Privacy Policy

Effective Date: March 18, 2026  |  Last Updated: March 18, 2026

This Privacy Policy describes how Cafe Rio ("we," "us," or "our") collects, uses, shares, and protects your personal information when you visit our website at rioscafe.rest, use our online ordering services, interact with us in-store, or otherwise engage with our business. We are committed to protecting your privacy and handling your personal data with transparency, integrity, and respect.

By accessing or using our website, placing an order, signing up for our loyalty program, or otherwise interacting with Cafe Rio, you acknowledge that you have read, understood, and agree to the terms outlined in this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of our services immediately.

This policy is governed by applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other applicable state and federal regulations. We encourage all users, regardless of their location, to review this policy carefully.

1. About Us

Cafe Rio is a food service business operating in the United States. We provide restaurant dining, takeout, catering, and online food ordering services. Our commitment to our guests extends beyond our menu — it includes the careful stewardship of the personal information you entrust to us.

Business Name Cafe Rio
Website rioscafe.rest
Email [email protected]
Country of Operation United States

2. Information We Collect

We collect various types of information in connection with your use of our website, services, and interactions with our business. The categories of personal information we collect include, but are not limited to, the following:

2.1 Personal Identification Information

When you create an account, place an order, sign up for our loyalty rewards program, make a reservation, or contact us directly, we may collect:

  • Full name
  • Email address
  • Phone number
  • Mailing or delivery address
  • Date of birth (for birthday rewards or age verification purposes)
  • Username and password (for registered accounts)
  • Profile photo (if voluntarily provided)

2.2 Payment and Financial Information

When you complete a purchase through our website or mobile platform, we collect payment-related information, which may include:

  • Credit or debit card details (processed securely through third-party payment processors)
  • Billing address
  • Transaction history and order records
  • Gift card or promotional code usage

We do not store full credit card numbers on our servers. All payment transactions are encrypted and handled by PCI-DSS compliant third-party payment processors.

2.3 Usage and Behavioral Data

We automatically collect certain technical and behavioral information when you interact with our website, including:

  • Pages viewed and links clicked
  • Time and date of visits
  • Duration of visit and session data
  • Referring URLs and exit pages
  • Search queries entered on our site
  • Items added to cart or ordered
  • Menu preferences and ordering history

2.4 Device and Technical Information

We may collect technical information about the devices you use to access our services:

  • IP address
  • Browser type and version
  • Operating system and device type
  • Screen resolution
  • Unique device identifiers
  • Mobile network information
  • Cookie identifiers and similar tracking technologies

2.5 Location Data

With your permission, we may collect approximate or precise geolocation data to help you find nearby Cafe Rio locations, provide accurate delivery services, or personalize your experience. You can disable location services through your device settings at any time.

2.6 Communications and Feedback

If you contact us via email, online contact forms, social media, or telephone, we collect the content of those communications, including:

  • Customer service inquiries and responses
  • Feedback, reviews, and survey responses
  • Complaints or concerns submitted to us
  • Catering or event inquiry details

2.7 Information from Third Parties

We may receive information about you from third-party sources, including:

  • Social media platforms if you connect or log in using a social account
  • Third-party delivery platforms (such as DoorDash, Uber Eats, or Grubhub) when orders are placed through those services
  • Analytics providers
  • Advertising partners
  • Publicly available sources

3. How We Use Your Information

We use the personal information we collect for a variety of legitimate business purposes, including:

3.1 Providing and Managing Our Services

  • Processing and fulfilling your food orders (online and in-store)
  • Managing your loyalty rewards account
  • Facilitating reservations and catering bookings
  • Sending order confirmations, receipts, and delivery notifications
  • Responding to your customer service requests and inquiries
  • Processing refunds or resolving disputes

3.2 Personalization and User Experience

  • Remembering your menu preferences and past orders
  • Recommending menu items based on your ordering history
  • Customizing our website content and promotional offerings to your interests
  • Saving your delivery addresses for convenience

3.3 Marketing and Promotions

  • Sending promotional emails, newsletters, and special offers (with your consent)
  • Notifying you of loyalty rewards, birthday discounts, and limited-time deals
  • Running targeted advertising campaigns through online platforms
  • Conducting sweepstakes, contests, or promotional events

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any email or by contacting us directly at [email protected].

3.4 Analytics and Business Intelligence

  • Analyzing website traffic and user behavior to improve our digital platforms
  • Understanding customer preferences and ordering trends
  • Evaluating the effectiveness of marketing campaigns
  • Conducting internal research and development

3.5 Legal Compliance and Safety

  • Complying with applicable federal, state, and local laws and regulations
  • Preventing fraud, unauthorized access, and other illegal activities
  • Enforcing our Terms of Service and other agreements
  • Responding to legal process, court orders, or government requests
  • Protecting the rights, property, and safety of Cafe Rio, our customers, and the public

4. Cookies and Tracking Technologies

Our website uses cookies, web beacons, pixel tags, and similar tracking technologies to enhance your browsing experience, analyze site usage, and deliver targeted advertising.

4.1 Types of Cookies We Use

  • Essential Cookies: Necessary for the basic functioning of our website, such as maintaining your session and enabling checkout.
  • Performance Cookies: Help us understand how visitors interact with our website by collecting aggregated, anonymous data.
  • Functional Cookies: Remember your preferences, such as saved addresses, language settings, and favorite menu items.
  • Advertising Cookies: Used to deliver relevant advertisements and measure the performance of our marketing campaigns.

You can manage your cookie preferences through your browser settings or through our cookie consent tool on the website. Please note that disabling certain cookies may affect the functionality of our services. For more detailed information, please review our Cookie Policy.

5. Sharing Your Information with Third Parties

We do not sell your personal information for monetary compensation. However, we may share your information in the following circumstances:

5.1 Service Providers and Business Partners

We work with trusted third-party service providers who assist us in operating our business and delivering services to you. These include:

  • Payment processors (e.g., Stripe, Square, or similar PCI-compliant providers)
  • Online ordering and point-of-sale platform providers
  • Third-party delivery platforms and logistics partners
  • Email marketing and communication platforms
  • Website hosting and cloud infrastructure providers
  • Analytics and data intelligence services (e.g., Google Analytics)
  • Advertising networks and social media platforms
  • Customer relationship management (CRM) software providers
  • Loyalty program technology providers

All third-party service providers are contractually obligated to use your data only for the purposes for which it was disclosed and to maintain appropriate security measures.

5.2 Legal Requirements and Law Enforcement

We may disclose your personal information if required by law or if we believe in good faith that such disclosure is necessary to:

  • Comply with a legal obligation, subpoena, or court order
  • Cooperate with law enforcement or regulatory authorities
  • Protect and defend the rights or property of Cafe Rio
  • Prevent or investigate fraud, security breaches, or illegal activity
  • Protect the personal safety of our customers, employees, or the public

5.3 Business Transfers

If Cafe Rio undergoes a merger, acquisition, sale of assets, reorganization, or bankruptcy proceeding, your personal information may be transferred as part of that transaction. We will notify you via email or prominent notice on our website if such a transfer occurs and if your data will be subject to a different privacy policy.

5.4 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you with third parties for industry research, analytics, marketing, or other business purposes.

6. California Privacy Rights (CCPA/CPRA)

If you are a resident of California, you have specific rights regarding your personal information under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). These rights include:

6.1 Right to Know

You have the right to request that we disclose to you the categories and specific pieces of personal information we have collected about you, the purposes for which we collected it, and the categories of third parties with whom we have shared it.

6.2 Right to Delete

You have the right to request that we delete personal information we have collected from you, subject to certain exceptions (e.g., where retention is required for legal compliance or to complete a transaction).

6.3 Right to Correct

You have the right to request that we correct inaccurate personal information that we maintain about you.

6.4 Right to Opt-Out of Sale or Sharing

You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising. While we do not sell personal information in the traditional sense, we may share certain data with advertising partners. You may opt out by contacting us at [email protected] or using the "Do Not Sell or Share My Personal Information" option, where available.

6.5 Right to Limit Use of Sensitive Personal Information

You have the right to limit our use and disclosure of sensitive personal information to purposes that are necessary to provide our services.

6.6 Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge different prices, or provide a lower quality of service because you exercised your privacy rights.

To submit a privacy rights request, please contact us at [email protected]. We will respond to verified requests within 45 days, with an optional 45-day extension if reasonably necessary.

7. Your Privacy Rights (All Users)

Regardless of your location, we are committed to providing all users with meaningful control over their personal information. You may exercise the following rights:

7.1 Right of Access

You may request a copy of the personal information we hold about you. We will provide this information in a structured, commonly used format.

7.2 Right to Correction

If any of the personal information we hold is inaccurate or incomplete, you may request that we update or correct it. You can also update most account information directly through your user profile.

7.3 Right to Deletion

Subject to applicable legal requirements, you may request that we delete your personal information from our systems. Please note that certain data may need to be retained for legal, tax, or regulatory reasons.

7.4 Right to Data Portability

Where technically feasible, you may request that we provide your personal information in a portable, machine-readable format that allows you to transfer it to another service provider.

7.5 Right to Withdraw Consent

Where we rely on your consent to process personal information (such as for marketing communications), you may withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

7.6 Right to Opt Out of Marketing

You may opt out of receiving promotional communications from us at any time by:

  • Clicking the "unsubscribe" link in any marketing email
  • Texting STOP in response to any SMS marketing message
  • Updating your communication preferences in your account settings
  • Contacting us at [email protected]

To exercise any of these rights, please contact our Privacy Team at [email protected]. We may need to verify your identity before processing your request.

8. Data Security

We take the security of your personal information seriously and implement a range of technical, administrative, and physical safeguards designed to protect your data from unauthorized access, disclosure, alteration, and destruction.

8.1 Security Measures We Employ

  • Encryption: All data transmitted between your browser and our servers is protected using industry-standard SSL/TLS encryption (HTTPS).
  • Secure Payment Processing: Payment card information is handled exclusively by PCI-DSS Level 1 compliant payment processors. We do not store full payment card numbers on our systems.
  • Access Controls: Access to personal data is restricted to authorized personnel who require it to perform their job functions. All employees handling personal data receive privacy and security training.
  • Data Minimization: We collect only the personal information that is necessary for the purposes described in this policy.
  • Regular Security Assessments: We conduct periodic reviews of our security practices and vulnerability assessments to identify and address potential risks.
  • Incident Response: We maintain a data breach response plan and will notify affected users and relevant authorities as required by applicable law.

Despite our best efforts, no method of data transmission or storage is 100% secure. If you suspect that your account has been compromised or that your personal information has been misused, please contact us immediately at [email protected].

9. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Data Category Retention Period
Account Information Duration of account activity, plus 3 years after account closure
Order and Transaction History 7 years (for tax and legal compliance purposes)
Marketing Preferences and Opt-Out Records Until you withdraw consent, plus 3 years
Customer Service Communications 3 years from the date of last interaction
Website Usage and Analytics Data 26 months (anonymized thereafter)
Payment Records 7 years (as required by financial regulations)
Security and Fraud Logs 2 years from the date of creation

After the applicable retention period has expired, we will securely delete, destroy, or anonymize your personal information in accordance with our data disposal procedures.

10. Children's Privacy

Age Restriction: Our website and online services are intended for use by individuals who are 18 years of age or older. We do not knowingly collect personal information from children under the age of 18.

Cafe Rio does not knowingly collect, solicit, or maintain personal information from individuals under 18 years of age. Our loyalty program, online ordering platform, and account registration features are all designed and intended for adult users.

If we discover that we have inadvertently collected personal information from a child under 18, we will take prompt steps to delete that information from our systems. If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at [email protected].

This policy is consistent with the requirements of the Children's Online Privacy Protection Act (COPPA), which restricts the collection of personal information from children under 13. We go beyond the minimum COPPA requirement by restricting our services to users aged 18 and older.

11. International Data Transfers

Cafe Rio is based in the United States, and your personal information is primarily stored and processed within the United States. However, some of our third-party service providers may operate in other countries, which means your personal data may be transferred to, stored in, or processed in jurisdictions outside the United States.

When we transfer personal data internationally, we take appropriate steps to ensure that your information receives an adequate level of protection, including:

  • Entering into data processing agreements with third-party providers that include standard contractual protections
  • Using service providers that comply with recognized data protection frameworks
  • Implementing technical and organizational safeguards appropriate to the nature of the data being transferred

By using our services, you acknowledge and consent to the transfer of your personal information to the United States and potentially to other countries, where privacy laws may differ from those in your country of residence.

12. Third-Party Links and Services

Our website may contain links to third-party websites, social media platforms, or embedded content from third-party services (such as YouTube videos, Google Maps, or social media share buttons). This Privacy Policy applies only to information collected directly by Cafe Rio and does not govern the privacy practices of third-party websites or services.

We encourage you to review the privacy policies of any third-party sites or services you visit or interact with. We are not responsible for the privacy practices, content, or security of third-party websites.

13. Social Media and Online Reviews

When you interact with Cafe Rio on social media platforms such as Instagram, Facebook, X (formerly Twitter), or TikTok, your interactions are subject to the privacy policies of those platforms. If you tag us, post a review, or engage with our social media content, we may collect and use the information you share publicly, including your username, comments, photos, and other publicly visible content.

We may use third-party social media plugins or widgets on our website. When you interact with these widgets, the relevant social media platform may collect information about you, even if you are not logged in to that platform. Please review the privacy policies of these platforms for more information.

14. FTC Act Compliance and Consumer Protection

Cafe Rio is committed to complying with the Federal Trade Commission Act (FTC Act) and all applicable FTC guidelines, including those related to online privacy, data security, and unfair or deceptive trade practices. We strive to ensure that all representations we make about our privacy practices are accurate, clear, and not misleading.

We maintain reasonable security measures proportionate to the sensitivity of the information we collect, consistent with FTC guidance on data security. If you believe that we have engaged in any unfair or deceptive practice in connection with your personal information, you have the right to file a complaint with the FTC (see Section 16 below).

15. Do Not Track Signals

Some web browsers offer a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activities tracked. Our website does not currently respond to DNT signals because there is no consistent industry standard for how DNT signals should be interpreted. However, you can manage your tracking preferences through our cookie consent tool and by adjusting your browser settings.

Where required by applicable state law (such as the California Privacy Rights Act), we honor opt-out requests for cross-context behavioral advertising. Please contact us at [email protected] to submit such a request.

16. How to File a Complaint

If you have a concern or complaint about the way we handle your personal information, we encourage you to contact us first so that we can work to resolve your concern directly.

16.1 Contact Cafe Rio Directly

Please reach out to our Privacy Team:

We will acknowledge your complaint within 5 business days and aim to provide a substantive response within 30 days.

16.2 Federal Trade Commission (FTC)

If you are a United States resident and believe that Cafe Rio has violated your privacy rights or engaged in unfair or deceptive practices, you may file a complaint with the Federal Trade Commission (FTC):

  • Website: www.ftc.gov/complaint
  • Phone: 1-877-382-4357
  • Mail: Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580

16.3 California Residents — California Privacy Protection Agency (CPPA)

California residents may also file a complaint with the California Privacy Protection Agency (CPPA), the state agency responsible for enforcing the CCPA/CPRA:

16.4 California Residents — California Attorney General

California residents may also contact the California Attorney General's Office:

17. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, legal requirements, or business operations. When we make material changes to this policy, we will:

  • Update the "Last Updated" date at the top of this page
  • Post a prominent notice on our website
  • Send an email notification to registered users (where required by law or where we consider it appropriate)

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website or services following the posting of changes constitutes your acceptance of those changes.

18. Contact Information

If you have any questions, concerns, or requests related to this Privacy Policy or our data practices, please do not hesitate to contact us:

Cafe Rio — Privacy Team

Email: [email protected]

Website: rioscafe.rest

We are committed to responding to all privacy-related inquiries in a timely, respectful, and thorough manner. Your trust is important to us, and we take every inquiry seriously.

This Privacy Policy was last reviewed and updated on March 18, 2026. It supersedes all prior versions of Cafe Rio's privacy policy. If you have accessed a cached or archived version of this document, please visit rioscafe.rest for the most current version.