Privacy Policy

Effective Date: April 15, 2026 | Last Updated: April 15, 2026

Welcome to Cafe Rio. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website cafexrio.click, place orders, use our services, or otherwise interact with us. Please read this policy carefully. If you disagree with the terms of this Privacy Policy, please discontinue use of our website and services immediately.

This Privacy Policy applies to all users located in the United States and is designed to comply with applicable federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other applicable U.S. federal and state regulations.

1. About Us

Cafe Rio is a food service business operating through the website cafexrio.click. We provide food ordering, delivery coordination, catering inquiries, loyalty programs, and related services to our customers.

Business Name	Cafe Rio
Website	cafexrio.click
Email Address	[email protected]
Location	United States

2. Information We Collect

We collect various types of information in connection with your use of our website and services. The categories of personal information we collect are described below.

2.1 Personal Information You Provide to Us

When you interact with Cafe Rio — whether by creating an account, placing an order, signing up for our newsletter, contacting customer support, or participating in promotions — you may voluntarily provide us with personal information, including but not limited to:

Contact Information: Full name, email address, phone number, mailing address, and delivery address.
Account Credentials: Username, password, and security questions (stored in encrypted form).
Order Information: Food preferences, dietary restrictions or allergies, special instructions, order history, and purchase records.
Payment Information: Credit card numbers, debit card numbers, billing address, and other financial information necessary to process your payment. Note that we do not store full payment card details — these are processed securely through third-party payment processors.
Communication Data: Messages, feedback, reviews, survey responses, and other communications you send to us directly.
Loyalty Program Data: Points balance, redemption history, and promotional eligibility details if you participate in our rewards programs.
Catering and Event Information: Event date, venue address, guest count, menu selections, and special requirements for catering orders.

2.2 Information Collected Automatically

When you visit or use our website cafexrio.click, we automatically collect certain technical and usage information through cookies, web beacons, pixels, and similar tracking technologies. This information includes:

Device Information: IP address, device type (desktop, mobile, tablet), operating system, browser type and version, screen resolution, and unique device identifiers.
Usage Data: Pages visited, time and date of visits, time spent on each page, links clicked, referring URLs, exit pages, and navigation paths through our website.
Log Data: Server logs that record your interactions with our website, including error reports, system activity, and timestamps.
Location Data: General geographic location derived from your IP address. If you grant permission, we may also collect more precise GPS-based location data to facilitate delivery services or suggest nearby Cafe Rio locations.
Cookie and Tracking Data: Information collected through cookies, session tokens, pixel tags, and web analytics tools about your browsing behavior and preferences.

2.3 Information from Third Parties

We may receive information about you from third-party sources, which we may combine with information we already hold about you. These sources include:

Social Media Platforms: If you connect your social media account (such as Facebook, Google, or Instagram) to your Cafe Rio account or log in using social authentication, we receive profile information such as your name, profile photo, and email address.
Delivery Partners: Third-party delivery platforms and courier services that fulfill orders on our behalf may share order status updates and delivery confirmation information with us.
Marketing and Analytics Partners: We may receive aggregated demographic and behavioral data from advertising networks and analytics providers to help us better understand our customer base.
Payment Processors: Our payment processors confirm transaction status and may share fraud prevention signals with us.
Review Platforms: Publicly available reviews and ratings you post on third-party food review platforms may be accessed by us for service improvement purposes.

2.4 Sensitive Personal Information

In some cases, we may collect information that is considered sensitive under applicable law. For our food business, this may include dietary restrictions and food allergy information that you voluntarily provide when placing orders. We use this information strictly for the purpose of fulfilling your order safely and do not use it for advertising or profiling purposes beyond what is necessary to serve you.

3. How We Use Your Information

We use the personal information we collect for a variety of legitimate business purposes. Below is a detailed explanation of how your data is used:

3.1 Service Provision and Order Fulfillment

Processing and confirming your food orders, including online orders and catering requests.
Coordinating delivery services and communicating delivery status updates.
Managing your account, including preferences, order history, and loyalty points.
Processing payments securely through our payment service providers.
Sending order confirmation emails, receipts, and delivery notifications.
Responding to your customer service inquiries, complaints, and requests.

3.2 Personalization and User Experience

Personalizing your experience on our website based on your order history and preferences.
Recommending menu items based on your previous orders and stated preferences.
Remembering your dietary restrictions and delivery addresses for faster checkout.
Tailoring content, promotions, and offers relevant to your interests and location.

3.3 Marketing and Communications

Sending promotional emails, newsletters, and special offers if you have opted in to receive marketing communications.
Notifying you about new menu items, seasonal specials, limited-time offers, and events.
Conducting sweepstakes, contests, or surveys that you choose to participate in.
Serving targeted advertisements on third-party platforms based on your interests and browsing behavior, subject to your consent where required.
Measuring the effectiveness of our marketing campaigns.

Opt-Out: You may opt out of receiving marketing emails at any time by clicking the "Unsubscribe" link in any promotional email we send, or by contacting us directly at [email protected]. Opting out of marketing communications will not affect transactional or service-related communications.

3.4 Analytics and Business Improvement

Analyzing website traffic, user behavior, and engagement metrics to improve our website design and functionality.
Understanding customer preferences and trends to improve our menu offerings and services.
Conducting internal research and development to enhance our products, services, and operations.
Generating aggregated, anonymized statistical reports about our customer base.

3.5 Legal, Safety, and Compliance Purposes

Complying with applicable laws, regulations, court orders, and government requests.
Enforcing our Terms of Service and other agreements.
Detecting, investigating, and preventing fraudulent transactions, abuse, and other illegal activities.
Protecting the rights, property, and safety of Cafe Rio, our customers, employees, and the public.
Verifying the identity of users and preventing unauthorized access to accounts.

4. How We Share Your Information

We do not sell your personal information to third parties. We do not share your personal information with third parties for their own direct marketing purposes without your explicit consent. However, we may share your information in the following limited circumstances:

4.1 Service Providers and Business Partners

We engage trusted third-party companies and individuals to perform services on our behalf. These service providers have access to your personal information only to the extent necessary to perform their functions and are contractually obligated to maintain the confidentiality and security of your data. Our service providers include:

Payment Processors: To securely process credit card and debit card transactions.
Delivery Partners: Third-party courier and delivery services that physically deliver your orders.
Cloud Hosting Providers: Companies that host our website infrastructure and databases.
Email Service Providers: Platforms that send transactional and marketing emails on our behalf.
Analytics Providers: Services such as Google Analytics that help us understand website usage.
Customer Support Tools: Platforms that manage customer service tickets and communications.
Marketing and Advertising Platforms: Networks that help us deliver targeted advertisements.

4.2 Legal Requirements and Law Enforcement

We may disclose your personal information if we are required to do so by law, or if we believe in good faith that such disclosure is necessary to:

Comply with a legal obligation, subpoena, court order, or government investigation.
Cooperate with law enforcement agencies or regulatory authorities.
Protect and defend the legal rights of Cafe Rio.
Prevent or investigate potential wrongdoing in connection with our services.
Protect the personal safety of our users, employees, or the public.

4.3 Business Transfers

In the event that Cafe Rio is involved in a merger, acquisition, asset sale, restructuring, bankruptcy, or other business transaction, your personal information may be transferred to the successor entity as part of that transaction. We will notify you via email or a prominent notice on our website of any such change in ownership or use of your personal information, and of any choices you may have regarding your information.

4.4 With Your Consent

We may share your personal information with third parties when you have given us your explicit consent to do so, such as when you choose to connect your account to a third-party platform or participate in a joint promotion with a partner brand.

4.5 Aggregated and Anonymized Data

We may share aggregated, anonymized data that cannot reasonably be used to identify you with third parties for research, marketing, analytics, and other purposes. This data does not constitute personal information under applicable privacy laws.

5. Cookies and Tracking Technologies

Our website cafexrio.click uses cookies and similar tracking technologies to enhance your browsing experience, remember your preferences, analyze traffic, and serve relevant advertisements. Cookies are small text files stored on your device when you visit our website.

We use the following types of cookies:

Strictly Necessary Cookies: Essential for the website to function properly, including maintaining your shopping cart and session authentication.
Performance and Analytics Cookies: Help us understand how visitors interact with our website by collecting anonymous usage data.
Functionality Cookies: Remember your preferences (such as language, saved addresses, and dietary restrictions) for a more personalized experience.
Targeting and Advertising Cookies: Used to deliver advertisements relevant to you and your interests, and to measure the effectiveness of our advertising campaigns.

You can control cookie settings through your browser preferences. Most browsers allow you to refuse or delete cookies. However, disabling certain cookies may affect the functionality of our website. For more detailed information about the cookies we use and how to manage them, please refer to our Cookie Policy available on our website.

6. Data Security

Cafe Rio takes the security of your personal information seriously. We implement a comprehensive set of technical, administrative, and physical security measures designed to protect your data from unauthorized access, disclosure, alteration, loss, and destruction. These measures include:

Encryption: All data transmitted between your browser and our servers is protected using Transport Layer Security (TLS) encryption. Sensitive data such as passwords are stored using industry-standard hashing algorithms.
Access Controls: Access to personal information is restricted to authorized personnel who need it to perform their job functions. We enforce role-based access control and require strong authentication for internal systems.
Secure Payment Processing: We do not store full payment card numbers on our servers. All payment transactions are processed through PCI DSS-compliant payment processors.
Firewalls and Intrusion Detection: Our network infrastructure is protected by firewalls and monitored for suspicious activity using automated intrusion detection systems.
Regular Security Assessments: We conduct periodic security reviews, vulnerability assessments, and penetration testing to identify and address potential weaknesses.
Employee Training: Our staff receive regular training on data privacy, security best practices, and how to handle personal information responsibly.
Incident Response Plan: We maintain a documented data breach response plan. In the event of a data breach that affects your personal information, we will notify you and the appropriate regulatory authorities as required by applicable law.

Important: While we take every reasonable precaution to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, and we encourage you to use strong passwords and protect your account credentials.

7. Your Privacy Rights

Depending on your state of residence, you may have certain rights regarding your personal information under applicable U.S. privacy laws, including the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). We respect and honor these rights for all our customers across the United States.

7.1 Right to Know and Access

You have the right to request that we disclose to you the categories and specific pieces of personal information we have collected about you, the sources from which we collected it, the purposes for which we use it, and the third parties with whom we share it.

7.2 Right to Correction

You have the right to request that we correct inaccurate personal information we hold about you. You may update much of your personal information directly by logging into your Cafe Rio account. For other corrections, please contact us at [email protected].

7.3 Right to Deletion

You have the right to request that we delete the personal information we have collected about you. Upon receiving a verified deletion request, we will delete your personal information from our records and direct our service providers to do the same, subject to certain exceptions permitted by law (such as retaining data necessary to complete pending transactions, comply with legal obligations, or detect fraud).

7.4 Right to Data Portability

You have the right to request a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format, where technically feasible. This allows you to transfer your data to another service provider.

7.5 Right to Opt Out of Sale or Sharing

Under the CCPA/CPRA, you have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising purposes. As stated earlier, we do not sell your personal information. However, our use of certain advertising technologies may constitute "sharing" under California law. You may opt out of such sharing by contacting us or using the opt-out mechanisms available on our website.

7.6 Right to Limit Use of Sensitive Personal Information

California residents have the right to limit the use and disclosure of sensitive personal information (such as dietary and allergy data) to only what is necessary to provide the requested services. We honor this right and do not use sensitive personal information for purposes beyond service fulfillment without your explicit consent.

7.7 Right to Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. This means we will not deny you services, charge different prices, provide a lower quality of service, or otherwise penalize you for exercising your rights under applicable privacy law.

7.8 How to Submit a Privacy Rights Request

To exercise any of the rights described above, please submit your request by:

Email: [email protected] with the subject line "Privacy Rights Request"
Website: Through the contact form available at cafexrio.click

We will verify your identity before processing your request. Verification may involve confirming your email address, account information, or other identifying details. We will respond to your request within 45 days of receipt. If we need more time, we will notify you of the extension (up to an additional 45 days) and the reason for the delay.

You may designate an authorized agent to submit a privacy request on your behalf. Authorized agents must provide written authorization signed by you, and we may verify the agent's authority and your identity before processing the request.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, to provide our services, and to comply with our legal obligations. Our data retention practices are as follows:

Type of Data	Retention Period
Account and profile information	Duration of account plus 3 years after account closure
Order history and transaction records	7 years (for tax and financial compliance)
Payment processing records	7 years (as required by financial regulations)
Customer support communications	3 years from the date of the last interaction
Marketing preferences and consent records	3 years from last interaction or opt-out
Website usage and analytics data	26 months from collection
Cookie data	As specified in individual cookie settings (typically 1–2 years)
Legal and compliance records	As required by applicable law (typically 5–10 years)

After the applicable retention period expires, we will securely delete or anonymize your personal information. Anonymized data may be retained indefinitely for research and analytics purposes.

9. Children's Privacy

Our website cafexrio.click and its services are intended for use by individuals who are 18 years of age or older. We do not knowingly collect, use, or disclose personal information from children under the age of 13, in accordance with the Children's Online Privacy Protection Act (COPPA).

If you are between 13 and 17 years of age, you must have the consent of a parent or legal guardian to use our website and services. We encourage parents and guardians to monitor their children's online activities.

If we become aware that we have inadvertently collected personal information from a child under the age of 13 without verifiable parental consent, we will take immediate steps to delete that information from our records. If you believe we may have collected information from a minor in error, please contact us promptly at [email protected].

10. International Data Transfers

Cafe Rio is operated from the United States. If you are accessing our website from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where our servers are located and our central operations are conducted.

The United States may have different data protection laws than your country of residence. By using our website and services, you acknowledge and consent to the transfer of your information to the United States and its processing there in accordance with this Privacy Policy and applicable U.S. law.

We take steps to ensure that any international transfers of personal data comply with applicable legal requirements and that appropriate safeguards are in place to protect your information. If you have questions about international data transfers, please contact us at [email protected].

11. Third-Party Websites and Links

Our website may contain links to third-party websites, social media platforms, delivery apps, and other external services that are not operated by Cafe Rio. This Privacy Policy does not apply to those third-party websites, and we are not responsible for the privacy practices of any third party. When you leave our website by clicking on a link, we encourage you to review the privacy policy of the website you are visiting. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

12. California-Specific Privacy Rights

If you are a California resident, the following additional rights and disclosures apply to you under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

12.1 California Shine the Light Law

Under California Civil Code Section 1798.83, California residents may request information about our disclosure of personal information to third parties for direct marketing purposes. As noted, we do not sell or share your personal information for third-party direct marketing purposes.

12.2 Do Not Track Signals

Our website does not currently respond to "Do Not Track" (DNT) browser signals. We will update this policy if our practices change or if a uniform standard for responding to DNT signals is established.

12.3 California Privacy Rights Contact

California residents may direct privacy-related inquiries and requests to us at [email protected]. We will respond within the timeframes required under the CCPA/CPRA.

13. Filing a Complaint with a Data Protection Authority

If you have concerns about our privacy practices that we have not been able to resolve to your satisfaction, you have the right to file a complaint with the appropriate regulatory authority. In the United States, the following authorities handle privacy and consumer protection complaints:

Federal Trade Commission (FTC): The FTC enforces federal consumer protection laws that prohibit unfair or deceptive business practices, including privacy violations. You can file a complaint at www.ftc.gov/complaint or call 1-877-382-4357.
California Privacy Protection Agency (CPPA): California residents may file complaints with the CPPA regarding violations of the CCPA/CPRA. Visit cppa.ca.gov for more information.
State Attorney General Offices: Each U.S. state has an Attorney General's office that handles consumer protection complaints. You may file a complaint with your state's Attorney General if you believe your privacy rights have been violated.

We strongly encourage you to contact us first at [email protected] to give us the opportunity to resolve your concern directly before filing a complaint with a regulatory authority.

14. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or other operational needs. When we make changes, we will update the "Last Updated" date at the top of this page and, if the changes are significant, we will provide you with a more prominent notice (such as an email notification or a banner on our website).

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information. Your continued use of our website and services after any changes become effective constitutes your acceptance of the revised Privacy Policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please do not hesitate to contact us. We are committed to addressing your concerns promptly and transparently.

Cafe Rio — Privacy Inquiries

Website: cafexrio.click

Email: [email protected]

When contacting us about a privacy matter, please include your full name, the email address associated with your account (if applicable), and a clear description of your request or concern. This will help us respond to you more efficiently. We aim to respond to all privacy-related inquiries within 5 business days of receipt and to fulfill formal privacy rights requests within the legally required timeframes.

This Privacy Policy was last reviewed and updated on April 15, 2026. It is effective as of the same date and supersedes all prior versions of our Privacy Policy.