Privacy Policy

Effective Date: March 29, 2026 | Last Updated: March 29, 2026

This Privacy Policy describes how Cafe Rio ("we," "us," "our," or the "Company") collects, uses, discloses, and safeguards your personal information when you visit our website at riosscafe.rest, use our online ordering services, interact with us on social media, or otherwise engage with our business. Please read this policy carefully. If you do not agree with the terms of this Privacy Policy, please discontinue use of our website and services immediately.

We are committed to protecting your privacy and handling your personal information with transparency, integrity, and care. This policy is designed to comply with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other applicable consumer protection regulations.

1. About Us

Cafe Rio is a food service business dedicated to providing quality dining experiences to our customers. We operate the website riosscafe.rest and offer online ordering, reservation inquiries, and informational services through our digital platforms.

For all privacy-related inquiries, please contact us using the following details:

Business Name	Cafe Rio
Website	riosscafe.rest
Email Address	[email protected]

2. Information We Collect

We collect several types of information from and about users of our website and services. The categories of personal information we may collect include, but are not limited to, the following:

2.1 Personal Identification Information

When you interact with our website, place an online order, make a reservation, subscribe to our newsletter, or contact us, we may collect:

Full name
Email address
Phone number
Billing and shipping address (for delivery or catering orders)
Date of birth (when relevant for age-verification purposes or promotional offers)
Payment information (credit/debit card numbers, expiration dates — processed securely through third-party payment processors)
Dietary preferences or food allergy information you voluntarily provide
Account login credentials (username and password) if you create an account

2.2 Usage Data and Technical Information

When you visit our website, our servers and analytics tools automatically collect certain technical information, including:

Internet Protocol (IP) address
Browser type and version
Operating system and device type
Pages visited, time spent on pages, and links clicked
Referring URLs (the website you came from before visiting ours)
Date and time stamps of your visit
Search terms used within our website
Geographic location data (at the city or region level, derived from IP address)

2.3 Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about your interactions with our website. These technologies help us recognize your browser, remember your preferences, and improve your overall experience. Please refer to Section 8 of this Privacy Policy for detailed information about our use of cookies and your choices regarding them.

2.4 Device Information

We may collect information about the device you use to access our website and services, including:

Device identifiers (such as advertising IDs)
Mobile carrier (if accessing via a mobile device)
Screen resolution and display settings
Hardware model and firmware version
Network connection type (Wi-Fi, cellular, etc.)

2.5 Communications Data

If you contact us via email, phone, our website contact form, or social media, we may retain the content of your communications, including any personal information you choose to share with us in the process of seeking customer service or providing feedback.

2.6 Transaction Data

When you place an order through our website or associated third-party delivery platforms, we collect information about the transaction, including items ordered, order value, payment method used, delivery address, and order history.

2.7 Information You Voluntarily Provide

We may collect additional personal information that you voluntarily provide when participating in surveys, contests, sweepstakes, promotional activities, or loyalty programs that we may offer from time to time.

3. How We Use Your Information

We use the personal information we collect for a variety of legitimate business purposes. Specifically, we may use your information to:

3.1 Service Provision and Operations

Process and fulfill your food orders, reservations, and catering requests
Create and manage your user account (if applicable)
Process payments and send transaction confirmations and receipts
Communicate with you about your orders, including updates on order status
Provide customer support and respond to your inquiries and complaints
Verify your identity and prevent fraudulent activity
Ensure the security and proper functioning of our website and services

3.2 Analytics and Service Improvement

Analyze usage patterns and trends to understand how customers use our website and services
Monitor the performance and functionality of our website
Identify and fix technical errors, bugs, and issues
Develop new features, products, and services based on customer behavior and preferences
Conduct internal research and business analysis

3.3 Marketing and Promotional Communications

Send you promotional emails, newsletters, special offers, and updates about Cafe Rio — but only where you have provided consent or we have a legitimate interest in doing so
Personalize marketing communications based on your order history and preferences
Deliver targeted advertising through third-party advertising networks (where permitted)
Notify you about loyalty program benefits, rewards, and promotions
Conduct contests, sweepstakes, and other promotional activities

Opt-Out: You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any of our emails, or by contacting us at [email protected]. Please note that even if you opt out of marketing emails, we may still send you transactional communications related to your orders or account.

3.4 Legal Compliance and Protection

Comply with applicable laws, regulations, and legal obligations
Respond to lawful requests from government authorities, courts, or law enforcement agencies
Enforce our Terms of Service and other policies
Protect the rights, property, and safety of Cafe Rio, our customers, and the public
Detect, investigate, and prevent fraudulent transactions and other illegal activities

4. Sharing Your Information with Third Parties

We respect your privacy and do not sell your personal information to third parties. However, we may share your information with trusted third parties in the following limited circumstances:

4.1 Service Providers and Business Partners

We engage third-party companies and individuals to perform services on our behalf. These service providers may have access to your personal information solely for the purpose of performing their services and are contractually obligated to protect your information and use it only as directed by us. These services include:

Payment processing (e.g., Stripe, Square, PayPal)
Food delivery platform integrations (e.g., DoorDash, Grubhub, UberEats)
Email marketing and communication platforms (e.g., Mailchimp, Klaviyo)
Website hosting and cloud infrastructure providers
Analytics and website performance tools (e.g., Google Analytics)
Customer support software providers
Cybersecurity and fraud detection services
Accounting and financial services providers

4.2 Legal Requirements

We may disclose your personal information if we are required to do so by law or in good-faith belief that such action is necessary to:

Comply with a legal obligation, court order, subpoena, or government request
Protect and defend the legal rights or property of Cafe Rio
Prevent or investigate possible wrongdoing in connection with our services
Protect the personal safety of users of our services or the public
Protect against legal liability

4.3 Business Transfers

If Cafe Rio undergoes a merger, acquisition, reorganization, sale of assets, or bankruptcy, your personal information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website prior to your personal information being transferred and becoming subject to a different privacy policy.

4.4 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you with third parties for research, marketing, analytics, and other business purposes.

4.5 With Your Consent

We may share your personal information with other third parties when we have your explicit consent to do so, such as when you participate in a co-branded promotion or opt into a partner program.

5. Data Security

We take the security of your personal information seriously and implement a variety of administrative, technical, and physical security measures designed to protect your data from unauthorized access, disclosure, alteration, and destruction. Our security measures include:

Encryption: We use Secure Socket Layer (SSL) / Transport Layer Security (TLS) encryption to protect data transmitted between your browser and our website.
Secure Payment Processing: Payment card information is processed through PCI DSS-compliant third-party payment processors. We do not store full credit card numbers on our servers.
Access Controls: Access to personal information is restricted to authorized personnel who need it to perform their job functions, and such personnel are bound by confidentiality obligations.
Regular Security Audits: We conduct periodic reviews of our data collection, storage, and processing practices to ensure security compliance.
Firewalls and Intrusion Detection: We deploy firewalls, intrusion detection systems, and other cybersecurity tools to protect our infrastructure.
Employee Training: Our staff receive ongoing training on data privacy and security best practices.

Important Notice: While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately at [email protected].

6. Your Privacy Rights

Depending on your state of residence within the United States, you may have specific rights regarding your personal information. Residents of California have rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). We extend similar rights to all of our users where practicable.

6.1 Right to Know and Access

You have the right to request that we disclose information about the personal data we have collected, used, shared, or sold about you over the past 12 months. This includes the categories of personal information collected, the purposes for collection, the categories of third parties with whom we shared it, and the specific pieces of personal information we hold about you.

6.2 Right to Correction

You have the right to request that we correct inaccurate personal information we hold about you. Upon receiving a verified request, we will use commercially reasonable efforts to correct the information unless an exception applies.

6.3 Right to Deletion

You have the right to request the deletion of personal information we have collected about you. Upon receiving and verifying your request, we will delete your personal information from our records and instruct our service providers to do the same, subject to certain exceptions permitted by law (such as where retention is necessary to complete a transaction, comply with a legal obligation, or for other legitimate business purposes).

6.4 Right to Data Portability

You have the right to receive a copy of the personal information we hold about you in a structured, commonly used, and machine-readable format, and to request that we transmit this information to another entity, where technically feasible.

6.5 Right to Opt Out of Sale or Sharing

Under the CCPA/CPRA, you have the right to opt out of the sale or sharing of your personal information with third parties for cross-context behavioral advertising. If we engage in such activities, we will provide a "Do Not Sell or Share My Personal Information" link on our website. As of the effective date of this policy, we do not sell personal information to third parties for monetary consideration.

6.6 Right to Limit Use of Sensitive Personal Information

California residents have the right to limit our use and disclosure of sensitive personal information (such as financial account information, precise geolocation, or health-related data) to only that which is necessary to provide the services you request.

6.7 Right to Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. We will not deny you goods or services, charge you different prices, or provide you with a different level of service based solely on your exercise of your privacy rights, except where the difference is reasonably related to the value of your data.

6.8 How to Exercise Your Rights

To submit a privacy rights request, please contact us by:

Email: [email protected] with the subject line "Privacy Rights Request"

We will acknowledge your request within 10 business days and respond substantively within 45 calendar days of receipt. If we require additional time (up to 90 days total), we will notify you of the extension and the reasons for it. We may need to verify your identity before processing your request to protect your personal information from unauthorized access.

You may designate an authorized agent to submit a request on your behalf. The authorized agent must provide written proof of authorization, and we may require you to directly verify your identity with us.

7. Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting obligations. The following general retention periods apply:

Type of Data	Retention Period
Account and profile information	Duration of account activity, plus 3 years after account closure
Order and transaction records	7 years (for tax and accounting compliance purposes)
Customer support communications	2 years from the date of the interaction
Marketing preferences and opt-out records	Indefinitely (to honor your opt-out preferences)
Website usage and analytics data	Up to 26 months (as per industry standard analytics tools)
Cookie data	Varies by cookie type (session cookies expire when you close your browser; persistent cookies have specific expiration dates)
Legal compliance records	As required by applicable law, typically 5–7 years

When personal information is no longer required for the purposes it was collected, we will securely delete, anonymize, or de-identify it in accordance with our internal data retention and disposal procedures.

8. Cookie Policy

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and support our marketing efforts. A cookie is a small text file stored on your device when you visit a website. We use the following types of cookies:

8.1 Types of Cookies We Use

Strictly Necessary Cookies: Essential for the operation of our website. These cookies enable core functions such as security, network management, and accessibility. You cannot opt out of these cookies as they are required for the site to function.
Performance and Analytics Cookies: These cookies help us understand how visitors interact with our website by collecting and reporting anonymous information. We use tools like Google Analytics for this purpose.
Functionality Cookies: These cookies allow our website to remember choices you make (such as your username, language preferences, or region) and provide enhanced, personalized features.
Targeting and Advertising Cookies: These cookies are used to deliver advertisements that are relevant to you and your interests. They also limit the number of times you see an ad and help measure the effectiveness of advertising campaigns.

8.2 Managing Cookies

Most web browsers allow you to manage your cookie preferences through the browser settings. You can set your browser to refuse cookies, delete existing cookies, or alert you when cookies are being sent. However, please note that disabling certain cookies may affect the functionality of our website and your ability to use certain features. You may also opt out of interest-based advertising by visiting the Digital Advertising Alliance opt-out page at www.aboutads.info/choices or the Network Advertising Initiative at www.networkadvertising.org/choices.

9. Children's Privacy

Age Restriction: Our website and services are intended for individuals who are 18 years of age or older. We do not knowingly collect, solicit, or maintain personal information from children under the age of 18.

We are committed to complying with the Children's Online Privacy Protection Act (COPPA). If we become aware that we have inadvertently collected personal information from a child under the age of 13 without verifiable parental consent, we will take immediate steps to delete that information from our records. If you believe that we may have collected information from a minor, please contact us immediately at [email protected].

Parents and guardians who believe their child has submitted personal information to us without consent should contact us using the contact information provided in this policy. We will promptly investigate and take appropriate action.

10. International Data Transfers

Cafe Rio is based in the United States, and our primary operations and data processing activities take place within the United States. However, some of our third-party service providers may be located in, or operate infrastructure in, other countries. If you are accessing our website from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States or other countries where data protection laws may differ from those in your home country.

By using our website and services, you consent to the transfer of your personal information to the United States and other countries where our service providers operate, subject to appropriate safeguards and protections as described in this Privacy Policy. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy when transferred internationally.

For users located in jurisdictions that restrict the international transfer of personal data (such as the European Economic Area), we will implement appropriate safeguards, such as standard contractual clauses approved by applicable regulatory authorities, to ensure that your personal information receives an adequate level of protection.

11. Third-Party Websites and Links

Our website may contain links to third-party websites, online ordering platforms, social media pages, and other external services that are not operated or controlled by Cafe Rio. We are not responsible for the privacy practices of these third-party websites and services. This Privacy Policy applies only to information collected through our website at riosscafe.rest and our associated services.

We strongly encourage you to review the privacy policies of any third-party websites you visit through links on our website, as their practices may differ substantially from ours. The inclusion of a link on our website does not constitute an endorsement or recommendation of the linked website's privacy practices.

12. California Privacy Rights — Supplemental Disclosure

In addition to the rights described in Section 6, California residents are entitled to additional disclosures under the CCPA and CPRA. The following summarizes our data practices as required by California law:

12.1 Categories of Personal Information Collected in the Past 12 Months

Category	Collected?	Purpose
Identifiers (name, email, IP address, etc.)	Yes	Order processing, account management, analytics
Commercial information (purchase history)	Yes	Order fulfillment, personalization, accounting
Internet/electronic activity	Yes	Website analytics, security, improvement
Geolocation data	Yes (city/region level)	Delivery services, analytics
Inferences drawn from personal information	Yes	Marketing personalization
Sensitive personal information (payment data)	Yes (processed by third parties)	Payment processing
Biometric data	No	N/A

12.2 Shine the Light Law

California Civil Code Section 1798.83 (the "Shine the Light" law) permits California residents to request information regarding the disclosure of personal information to third parties for direct marketing purposes once per calendar year. To make such a request, please contact us at [email protected].

13. How to File a Complaint with a Data Protection Authority

If you believe your privacy rights have been violated and you are not satisfied with our response to your complaint or inquiry, you have the right to file a complaint with the relevant regulatory authority.

13.1 California Residents

California residents may file complaints with the California Privacy Protection Agency (CPPA), which is the state agency responsible for enforcing the CCPA/CPRA:

California Privacy Protection Agency (CPPA)
Website: cppa.ca.gov
Address: 2101 Arena Boulevard, Sacramento, California 95834
Email: [email protected]

13.2 Federal Consumer Protection

Consumers across the United States may also file complaints with the Federal Trade Commission (FTC) regarding deceptive or unfair business practices, including privacy violations:

Federal Trade Commission (FTC)
Website: ftc.gov/complaint
Phone: 1-877-FTC-HELP (1-877-382-4357)
Address: 600 Pennsylvania Avenue NW, Washington, DC 20580

We encourage you to contact us first at [email protected] before filing a formal complaint, as we are committed to resolving any privacy concerns promptly and fairly.

14. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, legal requirements, or operational needs. When we make material changes to this policy, we will notify you by:

Posting the updated Privacy Policy on our website at riosscafe.rest with a revised "Last Updated" date
Sending an email notification to users who have provided their email address (for material changes)
Displaying a prominent notice on our website home page

Your continued use of our website and services following the posting of a revised Privacy Policy constitutes your acknowledgment of and agreement to the updated terms. We encourage you to periodically review this page for the latest information on our privacy practices.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please do not hesitate to contact us. We are here to help and committed to addressing your privacy concerns in a timely and transparent manner.

Company Name	Cafe Rio
Website	riosscafe.rest
Email	[email protected]
Privacy Requests	Please email with subject line: "Privacy Rights Request"

Response Time: We aim to acknowledge all privacy inquiries within 5 business days and provide a full response within 30 to 45 calendar days. For complex requests, we may require up to 90 days and will notify you accordingly.

This Privacy Policy was last updated on March 29, 2026. This document constitutes the complete and current privacy policy of Cafe Rio with respect to our website at riosscafe.rest and our associated services. If any provision of this Privacy Policy is found to be unenforceable or invalid, that provision shall be limited or eliminated to the minimum extent necessary so that this Privacy Policy shall otherwise remain in full force and effect and enforceable.