Privacy Policy
Welcome to Cafe Rio. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website caferiotaco.rest, place orders, sign up for loyalty programs, or otherwise interact with us. Please read this policy carefully. If you disagree with its terms, please discontinue use of our website and services.
This Privacy Policy applies to all information collected through our website (caferiotaco.rest), our mobile applications, in-store interactions, online ordering systems, and any related services, sales, marketing, or events (collectively referred to as the "Services").
1. Who We Are
Cafe Rio is a food and restaurant business operating in the United States. We take your privacy seriously and operate in compliance with applicable federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and the Federal Trade Commission Act (FTC Act), among other applicable regulations.
Contact Information
| Company Name | Cafe Rio |
|---|---|
| Website | caferiotaco.rest |
| [email protected] | |
| Address | United States |
2. Information We Collect
We collect information about you in a variety of ways depending on how you interact with our Services. The categories of personal information we may collect include the following:
2.1 Personal Information You Provide to Us
When you interact with Cafe Rio directly — whether by placing an order, creating an account, signing up for our newsletter, joining our loyalty program, or contacting us for support — you may voluntarily provide us with:
- Identity Information: First name, last name, username or similar identifiers.
- Contact Information: Email address, telephone number, billing address, delivery address, and postal code.
- Account Credentials: Passwords and similar security information used for authentication and account access.
- Payment Information: Credit or debit card numbers, billing details, and other financial information necessary to process transactions. Note: We do not store full payment card details; these are processed by our PCI-DSS compliant third-party payment processors.
- Order History and Preferences: Information about your food orders, dietary preferences, favorite menu items, and special instructions.
- Communications: Messages, feedback, reviews, and other content you send us via email, contact forms, or social media platforms.
- Loyalty Program Information: Membership status, rewards points, redemption history, and promotional eligibility.
2.2 Information Collected Automatically
When you access or use our website and digital services, we may automatically collect certain technical and usage data, including:
- Device Information: IP address, browser type and version, operating system, device type (desktop, mobile, tablet), unique device identifiers, and mobile network information.
- Usage Data: Pages visited, time spent on pages, links clicked, referring URLs, search queries entered on our website, and other behavioral data about how you navigate and interact with our Services.
- Location Data: General geographic location derived from your IP address, and if you grant permission, precise GPS-based location data from your mobile device to help you find nearby Cafe Rio locations.
- Transaction Data: Details about orders placed, payment methods used (excluding full card numbers), delivery preferences, and order fulfillment records.
- Log Data: Server logs that record access times, error reports, and other diagnostic information.
2.3 Cookies and Tracking Technologies
We use cookies, web beacons, pixel tags, local storage objects, and similar tracking technologies to collect information about your interactions with our website. These technologies help us operate the website, improve performance, and deliver relevant advertising. For more information about the specific cookies we use and how to manage your preferences, please see Section 8 (Cookie Usage) of this policy.
2.4 Information From Third Parties
We may receive information about you from third-party sources, including:
- Social Media Platforms: If you connect your social media account to our Services or interact with our social media pages, we may receive profile information consistent with your social media privacy settings.
- Delivery Partners: Third-party delivery platforms (such as DoorDash, Uber Eats, or Grubhub) may share order and contact information necessary to fulfill your delivery.
- Analytics Providers: Services such as Google Analytics may provide us with aggregated and segmented information about website visitor behavior.
- Marketing Partners: We may receive data from advertising partners to better target our marketing efforts and measure campaign effectiveness.
3. How We Use Your Information
We use the information we collect about you for a variety of legitimate business purposes. Specifically, we use your data to:
3.1 Provide and Manage Our Services
- Process and fulfill your food orders, whether placed online, via our app, or through third-party delivery platforms.
- Create and manage your customer account and loyalty program membership.
- Process payments and send you order confirmations, receipts, and delivery updates.
- Respond to your inquiries, complaints, and customer support requests.
- Manage reservations, catering orders, and other special service requests.
3.2 Improve and Personalize Our Services
- Analyze how customers use our website and services in order to improve functionality, usability, and user experience.
- Personalize your experience by recommending menu items based on your past order history and stated preferences.
- Conduct internal research, testing, and quality assurance activities.
- Develop new products, services, and menu offerings based on customer behavior and feedback.
3.3 Marketing and Communications
- Send you promotional emails, newsletters, special offers, and information about new menu items, provided you have opted in to receive such communications or we have a legitimate interest to do so under applicable law.
- Deliver targeted advertisements on our website, third-party websites, and social media platforms based on your browsing behavior and order history.
- Notify you about loyalty program rewards, special member promotions, and exclusive events.
- Conduct surveys, sweepstakes, contests, and other promotional activities.
You have the right to opt out of marketing communications at any time. Please see Section 7 (Your Rights and Choices) for instructions.
3.4 Legal and Compliance Purposes
- Comply with applicable federal, state, and local laws and regulations.
- Respond to lawful requests from law enforcement authorities, courts, or government agencies.
- Enforce our Terms of Service and other applicable policies.
- Detect, prevent, and investigate fraud, security breaches, abuse of our Services, and other potentially illegal activities.
- Protect the rights, property, and safety of Cafe Rio, our customers, and the general public.
3.5 Business Operations
- Manage our day-to-day business operations, including accounting, auditing, and record-keeping.
- Facilitate mergers, acquisitions, restructuring, or other business transactions.
- Train our staff and improve operational efficiency.
4. How We Share Your Information
We do not sell, rent, or trade your personal information to unaffiliated third parties for their own independent marketing purposes without your explicit consent. However, we may share your information in the following limited circumstances:
4.1 Service Providers and Business Partners
We engage trusted third-party companies and individuals to perform services on our behalf. These service providers are given access to your personal information only to the extent necessary to perform their functions and are contractually obligated to maintain the confidentiality and security of your data. Such service providers include:
- Payment processors and fraud prevention services.
- Online ordering platforms and delivery fulfillment partners.
- Email marketing and customer communication platforms.
- Website hosting, cloud computing, and IT infrastructure providers.
- Analytics and reporting services.
- Loyalty program management platforms.
- Customer relationship management (CRM) software providers.
- Legal, accounting, and professional advisory firms.
4.2 Third-Party Delivery Platforms
If you place an order through a third-party delivery platform (such as DoorDash, Grubhub, Uber Eats, or similar services), your information will also be subject to that platform's privacy policy. We encourage you to review those policies before placing an order through third-party channels.
4.3 Legal Obligations and Law Enforcement
We may disclose your personal information if we believe in good faith that such disclosure is necessary to:
- Comply with a legal obligation, court order, subpoena, or government request.
- Enforce our Terms of Service or other agreements.
- Protect and defend the rights or property of Cafe Rio.
- Prevent or investigate possible wrongdoing in connection with the Services.
- Protect the personal safety of users of the Services or the public.
- Protect against legal liability.
4.4 Business Transfers
In the event that Cafe Rio undergoes a merger, acquisition, reorganization, bankruptcy, asset sale, or similar corporate transaction, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
4.5 With Your Consent
We may share your personal information with third parties when you have given us your explicit consent to do so, such as when you participate in a joint promotion or co-branded program with one of our partners.
5. Data Security
We take the security of your personal information seriously and implement a range of technical, administrative, and physical safeguards designed to protect your data from unauthorized access, disclosure, alteration, or destruction. Our security measures include:
- Encryption: We use Secure Socket Layer (SSL) / Transport Layer Security (TLS) encryption to protect data transmitted between your browser and our servers.
- Access Controls: We restrict access to personal information to employees, contractors, and service providers who have a legitimate need to know such information in order to perform their job functions. These individuals are bound by confidentiality obligations.
- Secure Payment Processing: All payment transactions are processed through PCI-DSS compliant third-party payment processors. We do not store full credit or debit card numbers on our systems.
- Regular Security Audits: We periodically review and test our security practices and infrastructure to identify and address potential vulnerabilities.
- Data Minimization: We collect only the personal information that is necessary for the purposes described in this policy and do not retain it longer than necessary.
- Incident Response: We maintain a data breach response plan and will notify affected users and applicable authorities in the event of a security incident, as required by law.
6. Data Retention
We retain your personal information for as long as is necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. The specific retention periods we apply vary depending on the type of data and the purpose for which it was collected:
| Data Category | Retention Period |
|---|---|
| Customer account information | Duration of account plus 3 years after closure |
| Order and transaction records | 7 years (for tax and accounting compliance) |
| Marketing and communication preferences | Until opt-out plus 1 year |
| Website usage and analytics data | Up to 26 months |
| Cookie and tracking data | As specified in individual cookie settings (session to 2 years) |
| Customer support correspondence | 3 years from date of last interaction |
| Legal and compliance records | As required by applicable law (typically 7 years) |
| Loyalty program data | Duration of membership plus 2 years |
When your personal information is no longer needed, we will securely delete or anonymize it in accordance with our internal data retention and disposal procedures.
7. Your Rights and Choices
Depending on your location and applicable law, you may have certain rights regarding your personal information. We are committed to honoring these rights and providing you with meaningful control over your data.
7.1 Rights Under the California Consumer Privacy Act (CCPA/CPRA)
If you are a California resident, you have the following rights under the CCPA as amended by the CPRA:
- Right to Know: You have the right to request that we disclose what personal information we have collected about you, the sources of that information, our business purposes for collecting it, and the categories of third parties with whom we share it.
- Right to Access: You have the right to request a copy of the specific pieces of personal information we hold about you.
- Right to Deletion: You have the right to request that we delete personal information we have collected from you, subject to certain exceptions (such as information we are legally required to retain).
- Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you.
- Right to Opt Out of Sale or Sharing: We do not sell your personal information for monetary consideration. However, certain uses of cookies and analytics tools may constitute "sharing" under the CPRA. You have the right to opt out of such sharing for cross-context behavioral advertising purposes.
- Right to Limit Use of Sensitive Personal Information: You have the right to limit our use of sensitive personal information to purposes necessary for providing the Services.
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights. We will not deny you goods or services, charge different prices, or provide a different level of service quality because you exercised a right under the CCPA/CPRA.
7.2 General Privacy Rights (All Users)
- Right to Opt Out of Marketing: You may opt out of receiving promotional emails by clicking the "unsubscribe" link at the bottom of any marketing email or by contacting us at [email protected]. Note that even if you opt out of marketing communications, we may still send you transactional messages (e.g., order confirmations, receipts).
- Right to Account Management: You may update, correct, or delete your account information by logging into your account on our website or contacting us directly.
- Cookie Preferences: You may manage your cookie preferences through our cookie consent tool or your browser settings. See Section 8 for more details.
- Do Not Track: Some browsers transmit "Do Not Track" (DNT) signals. Our website does not currently respond to DNT signals, but you can use the cookie management tools described in Section 8 to limit tracking.
7.3 How to Submit a Privacy Request
To exercise any of the rights described above, please contact us using one of the following methods:
- Email: [email protected]
- Website: caferiotaco.rest
We will acknowledge receipt of your request within 10 business days and respond to your request within 45 calendar days. If we require additional time (up to 90 days total), we will inform you in writing. We may ask you to verify your identity before processing your request to protect your privacy and prevent fraudulent requests.
You may designate an authorized agent to submit a request on your behalf. The authorized agent must provide written proof of authorization, and we may require you to verify your identity directly with us.
8. Cookie Usage
Our website uses cookies and similar tracking technologies to improve functionality, analyze performance, and deliver personalized content and advertising. Cookies are small text files stored on your device when you visit our website.
8.1 Types of Cookies We Use
- Strictly Necessary Cookies: These are essential for the website to function properly. They enable core features such as shopping cart functionality, secure login, and order processing.
- Performance and Analytics Cookies: These cookies collect information about how visitors use our website, such as which pages are visited most often. We use this data to improve website performance. (e.g., Google Analytics)
- Functional Cookies: These cookies allow the website to remember your preferences (such as your saved address or language settings) to provide a more personalized experience.
- Targeting and Advertising Cookies: These cookies track your browsing habits to deliver relevant advertisements and measure the effectiveness of our marketing campaigns.
8.2 Managing Your Cookie Preferences
You can control and manage cookies in several ways:
- Use our cookie consent tool displayed when you first visit our website to accept or reject non-essential cookies.
- Adjust your browser settings to block or delete cookies. Note that disabling certain cookies may impact the functionality of our website.
- Opt out of interest-based advertising through the Network Advertising Initiative (NAI) or the Digital Advertising Alliance (DAA).
For a full list of cookies we use, their purposes, and their retention periods, please refer to our Cookie Policy, available on our website at caferiotaco.rest.
9. Children's Privacy
Cafe Rio's website and online ordering services are not directed at children under the age of 18. We do not knowingly collect, use, or disclose personal information from individuals under 18 years of age. If you are a parent or legal guardian and you believe your child has provided us with personal information without your consent, please contact us immediately at [email protected].
If we discover that we have inadvertently collected personal information from a child under the age of 18, we will promptly take steps to delete that information from our systems. We comply with the Children's Online Privacy Protection Act (COPPA) and do not knowingly allow children under 13 to register for accounts or use our Services without verifiable parental consent.
We encourage parents and guardians to monitor their children's online activities and to help enforce this policy by instructing their children never to provide personal information through our website without parental permission.
10. International Data Transfers
Cafe Rio is based in the United States and primarily processes data within the United States. However, some of our third-party service providers may be located in or operate from other countries. If your personal information is transferred outside of the United States, we take steps to ensure that appropriate safeguards are in place to protect your information in accordance with applicable law.
If you are accessing our Services from outside the United States, please be aware that your personal information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. The data protection laws in these countries may differ from those in your home country.
By using our Services, you consent to the transfer of your personal information to the United States and other countries as described in this policy. We will always handle your personal information in accordance with this Privacy Policy, regardless of where it is processed.
11. Third-Party Links and Services
Our website may contain links to third-party websites, social media platforms, delivery applications, and other online services that are not operated by Cafe Rio. When you click on a third-party link, you will be directed to that third party's website. We strongly advise you to review the privacy policy of every website you visit.
We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites or services. The inclusion of a link to a third-party website does not imply our endorsement of that website or its privacy practices.
12. California-Specific Disclosures
In addition to the rights described in Section 7, California residents may have additional rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), effective January 1, 2023.
12.1 Categories of Personal Information Collected
Under the CCPA, we have collected the following categories of personal information from consumers within the preceding 12 months:
| Category | Collected |
|---|---|
| Identifiers (name, email, phone, IP address) | Yes |
| Customer records (address, payment info) | Yes |
| Commercial information (purchase history) | Yes |
| Internet/electronic network activity (browsing, search history) | Yes |
| Geolocation data | Yes (with consent) |
| Inferences drawn from personal information | Yes |
| Sensitive personal information | Limited (dietary preferences only) |
| Biometric information | No |
| Audio, visual, or similar information | No |
| Professional or employment-related information | No |
12.2 Shine the Light Law
California Civil Code Section 1798.83 (the "Shine the Light" law) permits California residents to request information about personal information disclosed to third parties for direct marketing purposes. To make such a request, please contact us at [email protected].
13. How to File a Complaint
If you believe that Cafe Rio has violated your privacy rights or failed to handle your personal information in accordance with applicable law, you have several options for filing a complaint:
13.1 Contact Us Directly
We encourage you to contact us first so that we can work to resolve your concern:
- Email: [email protected]
- Website: caferiotaco.rest
We will investigate all complaints and respond within 30 days.
13.2 File a Complaint With the California Privacy Protection Agency (CPPA)
If you are a California resident and are not satisfied with our response, you may file a complaint with the California Privacy Protection Agency (CPPA):
- Website: cppa.ca.gov
- Address: 2101 Arena Boulevard, Sacramento, CA 95834
13.3 File a Complaint With the Federal Trade Commission (FTC)
If you believe there has been a violation of federal consumer protection law, including unfair or deceptive privacy practices, you may file a complaint with the Federal Trade Commission (FTC):
- Website: reportfraud.ftc.gov
- Phone: 1-877-FTC-HELP (1-877-382-4357)
13.4 State Attorney General
You may also file a complaint with the Attorney General of your state of residence. Most states have consumer protection offices that handle privacy-related complaints.
14. Changes to This Privacy Policy
We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, legal requirements, or business operations. When we make material changes to this policy, we will:
- Update the "Last Updated" date at the top of this page.
- Post a prominent notice on our website notifying users of the change.
- Send an email notification to registered account holders (where required by law or where the changes are material).
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our Services after any changes to this policy will constitute your acknowledgment of the changes and your consent to abide by the updated policy.
If we make changes that materially affect your rights or how we use your personal information, we will obtain fresh consent where legally required.
15. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us:
Cafe Rio — Privacy Inquiries
| Company | Cafe Rio |
|---|---|
| [email protected] | |
| Website | caferiotaco.rest |
| Country | United States |
We are committed to working with you to obtain a fair resolution of any privacy concern or complaint. We will make every effort to respond to your inquiry promptly and to address your concerns in a respectful and professional manner.
This Privacy Policy was last updated on June 21, 2026. All previous versions of this policy are superseded by this document.