Privacy Policy

Effective Date: June 9, 2026  |  Last Updated: June 9, 2026

This Privacy Policy describes how Cafe Rio ("we," "us," "our," or "the Company") collects, uses, discloses, and protects your personal information when you visit our website at caferio-fresh.rest, place orders, use our services, or otherwise interact with us. Please read this policy carefully. By accessing or using our website and services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.

We are committed to protecting your privacy and handling your personal information with transparency, integrity, and respect. This policy applies to all visitors, customers, and users of our website and services, regardless of how you access them — whether through a desktop computer, mobile device, tablet, or any other means.

If you have any questions about this Privacy Policy or our data practices, please contact us using the information provided at the end of this document.

1. About Cafe Rio

Cafe Rio is a food service business operating in the United States. We offer fresh, made-to-order food and beverages through our restaurant locations and online ordering platform. Our website, caferio-fresh.rest, serves as an online portal for customers to browse our menu, place orders, make reservations, and engage with our brand.

For all privacy-related inquiries, you may contact us at:

Cafe Rio
Email: [email protected]
Website: caferio-fresh.rest

2. Applicable Law

Cafe Rio operates in the United States and complies with applicable federal and state privacy laws, including but not limited to:

  • The California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) — applicable to California residents.
  • The Federal Trade Commission Act (FTC Act) — governing unfair or deceptive practices in commerce, including data privacy and security.
  • The Children's Online Privacy Protection Act (COPPA) — governing online collection of personal information from children under 13.
  • The CAN-SPAM Act — governing commercial email communications.
  • Other applicable state privacy laws, including those in Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and Utah (UCPA), where relevant.

We are dedicated to maintaining compliance with all applicable privacy regulations and updating our practices as laws evolve.

3. Information We Collect

We collect various types of personal and non-personal information when you interact with us. The categories of information we collect are outlined below.

3.1 Personal Information You Provide Directly

When you use our website, create an account, place an order, or communicate with us, you may voluntarily provide us with personal information, including:

  • Identification Information: Your full name, username, or similar identifiers.
  • Contact Information: Email address, telephone number, and mailing or delivery address.
  • Account Credentials: Username, password, and security questions (stored in encrypted form).
  • Order and Transaction Information: Details of items ordered, special dietary requests, order history, and preferences.
  • Payment Information: Credit or debit card numbers, billing address, and other payment details. Note: Full payment card information is processed by our third-party payment processors and is not stored on our servers.
  • Communications: Messages, emails, feedback, survey responses, or other content you send to us.
  • Loyalty Program Information: If you enroll in our loyalty or rewards program, we collect relevant program participation data.
  • Dietary Preferences and Allergen Information: Any dietary restrictions or allergen information you voluntarily provide to customize your order.

3.2 Information Collected Automatically

When you visit our website or use our digital services, we may automatically collect certain technical and usage data, including:

  • Device Information: Device type, operating system, browser type and version, screen resolution, and device identifiers.
  • Log Data: IP address, access timestamps, pages visited, referring URLs, and browser activity logs.
  • Usage Data: Information about how you interact with our website, including which pages you visit, how long you spend on each page, links clicked, search queries, and navigation patterns.
  • Location Data: Approximate geographic location derived from your IP address. If you grant permission, we may collect more precise GPS-based location data through your device.
  • Cookie and Tracking Data: Data collected through cookies, web beacons, pixel tags, and similar tracking technologies. Please refer to our Cookie Policy section below for more information.

3.3 Information from Third Parties

We may receive personal information about you from third-party sources, including:

  • Social Media Platforms: If you connect your social media account or interact with our social media pages, we may receive publicly available profile information.
  • Payment Processors: Transaction confirmation and limited payment verification data from our payment processing partners.
  • Analytics Providers: Aggregated or anonymized behavioral data from third-party analytics tools.
  • Delivery Partners: Delivery address and order status information from third-party delivery service providers.
  • Review Platforms: Publicly posted reviews or ratings you submit on third-party review platforms.

3.4 Sensitive Personal Information

In certain limited circumstances, we may collect information that qualifies as "sensitive personal information" under applicable law, such as precise geolocation data or dietary information that may indicate health conditions. We collect such information only when necessary to fulfill your requests, and we handle it with additional care and security measures. We do not sell or share sensitive personal information for cross-context behavioral advertising purposes.

4. How We Use Your Information

We use the personal information we collect for specific, legitimate purposes directly related to providing and improving our food services. The primary purposes for which we use your data include:

4.1 Providing and Managing Our Services

  • Processing and fulfilling your food orders, both online and in-store.
  • Managing your account, loyalty program membership, and order history.
  • Facilitating payments and preventing fraudulent transactions.
  • Coordinating delivery or pickup services.
  • Communicating with you about your orders, including confirmations, updates, and issues.
  • Responding to your inquiries, complaints, and customer service requests.

4.2 Improving Our Services and Operations

  • Analyzing usage patterns and customer feedback to enhance our menu, website functionality, and overall service quality.
  • Conducting internal research, data analytics, and business reporting.
  • Identifying and fixing technical errors, bugs, or security vulnerabilities.
  • Developing new products, features, or service offerings based on customer preferences.

4.3 Marketing and Promotional Communications

  • Sending you promotional emails, newsletters, or notifications about special offers, new menu items, discounts, and events — but only where you have provided consent or where we have a legitimate interest to do so.
  • Personalizing marketing communications based on your order history and preferences.
  • Administering contests, sweepstakes, surveys, and other promotional activities.
  • Delivering targeted advertisements through our website and third-party platforms.

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any marketing email, updating your account preferences, or contacting us directly at [email protected].

4.4 Legal and Compliance Purposes

  • Complying with applicable federal and state laws, regulations, and legal obligations.
  • Responding to lawful requests from government authorities or law enforcement agencies.
  • Protecting our legal rights, interests, and property.
  • Preventing, detecting, and investigating fraud, abuse, security incidents, and other harmful activity.
  • Enforcing our Terms of Service and other applicable agreements.

5. Legal Basis for Processing

We process your personal information on the following legal grounds:

  • Contractual Necessity: Processing necessary to fulfill your orders and provide our services as requested.
  • Legitimate Interests: Processing necessary for our legitimate business interests, such as fraud prevention, analytics, and service improvement, provided those interests are not overridden by your rights.
  • Consent: Where you have given us explicit consent to process your data for specific purposes, such as marketing communications or precise location tracking.
  • Legal Obligation: Processing required to comply with applicable laws and regulations.

6. Sharing Your Information with Third Parties

We do not sell your personal information to third parties for monetary compensation. However, we may share your personal information with certain trusted third parties in the following circumstances:

6.1 Service Providers and Business Partners

We engage third-party service providers who assist us in operating our business and delivering our services. These providers may access your personal information only to perform specific functions on our behalf and are contractually obligated to protect your data. These service providers include:

  • Payment Processors: Companies that securely process payment transactions on our behalf.
  • Delivery Services: Third-party delivery companies that fulfill delivery orders.
  • Cloud Hosting Providers: Companies that host and maintain our website and data infrastructure.
  • Analytics Providers: Tools such as Google Analytics that help us understand website usage patterns.
  • Email Marketing Platforms: Services that manage and send our marketing communications.
  • Customer Support Tools: Platforms used to manage and respond to customer inquiries.
  • Loyalty Program Administrators: Companies that help us manage our customer rewards program.

6.2 Legal Requirements and Law Enforcement

We may disclose your personal information when required by law or in good faith belief that such disclosure is necessary to:

  • Comply with a legal obligation, court order, subpoena, or government request.
  • Protect and defend the rights or property of Cafe Rio.
  • Prevent or investigate possible wrongdoing in connection with our services.
  • Protect the personal safety of our users, customers, or the public.
  • Protect against legal liability.

6.3 Business Transfers

In the event of a merger, acquisition, corporate restructuring, sale of assets, or similar business transaction, your personal information may be transferred to the acquiring entity as part of the transaction. We will notify you via email or a prominent notice on our website prior to any such transfer and before your information becomes subject to a different privacy policy.

6.4 Aggregated or Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you with third parties for research, marketing, analytics, or other purposes. Such data is not subject to this Privacy Policy.

7. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and deliver personalized content and advertising. Cookies are small text files stored on your device when you visit a website.

7.1 Types of Cookies We Use

Cookie Type Purpose Duration
Essential Cookies Required for the website to function properly, including maintaining your session and shopping cart. Session / Persistent
Analytics Cookies Help us understand how visitors interact with our website, which pages are most visited, and where improvements are needed. Up to 2 years
Functional Cookies Remember your preferences, such as language settings, saved addresses, and order history. Up to 1 year
Marketing Cookies Track your browsing activity across websites to deliver targeted advertisements and promotional content. Up to 90 days

You can manage your cookie preferences through your browser settings or through our cookie consent tool available on our website. Please note that disabling certain cookies may affect the functionality and performance of our website. For more detailed information, please refer to our full Cookie Policy available on our website.

8. Data Security

We take the security of your personal information seriously and implement a range of technical, administrative, and physical safeguards to protect your data from unauthorized access, disclosure, alteration, or destruction.

8.1 Security Measures We Employ

  • Encryption: All data transmitted between your browser and our website is encrypted using industry-standard SSL/TLS protocols. Sensitive data, including passwords and payment information, is encrypted both in transit and at rest.
  • Access Controls: Access to personal information is restricted to authorized personnel who need it to perform their job functions. We enforce role-based access controls and require employees to use strong authentication methods.
  • Secure Payment Processing: We use PCI-DSS compliant payment processors to handle all payment transactions. We do not store full payment card numbers on our systems.
  • Regular Security Audits: We conduct periodic security assessments and vulnerability testing to identify and address potential weaknesses in our systems.
  • Employee Training: Our staff receives regular training on data privacy best practices, security awareness, and how to handle personal information appropriately.
  • Incident Response: We maintain a documented data breach response plan and will notify affected individuals and relevant authorities in the event of a data breach, as required by applicable law.

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee the absolute security of your data, and you provide your information to us at your own risk. If you suspect any unauthorized access to your account, please contact us immediately at [email protected].

9. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. The specific retention periods depend on the type of data and the purpose for which it was collected:

Data Category Retention Period
Account Information Duration of account + 3 years after account closure
Order and Transaction Records 7 years (for tax and accounting compliance)
Payment Information As required by PCI-DSS and applicable law (typically up to 5 years)
Customer Service Communications 3 years from the date of last communication
Marketing Preferences and Consent Records Duration of your relationship with us + 3 years
Website Usage and Analytics Data Up to 26 months (anonymized thereafter)
Cookie Data As specified in the Cookie Policy (typically up to 2 years)

When your personal information is no longer needed, we will securely delete, destroy, or anonymize it in accordance with our data disposal procedures and applicable legal requirements.

10. Your Privacy Rights

Depending on your state of residence, you may have specific rights regarding your personal information. We are committed to honoring these rights and making it easy for you to exercise them.

10.1 Rights Available to All U.S. Users

  • Right to Know: You have the right to know what personal information we collect about you, how we use it, and with whom we share it.
  • Right to Opt Out of Marketing: You may opt out of receiving marketing communications from us at any time.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

10.2 Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have the following additional rights under the CCPA and CPRA:

  • Right to Know and Access: You may request a copy of the personal information we have collected about you in the past 12 months, including the categories of data, the purposes for collection, and the third parties with whom we have shared it.
  • Right to Delete: You may request that we delete your personal information, subject to certain exceptions (e.g., where retention is necessary to complete a transaction, detect security incidents, or comply with a legal obligation).
  • Right to Correct: You may request that we correct inaccurate personal information we hold about you.
  • Right to Opt Out of Sale or Sharing: You may opt out of the "sale" or "sharing" of your personal information for cross-context behavioral advertising purposes. We do not sell personal information for monetary consideration, but we may share it with advertising partners in a manner that may constitute "sharing" under the CPRA.
  • Right to Limit Use of Sensitive Personal Information: You may request that we limit the use and disclosure of sensitive personal information to purposes specifically authorized by the CPRA.
  • Right to Data Portability: You may request that we provide your personal information in a portable, readily usable format.
  • Right to Non-Retaliation: We will not retaliate against you for exercising any rights under the CCPA/CPRA.

California residents may submit privacy requests through any of the following methods:

Email: [email protected]
Website: caferio-fresh.rest

We will respond to verifiable consumer requests within 45 days, with the possibility of a one-time 45-day extension for complex requests. We may need to verify your identity before processing your request.

10.3 Rights for Residents of Other States

Residents of Virginia, Colorado, Connecticut, Utah, and other states with applicable privacy laws may also have rights similar to those described above, including rights to access, correct, delete, and port their data, and to opt out of certain uses of their personal information. Contact us at [email protected] to exercise any applicable rights.

10.4 Authorized Agents

You may designate an authorized agent to submit privacy requests on your behalf. We will require proof of the agent's authorization and may still require you to verify your identity directly with us before processing the request.

11. Children's Privacy

Our website and services are intended for use by individuals who are 18 years of age or older. We do not knowingly collect, use, or disclose personal information from individuals under the age of 18.

We do not knowingly collect personal information from children under the age of 13 in violation of the Children's Online Privacy Protection Act (COPPA). If we become aware that we have inadvertently collected personal information from a child under 13 without verifiable parental consent, we will take immediate steps to delete such information from our records.

If you are a parent or guardian and believe that your child has provided personal information to us, please contact us immediately at [email protected] so that we can take appropriate action.

We strongly encourage parents and guardians to monitor their children's online activities and to help enforce this policy by instructing children not to provide personal information through our website without parental permission.

12. International Data Transfers

Cafe Rio is based in the United States and primarily processes and stores data within the United States. If you are accessing our website from outside the United States, please be aware that your information may be transferred to, stored in, and processed in the United States, where data protection laws may differ from those in your country of residence.

By using our website and services from outside the United States, you acknowledge and consent to the transfer of your personal information to the United States. We take steps to ensure that any international data transfers are conducted in compliance with applicable legal requirements and that appropriate safeguards are in place to protect your information.

If you are located in a jurisdiction with data transfer restrictions, please contact us to discuss how your personal information will be handled.

13. Third-Party Links and Websites

Our website may contain links to third-party websites, social media platforms, delivery services, or other external resources. This Privacy Policy does not apply to those third-party websites or services. We are not responsible for the privacy practices or content of external sites.

We encourage you to review the privacy policies of any third-party websites you visit before providing any personal information. The inclusion of a link on our website does not imply our endorsement of that website or its privacy practices.

14. Do Not Track Signals

Some browsers offer a "Do Not Track" (DNT) feature that sends a signal to websites indicating that you do not want your online activities tracked. Currently, there is no universally accepted standard for how websites should respond to DNT signals. Our website does not currently respond to browser-generated DNT signals. However, you can manage tracking preferences through our cookie consent tool and your browser settings.

15. How to File a Complaint

If you believe that we have not handled your personal information in compliance with applicable privacy laws or this Privacy Policy, we encourage you to contact us first so that we can attempt to resolve your concern.

You may submit a privacy complaint to us by:

Email: [email protected]
Website: caferio-fresh.rest

We will investigate your complaint and respond within a reasonable timeframe.

If you are a California resident and are not satisfied with our response, you may contact the California Privacy Protection Agency (CPPA) or the California Attorney General's Office:

If you are located in another state with an applicable privacy authority, you may have the right to file a complaint with your state's attorney general or designated privacy authority. Please consult your state's applicable privacy laws for more information.

Additionally, if you believe we have violated the FTC Act's prohibition on unfair or deceptive trade practices, you may file a complaint with the Federal Trade Commission (FTC) at ftc.gov/complaint.

16. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, services, legal requirements, or business operations. When we make material changes to this policy, we will:

  • Update the "Last Updated" date at the top of this page.
  • Post a prominent notice on our website informing users of the changes.
  • Send an email notification to registered users where required by applicable law or where we deem it appropriate given the nature of the changes.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website or services after any changes to this Privacy Policy constitutes your acceptance of the updated terms.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data privacy practices, please do not hesitate to reach out to us. We are committed to addressing your inquiries promptly and transparently.

Privacy Contact Information

Company: Cafe Rio

Email: [email protected]

Website: caferio-fresh.rest

When contacting us about a privacy matter, please provide sufficient detail about your request so that we can identify you and respond appropriately. We may need to verify your identity before fulfilling certain privacy requests to protect against unauthorized access to personal information.

We aim to respond to all privacy-related inquiries within 30 business days. For requests under the CCPA/CPRA, we will respond within the timeframes required by law (generally within 45 days, with possible extension).

Note: This Privacy Policy was last reviewed and updated on June 9, 2026. By continuing to use our website and services at caferio-fresh.rest, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.