Privacy Policy

Last Updated: January 15, 2026

At Cafe Rio, we are committed to protecting your privacy and ensuring the security of your personal information. This comprehensive privacy policy explains how we collect, use, share, and protect your information when you use our services.

1. Introduction

Cafe Rio ("we," "our," or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, process, and disclose your personal information when you visit our website, use our mobile application, order food online, visit our restaurants, or interact with our services in any way.

This policy applies to all information collected through our digital platforms, in-store interactions, delivery services, catering orders, loyalty programs, and any other services we provide. By using our services, you agree to the collection and use of information in accordance with this policy.

Important: We never sell your personal data to third parties. Your trust is fundamental to our business, and we are committed to maintaining the highest standards of data protection and privacy.

If you do not agree with any part of this privacy policy, please do not use our services. Your continued use of our services after any changes to this policy will constitute your acceptance of such changes.

2. Information We Collect

2.1 Information You Provide Directly

  • Personal Identification Information: Full name, email address, phone number, billing and delivery addresses, date of birth (for age verification and special offers)
  • Account Information: Username, password, order history, delivery preferences, favorite menu items, dietary restrictions and allergen information
  • Payment Information: Credit/debit card details, billing address, payment method preferences (stored securely through encrypted payment processors)
  • Food Preferences: Dietary requirements (vegetarian, vegan, gluten-free, halal, kosher), allergen information, spice level preferences, special instructions
  • Order Information: Items ordered, quantities, customizations, delivery/pickup preferences, special requests, order frequency and timing
  • Loyalty Program Data: Rewards points, membership tier, redemption history, earned benefits, participation in promotions
  • Reservation Information: Table booking details, party size, special occasion notes, accessibility requirements
  • Catering Details: Event information, guest count, dietary accommodations, delivery logistics, contact persons
  • Communications: Contact form submissions, customer service inquiries, reviews and ratings, feedback, survey responses
  • Marketing Preferences: Email subscription choices, SMS opt-ins, promotional preferences, communication frequency settings

2.2 Automatically Collected Information

  • Device Information: IP address, device type, operating system, browser type and version, screen resolution, device identifiers
  • Usage Data: Pages visited, time spent on site, click-through rates, search queries, navigation patterns, feature usage
  • Location Data: Approximate location from IP address, GPS coordinates (with permission), delivery addresses, restaurant locations visited
  • Cookie Information: Session IDs, user preferences, login status, shopping cart contents, site settings
  • Transaction Data: Order timestamps, payment methods used, transaction amounts, delivery times, tip information
  • Performance Data: Page load times, error reports, system performance metrics, app crash reports

2.3 Information from Third Parties

  • Social Media Platforms: Profile information when you connect your social media accounts or use social login features
  • Payment Processors: Transaction confirmations, fraud detection data, payment method validation
  • Delivery Partners: Delivery status updates, driver information, delivery confirmation, customer feedback
  • Marketing Partners: Campaign performance data, audience insights (anonymized), advertising effectiveness metrics
  • Data Verification Services: Address validation, phone number verification, identity confirmation for fraud prevention

3. How We Use Your Information

3.1 Service Provision

  • Order Processing: Fulfilling food orders, processing payments, coordinating delivery or pickup, managing catering events
  • Account Management: Creating and maintaining user accounts, authenticating users, managing loyalty program benefits
  • Customer Support: Responding to inquiries, resolving issues, processing refunds, handling complaints and feedback
  • Quality Improvement: Analyzing ordering patterns, optimizing menu offerings, improving delivery efficiency, enhancing user experience
  • Personalization: Customizing menu recommendations, suggesting frequently ordered items, tailoring promotions to preferences

3.2 Communication

  • Transactional Communications: Order confirmations, delivery notifications, pickup reminders, payment confirmations
  • Service Updates: Menu changes, restaurant hours, service disruptions, policy updates
  • Customer Support: Responding to inquiries, providing technical assistance, following up on service issues
  • Marketing Communications: Promotional offers, new menu items, loyalty program updates, event announcements (only with explicit consent)

3.3 Marketing and Analytics

  • Personalized Marketing: Targeted promotions based on order history, customized email campaigns, relevant product recommendations
  • Performance Analytics: Website traffic analysis, user behavior tracking, conversion rate optimization, A/B testing
  • Campaign Measurement: Advertising effectiveness tracking, return on investment analysis, customer acquisition metrics
  • Market Research: Customer satisfaction surveys, food trend analysis, competitive research, menu development insights

3.4 Legal Compliance and Security

  • Legal Requirements: Complying with food safety regulations, tax obligations, employment law, consumer protection laws
  • Fraud Prevention: Detecting suspicious transactions, preventing payment fraud, protecting against identity theft
  • Safety and Security: Protecting user accounts, preventing data breaches, maintaining system security, ensuring platform integrity
  • Dispute Resolution: Investigating complaints, resolving payment disputes, handling legal claims, maintaining transaction records

4. Information Sharing and Disclosure

4.1 Service Providers

  • Payment Processors: Secure handling of credit card transactions, payment method storage, fraud detection services
  • Delivery Partners: Sharing delivery addresses, order details, contact information for successful delivery coordination
  • Cloud Storage Providers: Secure data storage, backup services, content delivery networks for website performance
  • Email Service Providers: Managing marketing campaigns, transactional emails, customer communication automation
  • Analytics Providers: Website performance analysis, user behavior insights, conversion tracking, marketing optimization
  • Customer Support Tools: Helpdesk software, chat services, ticket management systems, knowledge base platforms

4.2 Legal Requirements

  • Court Orders: Complying with subpoenas, court orders, and other legal processes
  • Regulatory Compliance: Meeting food safety requirements, health department requests, tax authority inquiries
  • Law Enforcement: Cooperating with police investigations, fraud prevention efforts, public safety concerns
  • Emergency Situations: Protecting individuals from harm, preventing illegal activities, ensuring public safety

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred to the new entity. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy. The new entity will be required to maintain the same level of protection for your personal information.

4.4 With Your Consent

We may share your information for other purposes with your explicit consent. You will always be informed about such sharing and given the opportunity to opt-out.

5. Data Security

5.1 Technical Security Measures

  • Encryption: All data transmission is protected using SSL/TLS encryption protocols. Sensitive data is encrypted at rest using AES-256 encryption
  • Firewall Protection: Advanced firewall systems monitor and filter all network traffic to prevent unauthorized access
  • Access Controls: Strict role-based access controls ensure only authorized personnel can access personal data on a need-to-know basis
  • Multi-Factor Authentication: All administrative accounts require multi-factor authentication for enhanced security
  • Regular Security Updates: Systems are regularly updated with latest security patches and vulnerability fixes
  • 24/7 Monitoring: Continuous monitoring of systems for suspicious activities, intrusion attempts, and security threats
  • Data Backups: Regular encrypted backups ensure data availability and integrity in case of system failures

5.2 Organizational Security Measures

  • Employee Training: Regular security awareness training for all staff members handling personal data
  • Data Handling Procedures: Comprehensive policies governing how personal data is collected, processed, and stored
  • Third-Party Agreements: All service providers must sign data processing agreements and maintain equivalent security standards
  • Incident Response Plan: Detailed procedures for responding to security incidents, including breach notification protocols
  • Security Audits: Regular internal and external security assessments to identify and address vulnerabilities
  • Privacy by Design: Security and privacy considerations are built into all new systems and processes from the ground up

5.3 Your Security Responsibilities

  • Strong Passwords: Use unique, complex passwords for your account and enable two-factor authentication when available
  • Account Protection: Never share your login credentials with others and log out when using shared computers
  • Phishing Awareness: Be cautious of suspicious emails or messages requesting personal information
  • Software Updates: Keep your devices and browsers updated with the latest security patches
  • Report Issues: Immediately report any unauthorized account access or suspicious activities to our support team

5.4 Security Breach Notification

In the unlikely event of a data breach that may affect your personal information, we will promptly notify you and relevant authorities within 72 hours of discovery, as required by applicable laws. The notification will include details about the breach, affected information, steps we're taking to address the issue, and recommendations for protecting yourself.

6. Cookies and Tracking Technologies

Cookie Type Purpose Duration Can Be Disabled
Essential Cookies Website functionality, login status, shopping cart, security features Session or 30 days No - Required for basic functionality
Functional Cookies User preferences, language settings, personalization features Up to 1 year Yes - Through browser settings
Analytics Cookies Website performance, user behavior analysis, improvement insights Up to 2 years Yes - Through cookie preferences
Marketing Cookies Personalized advertising, campaign tracking, retargeting Up to 1 year Yes - Through cookie preferences

Additional Tracking Technologies

  • Google Analytics: Tracks website usage patterns, user journeys, and conversion rates to improve our services
  • Facebook Pixel: Measures advertising effectiveness and enables retargeting campaigns on social platforms
  • Web Beacons: Small image files that track email open rates and engagement with our communications
  • Local Storage: Browser-based storage for user preferences and application data
  • Session Storage: Temporary storage for maintaining user state during website visits

Managing Cookies

You can control cookies through your browser settings to accept, reject, or delete cookies. Most browsers allow you to:

  • View what cookies are stored and delete them individually
  • Block third-party cookies
  • Block cookies from specific sites
  • Block all cookies from being set
  • Delete all cookies when closing the browser

Note: Disabling certain cookies may affect website functionality and your ability to use some features of our services.

7. Your Rights (GDPR/CCPA Compliance)

7.1 Right of Access

You have the right to request confirmation of whether we process your personal data and, if so, to access that data along with information about how it's being used.

7.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data we hold about you. We will make reasonable efforts to correct the information promptly.

7.3 Right to Erasure (Right to be Forgotten)

You may request deletion of your personal data when it's no longer necessary for the purposes it was collected, you withdraw consent, or the data has been unlawfully processed.

7.4 Right to Restrict Processing

You can request limitation of how we use your data in certain circumstances, such as when you contest the accuracy of the data or object to processing.

7.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

7.6 Right to Object

You can object to processing of your personal data for direct marketing purposes or when processing is based on legitimate interests.

7.7 Right Against Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that significantly affects you.

How to Exercise Your Rights

To exercise any of these rights, please contact us using the information provided in the Contact section. We will respond to your request within 30 days and may need to verify your identity before processing your request. There is no charge for most requests, but we may charge a reasonable fee for excessive or repetitive requests.

8. Children's Privacy

Our services are not intended for children under the age of 16. We do not knowingly collect, use, or disclose personal information from children under 16 without verifiable parental consent.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. We will take steps to remove such information from our systems and terminate the child's account if applicable.

If we become aware that we have collected personal information from a child under 16 without parental consent, we will take steps to delete that information as quickly as possible.

Parents and guardians have the right to review, modify, or delete their child's personal information by contacting us directly.

9. International Data Transfers

9.1 Protection Measures

When we transfer your personal data outside your home country, we implement appropriate safeguards to protect your information:

  • Adequacy Decisions: We rely on European Commission adequacy decisions for countries with equivalent data protection standards
  • Standard Contractual Clauses: We use EU-approved Standard Contractual Clauses when transferring data to countries without adequacy decisions
  • Data Processing Agreements: All international partners must sign comprehensive data processing agreements
  • Security Measures: Additional technical and organizational measures to protect transferred data
  • Regular Reviews: Ongoing assessment of international transfer arrangements and protection levels

9.2 Transfer Destinations

Your data may be transferred to and processed in the following regions:

  • United States: Cloud storage and analytics services with appropriate safeguards
  • European Union: Data analytics and customer support services
  • Other Countries: Only when necessary for service delivery and with adequate protection measures

10. Data Retention Periods

Information Type Retention Period Reason for Retention
Account Information 6 months after account deletion Legal obligations, dispute resolution, fraud prevention
Order History 7 years from last order Tax and accounting requirements, warranty claims
Payment Information As required by payment processors Transaction security, chargeback protection
Marketing Consent 3 months after withdrawal Consent record keeping, compliance verification
Website Usage Logs Up to 2 years Security monitoring, fraud detection, analytics
Customer Support Records 3 years from last interaction Service quality improvement, training purposes
Loyalty Program Data 5 years from last activity Program administration, tax reporting

Safe Data Disposal

When personal data reaches the end of its retention period, we ensure secure disposal through:

  • Electronic Data: Complete deletion using methods that make data unrecoverable
  • Physical Records: Secure shredding of paper documents containing personal information
  • Backup Systems: Removal from all backup systems and archives
  • Third-Party Systems: Coordination with service providers to ensure complete data removal
  • Documentation: Maintenance of disposal records for compliance verification

11. Third-Party Links

Our website and mobile application may contain links to third-party websites, social media platforms, or services that are not operated by us. These may include:

  • Social media platforms (Facebook, Instagram, Twitter)
  • Payment service providers
  • Review platforms and food delivery aggregators
  • Partner restaurant websites
  • Promotional partner sites

We are not responsible for the privacy practices or content of these third-party sites. Each third-party site has its own privacy policy, and we encourage you to read these policies carefully before providing any personal information.

When you click on third-party links, you are leaving our platform and any information you provide to these sites is governed by their privacy policies, not ours. We cannot control or be held responsible for the protection and privacy of any information you provide while visiting such sites.

12. Policy Changes

12.1 Change Notification

We may update this privacy policy from time to time to reflect changes in our practices, legal requirements, or service offerings. When we make changes, we will notify you through:

  • Website Notice: Prominent notification banner on our website
  • Email Notification: Direct email to registered users about significant changes
  • In-App Notifications: Push notifications through our mobile application
  • Account Dashboard: Notification in your user account when you log in

12.2 Types of Changes

  • Minor Updates: Clarifications, contact information changes, or formatting improvements
  • Significant Changes: Changes to data collection practices, sharing policies, or your rights
  • Legal Changes: Updates required by new laws or regulations

12.3 Your Options

For significant changes that materially affect how we use your personal information:

  • We will seek your explicit consent before implementing the changes
  • You will have the option to continue using our services under the new terms
  • You may choose to delete your account and discontinue using our services
  • Continued use of our services after the effective date constitutes acceptance of the updated policy

13. Contact Information

Get in Touch

For any questions, concerns, or requests related to this privacy policy or your personal data, please contact us using the information below:

Company Information

Cafe Rio
8060 11th St, Terrebonne, OR 97760, USA

Phone & Email

Phone: +1 541-316-3280
Email: [email protected]

Business Hours

Monday - Friday: 9:00 AM - 6:00 PM
Saturday - Sunday: 10:00 AM - 4:00 PM

13.1 Response Commitment

We are committed to responding to all privacy-related inquiries within 3 business days. For complex requests that require additional time, we will acknowledge your inquiry within 3 business days and provide a timeline for resolution.

13.2 Complaint Resolution

If you have concerns about how we handle your personal data:

  • Contact us first using the information above - we're committed to resolving issues directly
  • If you're unsatisfied with our response, you may contact your local data protection authority
  • For EU residents: Contact your national supervisory authority
  • For California residents: Contact the California Attorney General's office

14. Withdrawal of Consent

14.1 Marketing Consent Withdrawal

You can withdraw your consent for marketing communications at any time through:

  • Email Unsubscribe: Click the unsubscribe link in any marketing email
  • Account Settings: Update your communication preferences in your user account
  • Customer Support: Contact our support team to opt out of marketing communications
  • SMS Opt-Out: Reply STOP to any promotional text messages

14.2 Account Deletion Process

To permanently delete your account and personal data:

  1. Log in to your account and go to Account Settings
  2. Select "Delete Account" option
  3. Confirm your identity through email verification
  4. Review what data will be deleted and what may be retained for legal compliance
  5. Confirm deletion - this action cannot be undone

Note: Some information may be retained for legal compliance, fraud prevention, or legitimate business purposes as outlined in our data retention schedule.

15. Conclusion

At Cafe Rio, protecting your privacy is not just a legal obligation—it's fundamental to the trust relationship we build with every customer. We are committed to maintaining the highest standards of data protection while delivering exceptional food service and customer experience.

This privacy policy reflects our ongoing commitment to transparency, security, and respect for your personal information. We continuously review and improve our privacy practices to ensure they meet evolving standards and regulations.

Your trust is the foundation of our business relationship. We value the confidence you place in us when you share your personal information, and we are dedicated to protecting that information with industry-leading security measures and responsible data handling practices.

If you have any questions, concerns, or suggestions about this privacy policy or our privacy practices, we encourage you to contact us. We believe in open communication and are always happy to discuss how we can better protect your privacy while serving your needs.

Thank you for choosing Cafe Rio. We look forward to continuing to serve you with the highest standards of privacy protection and service excellence.

Last Updated: January 15, 2026

Please check this page regularly for updates to our privacy policy.