Privacy Policy

Effective Date: June 12, 2026 | Last Updated: June 12, 2026

Welcome to Cafe Rio. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website taco-caferio.click, place orders, or otherwise interact with our services. Please read this policy carefully. If you disagree with its terms, please discontinue use of our site.

This Privacy Policy applies to all information collected through our website, as well as any related services, sales, marketing, or events. By accessing or using our website, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.

1. Who We Are

Cafe Rio operates the website taco-caferio.click and provides food-related services to customers across the United States. For the purposes of this Privacy Policy, "we," "us," or "our" refers to Cafe Rio.

Company Name	Cafe Rio
Website	taco-caferio.click
Email Address	[email protected]
Address	United States

2. Information We Collect

We collect information about you in a variety of ways to provide, improve, and personalize our services. The types of information we may collect include the following:

2.1 Personal Identification Information

When you create an account, place an order, sign up for our newsletter, participate in promotions, or contact us directly, we may collect personally identifiable information, including but not limited to:

Full name
Email address
Phone number
Billing and shipping address
Payment information (credit/debit card details processed through secure third-party payment processors)
Date of birth (where applicable for loyalty programs or age verification)
Username and password for account access
Dietary preferences and food choices
Order history and transaction data

2.2 Usage and Behavioral Data

When you browse our website or use our services, we automatically collect certain usage information, including:

Pages visited and time spent on each page
Links clicked and navigation paths through the website
Search queries entered on our site
Items viewed, added to cart, or ordered
Referring URLs and exit pages
Frequency and duration of visits

2.3 Device and Technical Information

We collect technical information about the devices and systems you use to access our website, including:

IP address
Browser type and version
Operating system and platform
Device identifiers (mobile device ID, advertising ID)
Screen resolution and display settings
Time zone settings and language preferences
Plugins and software installed on your browser

2.4 Location Data

With your consent, we may collect precise or approximate geolocation data to help you find the nearest Cafe Rio location, provide local promotions, and improve delivery services. You may disable location access through your device settings at any time.

2.5 Communications Data

If you contact us via email, phone, or web form, we may retain records of your communications, including any messages, attachments, feedback, or complaints you provide. This helps us respond effectively and improve our customer service.

2.6 Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about your browsing behavior. For a detailed explanation of how we use cookies and how you can manage your preferences, please refer to the Cookie section of this policy below.

3. How We Use Your Information

We use the information we collect for various lawful purposes related to operating our food service business and providing you with an exceptional customer experience:

3.1 Service Provision and Order Fulfillment

Processing and completing your food orders
Managing your account and account preferences
Sending order confirmations, receipts, and updates
Handling delivery logistics and coordinating with third-party delivery partners
Processing payments and preventing fraudulent transactions
Responding to customer service inquiries and resolving disputes

3.2 Analytics and Service Improvement

Analyzing usage patterns and trends to improve website functionality
Conducting internal research and development
Measuring the effectiveness of our menus, promotions, and marketing campaigns
Identifying and fixing technical issues and bugs
Developing new features, products, and services

3.3 Marketing and Personalization

Sending promotional emails, newsletters, and special offers (with your consent)
Personalizing your website experience and displaying relevant content
Administering loyalty programs, contests, and sweepstakes
Delivering targeted advertising through our website and third-party platforms
Conducting surveys and market research

3.4 Legal and Compliance Purposes

Complying with applicable federal, state, and local laws
Enforcing our Terms of Service and other policies
Protecting the rights, property, and safety of Cafe Rio, our customers, and others
Responding to legal requests, court orders, or regulatory inquiries

4. Legal Basis for Processing

We process your personal information based on the following legal grounds:

Contract Performance: Processing is necessary to fulfill your order or provide requested services.
Legitimate Interests: We process data for our legitimate business interests, such as fraud prevention, website security, and improving our services, where such interests are not overridden by your rights.
Consent: Where required by law, we obtain your explicit consent before processing your data for marketing communications or non-essential cookies.
Legal Obligation: We may process your data to comply with applicable laws and regulations under the FTC Act and other applicable United States federal and state laws.

5. Sharing Your Information with Third Parties

We do not sell, trade, or rent your personal information to third parties for their independent marketing purposes. However, we may share your information in the following circumstances:

5.1 Service Providers and Business Partners

We may share your information with trusted third-party vendors and service providers who assist us in operating our website and delivering our services. These may include:

Payment processing companies (e.g., Stripe, Square, PayPal)
Food delivery platforms and courier services
Cloud hosting and IT infrastructure providers
Email marketing platforms
Analytics and data intelligence services (e.g., Google Analytics)
Customer relationship management (CRM) software providers
Fraud detection and cybersecurity services

All third-party service providers are contractually required to protect your personal information, use it only for specified purposes, and comply with applicable privacy laws.

5.2 Business Transfers

In the event of a merger, acquisition, restructuring, sale of assets, or bankruptcy, your personal information may be transferred as part of that transaction. We will notify you via email or prominent notice on our website before your information becomes subject to a different privacy policy.

5.3 Legal Requirements and Safety

We may disclose your information when required to do so by law or in good faith belief that such action is necessary to:

Comply with a legal obligation, court order, or government request
Investigate potential violations of our Terms of Service
Protect and defend the rights or property of Cafe Rio
Prevent or investigate possible wrongdoing in connection with our services
Protect the personal safety of users of the service or the public

5.4 Aggregated and Anonymized Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you with third parties for industry analysis, demographic profiling, marketing, and other business purposes. This information is not subject to the restrictions in this Privacy Policy.

6. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your experience, analyze usage, and deliver personalized content. Cookies are small text files stored on your device when you visit a website.

6.1 Types of Cookies We Use

Cookie Type	Purpose
Strictly Necessary	Essential for the website to function properly. These cannot be disabled.
Performance / Analytics	Help us understand how visitors interact with our website by collecting anonymous usage data.
Functional	Allow the website to remember choices you make (such as language or location) and provide enhanced features.
Marketing / Targeting	Used to deliver relevant advertisements and track campaign effectiveness across the web.

You may control and manage cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. For more information, please refer to our full Cookie Policy available on our website.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by applicable law.

Account Information: Retained for the duration of your active account plus up to 3 years after account closure.
Order and Transaction Records: Retained for up to 7 years to comply with tax, accounting, and legal obligations.
Marketing Data: Retained until you withdraw your consent or request deletion, whichever comes first.
Customer Service Communications: Retained for up to 3 years from the date of the last interaction.
Website Usage and Analytics Data: Retained in anonymized or aggregated form for up to 2 years.
Legal Hold Data: Retained for as long as necessary to resolve legal disputes, investigations, or regulatory matters.

When your personal information is no longer needed, we will securely delete or anonymize it in accordance with our internal data management procedures.

8. Data Security

Cafe Rio takes the security of your personal information seriously. We implement a variety of technical, administrative, and physical security measures to protect your data from unauthorized access, disclosure, alteration, or destruction.

8.1 Technical Safeguards

SSL/TLS encryption for all data transmitted between your browser and our servers
Encrypted storage of sensitive personal and financial information
Firewalls, intrusion detection systems, and regular security audits
Secure, tokenized payment processing through PCI-DSS compliant payment processors
Multi-factor authentication for administrative access to our systems

8.2 Organizational Safeguards

Access to personal data restricted to authorized personnel on a need-to-know basis
Regular employee training on data privacy and security best practices
Data processing agreements with all third-party service providers
Incident response plan for identifying and addressing potential data breaches

Please Note: While we implement robust security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, and we encourage you to use strong, unique passwords and keep your account credentials confidential.

9. Your Privacy Rights

Depending on your location within the United States, you may have certain rights regarding your personal information. We are committed to honoring these rights in accordance with applicable law.

9.1 Rights Under California Law (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the purposes for which it was collected, and any third parties with whom it was shared.
Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions (e.g., completing a transaction, legal obligations).
Right to Correct: You have the right to request correction of inaccurate personal information we hold about you.
Right to Opt-Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising.
Right to Limit Use of Sensitive Personal Information: You may request that we limit our use of sensitive personal information to that which is necessary to provide the services you requested.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge you different prices, or provide a different level of service based on your exercise of these rights.

9.2 General Privacy Rights (All U.S. Users)

Right to Access: Request access to the personal information we hold about you.
Right to Correction: Request that we correct inaccurate or incomplete information.
Right to Deletion: Request that we delete your personal information where there is no compelling reason to continue processing it.
Right to Data Portability: Request a copy of your personal data in a structured, commonly used, machine-readable format.
Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of prior processing.
Right to Opt-Out of Marketing: You may opt out of receiving promotional communications from us at any time by clicking "unsubscribe" in any marketing email or by contacting us directly.

9.3 How to Exercise Your Rights

To exercise any of your privacy rights, please contact us using the information below. We will respond to your request within 45 days. In some cases, we may need to verify your identity before fulfilling your request, and we may need an additional 45-day extension for complex requests.

Email: [email protected]
Website: taco-caferio.click

You may submit requests on behalf of yourself or, in limited circumstances, on behalf of a minor child. If you use an authorized agent to submit a request, we may require written permission or proof of identity before processing.

10. Children's Privacy

Important: Our website and services are intended for individuals who are 18 years of age or older. We do not knowingly collect personal information from children under the age of 13 (or under 16 in states where a higher age threshold applies).

Cafe Rio does not direct its services to minors, and we do not knowingly collect personally identifiable information from anyone under the age of 18. Our online ordering, account creation, and loyalty program features are intended solely for adult users.

If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at [email protected]. We will take prompt steps to delete such information from our records and ensure compliance with the Children's Online Privacy Protection Act (COPPA) and any other applicable laws.

We do not knowingly use, share, or retain the personal information of minors for any commercial purpose. If we learn that we have inadvertently collected information from a child under 13, we will delete that information as quickly as possible.

11. International Data Transfers

Cafe Rio is based in the United States, and our servers and primary operations are located within the United States. If you access our website or services from outside the United States, please be aware that your information will be transferred to, stored in, and processed in the United States.

The data protection laws in the United States may differ from those in your country of residence. By using our services from outside the United States, you consent to the transfer of your information to the United States and the processing of your data in accordance with this Privacy Policy and applicable U.S. law.

When transferring data internationally, we take appropriate safeguards to ensure that your personal information remains protected in accordance with this Privacy Policy, including implementing contractual protections with third-party service providers located outside the United States.

12. Third-Party Links and Services

Our website may contain links to third-party websites, social media platforms, and online services that are not operated by Cafe Rio. These include platforms like Facebook, Instagram, Google, and food delivery aggregators. We have no control over the privacy practices of these third parties and are not responsible for their content or privacy policies.

We encourage you to review the privacy policies of any third-party websites or services you visit. The inclusion of a link on our website does not imply our endorsement of the third party's privacy practices or content.

Social media features and widgets on our site (such as the Facebook "Like" button or Instagram feeds) are hosted either by the respective social network or directly on our website. Your interactions with these features are governed by the privacy policy of the company providing that feature.

13. Do Not Track Signals

Some browsers have a "Do Not Track" (DNT) feature that signals to websites that you do not want to have your online activity tracked. Currently, there is no universally accepted standard for how websites should respond to DNT signals. At this time, our website does not respond to DNT signals. However, you can manage your cookie and tracking preferences using the tools available in your browser settings.

California law (Business and Professions Code Section 22575) requires certain websites to disclose whether they honor DNT signals. We disclose here that our website does not currently alter its data collection and use practices in response to DNT signals from browsers.

14. Marketing Communications

With your consent, we may send you promotional emails, SMS messages, push notifications, or other marketing communications about new menu items, special offers, loyalty rewards, and upcoming events at Cafe Rio.

You can opt out of marketing communications at any time by:

Clicking the "Unsubscribe" or "Opt-Out" link at the bottom of any promotional email
Replying "STOP" to any SMS marketing message
Adjusting your notification preferences in your account settings
Contacting us directly at [email protected]

Please note that even if you opt out of marketing communications, we may still send you transactional emails related to your orders, account activity, or legal matters. These operational communications are not subject to opt-out requests.

15. Applicable Laws and Regulatory Compliance

Our privacy practices are designed to comply with applicable United States federal and state privacy laws, including but not limited to:

Federal Trade Commission Act (FTC Act): We adhere to the FTC's standards for consumer protection and fair business practices, including truthfulness in our data collection and use disclosures.
California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA): We honor the privacy rights of California residents as outlined in Section 9 of this policy.
Children's Online Privacy Protection Act (COPPA): We do not knowingly collect personal information from children under 13 years of age.
CAN-SPAM Act: All commercial email communications comply with CAN-SPAM requirements, including clear identification of the sender and easy opt-out mechanisms.
Telephone Consumer Protection Act (TCPA): We obtain proper consent before sending marketing text messages or making automated calls.
State-Specific Privacy Laws: We monitor and comply with emerging state privacy laws across the United States, including those enacted in Virginia (VCDPA), Colorado (CPA), Connecticut, and other states as they become effective.

16. Filing a Complaint

If you have concerns about our privacy practices and are not satisfied with our response to your inquiry, you have the right to file a complaint with the appropriate regulatory authority.

16.1 Federal Trade Commission (FTC)

For consumer privacy and protection complaints in the United States, you may contact the Federal Trade Commission:

Website: www.ftc.gov
Phone: 1-877-FTC-HELP (1-877-382-4357)
Address: Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, D.C. 20580

16.2 California Privacy Protection Agency (CPPA)

California residents may also file complaints with the California Privacy Protection Agency:

Website: cppa.ca.gov
Address: California Privacy Protection Agency, 2101 Arena Boulevard, Sacramento, CA 95834

16.3 State Attorneys General

Residents of other states may contact their respective State Attorney General's office for guidance on filing privacy-related complaints. We encourage all users to first contact us directly so that we can address your concerns before escalating to a regulatory authority.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Last Updated" date at the top of this page.

If we make material changes to this Privacy Policy that significantly affect how we collect, use, or share your personal information, we will provide you with prominent notice. This may include sending you an email notification, displaying a banner on our website, or requiring you to re-acknowledge the policy before continuing to use our services.

We encourage you to review this Privacy Policy periodically to stay informed about our data practices. Your continued use of our website and services after any changes to this Privacy Policy constitutes your acceptance of the revised terms.

18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us. We are committed to addressing your inquiries promptly and transparently.

Company	Cafe Rio
Website	taco-caferio.click
Email	[email protected]
Location	United States

We aim to respond to all privacy-related inquiries within 30 business days. For California residents submitting CCPA/CPRA requests, we will respond within 45 calendar days, with the option to extend by an additional 45 days if needed due to the complexity of your request.

Privacy Tip: For the fastest response, please include your full name, email address, and a clear description of your request or concern when contacting us about your personal data.

This Privacy Policy was last reviewed and updated on June 12, 2026. All rights reserved © 2026 Cafe Rio. This document constitutes the complete and binding privacy policy for the website taco-caferio.click and all associated services operated under the Cafe Rio brand in the United States.