Privacy Policy
This Privacy Policy describes how Cafe Rio ("we," "us," "our," or the "Company") collects, uses, discloses, and protects your personal information when you visit our website at mexcaferio.click, place orders, use our services, or otherwise interact with us. Please read this policy carefully to understand our practices regarding your personal data and how we will treat it.
By accessing or using our website and services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with any part of this policy, please discontinue your use of our website and services immediately.
Cafe Rio is committed to protecting your privacy and complying with all applicable privacy laws in the United States, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other applicable state and federal privacy regulations.
1. About Us and How to Contact Us
For all privacy-related inquiries, requests, and concerns, please contact us using the following details:
| Company Name | Cafe Rio |
|---|---|
| Email Address | [email protected] |
| Website | mexcaferio.click |
| Business Type | Food Service / Restaurant |
| Location | United States |
Our privacy team is available to respond to your inquiries within a reasonable timeframe. We take all privacy concerns seriously and are committed to resolving any issues promptly and transparently.
2. Scope of This Privacy Policy
This Privacy Policy applies to:
- All visitors to our website at mexcaferio.click
- Customers who place online orders through our website
- Individuals who sign up for our loyalty programs, newsletters, or promotional communications
- Users who interact with us through social media platforms or other online channels
- Anyone who contacts our customer service team via email or online forms
- Participants in our surveys, promotions, contests, or other marketing activities
This policy does not apply to third-party websites, applications, or services that may be linked from our website. We encourage you to review the privacy policies of any third-party platforms you access through links on our site.
3. Information We Collect
We collect various categories of personal information depending on how you interact with our website and services. The following sections describe in detail what types of data we collect and how we obtain them.
3.1 Personal Identification Information
When you register an account, place an order, sign up for our loyalty program, or contact us directly, we may collect the following personal identification information:
- Full name — first name and last name
- Email address — used for order confirmations, account management, and marketing communications
- Phone number — used for order updates and customer service purposes
- Mailing address — including street address, city, state, and ZIP code, primarily for delivery orders
- Date of birth — used for age verification and personalized birthday promotions
- Username and password — for account security and access management
- Profile photo — if voluntarily submitted as part of your account profile
3.2 Order and Transaction Information
When you place an order through our website, we collect information related to that transaction, including:
- Items ordered and order history
- Order preferences, dietary restrictions, and special requests
- Payment information (processed securely through our payment service providers — we do not store full credit or debit card numbers)
- Billing address and payment method type
- Delivery instructions and delivery address
- Order confirmation numbers and timestamps
- Refund and complaint history related to orders
3.3 Usage Data and Website Interaction Information
We automatically collect certain information about how you interact with our website, including:
- IP address — your internet protocol address
- Browser type and version — e.g., Chrome, Firefox, Safari
- Operating system — the software running on your device
- Referring URLs — the website that directed you to ours
- Pages visited — which pages you viewed and in what order
- Time and date of your visit
- Time spent on each page
- Clicks and navigation patterns
- Search queries entered on our website
- Error logs and performance data
3.4 Device Information
We collect information about the devices you use to access our website:
- Device type (desktop, laptop, tablet, smartphone)
- Device identifiers and hardware model
- Mobile network information
- Screen resolution and display settings
- Language settings and time zone
3.5 Location Information
With your consent, we may collect approximate or precise location information to help you find nearby Cafe Rio locations, calculate delivery distances, and provide location-relevant content. You can control location access through your browser or device settings at any time.
3.6 Communication Data
When you contact us by email, submit a form on our website, or otherwise communicate with us, we retain records of those communications, including your contact details and the content of your messages. This helps us respond to your inquiries and improve our customer service.
3.7 Marketing and Preference Data
We collect information about your marketing preferences, including whether you have opted in or out of promotional emails, your food preferences, favorite menu items, and responses to surveys or feedback forms.
3.8 Cookies and Tracking Technologies
We use cookies, web beacons, pixel tags, local storage, and similar tracking technologies to collect data about your browsing behavior on our website. For a detailed explanation of our cookie practices, please refer to Section 9 (Cookie Policy) of this document.
4. How We Use Your Information
We use the personal information we collect for a variety of legitimate business purposes. The specific uses include, but are not limited to, the following:
4.1 Providing and Managing Our Services
- Processing and fulfilling your food orders, including delivery and pickup arrangements
- Managing your customer account and loyalty program membership
- Processing payments and sending order confirmations and receipts
- Communicating with you about the status of your order
- Providing customer support and responding to your questions, complaints, or feedback
- Personalizing your experience on our website based on your preferences and order history
4.2 Analytics and Service Improvement
- Analyzing website traffic, usage patterns, and user behavior to improve the design and functionality of our website
- Conducting internal research and development to enhance our menu offerings and customer experience
- Identifying technical issues and bugs to ensure our website functions properly
- Measuring the effectiveness of our features and services
- Generating aggregated, anonymized statistical data for business planning purposes
4.3 Marketing and Promotional Communications
- Sending you promotional emails, newsletters, special offers, and discount codes if you have opted in to receive them
- Personalizing marketing messages based on your preferences, order history, and location
- Running and administering contests, sweepstakes, surveys, and other promotional campaigns
- Retargeting advertising on third-party platforms based on your interactions with our website
- Notifying you about new menu items, seasonal specials, and upcoming events
4.4 Legal Compliance and Safety
- Complying with applicable federal, state, and local laws and regulations
- Responding to lawful requests from government authorities or law enforcement agencies
- Enforcing our Terms of Service and other applicable agreements
- Detecting, investigating, and preventing fraud, unauthorized access, and other illegal activities
- Protecting the rights, property, and safety of Cafe Rio, our customers, and the public
4.5 Business Operations
- Managing and operating our business infrastructure, including IT systems and databases
- Conducting due diligence in connection with business transactions such as mergers, acquisitions, or asset sales
- Maintaining business records for accounting, tax, and auditing purposes
5. Legal Bases for Processing Your Information
Under applicable U.S. privacy laws, including the CCPA/CPRA, we process your personal information based on the following legal grounds:
- Performance of a Contract: Processing is necessary to fulfill your orders and provide the services you have requested from us.
- Legitimate Business Interests: We process certain data for our legitimate interests, such as improving our services, detecting fraud, and maintaining the security of our systems, provided these interests are not overridden by your rights and interests.
- Your Consent: For marketing communications and non-essential cookies, we rely on your consent. You may withdraw your consent at any time.
- Legal Obligation: We process data where necessary to comply with applicable laws and regulations.
6. Sharing Your Information with Third Parties
We do not sell your personal information to third parties for monetary compensation. However, we may share your information with carefully selected third parties in the following circumstances:
6.1 Service Providers and Business Partners
We share information with trusted third-party service providers who assist us in operating our website and delivering our services. These include:
- Payment processors — to securely process your payment transactions
- Delivery service partners — to fulfill food delivery orders
- Cloud hosting and IT infrastructure providers — to store and manage our data
- Email marketing platforms — to manage and send promotional communications
- Analytics providers — such as Google Analytics, to analyze website usage
- Customer relationship management (CRM) software providers
- Customer support tools and platforms
All service providers are contractually required to use your data only for the purposes for which it was shared and to maintain appropriate security measures. They are not permitted to use your information for their own independent marketing purposes.
6.2 Legal Requirements and Law Enforcement
We may disclose your personal information when we believe in good faith that disclosure is necessary to:
- Comply with a legal obligation, court order, subpoena, or governmental request
- Enforce our Terms of Service or protect our legal rights
- Investigate, prevent, or take action regarding suspected illegal activities or fraud
- Protect the personal safety of our users or the general public
6.3 Business Transfers
In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred to the acquiring entity. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.
6.4 With Your Consent
We may share your information with other third parties when you have provided explicit consent to such sharing. You may withdraw this consent at any time by contacting us at [email protected].
6.5 Aggregated and Anonymized Data
We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you with third parties for research, marketing, analytics, and other business purposes.
7. Data Security Measures
We take the security of your personal information seriously and implement a comprehensive range of technical, administrative, and physical safeguards to protect it from unauthorized access, disclosure, alteration, or destruction.
7.1 Technical Safeguards
- SSL/TLS Encryption: All data transmitted between your browser and our website is encrypted using Secure Socket Layer (SSL) or Transport Layer Security (TLS) protocols.
- Data Encryption at Rest: Sensitive data stored in our systems is encrypted using industry-standard encryption algorithms.
- Firewalls and Intrusion Detection Systems: We use firewalls and monitoring tools to protect against unauthorized access to our servers.
- Access Controls: Access to personal data is restricted to authorized personnel only, based on the principle of least privilege.
- Regular Security Audits: We conduct periodic security assessments and vulnerability scans of our systems.
- Two-Factor Authentication: Available for account access to provide an additional layer of security.
7.2 Administrative Safeguards
- Employee training on data privacy and security practices
- Internal data access policies and procedures
- Confidentiality agreements with staff and contractors
- Incident response procedures for data breaches
7.3 Physical Safeguards
- Secure server facilities with restricted physical access
- Secure disposal of physical records containing personal information
8. Your Rights and Choices
Depending on your location within the United States, you may have specific rights regarding your personal information. We respect and honor these rights as follows:
8.1 Right to Know and Access
You have the right to request that we disclose to you the categories and specific pieces of personal information we have collected about you, the purposes for which we use it, and the categories of third parties with whom we share it. You may submit such a request by contacting us at [email protected].
8.2 Right to Correction
You have the right to request correction of inaccurate personal information we hold about you. You may update your account information directly through your account settings or by contacting our privacy team.
8.3 Right to Deletion
You have the right to request that we delete personal information we have collected from you, subject to certain exceptions (e.g., where we are required to retain data by law or to complete a transaction you requested). We will respond to verified deletion requests within the timeframes required by applicable law.
8.4 Right to Opt-Out of Sale or Sharing
Under the CCPA/CPRA, California residents have the right to opt out of the "sale" or "sharing" of their personal information. Although we do not sell personal information for monetary compensation, certain advertising and analytics activities may constitute "sharing" under California law. You may opt out by contacting us at [email protected] or by using our website's cookie preference settings.
8.5 Right to Data Portability
Where technically feasible, you have the right to receive a copy of your personal information in a structured, commonly used, and machine-readable format.
8.6 Right to Limit Use of Sensitive Personal Information
Under the CPRA, California residents have the right to limit the use and disclosure of sensitive personal information (such as precise geolocation, financial information, and health data) to specific permitted purposes. To exercise this right, please contact us at [email protected].
8.7 Right to Non-Discrimination
We will not discriminate against you for exercising any of your privacy rights. This means we will not deny you services, charge you different prices, or provide a different level of quality of services because you exercised your privacy rights.
8.8 Marketing Opt-Out
You may unsubscribe from our marketing emails at any time by clicking the "unsubscribe" link at the bottom of any promotional email we send or by contacting us directly. Please note that even after opting out of marketing communications, we may still send you transactional or service-related emails (e.g., order confirmations).
8.9 How to Submit a Privacy Request
To exercise any of the rights described above, please contact us using the following methods:
- Email: [email protected]
We will verify your identity before processing your request to protect your information from unauthorized access. We will respond to your request within 45 days, as required by the CCPA/CPRA, with the possibility of a 45-day extension where reasonably necessary.
9. Cookie Policy
Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and assist in our marketing efforts.
9.1 What Are Cookies?
Cookies are small text files placed on your device by websites you visit. They are widely used to make websites function efficiently and to provide information to the website owners. Cookies can be "session cookies" (which expire when you close your browser) or "persistent cookies" (which remain on your device for a set period).
9.2 Types of Cookies We Use
- Strictly Necessary Cookies: Essential for the website to function properly. These cannot be disabled.
- Performance and Analytics Cookies: Help us understand how visitors interact with our website by collecting anonymous information.
- Functionality Cookies: Remember your preferences and settings to provide a more personalized experience.
- Targeting and Advertising Cookies: Used to deliver relevant advertisements and track the effectiveness of marketing campaigns.
9.3 Managing Cookies
You can control and manage cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, and set preferences for specific websites. Please note that disabling certain cookies may affect the functionality of our website. You may also opt out of certain advertising cookies through the Digital Advertising Alliance's opt-out tool at optout.aboutads.info.
10. Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, to comply with our legal obligations, resolve disputes, and enforce our agreements. The specific retention periods are as follows:
| Category of Data | Retention Period |
|---|---|
| Account and profile information | For the duration of your account plus 3 years after account closure |
| Order and transaction history | 7 years (for accounting and legal compliance purposes) |
| Marketing preferences and opt-in records | 3 years from last interaction or until you opt out |
| Customer support communications | 3 years from the date of communication |
| Website usage and analytics data | Up to 26 months (aggregated) or 13 months (individual sessions) |
| Cookie and tracking data | As specified in individual cookie settings (typically 30 days to 2 years) |
| Legal and compliance records | As required by applicable law (generally 5–7 years) |
When your personal information is no longer required, we will securely delete or anonymize it in accordance with our data retention and disposal procedures.
11. Children's Privacy
Cafe Rio does not knowingly collect, solicit, or process personal information from individuals under the age of 18. Our website is not directed at children, and we do not market our online services to minors.
If you are a parent or guardian and believe that your child under the age of 18 has provided us with personal information without your consent, please contact us immediately at [email protected]. Upon verification, we will promptly take steps to delete such information from our systems.
We comply with the Children's Online Privacy Protection Act (COPPA) and do not knowingly collect personal information from children under 13 years of age. If we become aware that we have inadvertently received personal information from a child under 13, we will delete such information from our records as soon as possible.
12. International Data Transfers
Cafe Rio is based in the United States, and all of our primary data processing activities occur within the United States. If you are accessing our website from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your home country.
Where we transfer personal data internationally, we take appropriate steps to ensure that such transfers comply with applicable privacy laws and that your information remains adequately protected. These safeguards may include:
- Transferring data only to countries that provide an adequate level of data protection
- Using contractual protections with our service providers and partners
- Implementing technical and organizational security measures to protect transferred data
By using our website and providing us with your personal information, you acknowledge and consent to the transfer of your information to the United States and its processing there in accordance with this Privacy Policy.
13. Third-Party Links and Websites
Our website may contain links to third-party websites, social media platforms, or other online services that are not owned or controlled by Cafe Rio. These links are provided for your convenience and do not signify our endorsement of those websites or their content.
We have no control over and assume no responsibility for the privacy practices, content, or security of any third-party websites. We strongly encourage you to review the privacy policy of every website you visit. This Privacy Policy applies solely to information collected by Cafe Rio through our website and services.
14. California Privacy Rights (CCPA/CPRA)
If you are a resident of the State of California, you have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) that supplement the rights described elsewhere in this policy.
14.1 Categories of Personal Information Collected
In the past 12 months, we have collected the following categories of personal information as defined by the CCPA:
- Identifiers (name, email address, IP address, account username)
- Customer records information (name, phone number, address, payment information)
- Commercial information (products purchased, purchase history, preferences)
- Internet or other electronic network activity information (browsing history on our website, search queries)
- Geolocation data (approximate location based on IP address or precise location with consent)
- Inferences drawn from personal information to create a profile about consumer preferences
14.2 California "Shine the Light" Law
Under California Civil Code Section 1798.83, California residents have the right to request certain information about our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us at [email protected].
14.3 Authorized Agents
California residents may designate an authorized agent to submit privacy requests on their behalf. The authorized agent must provide written proof of authorization, and we may require verification of the consumer's identity directly from the consumer before processing the request.
15. How to File a Complaint
If you believe that we have handled your personal information in a manner inconsistent with this Privacy Policy or applicable law, we encourage you to contact us first so that we have an opportunity to resolve your concern:
- Email: [email protected]
We will acknowledge your complaint within 10 business days and aim to provide a substantive response within 30 days.
15.1 Regulatory Complaints
If you are not satisfied with our response, or if you believe your privacy rights have been violated, you may file a complaint with relevant regulatory authorities:
- Federal Trade Commission (FTC): The FTC enforces consumer protection laws in the United States. You may file a complaint at reportfraud.ftc.gov or by calling 1-877-FTC-HELP.
- California Privacy Protection Agency (CPPA): California residents may contact the California Privacy Protection Agency, which enforces the CCPA/CPRA. More information is available at cppa.ca.gov.
- State Attorney General: You may also file a complaint with your state's Attorney General office if you believe your state privacy rights have been violated.
16. Do Not Track Signals
Some web browsers transmit "Do Not Track" (DNT) signals to websites. Currently, there is no universally accepted standard for how websites should respond to DNT signals. As a result, we do not currently respond to DNT browser signals. However, you can manage your tracking preferences through our cookie settings and by following the instructions provided in Section 9 of this policy.
17. Updates to This Privacy Policy
We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our business practices, legal requirements, or technology. When we make material changes to this policy, we will:
- Update the "Last Updated" date at the top of this page
- Post the revised policy on our website at mexcaferio.click
- Send you an email notification if the changes significantly affect how we use your personal information (where we hold your email address)
- Where required by law, obtain your consent to the updated policy
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our website and services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.
18. Contact Information for Privacy Inquiries
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please do not hesitate to reach out to our privacy team using the contact details below:
Cafe Rio — Privacy Team
- Email: [email protected]
- Website: mexcaferio.click
We are committed to addressing your privacy concerns promptly and transparently. Please include "Privacy Request" in the subject line of your email to help us route your inquiry to the appropriate team member.
Effective Date of This Policy: July 3, 2026. This Privacy Policy was last reviewed and updated on July 3, 2026, by the Cafe Rio privacy compliance team. This policy is governed by the laws of the United States and applicable state privacy regulations, including the CCPA/CPRA for California residents and the FTC Act for general consumer protection purposes nationwide.