Privacy Policy

Effective Date: April 25, 2026 | Last Updated: April 25, 2026

This Privacy Policy describes how Cafe Rio ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you visit our website at cafess-rio.click, place orders, interact with our services, or otherwise engage with us. We are committed to protecting your privacy and ensuring transparency about how your data is handled.

Please read this Privacy Policy carefully. By accessing or using our website and services, you acknowledge that you have read, understood, and agree to the practices described in this policy. If you do not agree with this policy, please do not use our website or services.

This Privacy Policy complies with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission (FTC) Act, and other applicable regulations governing the collection, use, and protection of personal information.

1. About Us

Cafe Rio is a food service business operating in the United States. We are dedicated to providing high-quality food and dining experiences to our customers. For all privacy-related inquiries, you may contact us using the details below:

Business Name: Cafe Rio
Website: cafess-rio.click
Email: [email protected]
Location: United States

2. Information We Collect

We collect several types of information in connection with the operation of our food service business and website. The categories of information we collect are described below.

2.1 Personal Information You Provide Directly

When you interact with Cafe Rio — whether you create an account, place an order, make a reservation, subscribe to our newsletter, contact our customer support team, or participate in promotions — you may provide us with the following categories of personal information:

Identification Information: Your first and last name, username, or similar identifier.
Contact Information: Email address, telephone number, and physical delivery or billing address.
Account Credentials: Username and password when you create an account on our platform.
Payment Information: Credit or debit card numbers, billing addresses, and other financial information necessary to process transactions. Note: We do not store full payment card numbers; this data is processed by our secure third-party payment processors.
Order and Purchase History: Details of food and beverage items you have ordered, including quantities, customizations, and delivery preferences.
Dietary Preferences and Allergies: Any dietary restrictions, food allergies, or preferences you voluntarily share with us for order customization purposes.
Communication Records: Records of correspondence if you contact us by email, phone, or through our website contact forms.
Feedback and Reviews: Ratings, reviews, and comments you submit about our food, services, or experience.
Promotional Participation Data: Information submitted in connection with contests, sweepstakes, surveys, or loyalty programs.

2.2 Information Collected Automatically

When you visit our website at cafess-rio.click, we and our technology partners may automatically collect certain technical and usage information through cookies, web beacons, pixel tags, and similar tracking technologies. This may include:

Device Information: Device type (desktop, mobile, tablet), operating system and version, browser type and version, device identifiers, and screen resolution.
Log Data: Your Internet Protocol (IP) address, access times and dates, pages viewed, time spent on pages, links clicked, and the referring URL from which you arrived at our site.
Usage Data: Information about how you navigate and interact with our website, including search queries, menu items viewed, and features used.
Location Data: General geographic location derived from your IP address. If you grant permission, we may collect more precise location data to assist with finding nearby locations or enabling delivery services.
Cookie and Tracking Data: Information collected via cookies, session tokens, local storage, and similar technologies as described in Section 8 of this policy.

2.3 Information from Third Parties

We may also receive information about you from third parties in the following circumstances:

Social Media Platforms: If you log in to our website or services using a social media account (such as Facebook or Google), we may receive basic profile information including your name, profile photo, email address, and public account information, subject to your privacy settings on those platforms.
Delivery Partners: If you order food through third-party delivery platforms that integrate with our services, we may receive relevant order and contact information to fulfill your order.
Analytics Providers: We receive aggregated and anonymized data from analytics services to help us understand website performance and user behavior.
Marketing Partners: We may receive contact information or demographic data from marketing partners to assist with targeted advertising and promotional campaigns, where permitted by law.
Payment Processors: Transaction confirmation and limited payment data from our authorized payment service providers.

3. How We Use Your Information

We use the personal information we collect for the following purposes, each of which is grounded in a legitimate business interest, contractual necessity, legal obligation, or your consent where required:

3.1 Service Provision and Order Fulfillment

To process and fulfill your food orders, including preparation, packaging, and delivery coordination.
To manage your customer account and provide account-related features.
To process payments and issue receipts or confirmations.
To communicate with you about the status of your orders or reservations.
To accommodate dietary preferences, allergies, or special requests you have indicated.
To provide customer support and respond to your inquiries, complaints, or feedback.

3.2 Analytics and Service Improvement

To analyze how users interact with our website and services in order to improve functionality, performance, and user experience.
To monitor and evaluate the effectiveness of our menu offerings, promotions, and business operations.
To conduct internal research and development to enhance and expand our food services.
To generate aggregate statistical reports about user behavior and preferences (in anonymized or de-identified form).
To identify and resolve technical issues or security vulnerabilities on our website.

3.3 Marketing and Communications

To send you promotional emails, newsletters, and special offers about our food, menu updates, seasonal specials, and loyalty programs — where you have opted in or where we have a legitimate interest to do so.
To display personalized advertisements on our website or third-party platforms based on your browsing and purchasing history.
To contact you about upcoming events, promotions, or contests in which you have expressed interest.
To conduct surveys and collect feedback to improve our offerings and customer satisfaction.

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in our emails or by contacting us at [email protected]. Opting out of marketing will not affect transactional communications related to your orders.

3.4 Legal Compliance and Safety

To comply with applicable laws, regulations, legal processes, and governmental requests.
To enforce our Terms of Service, prevent fraud, and protect the security of our platform.
To investigate and respond to suspected violations of our policies or applicable law.
To protect the rights, property, or safety of Cafe Rio, our customers, employees, and the public.

4. Sharing Your Information with Third Parties

We do not sell your personal information to third parties for their own independent marketing purposes. However, we do share your information with trusted partners and service providers under specific circumstances as described below.

4.1 Service Providers

We engage third-party companies and individuals to assist us in operating our business and providing services. These service providers are granted access to your personal information only to the extent necessary to perform their functions and are contractually obligated to maintain the confidentiality and security of your data. Categories of service providers include:

Payment processing companies (e.g., Stripe, Square, PayPal)
Cloud hosting and data storage providers
Email marketing and communication platforms
Analytics and web performance services (e.g., Google Analytics)
Customer relationship management (CRM) software providers
Food delivery logistics and courier partners
Cybersecurity and fraud prevention services

4.2 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy involving Cafe Rio, your personal information may be transferred to the successor entity as part of such transaction. We will notify you via email or prominent notice on our website before your information becomes subject to a different privacy policy.

4.3 Legal Requirements

We may disclose your personal information to government authorities, law enforcement agencies, courts, or other third parties when we believe in good faith that disclosure is necessary to:

Comply with a legal obligation, subpoena, court order, or other legal process;
Protect and defend the rights or property of Cafe Rio;
Prevent or investigate possible wrongdoing in connection with our services;
Protect the personal safety of our users, staff, or the public; or
Protect against legal liability.

4.4 With Your Consent

We may share your information with third parties for purposes not listed in this policy when we have obtained your explicit consent to do so. You may withdraw your consent at any time by contacting us.

4.5 Aggregated and De-identified Data

We may share aggregated, anonymized, or de-identified information — which cannot reasonably be used to identify you — with partners, advertisers, investors, or the public for business, research, or marketing purposes.

5. Data Security

We take the security of your personal information seriously and implement a range of technical, administrative, and physical safeguards to protect your data against unauthorized access, disclosure, alteration, or destruction. Our security measures include:

Encryption: We use Secure Socket Layer (SSL) / Transport Layer Security (TLS) encryption to protect data transmitted between your browser and our servers.
Access Controls: Access to personal data is restricted to authorized personnel who have a legitimate business need to process such information. We enforce role-based access controls and require authentication for system access.
Secure Payment Processing: Payment card data is processed by PCI-DSS compliant payment processors. We do not store full credit card numbers on our servers.
Data Minimization: We collect only the minimum amount of personal information necessary for the stated purposes.
Regular Security Assessments: We conduct regular reviews of our data handling practices, systems, and security controls to identify and remediate potential vulnerabilities.
Incident Response: We maintain an incident response plan to address data breaches or security incidents promptly and notify affected individuals in accordance with applicable law.

Despite our best efforts, no method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. If you suspect that your account has been compromised, please contact us immediately at [email protected].

6. Your Privacy Rights

Depending on your state of residence within the United States, you may have specific legal rights regarding your personal information. We are committed to honoring these rights in accordance with applicable law.

6.1 Rights Under the California Consumer Privacy Act (CCPA/CPRA)

If you are a California resident, you have the following rights under the CCPA as amended by the CPRA:

Right	Description
Right to Know	You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the purposes for collection, and the third parties with whom it has been shared.
Right to Delete	You have the right to request deletion of your personal information, subject to certain exceptions (e.g., information needed to complete a transaction or comply with legal obligations).
Right to Correct	You have the right to request correction of inaccurate personal information we maintain about you.
Right to Opt-Out of Sale/Sharing	You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising purposes.
Right to Limit Use of Sensitive Personal Information	You have the right to limit our use and disclosure of sensitive personal information (e.g., financial data, health/dietary information) to that which is necessary to provide the requested services.
Right to Non-Discrimination	We will not discriminate against you for exercising any of your CCPA/CPRA rights. You will not receive a different quality or price of service for exercising these rights.
Right to Data Portability	You have the right to receive a copy of your personal information in a portable, readily usable format.

6.2 Rights Available to All U.S. Users

Regardless of your state of residence, you may have the following rights subject to applicable law:

Right to Access: Request access to the personal information we hold about you.
Right to Correction: Request that we correct inaccurate or incomplete personal information.
Right to Deletion: Request deletion of your personal information where no legitimate basis exists for its continued retention.
Right to Opt-Out of Marketing: Opt out of receiving marketing communications at any time.
Right to Withdraw Consent: Where processing is based on your consent, withdraw that consent at any time without affecting the lawfulness of prior processing.

6.3 How to Exercise Your Rights

To exercise any of the rights described above, please submit a verifiable request to us using one of the following methods:

Email: [email protected]
Website: cafess-rio.click

We will verify your identity before processing your request to protect your privacy. Verification may require you to provide identifying information consistent with what we have on file. We will respond to your request within 45 days as required under CCPA/CPRA. If we need additional time, we will notify you within the initial 45-day period and may take up to an additional 45 days to respond.

You may designate an authorized agent to submit requests on your behalf. We will require written confirmation that you have authorized the agent to act on your behalf and may require direct verification from you.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Our general data retention practices are as follows:

Data Category	Retention Period
Account Information	Duration of account plus 3 years after account closure
Order and Transaction Records	7 years (for tax and accounting compliance)
Customer Support Communications	2 years from last interaction
Marketing Preferences	Until opt-out or account deletion
Website Usage and Analytics Data	Up to 26 months
Cookie Data	As specified in our Cookie Policy (typically session to 2 years)
Legal Compliance Records	As required by applicable law (typically 5–7 years)

When personal information is no longer required, we securely delete or anonymize it in accordance with our data disposal procedures.

8. Cookie Policy Overview

Our website, cafess-rio.click, uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and deliver relevant content and advertisements.

8.1 What Are Cookies?

Cookies are small text files that are stored on your device (computer, smartphone, or tablet) when you visit a website. They allow the website to recognize your device and remember information about your visit, such as your language preferences, login status, and items in your cart.

8.2 Types of Cookies We Use

Strictly Necessary Cookies: Essential for the website to function properly. These cannot be disabled as they are required for core functionality such as secure login, order processing, and session management.
Performance and Analytics Cookies: Help us understand how visitors interact with our website by collecting anonymous information about pages visited, time spent on the site, and error messages encountered.
Functional Cookies: Allow us to remember your preferences and provide enhanced, personalized features such as saved menu selections and language settings.
Targeting and Advertising Cookies: Used to deliver advertisements that are more relevant to you and your interests. They also help measure the effectiveness of advertising campaigns.

8.3 Managing Cookies

You can control and manage cookies through your browser settings. Most web browsers allow you to refuse cookies, delete existing cookies, or alert you when cookies are being placed. Please note that disabling certain cookies may affect the functionality of our website. For detailed information on how we use cookies and how to manage your preferences, please refer to our full Cookie Policy available on our website at cafess-rio.click.

9. Children's Privacy

Our website and services are intended for individuals who are 18 years of age or older. We do not knowingly collect, use, or disclose personal information from individuals under the age of 18.

Cafe Rio complies with the Children's Online Privacy Protection Act (COPPA), which prohibits the collection of personal information from children under 13 without verifiable parental consent. We do not direct our website or marketing activities toward minors, and we do not knowingly collect personal data from anyone under 18.

If you are a parent or legal guardian and believe that your child under the age of 18 has provided us with personal information without your consent, please contact us immediately at [email protected]. Upon confirmation, we will promptly delete such information from our records.

If we discover that we have inadvertently collected personal information from a person under 18, we will take immediate steps to delete such information from our systems and, where applicable, notify the relevant authorities.

10. International Data Transfers

Cafe Rio is based in the United States, and the information we collect is governed by United States law. If you are accessing our website from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

The data protection laws of the United States and other countries may differ from those in your country of residence. By using our services, you consent to the transfer of your information to the United States and other jurisdictions as described in this Privacy Policy.

We take appropriate steps to ensure that any international transfers of personal data are conducted in compliance with applicable privacy laws and that adequate safeguards are in place to protect your information, including the use of contractual agreements with our international service providers.

If you have questions about the transfer of your data outside your country of residence, please contact us at [email protected].

11. Third-Party Links and Services

Our website may contain links to third-party websites, social media platforms, food delivery apps, or other external services that are not operated by Cafe Rio. These links are provided for your convenience and informational purposes only.

We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services. We strongly encourage you to review the privacy policy of every third-party site you visit before providing any personal information.

Our inclusion of a link to a third-party website does not constitute an endorsement of that site or its privacy practices. Your interactions with third-party sites are governed solely by their respective terms and privacy policies.

12. California-Specific Disclosures

In addition to the rights described in Section 6, California residents are entitled to certain additional disclosures under California law.

12.1 Shine the Light Law

Under California Civil Code Section 1798.83, California residents who have an established business relationship with us may request information about the disclosure of their personal information to third parties for the third parties' direct marketing purposes. To make such a request, please contact us at [email protected] with the subject line "California Shine the Light Request."

12.2 Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your browsing activity tracked. Currently, there is no universal standard for how websites should respond to DNT signals, and our website does not alter its data collection or use practices in response to DNT browser signals. We will update this disclosure if an industry standard is established.

12.3 Categories of Personal Information Collected (CCPA Disclosure)

In the past 12 months, we have collected the following categories of personal information as defined by the CCPA:

Identifiers (name, email address, IP address)
Commercial information (purchase history, order details)
Internet or other electronic network activity information (browsing and interaction data)
Geolocation data (general location derived from IP address)
Inferences drawn from collected information to create a customer profile
Sensitive personal information (payment card data processed by third-party processors; dietary/allergy information where voluntarily provided)

13. Filing a Privacy Complaint

If you believe that Cafe Rio has violated your privacy rights or has not responded adequately to a privacy request, you have the right to file a complaint with the appropriate regulatory authority.

13.1 California Residents

California residents may file a complaint with the California Privacy Protection Agency (CPPA), the state agency responsible for enforcing the CPRA:

California Privacy Protection Agency (CPPA)

Website: cppa.ca.gov

Email: [email protected]

13.2 Federal Complaints

Consumers in any U.S. state may file a complaint with the Federal Trade Commission (FTC) regarding unfair or deceptive trade practices, including privacy violations:

Federal Trade Commission (FTC)

Website: ftc.gov/complaint

Phone: 1-877-382-4357

13.3 Internal Complaint Resolution

We encourage you to contact us first before filing a complaint with a regulatory authority. We are committed to resolving privacy concerns promptly and fairly. Please reach out to our privacy team at:

Privacy Inquiries — Cafe Rio

Email: [email protected]

Website: cafess-rio.click

14. Changes to This Privacy Policy

We reserve the right to update, modify, or replace this Privacy Policy at any time to reflect changes in our business practices, legal requirements, or data handling procedures. When we make material changes to this policy, we will:

Update the "Last Updated" date at the top of this page;
Post the updated Privacy Policy on our website at cafess-rio.click; and
Where required by law or where changes are material, notify you via email or a prominent notice on our website.

We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your information. Your continued use of our website and services following the posting of changes constitutes your acceptance of such changes.

If we make changes that materially affect your rights or how we use your sensitive personal information, we will seek your consent where required by applicable law.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact our privacy team. We are here to help and will respond to your inquiry as promptly as possible.

Privacy Contact Information — Cafe Rio

Business Name: Cafe Rio
Website: cafess-rio.click
Email: [email protected]
Location: United States

Response Time: We aim to respond to all privacy-related inquiries within 10 business days. For formal CCPA/CPRA requests, we will respond within the legally mandated timeframe of 45 days, with the possibility of a 45-day extension where necessary.

This Privacy Policy was last reviewed and updated on April 25, 2026. All prior versions of this Privacy Policy are superseded by this document.