Privacy Policy

Effective Date: April 15, 2026  |  Last Updated: April 15, 2026

This Privacy Policy explains how Cafe Rio ("we," "us," "our," or the "Company") collects, uses, discloses, and safeguards your personal information when you visit our website cafexrio.top, use our online ordering services, participate in our loyalty programs, or otherwise interact with us. Please read this policy carefully. If you do not agree with the terms of this Privacy Policy, please discontinue use of our website and services immediately.

We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about this policy or our practices with regard to your personal information, please contact us at [email protected].

1. About Us

Cafe Rio is a food service business operating within the United States. We provide restaurant services, online food ordering, catering, and related food and beverage services to our customers.

Business Name Cafe Rio
Website cafexrio.top
Email Address [email protected]
Country of Operation United States

2. Scope and Applicability

This Privacy Policy applies to all personal information collected by Cafe Rio through the following channels:

  • Our website located at cafexrio.top
  • Our online food ordering platform and mobile-compatible web services
  • Email communications, newsletters, and promotional materials
  • Customer loyalty and rewards programs
  • In-store interactions, including digital kiosks or sign-up forms
  • Catering inquiries, event bookings, and special order requests
  • Social media pages and third-party platforms where we interact with customers
  • Surveys, contests, sweepstakes, and promotional campaigns

This policy does not apply to the practices of third-party websites, applications, or services that may be linked from our website. We encourage you to review the privacy policies of any third-party services you access through our platform.

3. Information We Collect

We collect several types of information in connection with your use of our services. The categories of personal information we may collect include the following:

3.1 Personal Identification Information

When you create an account, place an order, sign up for a loyalty program, or contact us, we may collect:

  • Full name
  • Email address
  • Phone number
  • Mailing address or delivery address
  • Date of birth (for age verification or birthday rewards)
  • Username and password (for account creation)
  • Profile photograph (if voluntarily uploaded)

3.2 Payment and Financial Information

When you make a purchase or place an order through our platform, we or our payment processors may collect:

  • Credit or debit card number (last four digits only stored by us)
  • Billing address
  • Payment method type (e.g., Visa, MasterCard, PayPal)
  • Transaction history and order records

Full payment card details are processed by PCI-DSS-compliant third-party payment processors and are not stored directly on our servers.

3.3 Order and Transaction Information

We collect information related to orders you place with us, including:

  • Items ordered and customizations requested
  • Order timestamps and delivery or pickup preferences
  • Order history and frequency of orders
  • Special dietary instructions or allergy disclosures
  • Catering and event-related requests

3.4 Usage Data and Technical Information

When you visit our website, we automatically collect certain technical information, including:

  • IP address
  • Browser type and version
  • Operating system and device type
  • Pages visited and time spent on each page
  • Referring URLs and exit pages
  • Clickstream data and user interactions
  • Date and time of access
  • Search queries entered on our website

3.5 Location Data

With your permission, we may collect location information to facilitate delivery services, identify the nearest Cafe Rio location, and provide location-based promotions. You may disable location services through your browser or device settings at any time.

3.6 Communications Data

If you contact us directly, we may collect:

  • The content of your messages, emails, or chat conversations
  • Feedback, reviews, and testimonials you submit
  • Customer service inquiry records
  • Social media messages or comments directed at our accounts

3.7 Cookie and Tracking Data

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about how you interact with our website. Please refer to Section 9 of this policy for detailed information about our cookie practices.

3.8 Information You Voluntarily Provide

We may also collect information you choose to provide voluntarily, such as responses to surveys, entries into contests or sweepstakes, participation in promotional programs, or information submitted through feedback forms on our website.

4. How We Use Your Information

We use the personal information we collect for the following purposes, based on legitimate business interests, contractual necessity, legal obligation, or your consent where required:

4.1 Providing and Managing Our Services

  • Processing and fulfilling your food orders, whether for delivery, pickup, or catering
  • Creating and managing your online account
  • Facilitating payment processing and issuing receipts or invoices
  • Managing our loyalty and rewards programs
  • Coordinating delivery logistics with third-party delivery partners
  • Responding to your customer service inquiries and resolving complaints

4.2 Communication and Customer Support

  • Sending order confirmation, status updates, and delivery notifications
  • Notifying you about changes to our menu, hours, or services
  • Responding to questions, comments, and support requests
  • Sending important administrative messages related to your account

4.3 Marketing and Promotions

  • Sending you promotional emails, special offers, coupons, and newsletters (with your consent or where permitted by applicable law)
  • Personalizing your experience based on your order history and preferences
  • Running contests, sweepstakes, surveys, and promotional campaigns
  • Serving relevant advertisements on our website and on third-party platforms

You may opt out of receiving marketing communications at any time by clicking the "unsubscribe" link in any email or by contacting us at [email protected].

4.4 Analytics and Website Improvement

  • Analyzing website traffic, user behavior, and usage patterns to improve our online platform
  • Conducting market research and understanding customer preferences
  • Testing new features, menus, and website functionality
  • Generating aggregated, anonymized statistical reports about our users

4.5 Legal Compliance and Safety

  • Complying with applicable federal, state, and local laws and regulations
  • Enforcing our Terms of Service and other agreements
  • Detecting, preventing, and investigating fraud, security breaches, and illegal activities
  • Protecting the rights, property, and safety of our customers, employees, and the public
  • Responding to lawful requests from law enforcement or government agencies

5. Sharing Your Information with Third Parties

We do not sell your personal information to third parties. However, we may share your information in the following circumstances:

5.1 Service Providers and Business Partners

We engage trusted third-party service providers to assist us in operating our business and delivering services to you. These providers are contractually obligated to use your information only as directed by us and in accordance with applicable privacy laws. Such service providers may include:

  • Payment processors: To securely process credit card transactions and payments
  • Delivery partners: To coordinate food delivery to your specified address
  • Email and SMS marketing platforms: To deliver promotional communications
  • Analytics providers: Such as Google Analytics, to understand website usage
  • Cloud hosting and IT service providers: To store data and maintain our website infrastructure
  • Customer service platforms: To manage support tickets and inquiries
  • Loyalty program administrators: To manage rewards and points programs

5.2 Legal Obligations and Law Enforcement

We may disclose your personal information when required to do so by law or in response to valid legal processes, including:

  • Court orders, subpoenas, or warrants
  • Requests from law enforcement agencies at federal, state, or local level
  • Regulatory compliance requirements under applicable United States law
  • Obligations under the Federal Trade Commission Act (FTC Act) or other consumer protection statutes

5.3 Business Transfers

If Cafe Rio is involved in a merger, acquisition, asset sale, financing, or reorganization, your personal information may be transferred to the acquiring entity as part of that transaction. We will notify you via email or prominent notice on our website prior to your information being transferred and becoming subject to a different privacy policy.

5.4 With Your Consent

We may share your personal information with other parties when you have given us explicit consent to do so, such as when you authorize us to share your information with a third-party catering partner or event organizer at your direction.

5.5 Aggregated and Anonymized Data

We may share aggregated, non-personally identifiable information publicly or with third parties for research, marketing, analytics, or other business purposes. Such data cannot reasonably be used to identify any individual person.

6. Your Privacy Rights

Depending on your state of residence within the United States, you may have certain rights with respect to your personal information. We are committed to honoring these rights in accordance with applicable law.

6.1 California Residents — CCPA/CPRA Rights

If you are a resident of California, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected it, our business purposes for collecting it, and the categories of third parties with whom we share it.
  • Right to Delete: You have the right to request that we delete personal information we have collected from you, subject to certain exceptions.
  • Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you.
  • Right to Opt-Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising purposes. We do not sell personal information; however, certain advertising practices may constitute "sharing" under the CPRA.
  • Right to Limit Use of Sensitive Personal Information: You have the right to limit how we use sensitive personal information, such as precise geolocation data or financial information.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To submit a California privacy rights request, please contact us at [email protected]. We will respond to your request within 45 days, with a possible extension of an additional 45 days when reasonably necessary.

6.2 General Privacy Rights for All U.S. Users

Regardless of your state of residence, we provide all users with the following rights, to the extent technically and legally feasible:

  • Access: You may request a copy of the personal information we hold about you.
  • Correction: You may request that we correct or update inaccurate information in your account or records.
  • Deletion: You may request the deletion of your personal information, subject to our legal obligations to retain certain data.
  • Portability: Where technically possible, you may request that we provide your personal information in a structured, machine-readable format.
  • Objection to Marketing: You may opt out of receiving direct marketing communications at any time.
  • Withdrawal of Consent: Where we process your data based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal.

To exercise any of these rights, please contact us using the information in Section 14 of this policy. We may need to verify your identity before processing your request. We will not charge a fee for reasonable requests but may charge a reasonable fee or decline requests that are manifestly unfounded, excessive, or repetitive.

7. Data Security

We take the security of your personal information seriously and implement a range of technical, administrative, and physical safeguards designed to protect your information from unauthorized access, disclosure, alteration, or destruction. Our security measures include:

  • Encryption: We use Secure Socket Layer (SSL) / Transport Layer Security (TLS) encryption for data transmitted between your browser and our servers.
  • Access Controls: Access to personal information is restricted to authorized employees and contractors who need it to perform their job functions, subject to confidentiality obligations.
  • Payment Security: We use PCI-DSS-compliant payment processors to handle all financial transactions. We do not store full credit card numbers on our servers.
  • Secure Servers: Our website and databases are hosted on secure servers with industry-standard firewall protection and regular security patching.
  • Password Protection: User account passwords are stored using industry-standard one-way hashing algorithms.
  • Regular Security Audits: We conduct periodic reviews of our information security practices and update them as needed to address emerging threats.
  • Employee Training: Our employees who handle personal data receive regular privacy and security training.

Despite these measures, no method of transmission over the internet or method of electronic storage is completely secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security. In the event of a data breach that affects your rights and freedoms, we will notify affected individuals in accordance with applicable United States federal and state breach notification laws, including the requirements of the FTC Act and relevant state statutes.

8. Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, to comply with our legal obligations, resolve disputes, and enforce our agreements. The specific retention periods we apply are as follows:

Category of Data Retention Period Basis for Retention
Account and registration data Duration of account plus 3 years after closure Contractual necessity, legal obligation
Order and transaction records 7 years Tax and accounting obligations
Payment information As required by PCI-DSS standards (up to 3 years) Legal and regulatory compliance
Marketing preferences and consent records 3 years from last interaction Proof of consent and compliance
Customer service records 3 years from case closure Dispute resolution and quality assurance
Website analytics and usage data 26 months (anonymized thereafter) Legitimate business interest
Cookie data As specified in our Cookie Policy (typically 1–2 years) Consent / legitimate interest

When personal information is no longer required, we securely delete or anonymize it in accordance with our internal data disposal procedures and applicable law.

9. Cookie Policy

Our website uses cookies and similar tracking technologies to improve your browsing experience, analyze website traffic, remember your preferences, and deliver relevant marketing content.

9.1 Types of Cookies We Use

  • Strictly Necessary Cookies: Essential for the operation of our website, including enabling you to log in to your account and place orders. These cannot be disabled.
  • Performance and Analytics Cookies: Used to understand how visitors interact with our website, such as which pages are most frequently visited and how long users spend on each page. We use tools such as Google Analytics for this purpose.
  • Functional Cookies: Allow us to remember your preferences, such as your preferred language, delivery address, or past orders, to enhance your experience.
  • Marketing and Advertising Cookies: Used to deliver targeted advertisements that are relevant to your interests, both on our website and on third-party platforms. These may track your browsing activity across different websites.
  • Social Media Cookies: Set by social media platforms (such as Facebook or Instagram) when you interact with social sharing buttons or embedded content on our website.

9.2 Managing Your Cookie Preferences

You can manage your cookie preferences through your browser settings. Most web browsers allow you to control cookies through their settings, including the option to delete existing cookies and block new ones. Please note that disabling certain cookies may affect the functionality of our website and your ability to use certain features, such as online ordering or account login.

You may also opt out of interest-based advertising served by participating companies through the following industry opt-out tools:

For detailed information about our use of cookies and how to manage them, please refer to our full Cookie Policy, available on our website at cafexrio.top.

10. Children's Privacy

Our services are intended for individuals who are 18 years of age or older.

We do not knowingly collect personal information from individuals under the age of 18. Our website, online ordering platform, and marketing communications are not directed at children. If you are a parent or guardian and believe that your child under the age of 18 has provided us with personal information without your consent, please contact us immediately at [email protected].

Upon receiving notice that we have collected personal information from a person under 18 without verifiable parental consent, we will take prompt steps to delete such information from our systems. We comply with the Children's Online Privacy Protection Act (COPPA) and all applicable federal regulations governing the online collection of information from children.

11. International Data Transfers

Cafe Rio is based in the United States, and our primary data processing activities take place within the United States. If you are accessing our website or services from outside the United States, please be aware that your personal information may be transferred to, stored in, and processed in the United States, where data protection laws may differ from those in your country of residence.

By using our services, you acknowledge and consent to the transfer of your personal information to the United States as described in this Privacy Policy. We take appropriate measures to ensure that any international transfers of personal data are carried out in compliance with applicable law and that your information remains protected to the standard described in this policy.

If you are located in a jurisdiction with specific data transfer requirements (such as the European Economic Area), please note that we currently do not have separate adequacy mechanisms in place for international transfers and recommend reviewing our practices accordingly. Please contact us at [email protected] for further information about international data transfers.

12. Third-Party Links and Services

Our website may contain links to third-party websites, social media platforms, online ordering aggregators, delivery apps, and other external services. This Privacy Policy does not apply to those third-party sites. We are not responsible for the privacy practices or content of third-party services, and we encourage you to review the privacy policies of any external sites you visit.

Third-party services that may be integrated with or linked from our website include, but are not limited to:

  • Food delivery aggregator platforms (e.g., DoorDash, Uber Eats, Grubhub)
  • Social media platforms (e.g., Facebook, Instagram, Twitter/X, TikTok)
  • Online review platforms (e.g., Yelp, Google Reviews)
  • Payment processors (e.g., Stripe, PayPal, Square)
  • Mapping and location services (e.g., Google Maps)

13. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our data practices, legal obligations, or business operations. When we make material changes to this policy, we will notify you by:

  • Posting the revised Privacy Policy on our website with an updated effective date
  • Sending an email notification to registered users (where feasible)
  • Displaying a prominent notice on our homepage or ordering platform

We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your information. Your continued use of our website or services after the effective date of any updated Privacy Policy constitutes your acceptance of the revised terms.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to reach out to us. We are committed to addressing your concerns promptly and transparently.

Cafe Rio — Privacy Inquiries

Business Name: Cafe Rio

Email: [email protected]

Website: cafexrio.top

Country: United States

We will acknowledge your request within 10 business days and aim to provide a full response within 30 calendar days of receipt. For requests submitted under the CCPA/CPRA, we will respond within the statutory deadlines (45 days, extendable by an additional 45 days when reasonably necessary).

15. Filing a Complaint with a Data Protection Authority

If you believe that we have violated your privacy rights and have not adequately addressed your concerns, you have the right to file a complaint with the relevant regulatory or enforcement authority.

15.1 Federal Consumer Protection — FTC

For consumers in the United States, the primary federal agency responsible for consumer protection, including data privacy enforcement under the FTC Act (15 U.S.C. § 45), is the Federal Trade Commission (FTC). You may submit a complaint through the FTC's online complaint portal:

15.2 California Residents — California Privacy Protection Agency

California residents may file a complaint regarding CCPA/CPRA violations with the California Privacy Protection Agency (CPPA):

15.3 California Attorney General

California residents may also file complaints related to consumer privacy with the California Attorney General's Office:

15.4 State Attorneys General

Residents of other U.S. states with applicable consumer privacy laws — including Virginia (CDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), and others — may file complaints with their respective State Attorney General's Office. We encourage you to consult your state's attorney general website for specific instructions and procedures.

16. Legal Basis and Applicable Law

Our privacy practices are governed by and comply with the following laws and regulations, as applicable:

  • Federal Trade Commission Act (FTC Act), 15 U.S.C. § 45 — Prohibiting unfair or deceptive acts or practices, including those related to consumer privacy and data security
  • CAN-SPAM Act — Governing commercial email communications and opt-out requirements
  • Children's Online Privacy Protection Act (COPPA) — Protecting the privacy of children under the age of 13
  • California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA) — Providing California residents with enhanced privacy rights and protections
  • State-level data breach notification laws — Requiring timely notification to affected individuals in the event of a security breach
  • Gramm-Leach-Bliley Act (GLBA) — To the extent applicable to our financial data handling practices
  • Other applicable state consumer privacy laws — Including those in Virginia, Colorado, Connecticut, Texas, Montana, Indiana, and other states as enacted and effective

This Privacy Policy was last reviewed and updated on April 15, 2026. If you have any accessibility needs or require this document in an alternative format, please contact us at [email protected].