Privacy Policy

Effective Date: April 26, 2026 | Last Updated: April 26, 2026

Important Notice: This Privacy Policy describes how Cafe Rio collects, uses, discloses, and protects your personal information when you visit our website at caferiomexican.rest, place orders online, or otherwise interact with our services. Please read this document carefully before using our platform.

1. Introduction and Overview

Welcome to Cafe Rio ("we," "us," "our," or "the Company"). We are a food service business operating in the United States, and we are committed to protecting the privacy and personal information of every individual who interacts with our website, mobile services, and food-related offerings. This Privacy Policy has been prepared in accordance with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other applicable data protection regulations.

By accessing our website at caferiomexican.rest, submitting an order, subscribing to our newsletter, or otherwise engaging with our digital or in-person services, you acknowledge that you have read, understood, and agree to the terms outlined in this Privacy Policy. If you do not agree with any portion of this Policy, please discontinue your use of our services immediately.

Our contact details for all privacy-related inquiries are as follows:

Company Name: Cafe Rio
Website: caferiomexican.rest
Email: [email protected]

2. Scope and Applicability

This Privacy Policy applies to all personal information collected through the following channels:

Our official website located at caferiomexican.rest
Online ordering systems and checkout processes
Email communications and newsletters
Loyalty programs, promotions, and contests
Customer support interactions, whether by phone, email, or online form
Catering inquiries and event booking forms
Social media pages operated by Cafe Rio
Any other digital touchpoint where personal information is submitted to us

This Policy does not apply to third-party websites, platforms, or services that may be linked from our website. We encourage you to review the privacy policies of any third-party sites you visit independently.

3. Information We Collect

We collect various categories of personal information depending on how you interact with us. Below is a detailed breakdown of the types of data we may collect:

3.1 Personal Identification Information

When you create an account, place an order, or contact us, we may collect the following personally identifiable information:

Full name
Email address
Phone number
Billing and shipping address
Date of birth (for age verification or promotional purposes)
Username and password (for account holders)
Payment information (credit/debit card numbers, billing details — processed through secure third-party payment processors)

3.2 Order and Transaction Data

As a food service provider, we collect information related to your purchases, including:

Order history and item preferences
Dietary preferences or restrictions (if voluntarily provided)
Special instructions submitted with orders
Delivery or pickup information
Transaction amounts, dates, and times
Loyalty reward points accumulated and redeemed

3.3 Usage and Behavioral Data

When you browse our website, we automatically collect certain technical and behavioral data, including:

Pages visited and time spent on each page
Clickstream data and navigation paths
Search queries entered on our website
Referring URLs (the page that directed you to our website)
Frequency and recency of visits
Features used and interactions with content

3.4 Device and Technical Information

We may automatically collect technical information from the device you use to access our services:

IP address
Browser type and version
Operating system and platform
Device identifiers and mobile advertising IDs
Screen resolution and display settings
Time zone and language settings
Network connection type

3.5 Location Data

With your consent, we may collect approximate or precise geolocation data to help you find the nearest Cafe Rio location, facilitate delivery orders, or provide location-relevant promotions. You may disable location services in your device settings at any time.

3.6 Communications and Feedback

If you contact us via email, customer support forms, or social media, we will collect the content of your messages, your contact details, and any information you voluntarily share. We may also collect survey responses, reviews, and feedback provided about our food or services.

3.7 Cookie and Tracking Data

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect data about your browsing behavior on our website. For more detailed information about the specific cookies we use and how to manage them, please refer to our dedicated Cookie Policy. See Section 10 of this document for a brief overview.

4. How We Use Your Information

We use the personal information we collect for the following purposes, all of which are grounded in legitimate business interests, contractual necessity, legal compliance, or your consent:

4.1 Service Provision and Order Fulfillment

Processing and confirming food orders placed online
Coordinating delivery, pickup, or catering services
Sending order confirmation and receipt emails
Managing your account and loyalty program membership
Processing payments and managing billing inquiries
Responding to customer service requests and resolving complaints

4.2 Business Operations and Improvement

Analyzing usage patterns to improve website functionality and user experience
Conducting internal research to understand customer preferences
Developing new menu items, services, and features based on customer feedback
Monitoring and improving the quality and safety of our food service operations
Training staff and evaluating operational performance

4.3 Marketing and Communications

Sending promotional emails, special offers, and newsletters (with your prior consent)
Informing you about new menu items, seasonal specials, and events
Personalizing marketing content based on your order history and preferences
Running loyalty programs, contests, and giveaways
Retargeting advertisements through third-party advertising networks

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any email, by emailing us at [email protected], or by adjusting your account preferences. Please note that transactional and order-related communications are not subject to opt-out.

4.4 Legal and Compliance Purposes

Complying with applicable federal, state, and local laws and regulations
Responding to lawful requests from government authorities or law enforcement
Enforcing our Terms of Service and other policies
Protecting against fraud, unauthorized transactions, and security threats
Maintaining records as required by applicable law

5. Sharing of Your Personal Information

We do not sell your personal information to third parties for monetary compensation. However, we may share your data in the following circumstances:

5.1 Service Providers and Business Partners

We engage trusted third-party companies and individuals to assist us in operating our business and delivering services. These service providers are permitted to access your personal information only as necessary to perform specific tasks on our behalf and are contractually obligated to maintain confidentiality and security. Categories of service providers include:

Payment processors: To securely handle credit/debit card transactions
Delivery platform partners: To coordinate food delivery logistics
Email marketing platforms: To manage newsletter subscriptions and promotional campaigns
Analytics providers: Such as Google Analytics, to understand website usage
Cloud hosting and IT services: To maintain and secure our digital infrastructure
Customer support tools: To manage customer service interactions
Advertising networks: To serve relevant advertisements on other platforms

5.2 Legal Requirements and Law Enforcement

We may disclose your personal information if required to do so by law or in good-faith belief that such action is necessary to:

Comply with a legal obligation, court order, or subpoena
Cooperate with law enforcement or regulatory authorities
Protect the rights, property, or safety of Cafe Rio, our customers, or the public
Detect, prevent, or address fraud, security breaches, or technical issues

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy proceeding involving Cafe Rio, your personal information may be transferred to a successor entity. We will provide notice on our website if such a transfer materially changes how your information is used or protected.

5.4 With Your Consent

We may share your personal information with other third parties when we have your explicit consent to do so, such as when you choose to participate in joint promotional programs or third-party loyalty partnerships.

6. Data Security

We take the security of your personal information seriously and implement industry-standard technical, administrative, and physical safeguards to protect it from unauthorized access, disclosure, alteration, or destruction. Our security measures include:

Encryption: All data transmitted between your browser and our servers is encrypted using Secure Socket Layer (SSL) / Transport Layer Security (TLS) technology.
Payment Security: We comply with the Payment Card Industry Data Security Standard (PCI-DSS) for handling payment card information. We do not store full credit card numbers on our servers.
Access Controls: Access to personal data within our organization is restricted to authorized personnel who require it to perform their job functions.
Firewalls and Intrusion Detection: We maintain firewalls and intrusion detection systems to safeguard our network infrastructure.
Regular Security Audits: We conduct periodic reviews of our security practices and update our systems to address emerging threats.
Employee Training: Our staff receive regular training on data privacy and security best practices.

Please Note: While we employ robust security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data. If you suspect unauthorized use of your account or a data breach, please contact us immediately at [email protected].

7. Your Privacy Rights

Depending on your state of residence within the United States, you may have specific rights regarding your personal information. We are committed to honoring these rights in accordance with applicable law.

7.1 Rights Under the California Consumer Privacy Act (CCPA/CPRA)

If you are a California resident, you have the following rights under the CCPA as amended by the CPRA:

Right	Description
Right to Know	You have the right to request information about the categories and specific pieces of personal data we have collected about you, the sources of collection, our business purposes for using it, and the categories of third parties with whom we share it.
Right to Delete	You have the right to request deletion of personal information we have collected, subject to certain legal exceptions (e.g., information needed to complete a transaction or comply with a legal obligation).
Right to Correct	You have the right to request correction of inaccurate personal information we maintain about you.
Right to Opt-Out of Sale or Sharing	You have the right to opt out of the "sale" or "sharing" of your personal information as those terms are defined under the CCPA/CPRA.
Right to Data Portability	You have the right to receive a copy of your personal information in a portable and, to the extent technically feasible, readily usable format.
Right to Limit Use of Sensitive Personal Information	You have the right to limit our use of sensitive personal information to purposes permitted by law.
Right to Non-Discrimination	We will not discriminate against you for exercising your privacy rights. You will not receive lower quality goods or services as a result of making a privacy request.

7.2 General Privacy Rights for All U.S. Residents

Regardless of your state of residence, you may exercise the following rights with respect to your personal information held by Cafe Rio:

Right of Access: Request a copy of the personal information we hold about you.
Right to Correction: Request correction of inaccurate or incomplete data.
Right to Deletion: Request erasure of your personal data where no legal basis exists for continued processing.
Right to Restrict Processing: Request that we limit how we use your data in certain circumstances.
Right to Object: Object to our processing of your data for direct marketing purposes.
Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

7.3 How to Exercise Your Rights

To submit a privacy rights request, please contact us using any of the following methods:

Email: [email protected] (include "Privacy Rights Request" in the subject line)
Website: caferiomexican.rest (use the Contact Us form)

We will acknowledge receipt of your request within 10 business days and respond substantively within 45 days. If additional time is needed, we will notify you in writing. We may need to verify your identity before processing your request to protect your information from unauthorized disclosure or deletion.

8. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Our general data retention guidelines are as follows:

Data Category	Retention Period
Account and registration information	Duration of account existence plus 3 years after account closure
Order and transaction records	7 years (for tax and accounting purposes)
Marketing and communication preferences	Until opt-out or account deletion, plus 1 year
Customer support communications	3 years from the date of interaction
Website usage and analytics data	26 months (in line with Google Analytics default)
Cookie and tracking data	Varies by cookie type (see Cookie Policy)
Legal and compliance records	As required by applicable law, typically 5–7 years

When personal data is no longer needed for its original purpose and there is no legal requirement to retain it, we will securely delete or anonymize the data.

9. Children's Privacy

Our website, online ordering services, and related digital platforms are intended for use by individuals who are 18 years of age or older. We do not knowingly collect, solicit, or process personal information from children under the age of 13, in compliance with the Children's Online Privacy Protection Act (COPPA).

If you are a parent or guardian and believe that your child under the age of 13 has provided us with personal information without your consent, please contact us immediately at [email protected]. Upon verification, we will promptly delete such information from our records.

Individuals between the ages of 13 and 17 are also discouraged from using our online services without the supervision and consent of a parent or legal guardian. We reserve the right to verify age upon registration or order placement.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies (such as web beacons, pixel tags, and local storage) on our website to enhance your browsing experience, analyze traffic, and deliver relevant advertising content.

10.1 Types of Cookies We Use

Essential Cookies: Required for the operation of our website, including enabling login functionality, cart management, and secure payment processing. These cookies cannot be disabled without affecting core website functionality.
Performance and Analytics Cookies: Help us understand how visitors interact with our website by collecting anonymous usage data. We use tools like Google Analytics for this purpose.
Functional Cookies: Remember your preferences and settings (such as language, location, and dietary filters) to provide a more personalized experience.
Marketing and Advertising Cookies: Track your browsing behavior across websites to deliver relevant advertisements from Cafe Rio and our advertising partners.

10.2 Managing Your Cookie Preferences

You can manage or disable cookies through your browser settings at any time. Most web browsers allow you to control cookies through their settings preferences. Note that disabling certain cookies may affect the functionality and usability of our website.

For more detailed information about the specific cookies we use, their purposes, and how to manage them, please refer to our full Cookie Policy available on our website at caferiomexican.rest. You may also opt out of interest-based advertising through the Digital Advertising Alliance (DAA) at www.aboutads.info or the Network Advertising Initiative (NAI) at www.networkadvertising.org.

11. International Data Transfers

Cafe Rio is a United States-based business, and your personal information is primarily collected, processed, and stored within the United States. However, some of our third-party service providers may be located in or operate from other countries, which may result in your personal information being transferred to and processed in jurisdictions outside the United States.

When such international transfers occur, we take steps to ensure that appropriate safeguards are in place to protect your personal information, including:

Contractual data protection clauses with third-party service providers
Selecting service providers that adhere to recognized international data protection standards
Compliance with applicable U.S. laws governing cross-border data flows

Please note that data protection laws in other countries may differ from those in the United States. By using our services, you acknowledge and consent to the transfer of your information to countries outside the United States where our service providers operate.

12. Third-Party Links and Services

Our website may contain links to third-party websites, social media platforms, delivery services, and other external resources. These third-party sites operate independently and have their own privacy policies, which we do not control. We are not responsible for the privacy practices or content of any third-party websites.

We encourage you to review the privacy policies of any third-party services you access through links on our website, including but not limited to:

Food delivery platforms (e.g., DoorDash, Uber Eats, Grubhub)
Social media platforms (e.g., Facebook, Instagram, Twitter/X)
Online payment processors
Mapping and navigation services (e.g., Google Maps)

13. Do Not Track Signals

Some web browsers may transmit "Do Not Track" (DNT) signals to websites. There is currently no uniform standard for how websites should respond to DNT signals. At this time, our website does not alter its data collection and use practices in response to DNT signals. However, we provide you with choices regarding the use of your personal information as described in this Privacy Policy and our Cookie Policy.

14. How to File a Privacy Complaint

If you have a concern about how Cafe Rio handles your personal information, we encourage you to first contact us directly so that we can attempt to resolve the issue:

Cafe Rio — Privacy Inquiries
Email: [email protected]
Website: caferiomexican.rest

We will investigate all complaints and respond within a reasonable timeframe. If you are not satisfied with our response, you have the right to escalate your complaint to the appropriate regulatory authority.

14.1 California Residents — California Privacy Protection Agency (CPPA)

California residents who believe their rights under the CCPA/CPRA have been violated may file a complaint with the California Privacy Protection Agency (CPPA):

Website: cppa.ca.gov
Address: 2101 Arena Boulevard, Sacramento, California 95834

14.2 All U.S. Residents — Federal Trade Commission (FTC)

If you believe your consumer privacy rights have been violated under federal law, you may file a complaint with the Federal Trade Commission (FTC):

Website: www.ftc.gov
FTC Consumer Information: consumer.ftc.gov
Phone: 1-877-FTC-HELP (1-877-382-4357)

14.3 State-Specific Attorneys General

Residents of other U.S. states may also have the right to file complaints with their respective state Attorney General's office. Many states, including Virginia (CDPA), Colorado (CPA), Connecticut (CTDPA), and others, have enacted consumer data privacy laws with enforcement provisions. Please consult your state's official government website for guidance on filing a complaint.

15. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our data practices, legal requirements, or business operations. When we make material changes to this Policy, we will:

Post the revised Privacy Policy on our website at caferiomexican.rest
Update the "Last Updated" date at the top of this document
Send an email notification to registered users when changes are material
Display a prominent notice on our homepage or login page for a reasonable period

Your continued use of our website or services after any such changes become effective constitutes your acceptance of the updated Privacy Policy. We encourage you to periodically review this page to stay informed about how we are protecting your information.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to reach out to us. We are committed to addressing your privacy inquiries promptly and transparently.

Cafe Rio — Privacy Contact Information

Company: Cafe Rio

Website: caferiomexican.rest

Email: [email protected]

When contacting us regarding a privacy matter, please include the following in your communication to help us assist you efficiently:

Your full name and contact email address
A clear description of your inquiry or the right you wish to exercise
Proof of identity (such as a government-issued ID) if requesting access, correction, or deletion
If applicable, the approximate date of your interaction with our services

We are dedicated to building and maintaining your trust as a valued customer of Cafe Rio. Your privacy is not just a legal obligation to us — it is a fundamental aspect of how we do business. Thank you for taking the time to read and understand our Privacy Policy.