Privacy Policy

Effective Date: April 3, 2026 | Last Updated: April 3, 2026

Welcome to Cafe Rio. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website rioscafes.click, place orders, use our services, or interact with us in any way. Please read this policy carefully. If you disagree with its terms, please discontinue use of our site and services.

This Privacy Policy applies to all information collected through our website, mobile applications, in-store interactions, loyalty programs, online ordering platforms, and any related services, sales, marketing, or events (collectively referred to as the "Services").

1. Who We Are

Cafe Rio is a food service business operating in the United States. We operate the website located at rioscafes.click and provide food and beverage services to our customers. For the purposes of this Privacy Policy, "we," "us," and "our" refer to Cafe Rio.

Contact Information

Business Name	Cafe Rio
Website	rioscafes.click
Email Address	[email protected]

If you have any questions, concerns, or requests regarding this Privacy Policy, you may contact us at any time using the email address listed above.

2. Information We Collect

We collect information about you in a variety of ways depending on how you interact with us. Below is a detailed breakdown of the categories of information we may collect.

2.1 Personal Information You Provide Directly

When you interact with our Services — such as creating an account, placing an order, signing up for our newsletter, joining a loyalty program, contacting customer support, or participating in a promotion — you may voluntarily provide us with personal information, including but not limited to:

Identification Information: Full name, username, and similar identifiers.
Contact Information: Email address, telephone number, mailing address, and billing address.
Payment Information: Credit card numbers, debit card numbers, and other financial information. Note: We do not store full payment card details on our servers; these are processed by PCI-DSS compliant third-party payment processors.
Account Credentials: Username, password, and security question answers used to create and protect your account.
Order History: Details about the food and beverage items you have ordered, your preferences, and dietary restrictions you choose to share.
Loyalty Program Data: Participation details, rewards points balance, redemption history, and related preferences.
Communications: Content of messages, feedback, survey responses, and reviews you submit to us.
Marketing Preferences: Your choices regarding receiving promotional communications from us.

2.2 Information Collected Automatically

When you visit our website or use our digital services, certain information is collected automatically through cookies, web beacons, pixels, log files, and similar technologies. This information may include:

Device Information: IP address, device type, operating system version, browser type and version, device identifiers, and hardware model.
Usage Data: Pages viewed, links clicked, search queries entered on our site, time spent on pages, referring URLs, and exit pages.
Location Data: General geographic location based on IP address. If you use a mobile device and grant permission, we may collect more precise GPS-based location data to help you find the nearest Cafe Rio location.
Cookies and Tracking Technologies: Persistent and session cookies, pixel tags, and similar tracking tools. Please see Section 8 of this Policy for more information about our use of cookies.
Log Data: Server logs that record your requests to our server, including date and time of access, and error reports.

2.3 Information from Third Parties

We may receive information about you from third parties, including:

Social Media Platforms: If you connect your social media account to our Services or log in using a social media account (e.g., Facebook, Google), we may receive certain profile information from that platform, subject to your privacy settings on that platform.
Business Partners and Delivery Platforms: If you place an order through a third-party food delivery app or aggregator platform, we may receive order and contact information from that partner.
Analytics Providers: We may receive aggregated and anonymized data from analytics providers to help us understand how users interact with our Services.
Advertising Partners: We may receive information to help us understand the effectiveness of advertising campaigns.

2.4 Sensitive Personal Information

We do not intentionally collect sensitive categories of personal information such as Social Security numbers, government-issued ID numbers, racial or ethnic origin, political opinions, religious beliefs, or health information, unless specifically required and you voluntarily provide it (for example, severe allergy information when placing an order). Any such information will be treated with additional safeguards.

3. How We Use Your Information

We use the information we collect for a variety of business and operational purposes, including:

3.1 Service Provision and Order Fulfillment

Processing and fulfilling your food orders, including in-store, online, or through delivery services.
Creating and managing your account on our website.
Sending you order confirmations, receipts, and updates.
Managing your participation in loyalty programs and rewards.
Processing payments and preventing fraudulent transactions.
Providing customer support and responding to your inquiries and complaints.

3.2 Personalization and User Experience

Remembering your preferences, dietary notes, and past orders to streamline future interactions.
Providing personalized content, offers, and recommendations based on your order history and preferences.
Customizing your experience on our website and applications.

3.3 Marketing and Communications

Sending you promotional emails, newsletters, and special offers about our menu, events, and promotions, where you have consented to receive such communications or where permitted by applicable law.
Conducting contests, sweepstakes, and promotions and communicating results to participants.
Displaying targeted advertisements on our site or on third-party platforms based on your preferences and browsing behavior.

3.4 Analytics and Business Improvement

Analyzing usage patterns and trends to improve our website, mobile app, menu offerings, and overall customer experience.
Conducting internal research and data analysis to better understand our customer base.
Measuring the effectiveness of our marketing campaigns and promotional activities.
Developing new products, services, and features.

3.5 Legal and Compliance Purposes

Complying with applicable federal and state laws and regulations.
Responding to lawful requests from government authorities or law enforcement agencies.
Enforcing our Terms of Service and other agreements.
Protecting the rights, property, and safety of Cafe Rio, our employees, customers, and the public.
Detecting, investigating, and preventing fraudulent, harmful, unauthorized, or illegal activities.

4. How We Share Your Information

We do not sell, rent, or trade your personal information for monetary consideration. However, we may share your information in certain circumstances as described below.

4.1 Service Providers and Business Partners

We engage third-party companies and individuals to perform functions on our behalf. These service providers have access to personal information only as necessary to perform their tasks and are contractually obligated to maintain the confidentiality and security of your data. Categories of service providers include:

Payment processors and financial institutions
Cloud hosting and data storage providers
Email and communications platforms
Food delivery and logistics partners
Customer relationship management (CRM) software providers
Marketing and advertising technology providers
Analytics and reporting service providers
Cybersecurity and fraud prevention vendors

4.2 Legal Requirements and Protection of Rights

We may disclose your information if we believe in good faith that such disclosure is necessary to:

Comply with a legal obligation, court order, or valid legal process under applicable federal or state law.
Respond to requests from governmental or regulatory authorities, including law enforcement.
Protect and defend the legal rights or property of Cafe Rio.
Prevent or investigate possible wrongdoing in connection with our Services.
Protect the personal safety of users or the public.

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, dissolution, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

4.4 Aggregated and De-Identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you with third parties for research, marketing, analytics, or other purposes. This information is not considered personal information under applicable law.

4.5 With Your Consent

We may share your personal information with other third parties when you give us your express consent to do so.

5. Data Security

We take the security of your personal information seriously and implement a range of technical, administrative, and physical safeguards designed to protect your information from unauthorized access, use, alteration, and disclosure. Our security measures include:

Encryption: We use Secure Socket Layer (SSL) / Transport Layer Security (TLS) encryption to protect data transmitted between your browser and our servers.
Access Controls: Access to personal information is restricted to authorized personnel who need it to perform their job functions. All employees with access to personal data are trained on data privacy and security practices.
Secure Payment Processing: All payment transactions are processed through PCI-DSS compliant third-party processors. We do not store full credit card numbers on our own servers.
Regular Security Audits: We conduct periodic security assessments and vulnerability testing of our systems and applications.
Incident Response: We maintain an incident response plan to address data breaches and security incidents promptly and in accordance with applicable notification laws.
Data Minimization: We collect only the information necessary for the purposes described in this Policy.

Important Notice: Despite our best efforts, no method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. You are responsible for maintaining the confidentiality of your account credentials.

6. Your Privacy Rights

Depending on your state of residence, you may have certain rights regarding your personal information under applicable United States law. We are committed to honoring these rights.

6.1 Rights Under the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA)

If you are a California resident, you have the following rights under the CCPA and CPRA:

Right to Know: You have the right to request that we disclose what personal information we have collected about you, the categories of sources, the business purpose for collection, and the categories of third parties with whom we share it.
Right to Delete: You have the right to request that we delete personal information we have collected from you, subject to certain exceptions.
Right to Correct: You have the right to request correction of inaccurate personal information we maintain about you.
Right to Opt-Out of Sale or Sharing: You have the right to direct us not to sell or share your personal information with third parties. We do not sell personal information for monetary consideration. However, if we engage in cross-context behavioral advertising, you may opt out of such sharing.
Right to Limit Use of Sensitive Personal Information: You may have the right to limit how we use and disclose sensitive personal information.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you services, charge different prices, or provide a different quality of service because you exercised your privacy rights.

6.2 Rights Available to All U.S. Residents

Regardless of your state of residence, we offer all users the following rights as part of our commitment to privacy best practices:

Right of Access: You may request a copy of the personal information we hold about you.
Right to Correction: You may request that we correct inaccurate or incomplete personal information about you.
Right to Deletion: You may request that we delete your personal information, subject to certain legal and operational exceptions.
Right to Data Portability: Where technically feasible, you may request that we provide your personal data in a commonly used, machine-readable format.
Right to Opt-Out of Marketing: You may opt out of receiving promotional communications from us at any time by clicking the "unsubscribe" link in any marketing email or by contacting us directly.

6.3 How to Exercise Your Rights

To exercise any of the rights described in this section, please contact us at:

Email: [email protected]

We will respond to verifiable requests within 45 days as required under California law, with the possibility of a one-time 45-day extension where necessary. We may need to verify your identity before processing your request to protect the security of your information. We will not charge a fee for responding to your request unless it is excessive, repetitive, or manifestly unfounded.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by applicable law. Our data retention practices are as follows:

Category of Data	Retention Period
Account and registration data	Duration of the account relationship, plus 3 years after account closure
Order and transaction records	7 years (for tax, legal, and accounting compliance)
Customer support communications	3 years from the date of the last interaction
Marketing preferences and consent records	Until opt-out, plus 3 years for compliance records
Website usage and analytics data	26 months in aggregate or anonymized form
Payment processing data	As required by PCI-DSS and applicable financial regulations
Loyalty program data	Duration of program participation, plus 2 years after program termination

When personal information is no longer needed for the purposes described above, we will either delete it securely or anonymize it so that it can no longer be associated with you.

8. Cookies and Tracking Technologies

Our website uses cookies, web beacons, pixels, local storage, and similar tracking technologies to enhance your experience, analyze site performance, and deliver personalized content and advertisements.

8.1 Types of Cookies We Use

Strictly Necessary Cookies: These cookies are essential for the operation of our website, enabling core functions such as page navigation, security, and access to secure areas of the site.
Performance and Analytics Cookies: These cookies collect information about how visitors use our website, including which pages are most frequently visited and whether visitors encounter error messages. This helps us improve the performance and functionality of our site.
Functionality Cookies: These cookies allow our website to remember choices you make, such as your language preferences, saved items in your cart, and login status.
Targeting and Advertising Cookies: These cookies are used to deliver advertisements more relevant to you and your interests, and to limit how many times you see an advertisement.

8.2 Managing Cookies

You can control and manage cookies in the following ways:

Adjusting your browser settings to refuse all or some cookies. Please note that disabling cookies may affect the functionality of our website.
Using opt-out tools provided by third-party analytics and advertising networks, such as Google Analytics Opt-Out (tools.google.com/dlpage/gaoptout).
Using the Digital Advertising Alliance's opt-out tool at optout.aboutads.info.

For more detailed information about the cookies we use and your choices regarding cookies, please refer to our full Cookie Policy, which is incorporated into this Privacy Policy by reference.

9. Children's Privacy

Our Services are intended for individuals who are 18 years of age or older. We do not knowingly collect, use, or disclose personal information from children under the age of 13, as required by the Children's Online Privacy Protection Act (COPPA), or from individuals under the age of 18 without verifiable parental consent.

If you are a parent or guardian and believe that your child under the age of 13 has provided us with personal information without your consent, please contact us immediately at [email protected]. We will take prompt steps to delete such information from our records. We do not target our marketing or Services to children, and our online ordering and account registration features are not designed for use by minors.

If we learn that we have inadvertently collected personal information from a child under 13, we will delete that information as quickly as possible. If you believe we might have any information from or about a child, please contact us using the information provided in this Policy.

10. Third-Party Websites and Links

Our website may contain links to third-party websites, applications, or services that are not owned or controlled by Cafe Rio. This Privacy Policy applies solely to information collected by our website and Services. We have no control over and assume no responsibility for the privacy practices, content, or security of any third-party sites. We encourage you to review the privacy policies of any third-party websites you visit. The inclusion of a link on our website does not imply our endorsement of the linked site.

Third-party services we commonly integrate with include, but are not limited to:

Google Analytics (analytics)
Facebook Pixel (advertising)
Payment processing platforms
Food delivery aggregator platforms
Social media platforms (for login or social sharing features)

11. International Data Transfers

Cafe Rio is headquartered and operates in the United States. The information we collect is primarily processed and stored in the United States. If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located and our central database is operated.

The data protection laws of the United States may differ from those in your country of residence. By using our Services, you acknowledge and consent to the transfer of your information to the United States. We take appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Policy. If you have questions about international data transfers, please contact us at [email protected].

12. Applicable Law and Regulatory Framework

This Privacy Policy is governed by and construed in accordance with the laws of the United States of America. Our privacy practices are designed to comply with applicable federal and state privacy laws, including but not limited to:

Federal Trade Commission Act (FTC Act), 15 U.S.C. § 45: We comply with the FTC's guidelines on unfair or deceptive acts or practices, including our obligations regarding consumer privacy and data security.
Children's Online Privacy Protection Act (COPPA), 15 U.S.C. §§ 6501–6506: We do not knowingly collect personal information from children under 13.
CAN-SPAM Act, 15 U.S.C. § 7701 et seq.: All commercial email communications comply with the requirements of the CAN-SPAM Act, including clear identification of the sender and a valid opt-out mechanism.
California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA): Where applicable, we comply with CCPA/CPRA requirements for California residents, including rights of access, deletion, correction, and opt-out of sale/sharing.
State Privacy Laws: We monitor and aim to comply with other applicable state privacy laws, including those enacted in Virginia (CDPA), Colorado (CPA), Connecticut (CTDPA), Texas, and other states with comprehensive consumer privacy legislation.

13. Do Not Track Signals

Some web browsers offer a "Do Not Track" (DNT) feature that signals to websites you visit that you do not want your online browsing activities tracked. Our website does not currently respond to DNT browser signals or similar mechanisms, as there is no industry standard for how websites should respond to such signals. We will continue to monitor developments in this area and update our practices accordingly. You may use the cookie management tools described in Section 8 to manage your tracking preferences.

14. Marketing Communications and Opt-Out

With your consent, or where otherwise permitted by applicable law, we may send you promotional and marketing communications about our products, special offers, loyalty rewards, new menu items, and events. You have the right to opt out of receiving marketing communications from us at any time.

14.1 How to Opt Out of Marketing Emails

Click the "Unsubscribe" link at the bottom of any marketing email we send you.
Log into your account on our website and update your communication preferences.
Contact us directly at [email protected] with the subject line "Unsubscribe."

Please note that even if you opt out of marketing communications, we will still send you transactional and service-related messages necessary to fulfill your orders and manage your account, such as order confirmations, receipts, and important updates about our Services.

15. How to File a Complaint

If you believe that your privacy rights have been violated or that we have not adequately addressed your concerns, you have several avenues available to you.

15.1 Contact Us Directly

We encourage you to contact us first so that we may address your concern promptly and effectively. You can reach our privacy team at:

Email: [email protected]
Website: rioscafes.click

We will acknowledge receipt of your complaint within 10 business days and aim to fully resolve your complaint within 45 days.

15.2 Complaints to the Federal Trade Commission (FTC)

If you believe our data practices constitute an unfair or deceptive act or practice under federal law, you may file a complaint with the United States Federal Trade Commission (FTC):

Website: www.ftc.gov/contact
Phone: 1-877-FTC-HELP (1-877-382-4357)
Mail: Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, D.C. 20580

15.3 Complaints for California Residents — California Attorney General

California residents who believe their rights under the CCPA or CPRA have been violated may file a complaint with the California Privacy Protection Agency (CPPA) or the Office of the California Attorney General:

California Privacy Protection Agency: cppa.ca.gov
California Attorney General: oag.ca.gov/privacy

15.4 Complaints for Residents of Other States

Residents of other states with applicable privacy laws may file complaints with their respective state attorneys general or applicable data protection regulatory bodies. We encourage you to consult your state's official government website for guidance on how to file a privacy-related complaint.

16. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, technologies, legal requirements, or for other operational, legal, or regulatory reasons. When we make material changes to this Policy, we will notify you by:

Posting the updated Privacy Policy on this page with a new "Last Updated" date at the top.
Sending you an email notification to the address on file with your account (where applicable).
Displaying a prominent notice on our website homepage.

Your continued use of our Services after the effective date of any updated Privacy Policy constitutes your acknowledgment of the modifications and your consent to abide and be bound by the updated Policy. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

17. Contact Us

If you have any questions, comments, concerns, or requests regarding this Privacy Policy or our privacy practices, please do not hesitate to contact us. We are committed to addressing your inquiries promptly and transparently.

Business Name	Cafe Rio
Privacy Inquiries Email	[email protected]
Website	rioscafes.click

Acknowledgment: By using our website and Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree to this Privacy Policy, please do not use our Services.

This Privacy Policy was last updated on April 3, 2026 and is effective as of that date.