Privacy Policy

Effective Date: May 17, 2026 | Last Updated: May 17, 2026

Important Notice: This Privacy Policy explains how Cafe Rio collects, uses, shares, and protects your personal information when you visit our website at meal-caferio.click or use our food ordering and related services. Please read this policy carefully before using our services.

1. Introduction and Who We Are

Welcome to Cafe Rio. We are a food service business operating in the United States, committed to protecting the privacy and personal information of every individual who interacts with our website, applications, and services. This Privacy Policy has been prepared in accordance with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), and the Federal Trade Commission Act (FTC Act).

Throughout this document, references to "Cafe Rio," "we," "us," or "our" refer to the business operating under the name Cafe Rio. References to "you," "your," or "user" refer to any individual who visits our website at meal-caferio.click, places an order, creates an account, or otherwise engages with our services.

We take privacy seriously. Our goal is to be fully transparent about the data we collect, the reasons we collect it, how long we keep it, and your rights with respect to that data. If you have any questions or concerns about this Privacy Policy at any time, please do not hesitate to contact us using the information provided in Section 16 below.

1.1 Scope of This Policy

This Privacy Policy applies to:

All visitors to our website at meal-caferio.click
Registered account holders and loyalty program members
Customers who place online food orders through our platform
Individuals who contact us via email, phone, or any other communication channel
Recipients of our marketing and promotional communications
Any individual whose personal data is processed in connection with our business operations

This policy does not apply to third-party websites, services, or applications that may be linked from our website. We encourage you to review the privacy policies of any third-party platforms you visit.

2. Information We Collect

We collect various categories of personal information depending on how you interact with our website and services. Below is a detailed breakdown of the types of information we may collect.

2.1 Personal Identification Information

When you create an account, place an order, or communicate with us, we may collect the following personal identification information:

Full name
Email address
Phone number
Billing and shipping address
Date of birth (for age verification purposes)
Username and password for account access
Profile photo (if voluntarily uploaded)

2.2 Payment and Financial Information

When you complete a purchase, we collect payment-related information necessary to process your transaction. This may include:

Credit card or debit card details (processed securely through third-party payment processors)
Billing address associated with your payment method
Transaction history and order records

Please note that we do not store complete credit card numbers on our servers. All payment data is processed through PCI-DSS-compliant third-party payment processors.

2.3 Order and Food Preference Information

As a food service business, we collect information related to your food orders and preferences, including:

Menu items ordered and order frequency
Dietary preferences and restrictions you provide voluntarily
Customizations and special instructions
Delivery or pickup preferences
Order history and spending patterns

2.4 Usage and Behavioral Data

When you visit our website, we automatically collect certain information about how you interact with our platform:

Pages visited and time spent on each page
Links clicked and menu items viewed
Search queries entered on our site
Referring website or source that led you to our site
Shopping cart activity and checkout behavior
Session duration and bounce rates

2.5 Device and Technical Information

We collect technical information about the devices and software you use to access our website:

IP address
Browser type and version
Operating system and device type
Screen resolution and display settings
Time zone and language settings
Unique device identifiers
Network provider and connection type

2.6 Location Information

With your permission, we may collect precise or approximate geolocation data to facilitate food delivery, suggest nearby pickup locations, or provide location-based promotions. You may disable location sharing through your device settings at any time.

2.7 Communications and Customer Support Data

When you contact our customer support team or communicate with us through any channel, we may collect and retain:

Content of messages, emails, and chat transcripts
Feedback, reviews, and survey responses
Records of phone calls (where permitted by applicable law)
Social media interactions and mentions

2.8 Information from Third Parties

We may also receive information about you from third-party sources, including:

Social media platforms (if you log in using a social account)
Third-party delivery partners and aggregator platforms
Marketing partners and advertising networks
Analytics and data enrichment providers

3. How We Use Your Information

We use the personal information we collect for the following purposes:

3.1 Service Provision and Order Fulfillment

Processing and confirming your food orders
Coordinating delivery or pickup of your orders
Managing your account and account preferences
Sending order confirmations and status updates
Handling returns, refunds, and complaints

3.2 Payment Processing

Charging payment for completed orders
Issuing refunds where applicable
Detecting and preventing fraudulent transactions
Complying with financial record-keeping requirements

3.3 Analytics and Service Improvement

Analyzing user behavior to improve our website's performance and usability
Understanding customer preferences to improve our menu offerings
Measuring the effectiveness of our marketing campaigns
Conducting internal research and development
Identifying and resolving technical issues

3.4 Marketing and Promotional Communications

With your consent, or where otherwise permitted by law, we may use your information to:

Send you promotional emails, newsletters, and special offers
Notify you about new menu items, seasonal promotions, and events
Deliver personalized recommendations based on your order history
Run loyalty programs and reward schemes
Display targeted advertisements on third-party platforms

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any email we send, or by contacting us directly at [email protected].

3.5 Legal and Compliance Purposes

Complying with applicable United States federal, state, and local laws
Responding to lawful requests from government authorities
Enforcing our Terms of Service and other agreements
Protecting the rights, property, and safety of Cafe Rio, our customers, and others
Resolving disputes and preventing fraud

4. Legal Bases for Processing Your Information

We process your personal information based on the following legal grounds:

Legal Basis	Examples of Processing Activities
Contract Performance	Processing orders, managing your account, delivering food
Legitimate Interests	Fraud prevention, analytics, security monitoring
Consent	Marketing emails, targeted advertising, non-essential cookies
Legal Obligation	Tax record-keeping, responding to lawful government requests

5. How We Share Your Information

We do not sell your personal information to third parties. However, we may share your information in the following circumstances:

5.1 Service Providers and Business Partners

We engage trusted third-party service providers to assist us in operating our business. These providers may access your information only as necessary to perform their services and are contractually bound to keep your data confidential. Categories of service providers include:

Payment processors (e.g., Stripe, PayPal, Square)
Delivery partners and logistics companies
Email and SMS marketing platforms
Web analytics providers (e.g., Google Analytics)
Cloud hosting and infrastructure providers
Customer support software providers
Fraud detection and security services

5.2 Legal and Regulatory Disclosures

We may disclose your information when required by law or in good faith belief that such disclosure is necessary to:

Comply with a legal obligation, court order, or government request
Protect the safety of any person
Investigate or prevent fraud, security breaches, or illegal activity
Protect Cafe Rio's legal rights and interests

5.3 Business Transfers

In the event of a merger, acquisition, restructuring, sale of assets, or bankruptcy, your personal information may be transferred to a successor entity. We will notify you via email or a prominent notice on our website if such a transfer occurs, and inform you of any choices you may have regarding your information.

5.4 Aggregate and De-Identified Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you with business partners, advertisers, and the public for industry research, analysis, or marketing purposes.

6. Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, and similar tracking technologies on our website to enhance your experience and collect usage data. These technologies help us remember your preferences, understand how visitors use our site, and deliver relevant advertising.

6.1 Types of Cookies We Use

Essential Cookies: Required for the website to function properly (e.g., shopping cart, login sessions)
Analytics Cookies: Help us understand how visitors interact with our website
Preference Cookies: Remember your settings and personalization choices
Marketing Cookies: Used to deliver targeted advertisements and track campaign effectiveness

6.2 Your Cookie Choices

You can control cookie settings through your browser preferences or our cookie consent banner. Please note that disabling certain cookies may affect the functionality of our website. For a full description of the cookies we use and detailed instructions on how to manage them, please refer to our Cookie Policy available on our website.

7. Data Security

We take the security of your personal information seriously and implement a range of technical, organizational, and administrative measures to protect it from unauthorized access, disclosure, alteration, or destruction.

7.1 Security Measures We Employ

SSL/TLS Encryption: All data transmitted between your browser and our website is encrypted using industry-standard SSL/TLS protocols
Secure Payment Processing: Payment data is handled exclusively through PCI-DSS-compliant processors
Access Controls: Access to personal data is restricted to authorized personnel on a need-to-know basis
Password Security: Passwords are stored using one-way hashing algorithms
Regular Security Audits: We conduct periodic reviews of our security practices and systems
Firewall and Intrusion Detection: Our servers are protected by firewalls and monitored for suspicious activity
Employee Training: Our team members are trained on data protection best practices

7.2 Data Breach Response

In the unlikely event of a data breach that affects your personal information, we will notify you and the relevant authorities as required by applicable law, including applicable U.S. state breach notification laws. We will also take immediate steps to contain and remediate any security incident.

Despite our best efforts, no system is completely secure. You are responsible for maintaining the confidentiality of your account credentials and should notify us immediately at [email protected] if you suspect any unauthorized use of your account.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Category of Data	Retention Period
Account information	Duration of account plus 3 years after closure
Order and transaction records	7 years (for tax and accounting purposes)
Payment data	As required by payment processor compliance rules
Marketing preferences	Until you opt out, plus 1 year
Customer support communications	3 years from the date of last interaction
Website usage and analytics data	Up to 26 months
Cookie data	As specified in cookie settings (typically 30 days to 2 years)

When personal information is no longer required, we will securely delete or anonymize it in accordance with our data disposal procedures.

9. Your Privacy Rights

Depending on your state of residence within the United States, you may have specific rights regarding your personal information. We are committed to honoring these rights and making it easy for you to exercise them.

9.1 Rights Under the California Consumer Privacy Act (CCPA/CPRA)

If you are a California resident, you have the following rights under the CCPA, as amended by the CPRA:

Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the sources from which it was collected, the purposes for which it is used, and the third parties with whom it is shared.
Right to Delete: You have the right to request that we delete personal information we have collected from you, subject to certain exceptions.
Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you.
Right to Opt-Out of Sale or Sharing: Although we do not sell personal information in the traditional sense, you have the right to opt out of the sharing of your personal information for cross-context behavioral advertising purposes.
Right to Limit Use of Sensitive Personal Information: You have the right to limit our use and disclosure of sensitive personal information to only what is necessary for performing the requested services.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA privacy rights. We will not deny you goods or services, charge you different prices, or provide a different level of service based solely on your exercise of these rights.

9.2 General Privacy Rights for All Users

Regardless of your state of residence, we offer the following rights to all users where technically feasible:

Access: Request a copy of the personal information we hold about you
Correction: Request correction of inaccurate or incomplete data
Deletion: Request deletion of your personal information
Portability: Request your data in a structured, machine-readable format
Withdrawal of Consent: Withdraw consent for processing activities based on consent
Opt-Out of Marketing: Unsubscribe from marketing communications at any time

9.3 How to Exercise Your Rights

To exercise any of your privacy rights, please submit a request by:

Email: [email protected]
Website: meal-caferio.click

We will acknowledge your request within 10 business days and respond substantively within 45 calendar days of receipt. In complex cases, we may extend this period by an additional 45 days, in which case we will notify you of the extension.

To verify your identity before processing certain requests, we may ask you to provide information that matches what we have on file. We will only use this information for verification purposes.

10. Children's Privacy

Age Requirement: Our services are intended for individuals who are 18 years of age or older. We do not knowingly collect personal information from children under the age of 18.

Cafe Rio's website and food ordering platform are not directed at individuals under the age of 18. We do not knowingly collect, use, or disclose personal information from minors. Our services involve online food ordering and payment processing, which require the user to be a legal adult capable of entering into binding contracts.

If you are a parent or guardian and believe that your child under the age of 18 has provided us with personal information without your consent, please contact us immediately at [email protected]. Upon verification, we will promptly delete the minor's personal information from our records.

We comply with the Children's Online Privacy Protection Act (COPPA) and take appropriate measures to prevent the collection of data from children under 13 years of age.

11. International Data Transfers

Cafe Rio is based in the United States, and your personal information is primarily collected and processed within the United States. However, some of our third-party service providers may be located in or operate data centers in other countries.

When we transfer personal data internationally, we take steps to ensure that your information receives adequate protection in accordance with this Privacy Policy and applicable law. These steps may include:

Entering into data processing agreements with service providers that incorporate appropriate data transfer mechanisms
Using service providers that have certified compliance programs
Relying on other lawful transfer mechanisms as applicable

By using our website and services, you acknowledge that your personal information may be transferred to and processed in countries outside your country of residence, including the United States, which may have different data protection laws than those in your home country.

12. Third-Party Links and Integrations

Our website may contain links to third-party websites, social media platforms, and integrated services (such as third-party delivery apps or payment gateways). We are not responsible for the privacy practices or content of these third-party sites.

We encourage you to review the privacy policies of any third-party services you access through our website. The inclusion of a link does not imply our endorsement of the linked website's privacy practices.

When you use social media login features (e.g., "Login with Google" or "Login with Facebook"), the respective social media platform may also collect data about your interaction with our site. Please refer to their respective privacy policies for details.

13. Do Not Track Signals

Some web browsers have "Do Not Track" (DNT) features that signal to websites that you do not wish to be tracked. Currently, there is no universal standard for responding to DNT signals, and our website does not alter its data collection practices in response to DNT signals. However, you can manage your tracking preferences through our cookie consent settings and browser options.

14. California Shine the Light Law

Under California Civil Code Section 1798.83, California residents who have an established business relationship with us may request information about whether we have disclosed personal information to any third parties for their direct marketing purposes during the preceding calendar year.

To make such a request, please contact us at [email protected] with the subject line "California Shine the Light Request." We will respond to your request within 30 days.

15. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

Post the updated Privacy Policy on our website with a new "Last Updated" date
Send an email notification to registered account holders
Display a prominent notice on our website for a reasonable period following the update

Your continued use of our website or services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. We encourage you to review this page periodically to stay informed about how we protect your information.

16. How to File a Complaint

If you believe that we have not complied with this Privacy Policy or applicable privacy laws, you have the right to file a complaint. We encourage you to first contact us directly so that we can address your concerns promptly.

16.1 Contact Cafe Rio Directly

Please reach out to our privacy team using the contact information in Section 17. We are committed to resolving complaints and will respond within 30 days of receipt.

16.2 File a Complaint with U.S. Authorities

If we are unable to resolve your complaint to your satisfaction, you may contact the relevant regulatory authority:

Federal Trade Commission (FTC):
Website: ftc.gov/complaint
The FTC enforces consumer protection laws, including protections against unfair or deceptive privacy practices under the FTC Act.
California Privacy Protection Agency (CPPA) — for California residents:
Website: cppa.ca.gov
The CPPA enforces the California Consumer Privacy Act (CCPA/CPRA).
Your State Attorney General's Office:
Many U.S. states have consumer protection and privacy enforcement offices. Contact your state's Attorney General for more information about local privacy rights and complaint procedures.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us using any of the following methods:

Cafe Rio — Privacy Contact Information

Business Name	Cafe Rio
Address	United States
Phone	Not provided — please use email for privacy inquiries
Email	[email protected]
Website	meal-caferio.click

When contacting us about a privacy matter, please include your full name, email address, a description of your request or concern, and your state of residence. This will help us process your request efficiently and direct it to the appropriate team member.

We are dedicated to addressing your privacy concerns promptly and transparently. Our privacy team is available during regular business hours, and we aim to acknowledge all inquiries within 2 business days.

Governing Law: This Privacy Policy is governed by the laws of the United States and applicable state laws. For California residents, additional rights are available under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). For all users, consumer protections under the Federal Trade Commission Act (FTC Act) apply.

This Privacy Policy was last reviewed and updated on May 17, 2026. All previous versions of this policy are superseded by this document.