Privacy Policy

Effective Date: April 7, 2026 | Last Updated: April 7, 2026

This Privacy Policy describes how Cafe Rio ("we," "us," or "our") collects, uses, discloses, and protects the personal information of visitors and customers who interact with our website located at cafessrio.click (the "Website") and our food services (collectively, the "Services"). We are committed to protecting your privacy and handling your personal information in a transparent, responsible, and lawful manner consistent with applicable United States federal and state privacy laws.

By accessing or using our Website or Services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please discontinue use of our Website and Services immediately.

We encourage you to read this Privacy Policy carefully and contact us if you have any questions or concerns. Your trust is important to us, and we are dedicated to being transparent about our data practices.

1. About Us and Contact Information

Cafe Rio is a food service business operating in the United States. We provide our customers with quality dining experiences and food-related services through our physical locations and online presence.

Business Name	Cafe Rio
Address	United States
Phone	Not provided
Email	[email protected]
Website	cafessrio.click

For all privacy-related inquiries, requests, or complaints, please contact us using the email address provided above. We will respond to your inquiry promptly and work to resolve any concerns you may have regarding your personal information.

2. Scope of This Privacy Policy

This Privacy Policy applies to all personal information collected through:

Our Website at cafessrio.click
Online ordering platforms and reservation systems we operate or partner with
In-store interactions, loyalty programs, and customer service communications
Email newsletters, promotional campaigns, and marketing communications
Social media platforms and third-party integrations connected to our Services
Any other means through which you voluntarily provide information to us

This Privacy Policy does not apply to the privacy practices of third-party websites, applications, or services that may be linked from our Website. We encourage you to review the privacy policies of any third-party services you access through our Website.

3. Information We Collect

We collect various categories of personal information depending on how you interact with our Website and Services. The information we collect falls into the following categories:

3.1 Personal Identification Information

When you create an account, place an order, make a reservation, sign up for our loyalty program, or contact us directly, we may collect:

Full name
Email address
Phone number
Mailing or delivery address
Date of birth (for age verification and birthday promotions)
Username and password for account access
Profile photo (if voluntarily uploaded)

3.2 Payment and Transaction Information

When you make a purchase or complete a transaction through our Website or Services, we may collect:

Credit or debit card information (processed securely through third-party payment processors)
Billing address
Transaction history and order details
Purchase preferences and dietary preferences you provide at checkout
Gift card or coupon codes

Please note that we do not store your full credit or debit card numbers on our servers. Payment card information is processed by our trusted third-party payment processors who comply with Payment Card Industry Data Security Standards (PCI DSS).

3.3 Usage Data and Analytics

When you visit our Website, we automatically collect certain information about your interaction with the Website, including:

Pages visited and time spent on each page
Links clicked and features used
Search queries entered on our Website
Referring URLs (the website you came from before visiting ours)
Exit pages and navigation patterns
Timestamps of your visits
Session duration and frequency of visits

3.4 Device and Technical Information

We automatically collect technical information about the device and network you use to access our Website, including:

IP address
Browser type and version
Operating system and version
Device type (desktop, mobile, tablet)
Device identifiers and hardware model
Network connection type
Language and time zone settings
Screen resolution

3.5 Location Information

With your consent, we may collect precise or approximate geolocation data from your device to help you find our nearest locations, estimate delivery times, and personalize your experience. You may control location sharing through your device settings.

3.6 Communications and User-Generated Content

We collect information you voluntarily submit when you:

Contact our customer support team via email or contact forms
Leave reviews or ratings for our food or services
Participate in surveys, contests, or promotional activities
Post comments or engage on social media platforms related to our brand
Subscribe to our email newsletter or SMS updates

3.7 Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about your browsing behavior and preferences. For detailed information about the cookies we use, please refer to our Cookie Policy. You can control cookie preferences through your browser settings or our cookie consent tool.

3.8 Information from Third Parties

We may also receive information about you from third-party sources, including:

Social media platforms when you connect your social account to our Services
Third-party delivery and ordering platforms that facilitate your orders
Marketing partners and advertising networks
Publicly available databases and directories
Analytics providers who enrich our usage data

4. How We Use Your Information

We use the personal information we collect for the following purposes, each of which is grounded in a legitimate business purpose or your consent:

4.1 Service Provision and Operations

Processing and fulfilling your food orders, reservations, and deliveries
Creating and managing your customer account
Processing payments and sending transaction confirmations
Administering loyalty reward programs and special promotions
Providing customer support and responding to your inquiries
Enabling in-store pickup and delivery services

4.2 Personalization and User Experience

Personalizing your experience based on past orders and preferences
Recommending menu items relevant to your dietary preferences
Saving your favorite orders for faster future checkout
Customizing website content and promotions based on your location

4.3 Marketing and Communications

Sending promotional emails, offers, and newsletters (where you have opted in)
Delivering targeted advertisements on our Website and third-party platforms
Conducting contests, sweepstakes, and promotional campaigns
Informing you about new menu items, seasonal specials, and events
Sending SMS messages and push notifications with your consent

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any promotional email or by contacting us at [email protected].

4.4 Analytics and Business Improvement

Analyzing website traffic, usage patterns, and customer behavior
Evaluating the effectiveness of our marketing campaigns
Improving our menu offerings, pricing, and service quality
Conducting market research and internal reporting
Identifying technical issues and optimizing website performance

4.5 Safety, Security, and Fraud Prevention

Detecting, investigating, and preventing fraudulent transactions and unauthorized access
Verifying the identity of users accessing our platform
Protecting the security and integrity of our systems and data
Complying with applicable legal and regulatory obligations

4.6 Legal and Compliance Purposes

Complying with applicable United States federal and state laws
Responding to lawful requests from courts, government agencies, or law enforcement
Enforcing our Terms of Service and other policies
Establishing, exercising, or defending legal claims

5. Legal Basis for Processing Your Information

As a business operating in the United States, we process your personal information in accordance with applicable federal and state privacy laws, including the Federal Trade Commission Act (FTC Act), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and other applicable state privacy statutes. Our processing activities are based on the following grounds:

Performance of a Contract: Processing necessary to fulfill your orders and deliver our Services.
Legitimate Interests: Processing for analytics, fraud prevention, marketing, and improving our Services.
Consent: Processing based on your explicit consent, such as for marketing communications, cookies, and location tracking.
Legal Obligation: Processing required to comply with applicable laws and regulations.

6. Sharing Your Information with Third Parties

We do not sell your personal information for monetary consideration. However, we may share your personal information with the following categories of third parties under specific circumstances:

6.1 Service Providers and Business Partners

We engage trusted third-party service providers to assist us in operating our Website and providing our Services. These service providers are contractually obligated to protect your information and may only use it for the specific purpose for which it was shared. Categories of service providers include:

Payment processors and financial service providers
Cloud hosting and data storage providers
Email and SMS marketing platforms
Food delivery and logistics partners
Analytics and business intelligence platforms (e.g., Google Analytics)
Customer relationship management (CRM) software providers
Advertising networks and social media platforms
IT security and fraud detection services

6.2 Legal Requirements and Law Enforcement

We may disclose your personal information when we reasonably believe disclosure is required or permitted by law, including:

Compliance with court orders, subpoenas, or other legal processes
Responding to lawful requests from federal, state, or local government authorities
Protecting the rights, property, or safety of Cafe Rio, our customers, employees, or the public
Investigating or preventing suspected fraud, violations of our policies, or security threats

6.3 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy involving Cafe Rio, your personal information may be transferred to the acquiring or successor entity. We will provide notice of such transfers and any material changes to this Privacy Policy as required by applicable law.

6.4 Advertising and Analytics Partners

We may share aggregated, de-identified, or pseudonymous data with advertising and analytics partners to improve our marketing campaigns and understand our audience better. This data does not directly identify you as an individual.

6.5 Your Consent

We may share your information with other third parties when you have given us your explicit consent to do so.

7. Cookie Policy Summary

Our Website uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and deliver personalized content and advertisements. Cookies are small text files stored on your device when you visit our Website.

7.1 Types of Cookies We Use

Essential Cookies: Necessary for the Website to function correctly. These cannot be disabled.
Performance and Analytics Cookies: Help us understand how visitors use our Website so we can improve it.
Functional Cookies: Allow the Website to remember your preferences and personalize your experience.
Marketing and Advertising Cookies: Used to deliver relevant advertisements to you on our Website and third-party platforms.

You can manage your cookie preferences through our cookie consent banner, your browser settings, or by contacting us at [email protected]. Please note that disabling certain cookies may affect the functionality of our Website. For full details on our cookie practices, please refer to our complete Cookie Policy.

8. Data Security

The security of your personal information is a top priority for Cafe Rio. We implement a range of technical, administrative, and physical security measures to protect your information from unauthorized access, disclosure, alteration, loss, or destruction. These measures include:

Encryption: We use Secure Socket Layer (SSL) / Transport Layer Security (TLS) encryption to protect data transmitted between your browser and our servers.
Access Controls: We restrict access to personal information to authorized employees, contractors, and service providers who have a legitimate business need to access it.
Secure Payment Processing: All payment transactions are processed through PCI DSS-compliant third-party payment processors.
Regular Security Assessments: We conduct regular vulnerability assessments and security audits to identify and address potential risks.
Data Minimization: We collect only the information necessary for the purposes described in this Privacy Policy.
Employee Training: Our staff receives regular training on data privacy and security best practices.
Incident Response: We maintain a data breach response plan to promptly address and mitigate any security incidents.

Despite these measures, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security of your personal information. In the event of a data breach affecting your personal information, we will notify you and applicable regulatory authorities as required by applicable United States federal and state law, including relevant state data breach notification laws.

9. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, as outlined in this Privacy Policy, unless a longer retention period is required or permitted by applicable law. Our general retention guidelines are as follows:

Category of Data	Retention Period
Account and registration information	Duration of active account plus 3 years after account closure
Transaction and order history	7 years (for financial and tax compliance purposes)
Customer support communications	3 years from the date of the last interaction
Marketing and email preferences	Until you opt out, plus 1 year for compliance records
Usage and analytics data	Up to 26 months (in line with Google Analytics standards)
Cookie data	Varies by cookie type (see Cookie Policy)
Legal and compliance records	As required by applicable law, generally up to 7 years

Upon expiration of the applicable retention period, we will securely delete or anonymize your personal information, unless retention is required for pending legal proceedings, regulatory investigations, or other lawful purposes.

10. Your Privacy Rights

Depending on your state of residence and applicable United States privacy laws, you may have the following rights regarding your personal information:

10.1 Right to Know and Access

You have the right to request that we disclose to you the categories and specific pieces of personal information we have collected about you, the sources from which we collected it, the purposes for which we use it, and the categories of third parties with whom we share it.

10.2 Right to Correction

You have the right to request that we correct inaccurate personal information we maintain about you, subject to certain exceptions.

10.3 Right to Deletion

You have the right to request that we delete personal information we have collected from you, subject to certain exceptions permitted by applicable law (such as information needed to complete a transaction, comply with a legal obligation, or detect security incidents).

10.4 Right to Data Portability

You have the right to receive a copy of your personal information in a structured, commonly used, and machine-readable format, and to transmit that information to another service provider where technically feasible.

10.5 Right to Opt Out of Sale or Sharing

Under the CCPA/CPRA, California residents have the right to opt out of the sale or sharing of their personal information for cross-context behavioral advertising. We do not sell personal information for monetary consideration, but if our sharing of personal information with advertising partners constitutes a "sale" or "sharing" under California law, you may exercise your opt-out right by contacting us at [email protected].

10.6 Right to Limit Use of Sensitive Personal Information

California residents have the right to limit the use and disclosure of sensitive personal information (such as precise geolocation, biometric data, and financial information) to purposes necessary to provide the Services you have requested.

10.7 Right to Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. We will not deny you goods or services, charge you different prices, or provide a different quality of service because you exercised your rights under applicable privacy law.

10.8 Right to Withdraw Consent

Where our processing of your personal information is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing performed prior to the withdrawal.

10.9 How to Exercise Your Rights

To exercise any of the rights described above, please submit a verifiable consumer request to us by:

Email: [email protected]
Website: cafessrio.click

We will verify your identity before processing your request to protect the security of your information. We will respond to your request within 45 days as required by the CCPA/CPRA, with a possible extension of an additional 45 days when reasonably necessary with prior notice. We may charge a reasonable fee for excessive or repetitive requests.

You may also designate an authorized agent to submit a request on your behalf by providing written authorization or a valid power of attorney, along with appropriate verification of your identity.

11. Children's Privacy

Our Website and Services are intended solely for individuals who are 18 years of age or older. We do not knowingly collect, solicit, or process personal information from children under the age of 13, or from minors under the age of 18 without verifiable parental consent.

Our practices comply with the Children's Online Privacy Protection Act (COPPA), which prohibits the collection of personal information from children under 13 without verifiable parental consent. If we become aware that we have inadvertently collected personal information from a child under the age of 13 without appropriate consent, we will take prompt steps to delete that information from our records.

If you are a parent or guardian and believe your child has provided personal information to us without your consent, please contact us immediately at [email protected] so that we can take appropriate action.

12. International Data Transfers

Cafe Rio is based in the United States and processes personal information primarily within the United States. However, some of our third-party service providers may be located in or operate from countries outside the United States. If we transfer your personal information to countries outside the United States, we will take appropriate measures to ensure that such transfers comply with applicable privacy laws and that adequate safeguards are in place to protect your information.

These safeguards may include:

Entering into data processing agreements with international service providers that incorporate standard contractual clauses or equivalent protections
Ensuring that recipient countries provide an adequate level of data protection as recognized by applicable laws
Relying on your explicit consent for specific international transfers where required

If you are located outside the United States and use our Services, please be aware that your personal information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your home country. By using our Services, you consent to such transfers as described in this Privacy Policy.

13. California Privacy Rights — CCPA/CPRA

If you are a resident of California, the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (collectively, "CCPA/CPRA") provides you with specific rights regarding your personal information. In addition to the rights outlined in Section 10 above, California residents should be aware of the following:

13.1 Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information from California consumers:

Identifiers (name, email address, IP address, account credentials)
Commercial information (purchase history, transaction records)
Internet and electronic network activity (browsing history, interaction with Website)
Geolocation data (with consent)
Inferences drawn from the above categories to create a profile about consumer preferences
Sensitive personal information (payment card data processed by PCI-compliant processors)

13.2 "Shine the Light" Law

Under California Civil Code Section 1798.83, California residents may request information about our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us at [email protected].

13.3 Do Not Track Signals

Our Website does not currently respond to "Do Not Track" (DNT) browser signals. However, you may control tracking through our cookie consent tool and your browser settings. We will update this section if our practices change in the future.

14. Other U.S. State Privacy Laws

In addition to California privacy law, residents of certain other U.S. states may have similar rights under applicable state privacy statutes, including but not limited to:

Virginia: Consumer Data Protection Act (CDPA)
Colorado: Colorado Privacy Act (CPA)
Connecticut: Connecticut Data Privacy Act (CTDPA)
Utah: Utah Consumer Privacy Act (UCPA)
Texas: Texas Data Privacy and Security Act (TDPSA)

Residents of these states may have rights to access, correct, delete, or opt out of certain processing of their personal information. To exercise these rights, please contact us at [email protected]. We will process requests in compliance with the applicable law of your state of residence.

15. Third-Party Links and Services

Our Website may contain links to third-party websites, social media platforms, food delivery apps, and other external services. These third-party services operate independently and have their own privacy policies, which we encourage you to review. We are not responsible for the privacy practices or content of any third-party websites or services. The inclusion of a link on our Website does not constitute our endorsement of the third party's privacy practices.

16. How to File a Complaint

If you believe that we have not handled your personal information in accordance with this Privacy Policy or applicable privacy laws, we encourage you to first contact us directly so that we may address your concerns:

Privacy Contact:
Email: [email protected]
Website: cafessrio.click

We are committed to investigating and resolving privacy complaints in a timely manner. We will acknowledge receipt of your complaint within 10 business days and work to resolve the issue within 45 days, or as required by applicable law.

16.1 Filing a Complaint with Government Authorities

If you are not satisfied with our response or believe your privacy rights have been violated, you have the right to file a complaint with relevant regulatory authorities:

Federal Trade Commission (FTC): The FTC enforces federal consumer protection laws, including unfair or deceptive privacy practices under Section 5 of the FTC Act. You can file a complaint at www.ftc.gov/complaint or call 1-877-FTC-HELP (1-877-382-4357).
California Privacy Protection Agency (CPPA): California residents may file complaints regarding violations of the CCPA/CPRA with the California Privacy Protection Agency at cppa.ca.gov.
State Attorney General Offices: Residents of other states may file complaints with their respective state attorney general's office or consumer protection division regarding privacy violations under applicable state law.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, applicable laws, or business operations. When we make material changes, we will notify you by:

Posting the updated Privacy Policy on our Website with a new "Last Updated" date
Sending an email notification to the email address associated with your account
Displaying a prominent notice on our Website or through our Services

We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your information. Your continued use of our Website or Services after any changes to this Privacy Policy constitutes your acceptance of the updated terms. If you do not agree with the changes, please discontinue use of our Website and contact us to close your account and request deletion of your personal information.

18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to reach out to us. We are here to help and are committed to addressing your privacy concerns promptly and effectively.

Cafe Rio — Privacy Inquiries

Business Name: Cafe Rio

Location: United States

Email: [email protected]

Website: cafessrio.click

We strive to respond to all privacy-related inquiries within 10 business days. For requests relating to the exercise of your statutory privacy rights, we will respond within the timeframes required by applicable law, generally within 45 days of receipt of a verified request.