Privacy Policy

This Privacy Policy describes how Cafe Rio ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you visit our website at scafe-rio.top, place orders, use our services, or otherwise interact with us. We are committed to protecting your privacy and handling your personal data in a transparent, responsible, and lawful manner in accordance with applicable United States federal and state privacy laws.

Please read this Privacy Policy carefully. By accessing or using our website, purchasing our products, or engaging with our services, you acknowledge that you have read, understood, and agree to the practices described in this policy. If you do not agree with any part of this policy, please discontinue your use of our website and services immediately.

1. About Us and How to Contact Us

Cafe Rio is a food service business operating in the United States. We are dedicated to providing high-quality food products and an excellent customer experience both online and in person. Our contact information for all privacy-related inquiries is as follows:

For all privacy-related inquiries, requests, or complaints, please contact us at [email protected]. We will respond to all legitimate requests within a reasonable timeframe, and in any case within the time periods required by applicable law.

2. Scope of This Privacy Policy

This Privacy Policy applies to all personal information we collect through:

• Our website located at scafe-rio.top and any subdomains;
• Online orders, reservations, and food delivery requests placed through our platform;
• Customer loyalty programs, promotions, and sweepstakes;
• Email, telephone, or written communications with our customer service team;
• Social media interactions involving our official accounts;
• In-store interactions where digital or physical data collection occurs;
• Any other services or platforms we operate or control that link to this policy.

This policy does not apply to third-party websites, applications, or services that may be linked from our website. We encourage you to review the privacy policies of any third-party platforms you visit independently of our services.

3. Information We Collect

We collect several categories of personal information depending on how you interact with Cafe Rio. These categories are described below in detail.

3.1 Personal Identification Information

When you create an account, place an order, contact us, or sign up for our loyalty or marketing programs, we may collect:

• Full name;
• Email address;
• Phone number;
• Mailing or delivery address;
• Date of birth (when required for age verification or promotional purposes);
• Username and password for your online account;
• Profile picture or other optional profile details.

3.2 Payment and Financial Information

When you make a purchase through our website, we collect payment-related information necessary to process your transaction. This may include:

• Credit or debit card details (processed securely through our payment processors);
• Billing address;
• Transaction history and order details;
• Gift card or promotional code information.

Please note that we do not directly store complete credit card numbers on our servers. Full payment card data is handled by our PCI DSS-compliant third-party payment processors.

3.3 Order and Transaction Data

When you place orders with us, we collect information such as:

• Items ordered and customizations requested;
• Order frequency and purchase history;
• Delivery preferences and special instructions;
• Feedback, ratings, and reviews you submit regarding your order or experience.

3.4 Usage and Behavioral Data

When you visit our website, we automatically collect certain technical and behavioral data about your interaction with our platform, including:

• IP address and approximate geographic location derived from your IP;
• Browser type and version;
• Operating system;
• Pages viewed and time spent on each page;
• Referring URLs and exit pages;
• Search terms used on our website;
• Clickstream data and navigation patterns;
• Session duration and frequency of visits.

3.5 Device Information

We may collect information about the device you use to access our website, such as:

• Device type (desktop, mobile, tablet);
• Unique device identifiers;
• Mobile network information;
• Hardware model and screen resolution;
• Mobile operating system details.

3.6 Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, local storage, and similar tracking technologies to collect data about your activity on our website. For detailed information about the types of cookies we use and how you can manage your cookie preferences, please refer to our Cookie Policy section below and any separate Cookie Policy document we may maintain.

3.7 Communications Data

If you contact us by email, phone, live chat, or social media, we may collect:

• The content of your messages and communications;
• Records of correspondence;
• Call recordings (where permitted by law and with prior notice);
• Customer support ticket information.

3.8 Information from Third Parties

We may receive personal information about you from third-party sources, such as:

• Social media platforms when you connect your account or interact with our social media pages;
• Food delivery partner platforms that process orders on our behalf;
• Analytics and advertising partners who share aggregated or de-identified insights;
• Publicly available sources for business verification purposes.

4. How We Use Your Information

We use the personal information we collect for the following purposes, relying on applicable legal bases under United States law, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and the Federal Trade Commission Act:

4.1 Providing and Managing Our Services

• Processing and fulfilling your food orders and delivery requests;
• Managing your online account and preferences;
• Facilitating payment transactions and issuing receipts or invoices;
• Providing customer support and resolving disputes;
• Sending order confirmations, status updates, and delivery notifications;
• Administering loyalty programs, promotions, or special offers you participate in.

4.2 Analytics and Service Improvement

• Analyzing usage patterns to improve the functionality and design of our website;
• Conducting internal research to better understand customer preferences;
• Monitoring and analyzing trends in food ordering behavior;
• Testing new features and service improvements;
• Generating aggregated, anonymized reports about our business performance.

4.3 Marketing and Promotional Communications

• Sending you promotional emails, newsletters, or special offers where you have consented or where permitted by law;
• Personalizing marketing messages based on your order history and preferences;
• Displaying targeted advertisements on our website or third-party platforms;
• Notifying you of new menu items, seasonal specials, or upcoming events.

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any promotional email or by contacting us at [email protected]. Opting out of marketing communications will not affect transactional communications related to your orders.

4.4 Legal Compliance and Safety

• Complying with applicable federal, state, and local laws and regulations;
• Responding to lawful requests from law enforcement or government authorities;
• Detecting, investigating, and preventing fraudulent transactions or unauthorized activities;
• Protecting the rights, property, or safety of Cafe Rio, our customers, or others;
• Enforcing our Terms of Service and other agreements.

4.5 Personalization

• Remembering your preferences, favorite menu items, and past orders;
• Providing personalized menu recommendations;
• Customizing the content and layout of our website based on your browsing behavior.

5. Sharing Your Information with Third Parties

We do not sell your personal information to third parties for their own direct marketing purposes. However, we may share your information with the following categories of third parties in limited circumstances:

5.1 Service Providers and Business Partners

We engage trusted third-party service providers who assist us in operating our business. These service providers are contractually obligated to protect your information and may only use it for the purposes we specify. Categories of service providers include:

• Payment processors — to securely handle credit card and payment transactions;
• Food delivery platforms — to fulfill delivery orders placed through our website or third-party apps;
• Cloud hosting and IT infrastructure providers — to host our website and store data securely;
• Email marketing platforms — to manage and send promotional and transactional communications;
• Analytics providers — to analyze website traffic and user behavior (e.g., Google Analytics);
• Customer support tools — to manage helpdesk tickets and customer communications;
• Fraud detection services — to identify and prevent fraudulent activities.

5.2 Legal Requirements and Law Enforcement

We may disclose your personal information when required to do so by law or in good faith belief that such disclosure is necessary to:

• Comply with a legal obligation, court order, subpoena, or government investigation;
• Respond to lawful requests from public authorities, including national security or law enforcement requirements;
• Protect and defend the rights or property of Cafe Rio;
• Prevent or investigate possible wrongdoing in connection with our services;
• Protect the personal safety of users of our services or the public.

5.3 Business Transfers

In the event that Cafe Rio undergoes a merger, acquisition, sale of assets, reorganization, or other business transaction, your personal information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website before your personal information becomes subject to a different privacy policy.

5.4 Aggregated and De-Identified Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you with third parties for research, analytics, industry reporting, or marketing purposes.

6. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your experience, analyze website traffic, and serve relevant advertising. Cookies are small text files placed on your device when you visit a website.

6.1 Types of Cookies We Use

• Strictly Necessary Cookies: Essential for the website to function properly. These include cookies that enable you to add items to your cart, log in to your account, and complete transactions.
• Performance and Analytics Cookies: Help us understand how visitors interact with our website by collecting information about pages visited, time spent, and errors encountered.
• Functional Cookies: Allow our website to remember your preferences, such as your language settings and saved addresses.
• Marketing and Advertising Cookies: Used to deliver targeted advertisements relevant to your interests based on your browsing behavior on our site and other websites.

6.2 Managing Cookie Preferences

You may manage your cookie preferences through your browser settings. Most browsers allow you to refuse or delete cookies. However, disabling certain cookies may affect the functionality of our website. You may also opt out of interest-based advertising by visiting:

• Network Advertising Initiative Opt-Out
• Digital Advertising Alliance Opt-Out

7. Data Security

We take the security of your personal information seriously and implement a range of technical, administrative, and physical security measures designed to protect your data against unauthorized access, disclosure, alteration, or destruction. These measures include:

• Encryption of sensitive data in transit using Secure Socket Layer (SSL/TLS) technology;
• Secure storage of personal data with access controls and authentication requirements;
• Regular security assessments and vulnerability testing of our systems;
• Employee training on data protection and privacy best practices;
• Use of PCI DSS-compliant payment processing systems;
• Firewall protection and intrusion detection systems;
• Data minimization practices to limit the collection and storage of personal information.

While we strive to use commercially reasonable means to protect your personal information, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your data. In the event of a data breach that affects your personal information and triggers legal notification obligations, we will notify you in accordance with applicable state breach notification laws.

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by applicable law. The following general retention periods apply:

After the applicable retention period expires, we will securely delete, destroy, or anonymize your personal information in a manner that prevents unauthorized reconstruction.

9. Your Privacy Rights

Depending on your state of residence, you may have certain rights regarding your personal information. We are committed to honoring these rights in accordance with applicable law, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and equivalent laws in other states.

9.1 Right to Know and Access

You have the right to request information about the categories and specific pieces of personal information we have collected about you, the purposes for which we use it, the categories of third parties with whom we share it, and the sources from which we collected it.

9.2 Right to Correction

You have the right to request that we correct inaccurate personal information we hold about you. We will take reasonable steps to verify the accuracy of the corrected data.

9.3 Right to Deletion

You have the right to request that we delete personal information we have collected from you, subject to certain exceptions, such as when the information is necessary to complete a transaction, detect security incidents, comply with legal obligations, or exercise free speech rights.

9.4 Right to Data Portability

Where technically feasible, you have the right to receive a copy of your personal information in a structured, commonly used, and machine-readable format, and to transmit that data to another entity.

9.5 Right to Opt Out of Sale or Sharing

California residents have the right to opt out of the "sale" or "sharing" of their personal information as those terms are defined under the CPRA. While we do not sell personal information in the traditional sense, if we engage in cross-context behavioral advertising, California residents may opt out by contacting us or using any opt-out mechanism we provide.

9.6 Right to Limit Use of Sensitive Personal Information

California residents may have the right to limit the use and disclosure of sensitive personal information (such as precise geolocation, financial data, or health-related data) to those uses necessary to perform our services.

9.7 Right to Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. We will not deny you goods or services, charge you different prices, or provide a different level of quality because you exercised your rights under this policy or applicable law.

9.8 How to Submit a Privacy Request

To exercise any of the rights described above, please submit a verifiable consumer request by:

• Emailing us at [email protected] with the subject line "Privacy Rights Request";
• Including your full name, email address associated with your account, and a description of your request.

We will verify your identity before processing your request to protect against unauthorized access. We will respond to verified requests within 45 days, or within the extended period permitted by applicable law. We will notify you if we need additional time to respond.

You may designate an authorized agent to submit requests on your behalf by providing written authorization. We may require you to verify your identity directly before fulfilling requests submitted by an authorized agent.

10. Children's Privacy

Cafe Rio does not knowingly solicit or collect personal information from children under 13 years of age in accordance with the Children's Online Privacy Protection Act (COPPA). We do not knowingly allow persons under 18 to create accounts or place orders without parental supervision or consent.

If you are a parent or guardian and believe that your child under the age of 13 has provided us with personal information without your consent, please contact us immediately at [email protected]. We will promptly investigate the matter and, if confirmed, take steps to delete such information from our systems.

We do not condition participation in any activity on the provision of more personal information from a child than is reasonably necessary for that activity.

11. International Data Transfers

Cafe Rio is based in the United States, and your personal information is primarily stored and processed within the United States. If you are accessing our website from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your home country.

In the event we need to transfer personal data outside the United States to third-party service providers operating internationally, we take steps to ensure that such transfers are conducted in compliance with applicable law and that appropriate safeguards are in place to protect your personal information.

By using our website and providing us with your personal information, you acknowledge and consent to the transfer, storage, and processing of your information in the United States as described in this Privacy Policy.

12. California Privacy Rights — CCPA/CPRA Disclosures

This section supplements our Privacy Policy and applies specifically to residents of California, in accordance with the California Consumer Privacy Act of 2018 (CCPA) and the California Privacy Rights Act of 2020 (CPRA), effective January 1, 2023.

12.1 Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information as defined under the CCPA:

• Identifiers (name, email, address, IP address);
• Commercial information (purchase history, food orders);
• Internet or electronic network activity (browsing history, cookie data);
• Geolocation data (approximate location based on IP address or delivery address);
• Inferences drawn from personal information to create a profile about preferences;
• Sensitive personal information (payment card details processed via secure third parties).

12.2 Purposes for Collection

The categories listed above are collected for the business and commercial purposes described in Section 4 of this Privacy Policy, including service delivery, analytics, marketing, and legal compliance.

12.3 Categories of Third Parties Receiving Personal Information

We may disclose personal information to the categories of third parties identified in Section 5 of this Privacy Policy, including service providers, business partners, and as required by law.

12.4 "Shine the Light" Law

California Civil Code Section 1798.83 permits our California customers to request information regarding our disclosure of personal information to third parties for their direct marketing purposes. To submit such a request, please contact us at [email protected].

13. Other U.S. State Privacy Rights

In addition to California, other U.S. states have enacted or are in the process of enacting comprehensive consumer privacy laws. Residents of states including but not limited to Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), and others may have privacy rights similar to those described in Section 9, including rights of access, correction, deletion, portability, and the right to opt out of targeted advertising or sale of personal data.

We are committed to honoring applicable state privacy rights as they come into effect. If you are a resident of a state with a privacy law that grants you specific rights not addressed in this policy, please contact us at [email protected] and we will work to honor your rights in accordance with applicable law.

14. Federal Consumer Protection Laws

Our privacy practices are also subject to the Federal Trade Commission Act (FTC Act), which prohibits unfair or deceptive acts or practices in or affecting commerce. We are committed to maintaining honest and transparent privacy practices and will not engage in deceptive data collection, use, or sharing. The FTC has authority to take enforcement action against companies that fail to honor their stated privacy commitments.

15. Third-Party Links and Integrations

Our website may contain links to third-party websites, social media platforms, or integrated services such as food delivery apps, review platforms, or payment gateways. These third-party services have their own privacy policies and practices, which are independent of ours. We are not responsible for the content, privacy practices, or data handling of any third-party websites or services.

We encourage you to carefully review the privacy policies of any third-party platforms before providing them with your personal information. Our inclusion of a link to a third-party website does not imply our endorsement of that website or its privacy practices.

16. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our business practices, legal requirements, or technological developments. When we make material changes to this policy, we will:

• Update the "Last Updated" date at the top of this page;
• Post a prominent notice on our website homepage;
• Send an email notification to registered users where appropriate and where required by law.

Your continued use of our website or services after any changes to this Privacy Policy become effective constitutes your acceptance of the updated policy. We encourage you to review this policy periodically to stay informed about how we are protecting your information.

17. How to File a Complaint

If you have concerns about our privacy practices or believe your personal information rights have been violated, we encourage you to first contact us directly so that we can attempt to resolve the matter:

• Email: [email protected]
• Website: scafe-rio.top

If you are a California resident and believe we have not adequately addressed your privacy concern, you may contact the California Privacy Protection Agency (CPPA) or the California Attorney General's Office:

Residents of other states may contact their state attorney general's office or relevant data protection authority to file a complaint regarding our privacy practices.

18. Contact Information for Privacy Inquiries

If you have any questions, comments, or concerns about this Privacy Policy, or if you wish to exercise any of your privacy rights, please do not hesitate to reach out to us. We are committed to responding promptly and transparently to all privacy-related inquiries.

We aim to acknowledge all privacy inquiries within 5 business days and to provide a substantive response within the timeframe required by applicable law (no later than 45 days for most requests, with up to a 45-day extension where permitted).

Effective Date: April 11, 2026. This Privacy Policy was prepared in accordance with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Children's Online Privacy Protection Act (COPPA), and the Federal Trade Commission Act (FTC Act). Cafe Rio reserves all rights under applicable law.