Privacy Policy
Welcome to Cafe Rio. This Privacy Policy explains how Cafe Rio ("we," "us," "our," or "the Company") collects, uses, discloses, and safeguards your personal information when you visit our website at caferiomeal.rest, place orders through our online platform, participate in our loyalty programs, or otherwise interact with our services. We are committed to protecting your privacy and handling your personal data with transparency, integrity, and respect.
Please read this Privacy Policy carefully. By accessing or using our website or services, you acknowledge that you have read, understood, and agree to the practices described in this policy. If you do not agree with the terms set forth herein, please discontinue use of our website and services immediately.
This Privacy Policy applies to all visitors, customers, registered users, and any other individuals who interact with Cafe Rio through our digital or physical channels. This policy is governed by applicable United States federal and state privacy laws, including but not limited to the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and the Federal Trade Commission (FTC) Act, which governs unfair or deceptive trade practices in commerce.
1. About Us / Contact Information
The entity responsible for collecting and processing your personal information under this Privacy Policy is:
| Company Name | Cafe Rio |
|---|---|
| Website | caferiomeal.rest |
| Email Address | [email protected] |
| Location | United States |
For all privacy-related inquiries, requests, or concerns, please contact us using the email address listed above. We will endeavor to respond to all legitimate privacy inquiries within a reasonable timeframe, and no later than the periods required by applicable law.
2. Information We Collect
We collect various types of personal information in the course of operating our food service business, managing our online ordering platform, and providing a personalized customer experience. The categories of information we collect include the following:
2.1 Personal Identification Information
When you register for an account, place an order, participate in a promotion, subscribe to our newsletter, or contact our customer service team, we may collect:
- Full name
- Email address
- Phone number
- Billing and shipping address (including street address, city, state, and ZIP code)
- Date of birth (for age verification and loyalty program purposes)
- Username and password for account access
- Profile preferences and dietary information you voluntarily provide
2.2 Payment and Financial Information
When you make purchases through our website or app, we collect payment-related information such as:
- Credit or debit card details (processed securely through our payment processor; we do not store full card numbers on our servers)
- Billing address associated with the payment method
- Transaction history and order records
- Refund and dispute information
2.3 Order and Transaction Data
Each time you place an order or interact with our menu, we record:
- Items ordered and customization preferences
- Order frequency, timing, and history
- Special instructions and dietary notes
- Loyalty points earned and redeemed
2.4 Usage and Technical Data
When you visit our website, we automatically collect certain technical information about your device and usage patterns, including:
- IP address and approximate geolocation
- Browser type and version
- Operating system and device type
- Pages visited, time spent on each page, and navigation paths
- Referring URLs (the website that directed you to ours)
- Search queries made on our site
- Clickstream data and interaction logs
- Error and crash reports
2.5 Cookie and Tracking Data
We use cookies, web beacons, pixel tags, and similar tracking technologies to collect data about your browsing behavior on our website. For more information, please see Section 9 (Cookie Usage) of this policy.
2.6 Communications Data
If you contact us by email, phone, or through our website's contact forms, we may collect:
- The content of your messages and inquiries
- Records of customer service interactions
- Feedback and survey responses
- Social media interactions and comments directed at our official accounts
2.7 Information From Third Parties
We may also receive personal information about you from third-party sources, such as:
- Social media platforms when you connect your social accounts to your Cafe Rio profile or use social login features
- Third-party delivery partners and food ordering aggregators
- Marketing partners and analytics providers
- Publicly available data sources
3. How We Use Your Information
Cafe Rio uses the personal information we collect for a variety of legitimate business purposes, including:
3.1 Service Provision and Order Fulfillment
- Processing and fulfilling your food orders, including delivery and pickup coordination
- Managing your account and providing access to our online ordering platform
- Sending order confirmations, receipts, and status updates
- Responding to your customer service inquiries and resolving disputes
- Operating our loyalty and rewards programs
3.2 Personalization and User Experience
- Remembering your order preferences and dietary requirements to make future interactions more convenient
- Displaying location-specific menu items, promotions, and availability
- Personalizing content and recommendations based on your past orders and browsing behavior
- Customizing our website layout and features for your device type
3.3 Marketing and Promotional Communications
- Sending you promotional emails, newsletters, and special offers (with your consent where required by applicable law)
- Notifying you of new menu items, limited-time offers, and seasonal specials
- Conducting targeted advertising campaigns across digital platforms
- Inviting you to participate in contests, sweepstakes, and loyalty events
You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any marketing email or by contacting us at [email protected].
3.4 Analytics and Business Improvement
- Analyzing website traffic and user behavior to improve our platform's usability
- Understanding ordering trends and customer preferences to improve our menu and services
- Conducting internal research and business analytics
- Measuring the effectiveness of our marketing campaigns
3.5 Legal Compliance and Safety
- Complying with applicable federal and state laws, regulations, and legal obligations
- Responding to lawful requests from government agencies, law enforcement, or courts
- Protecting the rights, property, and safety of Cafe Rio, our customers, and third parties
- Detecting, investigating, and preventing fraudulent transactions and other illegal activity
- Enforcing our Terms of Service and other agreements
4. Sharing Your Information With Third Parties
We do not sell, rent, or trade your personal information to unaffiliated third parties for their own commercial purposes. However, we may share your information in the following limited circumstances:
4.1 Service Providers and Business Partners
We engage trusted third-party companies and individuals to perform services on our behalf, including:
- Payment processors – to securely handle credit and debit card transactions
- Delivery and logistics partners – to fulfill delivery orders to your specified address
- Cloud hosting and IT providers – to store and manage our data infrastructure
- Email and SMS marketing platforms – to send promotional communications
- Customer relationship management (CRM) software providers – to manage customer interactions
- Analytics providers – such as Google Analytics, to help us understand website usage
- Customer support software providers – to help us manage and resolve support tickets
All service providers are contractually obligated to use your personal information only as necessary to provide services to us and to maintain appropriate security measures consistent with this Privacy Policy and applicable law.
4.2 Legal Requirements and Law Enforcement
We may disclose your personal information if we believe in good faith that such disclosure is necessary to:
- Comply with a legal obligation, subpoena, court order, or governmental request
- Enforce our Terms of Service or other agreements
- Protect the integrity, security, or safety of our website, business, or customers
- Investigate potential violations of the law or our policies
- Protect against legal liability
4.3 Business Transfers
In the event that Cafe Rio undergoes a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of its assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website prior to your information being transferred and becoming subject to a different privacy policy.
4.4 Aggregate and De-Identified Data
We may share aggregated or de-identified information — which cannot reasonably be used to identify you — with partners, advertisers, and the public for business, research, or promotional purposes. This type of sharing does not constitute a disclosure of personal information.
5. Data Security
Cafe Rio takes the security of your personal information seriously and implements a range of technical, administrative, and physical safeguards designed to protect your data from unauthorized access, disclosure, alteration, or destruction. Our security measures include:
- Encryption: We use industry-standard SSL/TLS encryption to protect data transmitted between your browser and our servers.
- Secure payment processing: Payment card data is processed through PCI-DSS compliant third-party processors; we do not store full payment card numbers.
- Access controls: Access to personal information is restricted to employees and contractors who need it to perform their job functions, and all such individuals are bound by confidentiality obligations.
- Regular security assessments: We conduct periodic reviews of our data collection, storage, and processing practices to ensure ongoing compliance with security standards.
- Incident response: We maintain a data breach response plan and will notify affected individuals and relevant authorities in the event of a data breach, as required by applicable law.
Despite our best efforts, no method of data transmission over the internet or method of electronic storage is completely secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security. You use our services at your own risk and are encouraged to take precautions such as using strong, unique passwords for your account.
6. Your Privacy Rights
Depending on your state of residence and applicable law, you may have certain rights with respect to your personal information. Cafe Rio is committed to honoring these rights to the extent required by law.
6.1 Rights Under the California Consumer Privacy Act (CCPA/CPRA)
If you are a California resident, you have the following rights under the CCPA as amended by the CPRA (California Civil Code § 1798.100 et seq.):
- Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the sources from which we collected it, the purposes for which we use it, and the categories of third parties with whom we share it.
- Right to Delete: You have the right to request that we delete the personal information we have collected about you, subject to certain exceptions permitted by law (such as when the information is needed to complete a transaction, comply with a legal obligation, or for other lawful purposes).
- Right to Correct: You have the right to request that we correct inaccurate personal information we hold about you.
- Right to Opt-Out of Sale/Sharing: You have the right to opt out of the "sale" or "sharing" of your personal information as those terms are defined under the CPRA. Note that we do not sell personal information in the traditional sense; however, certain data sharing activities with advertising partners may constitute "sharing" under California law. You may exercise this right by contacting us.
- Right to Limit Use of Sensitive Personal Information: You have the right to limit our use of sensitive personal information (as defined by the CPRA) to purposes strictly necessary to provide our services.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge you different prices, or provide you a different quality of service because you exercised your privacy rights.
To submit a privacy rights request as a California resident, please contact us at [email protected]. We will verify your identity before processing your request and will respond within 45 days, with the possibility of a 45-day extension where reasonably necessary.
6.2 Rights Available to All Users
Regardless of your state of residence, Cafe Rio provides all users with the following privacy rights on a good-faith basis:
- Right to Access: You may request a copy of the personal information we hold about you by contacting us at the email address below.
- Right to Correction: You may update or correct inaccurate information in your account by logging in to your account settings or by contacting us directly.
- Right to Deletion: You may request that we delete your account and associated personal data, subject to legal retention requirements.
- Right to Data Portability: Where technically feasible, you may request that we provide your personal information in a structured, commonly used, and machine-readable format.
- Right to Withdraw Consent: Where we rely on your consent to process your personal information (e.g., for marketing communications), you may withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
To exercise any of these rights, please contact us at [email protected] with the subject line "Privacy Rights Request." Please include sufficient information to verify your identity and specify the right you wish to exercise.
7. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The specific retention periods we apply are as follows:
| Category of Data | Retention Period |
|---|---|
| Account information and order history | Duration of account + 3 years after account closure |
| Payment transaction records | 7 years (for tax and financial compliance purposes) |
| Customer service communications | 3 years from the date of the last interaction |
| Marketing preferences and opt-outs | Indefinitely (to honor your preferences) |
| Website analytics and usage logs | 26 months |
| Legal hold or dispute-related data | Until resolution of dispute or legal proceeding + applicable statute of limitations |
After the applicable retention period expires, we will securely delete or anonymize your personal information in accordance with our internal data disposal procedures.
8. Children's Privacy
Our website and services are intended for use by individuals who are 18 years of age or older. We do not knowingly collect, solicit, or process personal information from anyone under the age of 18. If you are under 18, please do not attempt to register for an account, place an order, or submit any personal information to us through our website.
If we become aware that we have inadvertently collected personal information from a child under the age of 18 without verifiable parental consent, we will take prompt steps to delete that information from our records. If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at [email protected] so that we can investigate and take appropriate action.
This policy is consistent with the requirements of the Children's Online Privacy Protection Act (COPPA), which prohibits the collection of personal information from children under the age of 13 without verifiable parental consent. Our additional restriction of age 18 reflects our decision to limit our services to adults only.
9. Cookie Usage
Cafe Rio uses cookies and similar tracking technologies (such as web beacons, pixel tags, and local storage) to enhance your browsing experience, analyze site traffic, and deliver targeted advertising. Below is a summary of the types of cookies we use:
- Strictly Necessary Cookies: These cookies are essential for the basic functioning of our website, such as maintaining your session, keeping items in your shopping cart, and enabling secure login. You cannot opt out of these cookies as the site cannot function properly without them.
- Performance and Analytics Cookies: These cookies collect information about how visitors use our website, such as which pages are visited most often and whether error messages are encountered. We use tools such as Google Analytics for this purpose. The information collected is aggregated and anonymous.
- Functionality Cookies: These cookies allow our website to remember choices you make (such as your location, language preferences, or saved order configurations) and provide enhanced, personalized features.
- Advertising and Targeting Cookies: These cookies are used to deliver advertisements that are relevant to your interests. They may also be used to limit the number of times you see an advertisement and to measure the effectiveness of advertising campaigns. These cookies may be placed by us or by our advertising partners.
You can manage your cookie preferences through your browser settings. Most web browsers allow you to refuse cookies or delete specific cookies. Please note that disabling certain cookies may impact the functionality of our website and your overall user experience.
For more detailed information about our use of cookies, including instructions on how to opt out of specific types of tracking, please refer to our Cookie Policy.
10. International Data Transfers
Cafe Rio is a United States-based business, and all personal information collected through our website is primarily stored and processed within the United States. The United States may not have data protection laws that are equivalent to those in your country of residence. By using our services, you consent to the transfer of your personal information to the United States.
If we transfer personal information to service providers or partners located outside the United States, we take appropriate measures to ensure that such transfers comply with applicable law and that your information continues to receive an adequate level of protection. These measures may include:
- Executing data processing agreements with our international service providers
- Applying contractual safeguards that require service providers to protect personal data to standards consistent with this Privacy Policy
- Using reputable and security-compliant cloud infrastructure providers
If you are located outside the United States and have concerns about the transfer of your personal data, please contact us at [email protected].
11. Third-Party Links and Services
Our website may contain links to third-party websites, applications, and services that are not operated or controlled by Cafe Rio. This Privacy Policy does not apply to any third-party websites or services. We have no responsibility or liability for the content, privacy practices, or security of any third-party platforms. We encourage you to review the privacy policies of any third-party sites you visit through links on our website.
Examples of third-party services that may be linked from or integrated into our website include:
- Social media platforms (e.g., Facebook, Instagram, Twitter/X)
- Third-party food delivery applications
- Payment gateways and financial technology providers
- Review and rating platforms
12. Do Not Track Signals
Some web browsers include a "Do Not Track" (DNT) feature that signals to websites that the user does not wish to have their online behavior tracked. Currently, there is no universally accepted standard for how websites should respond to DNT signals, and our website does not currently respond to DNT signals. We will continue to monitor developments in this area and update our practices accordingly if a standard is established.
California residents may also be entitled to know whether we honor DNT signals under California's "Shine the Light" law (California Civil Code § 1798.83). We do not currently alter our data collection and use practices in response to DNT signals from browsers.
13. How to File a Complaint
If you have concerns about our privacy practices and are not satisfied with our response to your inquiry, you have the right to file a complaint with a relevant regulatory authority. In the United States, the following avenues are available:
- Federal Trade Commission (FTC): The FTC enforces the FTC Act, which prohibits unfair or deceptive practices in commerce, including those relating to privacy and data security. You may file a complaint with the FTC at www.ftc.gov/complaint or by calling 1-877-FTC-HELP (1-877-382-4357).
- California Attorney General (for California residents): California residents who believe their CCPA/CPRA rights have been violated may submit a complaint to the California Privacy Protection Agency (CPPA) at www.cppa.ca.gov or to the California Attorney General's Office at oag.ca.gov/privacy.
- State Attorneys General: Residents of other U.S. states may contact their respective State Attorney General's office to inquire about applicable state privacy laws and to file complaints related to data privacy violations.
Before filing a complaint with a regulatory authority, we encourage you to first reach out to us directly at [email protected] so that we have the opportunity to address your concerns. We take all privacy complaints seriously and will work with you to find a fair resolution.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our business practices, applicable laws, or the services we offer. When we make material changes to this policy, we will notify you by:
- Posting the updated Privacy Policy on our website at caferiomeal.rest with a revised "Last Updated" date at the top of the page
- Sending you an email notification to the address associated with your account (where applicable)
- Displaying a prominent notice on our website or within our app
Your continued use of our website and services after the effective date of any revised Privacy Policy constitutes your acceptance of the updated terms. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
If you disagree with any changes to this Privacy Policy, you must immediately stop using our services and, if applicable, delete your account. You may contact us at [email protected] to request account deletion.
15. Legal Basis for Processing (Where Applicable)
While Cafe Rio primarily operates under United States law, for transparency purposes we note the following general bases upon which we process personal information:
- Contractual necessity: Processing required to fulfill your order or manage your account relationship with us
- Legitimate business interests: Processing for fraud prevention, security, analytics, and business improvement, where such interests are not outweighed by your privacy interests
- Legal obligation: Processing required to comply with applicable laws and regulations, including tax, financial reporting, and food safety requirements
- Consent: Processing for marketing communications, optional personalization features, or non-essential cookies, where we rely on your freely given, specific, and informed consent
16. Automated Decision-Making
We may use automated systems to analyze your personal information in certain contexts, such as fraud detection algorithms that assess whether a transaction is potentially fraudulent, or personalization engines that recommend menu items based on your past orders. These automated processes are designed to improve service quality and protect our customers and business from harm.
We do not make decisions that produce significant legal effects on individuals solely through automated means without human oversight. If you have concerns about any automated decision-making that has affected you, please contact us at [email protected].
17. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal information, please do not hesitate to contact us:
We are dedicated to addressing your privacy concerns promptly and professionally. When contacting us about a privacy matter, please provide your full name, contact information, and a detailed description of your inquiry or request so that we can assist you as effectively as possible.
This Privacy Policy was last reviewed and updated on June 4, 2026. We thank you for trusting Cafe Rio with your personal information and for taking the time to read and understand how we use it.