Privacy Policy

This Privacy Policy explains how Cafe Rio ("we," "us," "our," or the "Company") collects, uses, discloses, and protects your personal information when you visit our website at scafe-rio.digital, use our online ordering services, interact with our digital platforms, or otherwise engage with our food and beverage business. Please read this policy carefully to understand our practices regarding your personal data and how we will treat it.

By accessing or using our website, placing an order, signing up for our loyalty program, or otherwise providing us with your personal information, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not use our services.

We are committed to protecting your privacy and handling your personal data in an open and transparent manner. This Privacy Policy has been drafted in compliance with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other applicable consumer protection regulations.

1. Who We Are

Cafe Rio is a food and beverage establishment operating in the United States. We operate our website and digital ordering platform at scafe-rio.digital to provide customers with information about our menu, enable online ordering, manage loyalty rewards, and deliver promotional content.

For all privacy-related inquiries, you may contact us using the following information:

2. Information We Collect

We collect various types of information in connection with the services we provide. The categories of personal information we collect are described below.

2.1 Personal Information You Provide Directly

When you interact with our website, place an order, create an account, join our loyalty program, or contact us, you may provide us with the following categories of personal information:

• Identification Information: Full name, username, and profile picture (if applicable).
• Contact Information: Email address, phone number, and mailing or delivery address.
• Account Credentials: Username and encrypted password for registered accounts.
• Payment Information: Credit or debit card details, billing address, and transaction history. Note that full payment card details are processed by our secure third-party payment processors and are not stored on our servers.
• Order Information: Food and beverage orders, special dietary preferences, customizations, and order history.
• Loyalty Program Data: Points balances, reward redemptions, and participation history.
• Communications: Messages, feedback, reviews, complaints, or inquiries you send to us via email, contact forms, or customer service channels.
• Survey and Promotion Data: Responses to surveys, contests, promotions, or sweepstakes you choose to participate in.

2.2 Information We Collect Automatically

When you visit our website or use our digital platforms, we automatically collect certain usage and technical information, including:

• Device Information: Device type, operating system, browser type and version, device identifiers, and hardware model.
• Log Data: Internet Protocol (IP) address, browser type, pages visited, time and date of your visit, time spent on pages, referring URLs, and other diagnostic data.
• Usage Data: Clickstream data, search queries, features used, items viewed in menus, items added to or removed from your cart, and other interactions with our website and app.
• Location Data: General geographic location derived from your IP address, or precise location data if you grant permission through your device settings (used to find nearby locations or for delivery services).
• Cookie and Tracking Data: Information collected through cookies, web beacons, pixel tags, local storage objects, and similar tracking technologies. Please refer to Section 9 of this Privacy Policy for more information about our cookie practices.

2.3 Information We Collect from Third Parties

We may receive personal information about you from third-party sources, including:

• Social Media Platforms: If you log in to our website using a social media account (such as Facebook or Google), we may receive basic profile information, including your name and email address, in accordance with that platform's privacy settings.
• Food Delivery Partners: If you place orders through third-party delivery platforms that partner with Cafe Rio, we may receive order information and contact details necessary to fulfill your order.
• Analytics Providers: We may receive aggregated or anonymized data from analytics service providers to help us understand how users interact with our platforms.
• Marketing Partners: We may receive information about you from marketing partners to help us deliver relevant advertising and promotions.
• Payment Processors: We receive transaction confirmation and fraud prevention signals from our payment processing partners.

2.4 Sensitive Personal Information

We may collect certain categories of sensitive personal information in limited circumstances, such as dietary restrictions or allergen information that you voluntarily provide when placing an order. We collect this information solely to fulfill your food service request and do not use it for any other purpose, including inferring characteristics about you.

3. How We Use Your Information

We use the personal information we collect for the following purposes:

3.1 Providing and Managing Our Services

• Processing and fulfilling your food orders, including coordinating delivery or in-store pickup.
• Creating and managing your account, including authenticating your identity and maintaining your preferences.
• Managing our customer loyalty program, including tracking points earned and redeemed.
• Processing payments and preventing fraudulent transactions.
• Providing customer support, responding to inquiries, resolving disputes, and troubleshooting issues.
• Sending transactional communications, such as order confirmations, receipts, and delivery notifications.

3.2 Improving Our Products and Services

• Analyzing usage patterns, trends, and customer preferences to improve our menu offerings, website functionality, and overall user experience.
• Conducting internal research, analytics, and reporting to understand how our services are used.
• Testing and developing new features, products, and services.
• Monitoring and improving the security and performance of our website and digital platforms.

3.3 Marketing and Promotional Communications

• Sending you promotional emails, newsletters, special offers, and information about new menu items, if you have opted in to receive such communications.
• Delivering personalized advertisements and promotions based on your order history, browsing behavior, and preferences.
• Conducting contests, sweepstakes, and promotional campaigns.
• Retargeting you with relevant advertising on third-party platforms and social media.

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any promotional email, adjusting your account preferences, or contacting us at [email protected]. Please note that even if you opt out of marketing communications, you will continue to receive transactional messages related to your orders and account.

3.4 Legal Compliance and Safety

• Complying with applicable federal, state, and local laws and regulations.
• Responding to lawful requests from government authorities, law enforcement agencies, or legal proceedings.
• Enforcing our Terms of Service and other policies.
• Detecting, preventing, and investigating fraudulent activity, security incidents, and other potentially illegal or harmful conduct.
• Protecting the rights, property, and safety of Cafe Rio, our customers, employees, and the public.

4. How We Share Your Information

We do not sell your personal information to third parties in the traditional sense. However, under the CCPA/CPRA, certain data sharing practices (such as sharing data with advertising partners in exchange for services) may constitute a "sale" or "sharing" of personal information. We describe all such disclosures below.

4.1 Service Providers and Business Partners

We share personal information with trusted third-party service providers who perform services on our behalf, including:

• Payment Processors: To securely process credit card and other payment transactions.
• Delivery Partners: To coordinate food delivery services and communicate delivery status to you.
• Cloud Hosting and IT Providers: To store data and operate our website and digital infrastructure securely.
• Email Marketing Platforms: To manage and send promotional and transactional email communications.
• Analytics Providers: To analyze website traffic and user behavior, such as Google Analytics.
• Customer Support Platforms: To manage and respond to customer inquiries and complaints.
• Advertising Networks: To deliver targeted advertising and measure campaign effectiveness.
• Loyalty Program Administrators: To manage points tracking and reward redemption.

All service providers are contractually obligated to use your personal information only as directed by us, to implement appropriate security measures, and to comply with applicable privacy laws.

4.2 Legal Requirements and Law Enforcement

We may disclose your personal information if required to do so by law or in good faith belief that such disclosure is reasonably necessary to:

• Comply with a legal obligation, court order, subpoena, or government request.
• Enforce our Terms of Service or protect our legal rights.
• Respond to claims that content on our platform violates the rights of third parties.
• Protect the safety and rights of our customers, employees, or the public.

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy involving Cafe Rio, your personal information may be transferred to the acquiring entity as part of the transaction. We will notify you of any such transfer and any choices you may have regarding your information via email and/or a prominent notice on our website.

4.4 Advertising and Analytics Partners

We may share or make available certain information (such as cookie identifiers, device identifiers, and browsing behavior) with advertising and analytics partners who help us understand our audience and deliver targeted advertising. Under California law, this may constitute "sharing" of personal information for cross-context behavioral advertising purposes. California residents have the right to opt out of this sharing. Please see Section 11 for more information on your rights.

4.5 With Your Consent

We may share your personal information with other parties when we have obtained your explicit consent to do so.

5. Data Security

We take the security of your personal information seriously and implement a range of technical, administrative, and physical security measures to protect it from unauthorized access, use, disclosure, alteration, or destruction.

5.1 Security Measures We Implement

• Encryption: We use Secure Sockets Layer (SSL) / Transport Layer Security (TLS) encryption to protect data transmitted between your browser and our servers. Payment data is processed using industry-standard encryption protocols.
• Access Controls: Access to personal information is restricted to authorized personnel on a need-to-know basis. Employees who handle personal data are subject to confidentiality obligations and regular privacy training.
• Secure Storage: Personal data is stored on secure servers with appropriate firewalls and intrusion detection systems.
• Regular Security Assessments: We conduct regular vulnerability assessments and security audits to identify and address potential weaknesses in our systems.
• Payment Card Industry Compliance: Our payment processing practices comply with the Payment Card Industry Data Security Standard (PCI DSS).
• Incident Response: We maintain an incident response plan to address and manage data breaches promptly and effectively, including notifying affected individuals and regulatory authorities as required by applicable law.

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, and we encourage you to take steps to protect your own data, such as using strong passwords and keeping your account credentials confidential.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, to comply with legal obligations, resolve disputes, and enforce our agreements. The specific retention periods we apply are as follows:

When personal information is no longer needed, we securely delete or anonymize it. In some cases, we may retain anonymized or aggregated data that cannot be used to identify you for research, statistical, or analytical purposes indefinitely.

7. Your Privacy Rights

Depending on your state of residence, you may have certain rights regarding your personal information. We are committed to honoring these rights in accordance with applicable law.

7.1 Rights for California Residents (CCPA/CPRA)

If you are a resident of California, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the sources from which it was collected, the purposes for which it is used, and the categories of third parties with whom it is shared.
• Right to Delete: You have the right to request the deletion of personal information we have collected about you, subject to certain exceptions (e.g., information needed to complete transactions, comply with legal obligations, or detect security incidents).
• Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you.
• Right to Opt Out of Sale/Sharing: You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising. To exercise this right, click the "Do Not Sell or Share My Personal Information" link on our website, or contact us at [email protected].
• Right to Limit Use of Sensitive Personal Information: You have the right to direct us to limit our use of sensitive personal information to purposes necessary to provide our services.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you services, charge different prices, provide a different level of service, or suggest that you will receive different treatment for exercising your rights.
• Right to Data Portability: You have the right to receive a copy of your personal information in a portable and readily usable format, to the extent technically feasible.

7.2 Rights for All U.S. Residents

Regardless of your state of residence, we provide the following options to all users:

• Access and Correction: You may access and update most of your personal information by logging into your account. For information you cannot update directly, you may contact us.
• Opt Out of Marketing: You may opt out of receiving promotional emails by clicking the "unsubscribe" link in any marketing email or by contacting us directly.
• Account Deletion: You may request the deletion of your account and associated personal information by contacting us at [email protected].

7.3 How to Submit a Privacy Rights Request

To exercise any of your applicable privacy rights, please contact us using one of the following methods:

• Email: [email protected] with the subject line "Privacy Rights Request"
• Website: Submit a request through our privacy request form at scafe-rio.digital

We will verify your identity before processing your request to prevent unauthorized access to your personal information. We will respond to verified requests within 45 days of receipt, as required by California law. If we need additional time, we will notify you of the extension in writing. You may designate an authorized agent to make a request on your behalf, in which case we will require written authorization and verification of the agent's identity.

8. Children's Privacy

Our food ordering platform, loyalty program, and digital services are directed to adults aged 18 and above. We do not knowingly collect, solicit, or process personal information from individuals under the age of 18. If you are under 18, please do not use our website or submit any personal information to us.

If we become aware that we have inadvertently collected personal information from a child under the age of 18, we will take immediate steps to delete such information from our systems. If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at [email protected] so that we can take appropriate action.

Our practices are consistent with the Children's Online Privacy Protection Act (COPPA) and applicable state laws governing children's online privacy.

9. Cookie Policy and Tracking Technologies

Our website uses cookies, web beacons, pixel tags, and similar tracking technologies to enhance your browsing experience, analyze site traffic, and deliver personalized content and advertising.

9.1 Types of Cookies We Use

• Strictly Necessary Cookies: Essential for the operation of our website, including maintaining your session, enabling the shopping cart, and processing orders. These cookies cannot be disabled without affecting website functionality.
• Performance and Analytics Cookies: Help us understand how visitors interact with our website by collecting and reporting information anonymously (e.g., Google Analytics).
• Functional Cookies: Allow our website to remember your preferences (such as your location for finding nearby restaurants, language settings, and saved items).
• Targeting and Advertising Cookies: Used to deliver relevant advertising on our website and across third-party platforms, and to measure the effectiveness of our marketing campaigns.

9.2 Managing Your Cookie Preferences

You can manage your cookie preferences through:

• Our cookie consent banner displayed when you first visit our website.
• Your browser settings, which allow you to block or delete cookies.
• Opt-out tools provided by third-party advertising networks (such as the Digital Advertising Alliance's opt-out tool at www.aboutads.info/choices).
• Global Privacy Control (GPC) signals, which we honor as required under California law.

Please be aware that disabling certain cookies may affect the functionality of our website and your ability to place orders or access certain features. For full details about the cookies we use and how to manage them, please refer to our Cookie Policy, available on our website at scafe-rio.digital.

10. International Data Transfers

Cafe Rio is a United States-based business, and your personal information is primarily collected, stored, and processed within the United States. However, some of our third-party service providers may be located in or operate from other countries, which means that your personal data may be transferred to, stored, and processed in countries outside the United States.

When we transfer personal data internationally, we take appropriate safeguards to ensure that your data continues to receive a level of protection consistent with this Privacy Policy and applicable privacy laws. These safeguards may include:

• Entering into data processing agreements with service providers that incorporate standard contractual clauses or other approved transfer mechanisms.
• Ensuring that service providers are certified under recognized international data protection frameworks.
• Conducting due diligence on the privacy practices of our international service providers.

By using our services, you acknowledge that your information may be transferred to and processed in countries that may have different data protection laws than your country of residence. We will take all steps reasonably necessary to ensure your data is treated securely and in accordance with this Privacy Policy.

11. Your California Privacy Rights — Additional Information

For California residents, we provide the following additional disclosures as required by the CCPA/CPRA:

11.1 Categories of Personal Information Collected in the Past 12 Months

11.2 Do Not Sell or Share My Personal Information

California residents have the right to opt out of the sale or sharing of their personal information. While we do not sell personal information in exchange for money, we may share certain information (such as cookie-based identifiers) with advertising partners, which may constitute "sharing" under California law. To opt out of this sharing, please contact us at [email protected] with the subject line "Do Not Sell or Share My Personal Information." We also honor Global Privacy Control (GPC) browser signals.

12. Third-Party Links and Services

Our website may contain links to third-party websites, social media platforms, or third-party services (such as food delivery apps) that are not operated or controlled by Cafe Rio. This Privacy Policy does not apply to the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party websites or services you visit or use. We are not responsible for the content, privacy policies, or practices of third-party sites or services.

When you interact with our social media pages or accounts (such as on Facebook, Instagram, or Twitter/X), those platforms also collect information about you pursuant to their own privacy policies. Please review those policies to understand how your data is used.

13. How to File a Privacy Complaint

If you believe that we have handled your personal information in a way that does not comply with this Privacy Policy or applicable law, we encourage you to first contact us directly so that we can attempt to resolve your concern.

You may contact us at:

• Email: [email protected]
• Subject Line: "Privacy Complaint"

We will acknowledge your complaint within 10 business days and aim to resolve it within 30 business days. If we are unable to resolve your complaint to your satisfaction, you have the right to escalate your complaint to the relevant regulatory authority.

13.1 Filing a Complaint with Regulatory Authorities

Depending on your state of residence, you may file a privacy complaint with the following authorities:

• California Residents: You may file a complaint with the California Privacy Protection Agency (CPPA) at cppa.ca.gov, or with the California Attorney General's Office at oag.ca.gov.
• All U.S. Residents: You may file a complaint with the Federal Trade Commission (FTC) at reportfraud.ftc.gov regarding unfair or deceptive privacy practices.
• State Attorneys General: You may also contact your state's Attorney General's office for consumer protection matters related to privacy.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our business practices, legal obligations, or applicable privacy laws. When we make material changes, we will notify you by:

• Posting the updated Privacy Policy on our website at scafe-rio.digital with a new "Last Updated" date.
• Sending an email notification to registered users at the email address on file.
• Displaying a prominent notice on our website for a period following the change.

Your continued use of our website and services after the effective date of any updated Privacy Policy constitutes your acceptance of the revised policy. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please do not hesitate to contact us:

We are committed to working with you to fairly and promptly resolve any privacy-related concerns you may have. Our privacy team is available to respond to inquiries regarding data access, correction, deletion, and other privacy rights requests.