent transactions or unauthorized access
Enforcing our Terms of Service and other applicable agreements
Protecting the rights, safety, and property of Cafe Rio, our employees, and our customers

4. Sharing Your Information with Third Parties

Cafe Rio does not sell your personal information to third parties for their own marketing purposes. However, we may share your data with carefully selected third parties in the following circumstances:

4.1 Service Providers and Business Partners

We engage trusted third-party companies and individuals to perform services on our behalf. These service providers have access to your personal information only as necessary to perform their functions and are contractually obligated not to disclose or use it for any other purpose. Our service providers may include:

Payment processors – for secure handling of credit card and digital payment transactions
Delivery and logistics partners – to coordinate food delivery to your address
Email and SMS marketing platforms – to send promotional and transactional communications
Cloud hosting and IT infrastructure providers – to store and manage our data securely
Analytics providers – such as Google Analytics, to help us understand website usage
Customer support software providers – to manage and track support tickets
Loyalty program platform providers – to manage your rewards account

4.2 Legal Requirements and Law Enforcement

We may disclose your personal information if we are required to do so by law or if we believe, in good faith, that such disclosure is necessary to:

Comply with a legal obligation, court order, or government request
Enforce our Terms of Service or other agreements
Protect and defend the rights or property of Cafe Rio
Prevent or investigate possible wrongdoing in connection with our services
Protect the personal safety of users of our services or the public

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred to the acquiring entity. We will notify you via email and/or a prominent notice on our website before your personal information is transferred and becomes subject to a different privacy policy.

4.4 Aggregated and Anonymized Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you with third parties for research, marketing, analytics, or other business purposes. This type of data sharing does not constitute a disclosure of personal information.

5. Data Security Measures

Cafe Rio takes the security of your personal information very seriously. We implement a comprehensive range of technical, administrative, and physical security measures to protect your data against unauthorized access, alteration, disclosure, or destruction.

5.1 Technical Safeguards

SSL/TLS Encryption: All data transmitted between your device and our website is encrypted using industry-standard Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols.
Data Encryption at Rest: Sensitive personal information stored in our databases is encrypted using strong encryption algorithms.
Firewalls and Intrusion Detection: Our servers are protected by advanced firewalls and intrusion detection systems to prevent unauthorized access.
Secure Payment Processing: All payment transactions are processed through PCI-DSS compliant payment processors.
Regular Security Audits: We conduct periodic security assessments and vulnerability testing of our systems.

5.2 Administrative Safeguards

Access to personal data is restricted to employees and contractors who need it to perform their job functions.
All staff members with access to personal data receive regular privacy and security training.
We maintain internal data protection policies and procedures that align with industry best practices.
Employees are required to use strong, unique passwords and multi-factor authentication where applicable.

5.3 Data Breach Response

In the event of a data breach that affects your personal information, we will notify you as required by applicable law, including state breach notification laws. We will take prompt action to contain and remediate any breach and will provide you with information about what happened and what steps you can take to protect yourself.

Despite our best efforts, no method of data transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to continuously improving our security practices to protect your information.

6. Your Privacy Rights

Depending on your location within the United States, you may have certain rights with respect to your personal information. We are committed to honoring these rights and making it easy for you to exercise them.

6.1 Rights Under the California Consumer Privacy Act (CCPA/CPRA)

If you are a California resident, you have the following rights under the CCPA, as amended by the CPRA:

Right	Description
Right to Know	You have the right to request information about the categories and specific pieces of personal information we have collected about you, as well as how we use and share it.
Right to Delete	You have the right to request that we delete personal information we have collected from you, subject to certain exceptions.
Right to Correct	You have the right to request that we correct inaccurate personal information we maintain about you.
Right to Opt-Out of Sale/Sharing	You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising.
Right to Limit Use of Sensitive Information	You have the right to limit our use and disclosure of your sensitive personal information to only what is necessary to provide our services.
Right to Non-Discrimination	We will not discriminate against you for exercising any of your privacy rights.
Right to Data Portability	You have the right to receive your personal information in a portable, readily usable format.

6.2 General Privacy Rights for All U.S. Users

Regardless of your state of residence, Cafe Rio extends the following privacy rights to all users:

Right of Access: You may request a copy of the personal information we hold about you at any time.
Right to Correction: You may request that we update or correct any inaccurate information in your profile.
Right to Deletion: You may request that we delete your personal information, subject to our legal obligations to retain certain data.
Right to Withdraw Consent: Where we rely on your consent to process your data, you have the right to withdraw that consent at any time.
Right to Opt-Out of Marketing: You may opt out of receiving marketing communications from us at any time.

6.3 How to Submit a Privacy Request

To exercise any of your privacy rights, please contact us using one of the following methods:

Email: [email protected]
Website: Submit a request through our contact form at eat-caferio.rest

We will acknowledge receipt of your request within 10 business days and respond to your request within 45 calendar days. If we need additional time, we will notify you and may extend the response period by an additional 45 days where reasonably necessary.

We may need to verify your identity before processing your request to ensure that we do not disclose or delete information belonging to another person. This may involve confirming details associated with your account or asking you to provide a copy of a government-issued ID in certain circumstances.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. The following retention periods generally apply:

Category of Data	Retention Period
Account and profile information	Duration of account + 3 years after account closure
Order history and transaction records	7 years (for tax and accounting compliance)
Payment information (tokenized)	Duration of account or until card is removed
Marketing preferences and communication history	3 years from last interaction
Customer support records	3 years from resolution of the inquiry
Website usage and analytics data	26 months (standard analytics retention)
Cookie data	Varies by cookie type (see Section 8)
Legal and compliance records	As required by applicable law (typically 5–7 years)

When your personal information is no longer required for any of the above purposes, we will securely delete or anonymize it in accordance with our data retention procedures.

8. Cookie Policy Overview

Cafe Rio uses cookies and similar tracking technologies on our website to enhance your browsing experience, analyze site traffic, and deliver relevant content and advertising. This section provides a brief overview of our cookie practices.

8.1 Types of Cookies We Use

Essential Cookies: These cookies are strictly necessary for the operation of our website, including enabling you to log in, add items to your cart, and complete the checkout process. These cookies cannot be disabled.
Performance and Analytics Cookies: These cookies help us understand how visitors interact with our website by collecting anonymous data about pages visited, time spent, and errors encountered. We use tools such as Google Analytics for this purpose.
Functionality Cookies: These cookies remember your preferences (such as your preferred restaurant location or saved addresses) to provide a more personalized experience on return visits.
Targeting and Advertising Cookies: These cookies are used to deliver advertisements that are relevant to your interests, based on your browsing behavior. They may also be used to limit the number of times you see an ad and to measure the effectiveness of advertising campaigns.

8.2 Managing Your Cookie Preferences

You may adjust your cookie preferences at any time through our cookie consent banner, which appears when you first visit our website. You may also manage cookies through your browser settings; however, disabling certain cookies may affect the functionality of our website. Most browsers allow you to refuse or delete cookies through their settings menus.

For more detailed information about the specific cookies we use, their purposes, and their retention periods, please refer to our dedicated Cookie Policy available on our website at eat-caferio.rest.

9. Children's Privacy

Age Restriction: Our website and services are intended for users who are 18 years of age or older. We do not knowingly collect personal information from individuals under the age of 18.

Cafe Rio does not intentionally direct its digital services to children under 18 years of age. We do not knowingly collect, solicit, or maintain personal information from anyone under the age of 18. If you are under 18 years of age, please do not use our website or provide any personal information to us.

If we become aware that we have inadvertently collected personal information from a child under the age of 18 without verifiable parental consent, we will take immediate steps to delete that information from our records. If you are a parent or guardian and you believe that your child has provided us with personal information, please contact us immediately at [email protected] so that we can investigate and remove the information.

Our practices with respect to children's privacy are consistent with the Children's Online Privacy Protection Act (COPPA), which imposes requirements on operators of websites and online services directed to children under the age of 13. While our services are not directed to children under 13, we take a conservative approach and restrict access to users 18 and older.

10. International Data Transfers

Cafe Rio is a United States-based business, and your personal information is primarily collected, stored, and processed within the United States. If you are accessing our services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country of residence.

When we transfer personal information internationally, we take steps to ensure that appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable law. These safeguards may include:

Standard contractual clauses approved by relevant data protection authorities
Verification that receiving entities comply with adequate data protection standards
Implementation of technical and organizational security measures

By using our services from outside the United States, you consent to the transfer of your personal information to the United States in accordance with this Privacy Policy.

11. Third-Party Links and Services

Our website may contain links to third-party websites, applications, or services that are not operated by Cafe Rio. These may include links to social media platforms (such as Facebook, Instagram, or Twitter), third-party delivery platforms, or partner websites. This Privacy Policy does not apply to those third-party services, and we are not responsible for their privacy practices.

We encourage you to review the privacy policies of any third-party services you access through links on our website. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

12. FTC Act Compliance and Consumer Protection

Cafe Rio is committed to complying with the Federal Trade Commission Act (FTC Act), which prohibits unfair or deceptive acts or practices in commerce. Our privacy practices are designed to be transparent, accurate, and aligned with the representations we make to our users. We do not engage in deceptive data collection, misleading privacy disclosures, or unfair data practices.

Our commitment to consumer protection includes:

Providing clear and honest information about how we collect and use your data
Honoring all opt-out requests for marketing communications promptly
Ensuring that our data practices match the representations in this Privacy Policy
Implementing reasonable security measures to protect consumer data
Not engaging in unauthorized data collection or use

13. Do Not Track Signals

Some browsers offer a "Do Not Track" (DNT) feature that sends a signal to websites requesting that they not track your online activities. At this time, our website does not respond to DNT signals, as there is no industry-wide standard for handling such signals. However, you can manage your tracking preferences through our cookie consent tool and by adjusting your browser settings.

14. State-Specific Privacy Rights

In addition to California residents' rights under the CCPA/CPRA, residents of certain other states may have additional privacy rights under their respective state laws. We are committed to complying with all applicable state privacy laws, including but not limited to:

Virginia Consumer Data Protection Act (VCDPA)
Colorado Privacy Act (CPA)
Connecticut Data Privacy Act (CTDPA)
Utah Consumer Privacy Act (UCPA)
Texas Data Privacy and Security Act (TDPSA)

If you are a resident of any of these states and wish to exercise your privacy rights under applicable state law, please contact us using the information provided in Section 16 of this policy. We will honor your rights in accordance with the specific requirements of your state's privacy law.

15. How to File a Complaint

If you have concerns about our privacy practices and feel that we have not adequately addressed your complaint, you have the right to file a complaint with the appropriate regulatory authority. In the United States, you may contact the following bodies:

15.1 Federal Trade Commission (FTC)

The FTC is the primary federal agency responsible for consumer protection and privacy enforcement in the United States. You may file a complaint with the FTC at:

Website: www.ftc.gov/complaint
Phone: 1-877-FTC-HELP (1-877-382-4357)
Mailing Address: Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580

15.2 California Attorney General (for California Residents)

California residents who believe their CCPA/CPRA rights have been violated may file a complaint with the California Attorney General's Office or the California Privacy Protection Agency (CPPA):

California Attorney General: oag.ca.gov/privacy/ccpa
California Privacy Protection Agency: cppa.ca.gov

15.3 State Attorney General Offices

Residents of other states may also file complaints with their respective State Attorney General's office. Contact information for each State Attorney General is available through your state government's official website.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please do not hesitate to contact us. We will respond to all inquiries as promptly as possible.

Privacy Inquiries – Cafe Rio

Company: Cafe Rio

Address: United States

Email: [email protected]

Website: eat-caferio.rest

Response Time: Within 10 business days of receipt of your inquiry

When contacting us about a privacy matter, please provide as much detail as possible about your concern or request, including your name, email address, and a description of the specific issue. This will help us respond to your inquiry accurately and efficiently.

17. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our business practices, applicable laws, or technological developments. When we make material changes to this policy, we will:

Update the "Last Updated" date at the top of this page
Post a prominent notice on our website informing users of the changes
Send an email notification to registered account holders if the changes are significant

We encourage you to review this Privacy Policy periodically to remain informed about how we protect your personal information. Your continued use of our website and services after any changes to this policy have been posted constitutes your acceptance of the revised policy.

This Privacy Policy was last updated on May 2, 2026 and is effective as of that date. All previous versions of this policy are superseded by this document. If you have any questions about changes from a prior version, please contact us at [email protected].