Privacy Policy

Effective Date: April 22, 2026 | Last Updated: April 22, 2026

Welcome to Cafe Rio. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website cafenrio.rest, place orders, participate in our loyalty programs, or otherwise interact with us. Please read this policy carefully. If you do not agree with the terms of this Privacy Policy, please discontinue use of our services immediately.

This Privacy Policy applies to all information collected through our website (cafenrio.rest), any related mobile applications, our in-restaurant services, online ordering platforms, and any other sales channels, marketing, and events where we collect personal data (collectively referred to as the "Services").

1. Who We Are

Cafe Rio is a food service business operating in the United States. We operate under applicable federal and state laws governing privacy, consumer protection, and data handling.

Business Name	Cafe Rio
Website	cafenrio.rest
Email	[email protected]
Location	United States

For all privacy-related questions, concerns, or requests, you may contact us at [email protected].

2. Information We Collect

We collect several types of information from and about users of our Services. Understanding what data we collect helps you make informed decisions about your interactions with us.

2.1 Personal Information You Provide Directly

When you interact with our Services, you may voluntarily provide us with personal information, including but not limited to:

Identity Information: Full name, username, or similar identifiers.
Contact Information: Email address, mailing address, telephone number, and billing address.
Account Credentials: Username and password used to create and access an account on our platform.
Payment Information: Credit card numbers, debit card details, billing address, and other payment-related data. Note that payment card data is processed through secure, PCI-DSS-compliant third-party payment processors and is not stored directly on our servers.
Order Information: Details about the food items you order, special dietary instructions, delivery preferences, and order history.
Loyalty Program Data: Points accumulated, rewards redeemed, preferences saved within our loyalty or rewards program.
Communications: Messages, feedback, reviews, complaints, or any other correspondence you send to us via email, contact forms, or social media.
Survey Responses: Information you provide when responding to voluntary surveys or participating in promotions.

2.2 Automatically Collected Usage Data

When you visit our website or use our digital Services, certain information is automatically collected by our systems. This includes:

Log Data: Internet Protocol (IP) address, browser type and version, operating system, referring/exit pages, date and time of access, and pages viewed.
Device Information: Hardware model, device type (mobile, tablet, desktop), unique device identifiers, mobile network information, and operating system version.
Location Data: General geographic location derived from your IP address, and, where you give permission, more precise location data from your device's GPS or Wi-Fi signals to assist with finding nearby locations or enabling delivery.
Clickstream Data: Information about how you navigate our website, including the sequence of pages visited, links clicked, and time spent on each page.
Session Information: Duration of your visit, session identifiers, and interaction patterns with our digital content.

2.3 Cookie and Tracking Technology Data

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect data about your browsing behavior on our website. This data may include:

Preferences and settings stored between visits.
Authentication status to keep you logged in.
Analytics data on which features are most popular.
Advertising performance metrics, such as click-through rates.

For full details on how we use cookies and how to manage your preferences, please refer to our Cookie Policy available on our website at cafenrio.rest.

2.4 Information from Third Parties

We may also receive information about you from third-party sources, including:

Social Media Platforms: If you connect your social media account (e.g., Facebook, Google, Apple) to our Services or choose to sign in via social login, we receive certain profile information as permitted by your privacy settings on those platforms.
Delivery Partners: Third-party delivery service providers may share information about your orders and delivery status with us.
Analytics Providers: We receive aggregated and anonymized analytics data from providers such as Google Analytics.
Advertising Partners: We may receive information about your interactions with our ads served on third-party platforms.
Business Partners: Other companies we partner with for promotions, co-branded offers, or integrated services.

3. How We Use Your Information

We use the information we collect for various purposes, all aimed at providing you with an excellent food service experience and improving our business operations. Specifically, we use your information for the following purposes:

3.1 Providing and Managing Our Services

Processing your food orders, including online orders, delivery, and pickup arrangements.
Managing your account, including account creation, verification, and maintenance.
Processing payments and refunds securely.
Administering our loyalty and rewards programs.
Responding to your inquiries, complaints, and support requests in a timely and effective manner.
Sending transactional communications such as order confirmations, receipts, delivery updates, and reservation confirmations.

3.2 Analytics and Business Improvement

Analyzing usage patterns and trends to understand how customers use our Services.
Conducting internal research and development to improve our menu, website, mobile app, and overall customer experience.
Evaluating the effectiveness of our marketing campaigns and promotional activities.
Generating aggregated, anonymized statistical reports for business planning.
Monitoring and improving the performance, security, and stability of our digital platforms.

3.3 Marketing and Promotional Communications

Sending you promotional emails, newsletters, special offers, and information about new menu items — but only where you have consented or where we have a legitimate interest to do so.
Delivering personalized advertisements on our website and on third-party platforms based on your interests and browsing behavior.
Sending push notifications (where you have enabled them) about deals, promotions, or updates relevant to you.
You may opt out of receiving marketing communications at any time by clicking the "unsubscribe" link in any marketing email or by contacting us at [email protected].

3.4 Legal Compliance and Safety

Complying with applicable federal and state laws, regulations, and legal obligations.
Responding to lawful requests from law enforcement, courts, regulatory agencies, or other governmental authorities.
Protecting the rights, property, and safety of Cafe Rio, our customers, employees, and the public.
Detecting, investigating, and preventing fraudulent transactions, unauthorized access, and other illegal activities.
Enforcing our Terms of Service and other legal agreements.

4. Sharing Your Information with Third Parties

We do not sell, rent, or trade your personal information to unaffiliated third parties for their own marketing purposes. However, we do share your information in the following circumstances:

4.1 Service Providers and Business Partners

We engage trusted third-party vendors and service providers who assist us in operating our business and providing our Services. These parties are contractually obligated to use your information only as directed by us and in accordance with this Privacy Policy. Categories of service providers include:

Payment Processors: Companies that handle credit card and payment processing (e.g., Stripe, Square).
Delivery Services: Third-party delivery platforms that fulfill food delivery orders on our behalf.
Cloud Hosting Providers: Services that host our website, databases, and digital infrastructure.
Email and Communication Providers: Platforms that help us send transactional and marketing emails.
Analytics Providers: Tools such as Google Analytics that help us understand website usage.
Customer Support Platforms: Systems we use to manage and respond to customer inquiries.
Marketing and Advertising Platforms: Digital advertising networks and social media platforms for targeted advertising.

4.2 Legal Requirements and Law Enforcement

We may disclose your personal information if required to do so by law or in response to valid legal processes, including:

Complying with a subpoena, court order, or other legal obligation.
Responding to a lawful request by public authorities, including national security or law enforcement agencies.
Protecting against legal liability in connection with legal claims or proceedings.

4.3 Business Transfers

In the event that Cafe Rio undergoes a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of its assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your information.

4.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so, such as when you participate in a co-branded promotion or authorize us to share your data with a partner.

5. Data Security

We take the security of your personal information seriously and implement a range of technical, administrative, and physical safeguards designed to protect your data from unauthorized access, disclosure, alteration, or destruction. Our security measures include:

Encryption: All data transmitted between your browser and our servers is protected using Secure Sockets Layer (SSL) / Transport Layer Security (TLS) encryption protocols.
Access Controls: Access to personal data is restricted to authorized personnel only, on a need-to-know basis, and protected by strong authentication mechanisms.
Secure Payment Processing: All payment card transactions are handled by PCI-DSS-compliant third-party payment processors. We do not store full credit card numbers on our servers.
Regular Security Audits: We conduct periodic reviews of our security practices, systems, and procedures to identify and address potential vulnerabilities.
Data Minimization: We collect only the minimum amount of personal data necessary to fulfill the stated purposes.
Incident Response Plan: We maintain a documented data breach response plan and will notify affected individuals and relevant authorities in accordance with applicable law in the event of a data breach.

Important Notice: While we implement robust security measures, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your information and encourage you to take your own precautions, such as using strong passwords and logging out of your account when using shared devices.

6. Your Privacy Rights

Depending on your state of residence and applicable law, you may have certain rights regarding your personal information. We are committed to honoring these rights in accordance with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) for California residents, and other applicable state privacy laws.

6.1 Rights Available to All Users

Right to Know / Access: You have the right to request information about the personal data we hold about you, including the categories of data collected, the purposes for collection, and the categories of third parties with whom we share it.
Right to Correction: You have the right to request that we correct inaccurate or incomplete personal information we hold about you.
Right to Deletion: You have the right to request that we delete your personal information, subject to certain legal exceptions (e.g., where we are required to retain data for legal compliance).
Right to Opt Out of Marketing: You may opt out of receiving promotional communications from us at any time.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights. We will not deny services, charge different prices, or provide a different quality of service because you exercised your privacy rights.

6.2 Additional Rights for California Residents (CCPA/CPRA)

If you are a resident of California, you have the following additional rights under the CCPA/CPRA:

Right to Know Specific Pieces of Information: You may request specific pieces of personal information we have collected about you over the past 12 months.
Right to Data Portability: You have the right to receive your personal data in a portable, readily usable format that allows you to transmit it to another entity.
Right to Opt Out of Sale or Sharing: Although we do not sell personal information in the traditional sense, to the extent that our advertising activities constitute "sharing" under the CPRA, you have the right to opt out. You may exercise this right by contacting us at [email protected].
Right to Limit Use of Sensitive Personal Information: You have the right to limit our use and disclosure of sensitive personal information to what is necessary to perform our services.
Right to Correct Inaccurate Information: You may request correction of any inaccurate personal information we hold about you.

6.3 How to Submit a Privacy Rights Request

To exercise any of your privacy rights, you may submit a verifiable consumer request by:

Email: [email protected] — Include "Privacy Rights Request" in the subject line.
Website: cafenrio.rest — Use our contact form and specify your request type.

We will verify your identity before processing your request to protect your privacy and prevent unauthorized disclosure. We aim to respond to all verifiable consumer requests within 45 days of receipt. If additional time is required, we will notify you of the extension and the reason for the delay within the initial 45-day period. We may request additional information from you to verify your identity or clarify your request.

You may designate an authorized agent to make a request on your behalf. The authorized agent must provide written permission signed by you and may be required to verify their identity directly with us.

7. Cookie Policy Summary

Our website uses cookies and similar tracking technologies to enhance your browsing experience, remember your preferences, analyze website traffic, and deliver personalized content and advertisements.

7.1 Types of Cookies We Use

Cookie Type	Purpose	Duration
Strictly Necessary	Required for the website to function properly (e.g., login sessions, shopping cart).	Session / Short-term
Performance / Analytics	Collects anonymous data on how visitors use our site to help us improve performance.	Up to 2 years
Functional	Remembers your preferences and settings to provide a more personalized experience.	Up to 1 year
Targeting / Advertising	Used to deliver relevant advertisements based on your interests and track ad campaign effectiveness.	Up to 2 years

You can manage or disable cookies through your browser settings or through our cookie consent tool available on our website. Note that disabling certain cookies may affect the functionality of our Services. For comprehensive details, please read our full Cookie Policy at cafenrio.rest.

8. Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The specific retention periods depend on the type of data and the purpose for which it was collected:

Data Category	Retention Period
Account Information	Duration of account plus 3 years after account closure
Order History and Transaction Records	7 years (for financial and tax compliance purposes)
Customer Support Communications	3 years from the date of last communication
Marketing Preferences and Consent Records	Until you opt out, plus 3 years thereafter
Website Usage and Analytics Data	Up to 26 months (aggregated/anonymized data retained indefinitely)
Payment Information	Processed by third-party payment processors; we retain minimal records as required by law
Legal Compliance Records	As required by applicable law (typically 5–7 years)

When personal information is no longer needed, we will securely delete, anonymize, or destroy it in accordance with our data retention procedures and applicable legal requirements.

9. Children's Privacy

Age Restriction: Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18 years of age.

Cafe Rio's Services are intended for use by adults aged 18 years and older. We do not knowingly collect, solicit, or process personal information from anyone under the age of 18. Our website, mobile applications, and online ordering platforms are not designed for or targeted at children.

If we become aware that we have inadvertently collected personal information from a child under the age of 18, we will take immediate steps to delete such information from our records. If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at [email protected], and we will take appropriate action to remove the information.

This policy is consistent with the requirements of the Children's Online Privacy Protection Act (COPPA), which governs the online collection of personal information from children under 13. While our services are directed at adults 18+, we take our obligations under COPPA seriously and remain vigilant about protecting minors' privacy online.

10. International Data Transfers

Cafe Rio is based in the United States, and your information is collected, processed, and stored primarily within the United States. However, in certain circumstances, your data may be transferred to, stored, or processed outside of the United States by our third-party service providers or partners who may operate in other countries.

If we transfer your personal information internationally, we take appropriate safeguards to ensure that your data is protected in accordance with this Privacy Policy and applicable law. These safeguards may include:

Ensuring that third-party recipients are located in countries that provide an adequate level of data protection.
Entering into appropriate data processing agreements with our international service providers.
Implementing contractual clauses, such as Standard Contractual Clauses (SCCs), where appropriate.

By using our Services, you acknowledge and consent to the transfer of your information to the United States and other countries as described in this section. If you are located outside the United States, please note that the data protection laws in the United States may differ from those in your country of residence.

11. Legal Basis for Processing (Federal and State Law Compliance)

As a business operating in the United States, we comply with all applicable federal and state privacy laws. The key legal frameworks governing our data processing activities include:

Federal Trade Commission Act (FTC Act): We comply with the FTC's guidelines on unfair or deceptive trade practices, including privacy and data security practices.
California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA): For California residents, we adhere to all requirements under these laws, including providing rights to access, deletion, correction, and opt-out of sharing.
CAN-SPAM Act: All commercial email communications from Cafe Rio comply with the CAN-SPAM Act, including providing clear identification of commercial messages and easy opt-out mechanisms.
Children's Online Privacy Protection Act (COPPA): We do not knowingly collect data from children under 13 and take steps to prevent such collection.
Americans with Disabilities Act (ADA): We strive to ensure our digital services are accessible to all users.
State-Specific Privacy Laws: We monitor and comply with privacy laws enacted in various states, including those in Colorado, Virginia, Connecticut, Texas, and other states that have enacted comprehensive consumer privacy legislation.

12. Third-Party Links and Services

Our website and Services may contain links to third-party websites, social media platforms, delivery apps, and other external services that are not operated by us. When you click on these links, you will be directed to third-party sites that have their own privacy policies and terms of service. We have no control over the content, privacy policies, or practices of these third-party sites.

We strongly advise you to review the Privacy Policy of every website you visit. We are not responsible for the privacy practices or the content of any third-party websites linked to or from our Services. The inclusion of any link to a third-party website does not imply our endorsement of that website.

13. Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals to websites. Currently, there is no universally agreed-upon standard for responding to DNT signals. At this time, our website does not respond to DNT signals from browsers. However, we respect your choice to opt out of certain types of tracking through our cookie consent tool and the opt-out mechanisms described in this Privacy Policy.

We continue to monitor developments in DNT and similar privacy-related technologies and will update our practices accordingly if and when a standardized approach is established.

14. Changes to This Privacy Policy

We reserve the right to update, modify, or revise this Privacy Policy at any time to reflect changes in our business practices, legal requirements, or improvements to our Services. When we make material changes to this policy, we will:

Update the "Last Updated" date at the top of this Privacy Policy.
Post the revised policy on our website at cafenrio.rest.
Send an email notification to registered users where required by law or where we deem it appropriate given the nature of the changes.
Display a prominent notice on our website for a reasonable period following the update.

Your continued use of our Services after the effective date of the revised Privacy Policy constitutes your acceptance of the changes. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

15. How to File a Complaint

If you believe that we have not complied with applicable privacy laws or this Privacy Policy, we encourage you to contact us first so that we may address your concerns directly and promptly.

15.1 Contact Cafe Rio Directly

Please submit your complaint or concern to our privacy team at:

Cafe Rio — Privacy Inquiries
Email: [email protected]
Website: cafenrio.rest

We will acknowledge receipt of your complaint within 5 business days and aim to provide a full response within 30 days, unless additional time is required, in which case we will notify you of the delay.

15.2 Complaints to Regulatory Authorities

If you are not satisfied with our response or believe that we are processing your personal data unlawfully, you have the right to lodge a complaint with the relevant regulatory authority. In the United States, the primary regulatory bodies include:

Federal Trade Commission (FTC):
The FTC handles complaints related to unfair or deceptive practices, including privacy violations.
Website: www.ftc.gov
Complaint Portal: reportfraud.ftc.gov
California Privacy Protection Agency (CPPA) — for California Residents:
California residents may file complaints with the CPPA regarding violations of the CCPA/CPRA.
Website: cppa.ca.gov
State Attorney General Offices:
Residents of other states may contact their respective State Attorney General's office regarding privacy-related complaints. Many state AGs have consumer protection divisions that handle data privacy matters.

16. Contact Us

If you have any questions, concerns, comments, or requests regarding this Privacy Policy or our data practices, please do not hesitate to reach out to us. Our privacy team is here to assist you.

Cafe Rio — Privacy Contact Information

Business Name: Cafe Rio

Website: cafenrio.rest

Email: [email protected]

Location: United States

When contacting us about a privacy matter, please include your full name, contact information, and a clear description of your inquiry or request. This will help us process your request efficiently and accurately.

This Privacy Policy was last reviewed and updated on April 22, 2026. We are committed to maintaining transparency and protecting the privacy rights of all our customers and website visitors.