Privacy Policy

Effective Date: March 22, 2026 | Last Updated: March 22, 2026

This Privacy Policy describes how Cafe Rio ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you visit our website at cafesrio.top, place orders, interact with our digital services, or otherwise engage with us. We are committed to protecting your privacy and ensuring that your personal data is handled responsibly and in accordance with applicable United States privacy laws, including the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and the Federal Trade Commission (FTC) Act.

Please read this Privacy Policy carefully. By accessing or using our website and services, you acknowledge that you have read, understood, and agree to the practices described in this policy. If you do not agree with any part of this policy, please discontinue use of our website and services immediately.

1. Who We Are

Cafe Rio is a food service business operating in the United States. We provide restaurant and food-related services, including online ordering, menu browsing, reservations, catering inquiries, loyalty programs, and other related services through our digital and physical platforms.

For all privacy-related matters, you may contact us using the following details:

Company Name	Cafe Rio
Website	cafesrio.top
Email Address	[email protected]

2. Information We Collect

We collect various categories of information depending on how you interact with our website and services. The categories below describe the types of personal information we may collect from you.

2.1 Personal Identification Information

When you create an account, place an order, sign up for our newsletter, participate in promotions, or contact our customer support, we may collect personally identifiable information, including but not limited to:

Full name
Email address
Phone number
Billing and delivery address
Date of birth (for age verification or loyalty programs)
Username and password (for account registration)
Payment information (credit/debit card numbers, billing details — processed securely through third-party payment processors)
Profile photographs or avatars (if voluntarily uploaded)

2.2 Transaction and Order Information

When you place orders or make purchases through our platform, we collect information about those transactions, including:

Items ordered, including menu selections, customizations, and dietary preferences
Order history and frequency
Payment method type and transaction identifiers
Delivery or pickup preferences
Special instructions or notes associated with orders
Refund or complaint records

2.3 Usage and Behavioral Data

As you navigate and use our website, we automatically collect certain technical and behavioral data, including:

Pages visited and time spent on each page
Links clicked and navigation patterns
Search queries entered on our website
Features and services you use or interact with
Referral URLs (the website or source that directed you to our site)
Time and date stamps of your visits

2.4 Device and Technical Information

We collect technical information about the device and network you use to access our services, including:

IP address
Browser type and version
Operating system and version
Device type (desktop, mobile, tablet)
Device identifiers
Screen resolution and language settings
Network connection type

2.5 Location Data

With your permission, we may collect precise or approximate geolocation data to assist with features such as finding the nearest Cafe Rio location, estimating delivery distances, and improving location-based services. You may disable location access at any time through your browser or device settings.

2.6 Communications and User-Generated Content

When you communicate with us — including via email, contact forms, live chat, or social media — we may retain records of those communications. This includes:

Customer service inquiries and responses
Feedback, reviews, or ratings submitted about our food or services
Comments or posts made on our platform
Contest or giveaway submissions

2.7 Cookie and Tracking Data

We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your browsing activities. Please refer to Section 8 of this policy for detailed information about our use of cookies.

2.8 Information from Third Parties

We may receive information about you from third-party sources, including:

Social media platforms (if you connect your account or interact with our social media pages)
Third-party food delivery platforms and partners
Analytics and advertising partners
Publicly available databases and directories

3. How We Use Your Information

We use the personal information we collect for a variety of legitimate business purposes, including:

3.1 Service Provision and Order Fulfillment

Processing and fulfilling food orders, deliveries, and reservations
Creating and managing your user account
Communicating order confirmations, updates, and receipts
Handling returns, refunds, and complaints
Providing customer support and responding to inquiries
Enabling loyalty rewards programs and member benefits

3.2 Website Operation and Improvement

Ensuring the proper functioning and security of our website
Diagnosing technical problems and bugs
Analyzing website performance, traffic trends, and user behavior
Developing new features, menu items, and service improvements
Personalizing the content and experience you see on our website

3.3 Marketing and Promotional Communications

Sending promotional emails, newsletters, and special offers — only with your consent or as permitted by law
Running loyalty programs, contests, giveaways, and events
Displaying targeted advertisements on third-party platforms (e.g., social media, search engines)
Measuring the effectiveness of our marketing campaigns

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any email, or by contacting us at [email protected].

3.4 Legal and Compliance Purposes

Complying with applicable federal and state laws and regulations
Responding to lawful requests from government authorities and law enforcement
Enforcing our Terms of Service and other agreements
Protecting the rights, property, and safety of Cafe Rio, our customers, and the public
Preventing, detecting, and investigating fraud, abuse, and illegal activity

3.5 Analytics and Research

Conducting internal research and analytics to understand customer preferences
Improving our menu offerings based on order patterns and feedback
Evaluating customer satisfaction and service quality

4. Sharing Your Information with Third Parties

We do not sell your personal information to third parties for monetary compensation. However, we may share your information with certain trusted partners and entities under the following circumstances:

4.1 Service Providers and Vendors

We work with third-party service providers who assist us in operating our business and delivering services to you. These providers may have access to your personal information solely for the purpose of performing their contracted services and are bound by confidentiality agreements. Categories of service providers include:

Payment processors (e.g., Stripe, Square, PayPal) for secure transaction handling
Food delivery platform partners (e.g., DoorDash, Uber Eats, Grubhub)
Email marketing platforms (e.g., Mailchimp, Klaviyo)
Website hosting and cloud infrastructure providers
Analytics providers (e.g., Google Analytics)
Customer relationship management (CRM) software vendors
IT and cybersecurity service providers

4.2 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, asset sale, or similar corporate transaction involving Cafe Rio, your personal information may be transferred as part of the business assets. We will notify you via email and/or a prominent notice on our website prior to any such transfer, and you will be informed of any changes to this Privacy Policy.

4.3 Legal Requirements and Law Enforcement

We may disclose your personal information when required to do so by law or in good faith belief that such action is necessary to:

Comply with a legal obligation, court order, subpoena, or government request
Protect and defend the legal rights of Cafe Rio
Prevent or investigate possible wrongdoing in connection with our services
Protect the personal safety of our users or the public

4.4 Aggregated and De-Identified Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you with third parties for research, marketing, analytics, or other purposes. This type of sharing does not constitute selling personal information.

4.5 With Your Consent

We may share your personal information with other third parties when you have provided explicit consent for us to do so.

5. Data Security

We take the security of your personal information seriously and have implemented a range of technical, administrative, and physical safeguards designed to protect your data from unauthorized access, loss, misuse, alteration, or destruction.

5.1 Security Measures We Employ

Encryption: All data transmitted between your browser and our website is protected using industry-standard Secure Socket Layer (SSL) / Transport Layer Security (TLS) encryption protocols.
Payment Security: We do not store full credit or debit card numbers on our servers. All payment data is handled by PCI-DSS compliant payment processors.
Access Controls: Access to personal data is restricted to authorized personnel only, on a need-to-know basis. All staff with access to personal data are subject to confidentiality obligations.
Regular Audits: We conduct periodic security reviews and vulnerability assessments of our systems and infrastructure.
Secure Development Practices: Our development team follows secure coding standards and best practices to minimize security vulnerabilities.

5.2 Limitations

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security. In the event of a data breach that affects your rights and freedoms, we will notify you in accordance with applicable state and federal breach notification laws.

6. Your Privacy Rights

Depending on your state of residence, you may have specific rights regarding your personal information. We are committed to honoring these rights in accordance with applicable United States privacy laws.

6.1 Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

Right to Know: You have the right to request that we disclose what personal information we have collected about you, the categories of sources, the purposes for collection, and the categories of third parties with whom we share it.
Right to Access: You have the right to request a copy of the specific personal information we have collected about you over the past 12 months.
Right to Deletion: You have the right to request that we delete personal information we have collected about you, subject to certain exceptions (e.g., completing a transaction, legal obligations).
Right to Correction: You have the right to request that we correct inaccurate personal information we maintain about you.
Right to Opt Out of Sale or Sharing: Although we do not sell personal information for monetary value, to the extent that sharing for cross-context behavioral advertising constitutes a "sale" under CPRA, you have the right to opt out.
Right to Limit Use of Sensitive Personal Information: You have the right to limit our use and disclosure of sensitive personal information to only what is necessary to perform the services.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge you different prices, or provide a different level of quality because you exercised your rights.

6.2 General U.S. Privacy Rights

Regardless of your state of residence, we extend the following rights to all users where feasible:

Right to Access: Request access to the personal information we hold about you.
Right to Correction: Request correction of inaccurate or incomplete personal information.
Right to Deletion: Request erasure of your personal information in certain circumstances.
Right to Portability: Request that we provide your personal data in a structured, commonly used, machine-readable format.
Right to Opt Out of Marketing: Withdraw consent from marketing communications at any time.

6.3 How to Exercise Your Rights

To exercise any of your privacy rights, please submit a verifiable request to us through one of the following methods:

Email: [email protected] with the subject line "Privacy Rights Request"
Website: Visit cafesrio.top and use our online contact form

We will respond to verifiable requests within 45 days. If we need more time, we will notify you of the extension (up to an additional 45 days) along with the reason for the delay. We may need to verify your identity before processing your request to protect against unauthorized disclosure.

You may designate an authorized agent to submit requests on your behalf. The authorized agent must provide written proof of authorization, and we may require additional verification steps.

7. Data Retention

We retain your personal information only for as long as is necessary to fulfill the purposes described in this Privacy Policy, or as required or permitted by applicable law. The following retention guidelines apply:

Category of Data	Retention Period
Account and profile information	Until account deletion request or 3 years of account inactivity
Order and transaction records	7 years (for tax and financial compliance)
Customer service communications	3 years from the date of last interaction
Marketing preferences and consent records	Until consent is withdrawn, plus 1 year
Website analytics and usage data	26 months from date of collection
Cookie data	Varies by cookie type (session to 2 years)
Legal and compliance records	As required by applicable law (typically 7 years)

When personal information is no longer needed, we will securely delete or anonymize it in accordance with our internal data disposal procedures.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our website to enhance your browsing experience, analyze traffic, and deliver personalized content and advertising. This section provides a summary of our cookie practices.

8.1 Types of Cookies We Use

Strictly Necessary Cookies: Essential for the website to function properly. These include session management cookies and security tokens. These cannot be disabled.
Performance and Analytics Cookies: Collect anonymized information about how visitors use our website, including pages viewed and error messages. We use tools such as Google Analytics for this purpose.
Functional Cookies: Remember your preferences and settings, such as your language selection, saved cart items, or login status, to provide a more personalized experience.
Targeting and Advertising Cookies: Used to deliver relevant advertisements based on your browsing interests, and to track the effectiveness of advertising campaigns on third-party platforms.

8.2 Managing Your Cookie Preferences

You can control and manage cookies in several ways:

Through your browser settings (most browsers allow you to block or delete cookies)
Using our cookie consent banner when you first visit our website
Opting out of Google Analytics by using the Google Analytics Opt-Out Browser Add-on
Visiting the Digital Advertising Alliance's opt-out portal at optout.aboutads.info

Please note that disabling certain cookies may affect the functionality of our website and your ability to use some features, including the shopping cart and online ordering system.

9. Children's Privacy

Our website and digital services are intended for users who are 18 years of age or older. We do not knowingly collect, solicit, or maintain personal information from individuals under the age of 18.

We do not direct our services to children, and our website is not designed to attract minors. If you are a parent or guardian and believe that your child under 18 has provided us with personal information without your consent, please contact us immediately at [email protected]. Upon verification, we will take prompt steps to delete such information from our records.

Our practices are also consistent with the Children's Online Privacy Protection Act (COPPA), which prohibits the collection of personal information from children under 13 years of age without verifiable parental consent.

10. International Data Transfers

Cafe Rio is based in the United States, and our primary data processing occurs within the United States. If you are accessing our website from outside the United States, please be aware that your personal information will be transferred to, stored, and processed in the United States, where privacy laws may differ from those in your country of residence.

By using our website and services, you consent to the transfer of your personal information to the United States and to its processing in accordance with this Privacy Policy. We take appropriate steps to ensure that any international data transfers comply with applicable laws and that your personal information remains protected to a standard consistent with this policy.

If you are a resident of the European Economic Area (EEA), United Kingdom, or other jurisdictions with specific data transfer requirements, please note that we will implement appropriate safeguards (such as standard contractual clauses) to ensure the lawful transfer of your personal data.

11. Third-Party Links and Services

Our website may contain links to third-party websites, applications, and services that are not operated or controlled by Cafe Rio. These include food delivery platforms, social media channels, payment processors, and other external services. This Privacy Policy does not apply to those third-party services, and we are not responsible for their privacy practices.

We encourage you to review the privacy policies of any third-party platforms you interact with before providing your personal information. The inclusion of a link to a third-party website does not constitute an endorsement by Cafe Rio.

12. Do Not Track Signals

Some web browsers and devices allow you to transmit a "Do Not Track" (DNT) signal to indicate that you do not wish to have your online activities tracked. Currently, there is no universally accepted standard for how websites should respond to DNT signals. Our website does not currently respond differently to DNT signals, but we do provide you with options to manage your cookie preferences as described in Section 8 above.

We will continue to monitor developments in DNT standards and update our practices accordingly.

13. Your Choices and Opt-Out Options

We believe in giving you meaningful control over your personal information. Below is a summary of choices available to you:

Choice	How to Exercise
Opt out of marketing emails	Click "unsubscribe" in any email or contact [email protected]
Delete your account	Log in to your account settings or contact us at [email protected]
Access or correct your data	Log in to your account or submit a written request to [email protected]
Disable location tracking	Adjust settings in your browser or mobile device
Manage cookies	Use our cookie consent tool or adjust browser settings
Opt out of targeted advertising	Visit optout.aboutads.info

14. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our business practices, legal requirements, or service offerings. When we make material changes, we will:

Update the "Last Updated" date at the top of this page
Post the revised policy on our website at cafesrio.top
Where appropriate, notify you via email or through a prominent notice on our homepage

Your continued use of our website and services after the posting of any revised Privacy Policy constitutes your acceptance of the updated terms. We encourage you to review this policy periodically to stay informed about how we protect your information.

15. Filing a Complaint with a Data Protection Authority

If you have concerns about how we handle your personal information and are not satisfied with our response, you have the right to file a complaint with the appropriate regulatory authority.

15.1 Federal Trade Commission (FTC)

In the United States, the Federal Trade Commission (FTC) is the primary federal agency responsible for consumer protection and enforcing privacy laws. You may file a complaint with the FTC at:

Federal Trade Commission
600 Pennsylvania Avenue, NW
Washington, DC 20580
Website: www.ftc.gov/complaint
Phone: 1-877-FTC-HELP (1-877-382-4357)

15.2 California Attorney General (For California Residents)

California residents who believe their CCPA/CPRA rights have been violated may file a complaint with the California Privacy Protection Agency (CPPA) or the California Attorney General's office:

California Privacy Protection Agency (CPPA)
Website: cppa.ca.gov

California Attorney General — Privacy Complaints
Website: oag.ca.gov/privacy
Phone: 1-916-210-6276

15.3 State Attorney General Offices

Residents of other U.S. states may also contact their respective state Attorney General's office regarding privacy-related complaints. Many states have enacted or are developing consumer privacy laws that provide additional rights and remedies.

16. Contact Us

We value your privacy and are committed to addressing your questions, concerns, and requests promptly. If you have any questions about this Privacy Policy, wish to exercise your privacy rights, or want to report a privacy concern, please contact our privacy team using the information below:

Privacy Inquiries — Cafe Rio

Email: [email protected]

Website: cafesrio.top

Subject Line: Please include "Privacy Policy Inquiry" or "Privacy Rights Request" in the subject line of your email.

We are committed to responding to all legitimate privacy inquiries within 45 days of receipt. If your request is particularly complex or we are handling a large volume of requests, we may extend our response time by an additional 45 days and will inform you accordingly.

We take all privacy complaints seriously and will work with you in good faith to resolve any concerns. If you are not satisfied with our response, you retain the right to escalate your complaint to the relevant regulatory authority as described in Section 15 above.