Privacy Policy

Effective Date: March 29, 2026  |  Last Updated: March 29, 2026

This Privacy Policy describes how Cafe Rio ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you visit our website at riosscafe.click, place orders, interact with our services, or otherwise engage with us. We are committed to protecting your privacy and handling your personal data with transparency, integrity, and respect.

Please read this Privacy Policy carefully. By accessing or using our website and services, you acknowledge that you have read, understood, and agree to the practices described in this policy. If you do not agree with any part of this policy, please discontinue use of our website and services immediately.

This Privacy Policy is governed by applicable United States federal and state privacy laws, including but not limited to the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other applicable consumer protection regulations.

1. Who We Are

Cafe Rio operates as a food service business in the United States. We are dedicated to providing exceptional food and dining experiences to our customers. For all privacy-related matters, you may contact us using the information below:

Business Name Cafe Rio
Website riosscafe.click
Email Address [email protected]
Country of Operation United States

2. Information We Collect

We collect various categories of personal information depending on how you interact with our website and services. Below is a comprehensive breakdown of the data we may collect:

2.1 Personal Identification Information

When you create an account, place an order, make a reservation, sign up for our newsletter, or contact us, we may collect the following personally identifiable information:

  • Full name
  • Email address
  • Phone number
  • Mailing or delivery address
  • Date of birth (for age verification and promotional purposes)
  • Username and password (for registered accounts)
  • Profile photo (if voluntarily provided)
  • Dietary preferences and food allergy information (if voluntarily shared)

2.2 Payment and Financial Information

When you complete a purchase or online transaction through our website, we may collect payment-related information. However, please note that full payment card details are processed by PCI-DSS-compliant third-party payment processors. We typically retain only:

  • Last four digits of your credit or debit card
  • Billing address
  • Transaction ID and order history
  • Payment method type (e.g., Visa, Mastercard, PayPal)

2.3 Usage and Behavioral Data

As you navigate and interact with our website, we automatically collect certain technical and behavioral data, including:

  • Pages visited and time spent on each page
  • Links clicked and buttons interacted with
  • Search queries performed on our site
  • Items added to cart, wishlisted, or purchased
  • Frequency and duration of visits
  • Referring website or source (how you arrived at our site)
  • Scroll depth and interaction patterns

2.4 Device and Technical Information

We automatically collect certain technical data from the devices you use to access our website, including:

  • IP address
  • Browser type and version
  • Operating system and version
  • Device type (desktop, mobile, tablet)
  • Screen resolution
  • Language settings
  • Time zone settings
  • Mobile device identifiers (if applicable)

2.5 Location Data

With your permission, we may collect approximate or precise geolocation data from your device. This helps us provide localized services such as nearby restaurant locations, delivery availability, and region-specific promotions. You can disable location services through your browser or device settings at any time.

2.6 Communications and Feedback

If you contact us via email, phone, or through any form on our website, we collect the content of your communications, including:

  • Customer service inquiries and correspondence
  • Feedback, reviews, and ratings submitted
  • Survey responses
  • Complaint details
  • Social media interactions if you tag or message us on public platforms

2.7 Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect data about your browsing behavior on our website. For detailed information about our use of cookies, please refer to Section 8 – Cookie Usage of this Privacy Policy.

2.8 Information from Third Parties

We may receive information about you from third-party sources, including:

  • Social media platforms (if you log in or connect your social accounts)
  • Marketing and advertising partners
  • Analytics providers
  • Payment processors
  • Delivery and logistics partners
  • Publicly available sources

3. How We Use Your Information

We use the personal information we collect for a variety of legitimate business purposes. We will only process your data when we have a lawful basis to do so under applicable law.

3.1 Service Provision and Order Fulfillment

  • Processing and fulfilling your food orders and reservations
  • Sending order confirmations, receipts, and status updates
  • Managing your account and profile preferences
  • Coordinating delivery or pickup logistics
  • Responding to your customer service inquiries and complaints
  • Processing refunds, returns, or adjustments

3.2 Analytics and Website Improvement

  • Analyzing usage patterns to understand how customers interact with our website
  • Identifying and fixing technical bugs or performance issues
  • Testing new features and improvements
  • Conducting internal research and data analysis
  • Generating aggregated, anonymized reports about website traffic and trends

3.3 Marketing and Promotional Communications

  • Sending newsletters, promotional emails, and special offers (with your consent)
  • Personalizing content and recommendations based on your preferences and order history
  • Delivering targeted advertising on our website and third-party platforms
  • Notifying you about loyalty rewards, discounts, and seasonal promotions
  • Inviting you to participate in surveys, contests, or feedback programs

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any email we send, or by contacting us at [email protected].

3.4 Legal and Compliance Purposes

  • Complying with applicable federal, state, and local laws and regulations
  • Responding to lawful requests from government authorities and law enforcement
  • Enforcing our Terms of Service and other agreements
  • Protecting our legal rights and those of our customers
  • Preventing and detecting fraud, abuse, or unauthorized access
  • Maintaining records required by tax authorities and regulatory bodies

3.5 Safety and Security

  • Monitoring for suspicious or fraudulent activity
  • Protecting the security and integrity of our systems
  • Verifying user identities when necessary
  • Preventing unauthorized access to customer accounts

4. Sharing Your Information with Third Parties

We do not sell, rent, or trade your personal information to unaffiliated third parties for their own marketing purposes without your explicit consent. However, we may share your information in the following circumstances:

4.1 Service Providers and Business Partners

We engage trusted third-party service providers who assist us in operating our business and delivering services to you. These providers are contractually obligated to use your data only for the specific services they perform on our behalf and to maintain appropriate security standards. Categories of service providers include:

  • Payment processors: To securely process transactions
  • Delivery and logistics partners: To fulfill food delivery orders
  • Email and marketing platforms: To send communications and manage campaigns
  • Cloud hosting and IT services: To maintain our website infrastructure
  • Customer relationship management (CRM) tools: To manage customer interactions
  • Analytics providers: Such as Google Analytics, to understand website usage
  • Advertising networks: To deliver targeted advertisements
  • Fraud prevention services: To detect and prevent fraudulent activity

4.2 Legal Requirements and Law Enforcement

We may disclose your personal information if required to do so by law or in the good-faith belief that such action is necessary to:

  • Comply with a legal obligation, court order, subpoena, or governmental request
  • Protect and defend our rights or property
  • Prevent or investigate possible wrongdoing in connection with our services
  • Protect the personal safety of our customers or the public
  • Protect against legal liability

4.3 Business Transfers

In the event that Cafe Rio is involved in a merger, acquisition, reorganization, sale of assets, or bankruptcy proceedings, your personal information may be transferred as part of such transaction. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.

4.4 Aggregated and Anonymized Data

We may share aggregated or de-identified data that cannot reasonably be used to identify you with third parties for research, marketing, analytics, or other purposes. This data does not constitute personal information for privacy law purposes.

4.5 With Your Consent

We may share your information with additional third parties when you have provided explicit consent to do so, such as participating in a co-branded promotion or integrating with a third-party app.

5. Data Security Measures

We take the security of your personal information seriously and implement a comprehensive range of technical, administrative, and physical safeguards to protect your data from unauthorized access, disclosure, alteration, or destruction.

5.1 Technical Safeguards

  • SSL/TLS Encryption: Our website uses Secure Socket Layer (SSL) / Transport Layer Security (TLS) encryption to protect data transmitted between your browser and our servers.
  • Data Encryption at Rest: Sensitive information stored in our databases is encrypted using industry-standard encryption protocols.
  • Firewalls and Intrusion Detection: We employ firewalls and network monitoring systems to detect and prevent unauthorized access.
  • Secure Payment Processing: All payment transactions are processed through PCI-DSS-compliant payment gateways.
  • Access Controls: Access to personal data is restricted to authorized personnel on a need-to-know basis.
  • Multi-Factor Authentication: We use multi-factor authentication for internal systems that access customer data.

5.2 Administrative Safeguards

  • Regular privacy and security training for staff who handle customer data
  • Internal data handling policies and procedures
  • Vendor due diligence and contractual data protection requirements
  • Regular security audits and vulnerability assessments
  • Incident response plan for data breaches

5.3 Breach Notification

In the event of a data breach that affects your personal information, we will notify affected individuals and relevant regulatory authorities in accordance with applicable federal and state data breach notification laws, including applicable state laws that may require notification within specified timeframes. Notifications will be provided via email or through a prominent notice on our website.

While we implement robust security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your personal information, and we encourage you to take precautions to protect your own data.

6. Your Privacy Rights

Depending on your location within the United States, you may have certain rights regarding your personal information. We are committed to honoring these rights in accordance with applicable law.

6.1 Rights Available to All Users

  • Right to Know / Right to Access: You have the right to request information about the categories and specific pieces of personal data we have collected about you, how it is used, and with whom it has been shared.
  • Right to Correction: You have the right to request that we correct inaccurate or incomplete personal information we hold about you.
  • Right to Deletion: You have the right to request that we delete your personal information, subject to certain exceptions (such as when data must be retained for legal or contractual reasons).
  • Right to Opt Out of Marketing: You may opt out of receiving promotional communications from us at any time.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights. This means we will not deny services, charge different prices, or provide a lesser quality of service based on your exercise of privacy rights.

6.2 Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • Right to Know Categories of Data: Right to know the categories of personal information collected, the purposes for collection, and the categories of third parties with whom it has been shared.
  • Right to Data Portability: Right to receive a copy of your personal information in a portable, readily usable format that allows you to transmit the data to another entity.
  • Right to Opt Out of Sale or Sharing: Right to opt out of the sale or sharing of your personal information with third parties. To exercise this right, click "Do Not Sell or Share My Personal Information" (if applicable) or contact us directly.
  • Right to Limit Use of Sensitive Personal Information: Right to limit our use and disclosure of sensitive personal information to purposes necessary to perform requested services.
  • Right to Correct: Right to request correction of inaccurate personal information.
  • Authorized Agent: You may designate an authorized agent to submit requests on your behalf.

6.3 How to Exercise Your Rights

To submit a privacy rights request, you may:

We will verify your identity before processing your request to protect your privacy and security. We will respond to verifiable consumer requests within 45 days of receipt. If we require additional time (up to 90 days), we will inform you of the reason and the extension period in writing. We do not charge a fee for processing reasonable requests, but reserve the right to charge a reasonable fee or decline excessive or repetitive requests.

7. Data Retention Periods

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The specific retention periods we apply are as follows:

Category of Data Retention Period
Account information Duration of account activity + 3 years after account closure
Order history and transaction records 7 years (for tax and accounting purposes)
Payment information As required by PCI-DSS (typically 1 year for transaction logs)
Marketing communication preferences Until opt-out + 3 years for compliance documentation
Customer service communications 3 years from date of interaction
Usage and analytics data 26 months (standard analytics retention period)
Cookie and tracking data Varies by cookie type (session to 2 years)
Legal and compliance records As required by applicable law (typically 5–7 years)
Fraud prevention data Up to 5 years from incident

When personal information is no longer required, we will securely delete, destroy, or anonymize it in accordance with our data retention policies and applicable legal requirements.

8. Cookie Usage

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and support our marketing activities. Cookies are small text files placed on your device when you visit our website.

8.1 Types of Cookies We Use

  • Strictly Necessary Cookies: Essential for the website to function properly. These cannot be disabled as they are required for core functionality such as login sessions, shopping cart management, and security features.
  • Performance and Analytics Cookies: Help us understand how visitors interact with our website by collecting anonymous usage data. These cookies allow us to improve the performance and user experience of our site.
  • Functional Cookies: Enable enhanced functionality and personalization, such as remembering your preferences, language settings, and saved items.
  • Targeting and Advertising Cookies: Used to deliver relevant advertisements and track the effectiveness of our marketing campaigns on our website and third-party platforms.

8.2 Managing Your Cookie Preferences

You can manage or withdraw your consent to non-essential cookies at any time by:

  • Adjusting your browser settings to block or delete cookies
  • Using our cookie preference center on our website
  • Opting out of specific third-party advertising cookies through industry opt-out tools such as the Network Advertising Initiative (NAI) or Digital Advertising Alliance (DAA)

Please note that disabling certain cookies may affect the functionality and performance of our website. For more detailed information about the specific cookies we use and how to manage them, please refer to our Cookie Policy, available on our website at riosscafe.click.

9. Children's Privacy

Our website and services are intended exclusively for individuals who are 18 years of age or older. We do not knowingly collect, use, or disclose personal information from children under the age of 13, and we do not direct our services to minors under the age of 18.

We comply with the Children's Online Privacy Protection Act (COPPA), which prohibits the collection of personal information from children under 13 without verifiable parental consent. If you are a parent or guardian and believe that your child under the age of 13 has provided us with personal information without your consent, please contact us immediately at [email protected]. We will take prompt steps to delete such information from our records.

We strongly encourage parents and guardians to monitor their children's online activities and to help enforce this policy by instructing their children not to provide personal information through our website without parental permission.

10. International Data Transfers

Cafe Rio is based in the United States and primarily operates within the United States. However, some of our third-party service providers, technology partners, and cloud infrastructure providers may be located in or operate from countries outside of the United States. As a result, your personal information may be transferred to, stored in, or processed in countries other than the country in which you reside.

When we transfer personal information outside of the United States, we take appropriate steps to ensure that your data receives an adequate level of protection in accordance with applicable privacy laws. These safeguards may include:

  • Entering into data processing agreements with third-party service providers that include appropriate data protection clauses
  • Ensuring that transfers are made to countries that have been determined to provide an adequate level of data protection
  • Implementing standard contractual clauses or other lawful transfer mechanisms as required by applicable law
  • Obtaining your explicit consent for transfers where required

By using our website and services, you acknowledge and consent to the transfer of your personal information to the United States and to other countries as described in this Privacy Policy.

11. Third-Party Websites and Links

Our website may contain links to third-party websites, applications, or services that are not owned or controlled by Cafe Rio. These links are provided for your convenience and informational purposes only. We have no control over the privacy practices or content of these third-party sites and are not responsible for their privacy policies or data handling practices.

We encourage you to review the privacy policy of every website you visit before providing any personal information. The inclusion of a link on our website does not imply our endorsement of the linked site or its privacy practices.

12. Do Not Track Signals

Some web browsers include a "Do Not Track" (DNT) feature that sends a signal to websites indicating that you do not want your online activities tracked. Currently, our website does not respond to DNT signals, as there is no uniform standard for interpreting and honoring such requests. We continue to monitor developments in this area and will update our practices accordingly if a recognized standard emerges.

California residents may also exercise their rights under the CCPA/CPRA with respect to the sale or sharing of personal information, as described in Section 6 of this Privacy Policy.

13. Changes to This Privacy Policy

We reserve the right to update, modify, or revise this Privacy Policy at any time to reflect changes in our business practices, legal requirements, or technological advancements. When we make material changes to this policy, we will:

  • Update the "Last Updated" date at the top of this page
  • Post the revised policy prominently on our website at riosscafe.click
  • Notify registered users via email (when changes are significant)
  • Display a notice on our website homepage for a reasonable period following the update

Your continued use of our website and services after the effective date of any revised Privacy Policy constitutes your acceptance of the updated terms. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information.

14. Filing a Complaint with a Data Protection Authority

If you believe that we have handled your personal information in violation of applicable privacy law, you have the right to file a complaint with relevant regulatory authorities. Depending on your location, the appropriate authority may include:

14.1 United States – Federal Trade Commission (FTC)

The Federal Trade Commission (FTC) is the primary federal consumer protection agency in the United States. If you believe your consumer privacy rights have been violated, you may file a complaint with the FTC:

  • Website: www.ftc.gov/complaint
  • Phone: 1-877-382-4357
  • Mailing Address: Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580

14.2 California Residents – California Privacy Protection Agency (CPPA)

California residents may file complaints relating to CCPA/CPRA violations with the California Privacy Protection Agency (CPPA):

14.3 State Attorney General Offices

You may also file privacy-related complaints with your state's Attorney General office. Most states have consumer protection divisions that handle data privacy complaints. Visit your state government's official website for contact information specific to your jurisdiction.

We encourage you to contact us first at [email protected] before filing a formal complaint, as we are committed to resolving privacy concerns promptly and amicably.

15. Contact Information for Privacy Inquiries

If you have any questions, concerns, or requests related to this Privacy Policy or our data handling practices, please do not hesitate to contact our privacy team. We are committed to responding to all privacy inquiries in a timely and thorough manner.

Privacy Contact Information
Business Name Cafe Rio
Website riosscafe.click
Privacy Email [email protected]
Response Time Within 45 days of verified request receipt

When contacting us regarding a privacy matter, please include the following information to help us process your request efficiently:

  • Your full name and contact information
  • A clear description of your inquiry or request
  • The specific right you wish to exercise (if applicable)
  • Any relevant account information (such as registered email address)
Effective Date: This Privacy Policy is effective as of March 29, 2026. All previous versions of our Privacy Policy are superseded by this document.