Privacy Policy
Effective Date: July 18, 2026 | Last Updated: July 18, 2026
At Costa Vida, we are deeply committed to protecting your privacy and ensuring the security of your personal information. As a food service business operating in the United States, we comply with all applicable federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and all other relevant regulations governing consumer data protection.
By accessing our website at costavida-cafe.digital, placing an order, subscribing to our communications, or otherwise interacting with our services, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy. If you do not agree with our data practices described herein, please discontinue use of our website and services immediately.
1. About Us and Contact Information
This Privacy Policy applies to all services, products, and digital platforms operated by Costa Vida. Below are our complete contact details for any privacy-related inquiries:
| Company Name | Costa Vida |
|---|---|
| Address | United States |
| Phone | Not provided — please use email for all inquiries |
| [email protected] | |
| Website | costavida-cafe.digital |
| Business Type | Food Service / Restaurant |
If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal information, please contact our Privacy Team directly at [email protected]. We are committed to responding to all privacy-related inquiries within a reasonable timeframe, and no longer than 45 days as required under applicable law.
2. Information We Collect
We collect various categories of personal information to operate our food service business effectively, provide you with a high-quality dining and ordering experience, and continuously improve our services. The following sections describe the types of data we collect and how we collect it.
2.1 Personal Identification Information
When you interact with our website or services, we may collect personal identification information, including but not limited to:
- Full name — for order processing, reservations, and account management
- Email address — for order confirmations, receipts, promotional communications, and account notifications
- Phone number — for delivery coordination, order updates, and customer support purposes
- Physical address — including delivery addresses for food orders, billing addresses for payment processing
- Date of birth — when applicable for age verification or loyalty program benefits
- Profile information — including username, password (stored in encrypted form), and food preferences if you create an account on our platform
- Payment information — including credit card or debit card details, which are processed through secure, PCI-DSS compliant third-party payment processors
- Dietary preferences and allergies — if voluntarily provided to customize your food orders or enhance your dining experience
2.2 Usage Data and Online Activity
When you browse our website at costavida-cafe.digital, we automatically collect certain technical and behavioral data about your online interactions, including:
- IP address — to help us identify your approximate geographic location and prevent fraudulent activity
- Browser type and version — to optimize website performance and compatibility
- Operating system — to ensure our digital services function correctly across different platforms
- Pages viewed and navigation paths — to understand how users interact with our website and identify areas for improvement
- Time and date of your visit — to analyze usage patterns and peak traffic periods
- Time spent on each page — to assess content engagement and user interest
- Referring website or URL — to understand how users discover our website
- Search queries — if you use our internal website search functionality
- Clickstream data — the sequence of pages and links you click during your session
2.3 Device Information
We collect certain information about the device you use to access our website and services, including:
- Device type — such as desktop computer, laptop, smartphone, or tablet
- Device identifiers — including mobile device IDs, advertising identifiers, and similar unique identifiers
- Screen resolution and display settings — to optimize content presentation
- Language settings — to provide you with content in your preferred language
- Network connection type — such as WiFi or mobile data, which helps optimize content delivery
- Hardware and software specifications — to diagnose technical issues and improve compatibility
2.4 Location Data
We may collect precise or approximate location data when you use our food ordering services, particularly for delivery purposes. This may include GPS coordinates, IP-based location estimates, or location data derived from delivery addresses you provide. You may control location sharing through your device settings or browser preferences, though this may limit certain features of our service.
2.5 Communications and Correspondence
If you contact us via email, telephone, or through forms on our website, we retain records of those communications, including the content of your messages, any attachments, and metadata such as timestamps. We use this information to respond to your inquiries, resolve complaints, and improve our customer service.
2.6 Information From Third Parties
We may receive information about you from third-party sources, including:
- Social media platforms — if you choose to connect your social media accounts to our services or interact with us on social media
- Analytics providers — who supply aggregated and anonymized data about website traffic and user behavior
- Food delivery platforms — if you place an order through a third-party delivery service that partners with us
- Marketing partners — who provide us with information to help us reach potential customers
- Public databases — where applicable, for fraud prevention and identity verification purposes
3. How We Use Your Information
We use the personal information we collect for a variety of legitimate business purposes. We only process your data where we have a lawful basis for doing so, such as fulfilling a contract with you, complying with legal obligations, pursuing our legitimate business interests, or where you have given us your consent.
3.1 Service Provision and Order Processing
The primary use of your personal information is to provide you with our food services. This includes:
- Processing and fulfilling your food orders, including coordination with delivery drivers or preparation notifications
- Sending order confirmations, receipts, and status updates via email or SMS
- Managing your account on our platform, including saved preferences and order history
- Processing payments and handling refunds or dispute resolutions
- Providing customer support and responding to your inquiries, complaints, or requests
- Accommodating dietary preferences, allergies, or special requests you provide
- Coordinating catering services, group orders, or special event bookings
3.2 Analytics and Service Improvement
We use aggregated and anonymized data, as well as individual usage data where lawfully permitted, to understand how our services are used and to continuously improve them:
- Analyzing website traffic patterns, popular menu items, and customer preferences to optimize our offerings
- Conducting internal research and product development to enhance user experience
- Testing new features, website designs, and service improvements through A/B testing
- Identifying and resolving technical issues, bugs, or security vulnerabilities
- Measuring the effectiveness of our digital marketing campaigns
- Generating internal business reports and performance metrics
3.3 Marketing and Promotional Communications
Where you have provided your consent or where we have a legitimate interest, we may use your contact information for marketing purposes, including:
- Sending promotional emails about new menu items, special offers, seasonal promotions, and loyalty rewards
- Delivering personalized recommendations based on your order history and stated preferences
- Notifying you about our loyalty program benefits, points balances, and exclusive member offers
- Sending surveys, feedback requests, and invitations to participate in market research
- Sharing information about catering services, events, or new restaurant locations
3.4 Legal Compliance and Safety
We may use your information to comply with our legal obligations, protect our rights, and ensure the safety of our customers and staff, including for fraud prevention and detection, responding to law enforcement requests, and enforcing our terms and conditions.
4. Sharing Your Information With Third Parties
We do not sell your personal information to third parties for their own commercial purposes. However, we do share your information with carefully selected third parties in the following circumstances:
4.1 Service Providers and Business Partners
We work with trusted third-party service providers who assist us in operating our business and delivering services to you. These providers are contractually obligated to use your data only for the specific purposes we authorize and to maintain appropriate security standards:
- Payment processors — such as Stripe, Square, or similar PCI-DSS compliant providers who handle credit card transactions
- Delivery logistics providers — who coordinate food delivery to your specified address
- Email marketing platforms — such as Mailchimp or similar services that manage our email communications
- Analytics providers — such as Google Analytics, which helps us understand website usage patterns
- Cloud hosting and technology providers — who provide the infrastructure on which our website and ordering systems operate
- Customer support tools — such as helpdesk software that facilitates communication with customers
- Advertising platforms — such as Google Ads or Meta (Facebook/Instagram) for targeted digital advertising
4.2 Legal Requirements and Law Enforcement
We may disclose your personal information to government authorities, law enforcement agencies, or other parties when we believe in good faith that disclosure is necessary to:
- Comply with applicable federal or state laws, regulations, or court orders
- Respond to lawful subpoenas, warrants, or other legal processes
- Protect the rights, property, or personal safety of Costa Vida, our customers, or the public
- Detect, prevent, or address fraud, security issues, or technical problems
- Enforce our Terms of Service or other applicable agreements
4.3 Business Transfers
In the event that Costa Vida undergoes a merger, acquisition, asset sale, reorganization, bankruptcy, or other business transaction, your personal information may be transferred as part of that transaction. We will notify you via email or prominent notice on our website before your information becomes subject to a different privacy policy.
4.4 With Your Consent
We may share your information with other third parties when you have given us explicit consent to do so, such as when you participate in joint promotions, contests, or co-branded offerings with our restaurant partners.
5. Cookie Policy and Tracking Technologies
Our website uses cookies and similar tracking technologies to enhance your browsing experience, remember your preferences, analyze site traffic, and support our marketing efforts.
5.1 Types of Cookies We Use
- Essential cookies — Required for the website to function properly, including maintaining your shopping cart and session state
- Performance and analytics cookies — Help us understand how visitors use our website, which pages are most popular, and where users encounter difficulties
- Functionality cookies — Remember your preferences such as language settings, saved addresses, and dietary preferences
- Marketing and advertising cookies — Used to deliver relevant advertisements and track the effectiveness of our marketing campaigns across the web
- Third-party cookies — Placed by our service providers, such as Google Analytics and social media platforms, to provide their services
5.2 Managing Your Cookie Preferences
You have the right to accept or decline non-essential cookies. You can manage your cookie preferences through our cookie consent banner when you first visit our website, through your browser settings, or by contacting us at [email protected]. Please note that disabling certain cookies may affect the functionality of our website and your ability to use our online ordering services.
For more detailed information about the specific cookies we use, the purposes for which we use them, and how to manage your preferences, please refer to our Cookie Policy, which is available on our website.
6. Data Security
We take the security of your personal information very seriously and implement a comprehensive range of technical, administrative, and physical security measures to protect your data against unauthorized access, disclosure, alteration, or destruction.
6.1 Security Measures We Employ
- Encryption — All data transmitted between your browser and our website is encrypted using industry-standard SSL/TLS technology (HTTPS). Sensitive data such as passwords is stored in encrypted or hashed format.
- Secure payment processing — We do not store full credit card numbers on our servers. All payment processing is handled by PCI-DSS Level 1 compliant third-party payment processors.
- Access controls — Access to personal data is restricted to authorized employees and contractors who require it to perform their job functions, and is subject to strict confidentiality obligations.
- Regular security audits — We conduct periodic security assessments and vulnerability testing to identify and address potential weaknesses in our systems.
- Firewall and intrusion detection — Our systems are protected by firewalls and intrusion detection systems that monitor for suspicious activity.
- Data backup procedures — We maintain regular encrypted backups of critical data to ensure continuity of service and data recovery capability.
- Employee training — Our staff receives regular privacy and security training to ensure they understand their obligations regarding the handling of personal data.
7. Your Privacy Rights
Depending on your location within the United States, you may have various rights regarding your personal information. We are committed to honoring these rights and making them easy to exercise.
7.1 Rights Under the California Consumer Privacy Act (CCPA/CPRA)
If you are a California resident, you have the following rights under the CCPA as amended by the CPRA:
- Right to Know — You have the right to request information about the categories and specific pieces of personal information we have collected about you, the sources from which we collected it, the purposes for which we use it, and the third parties with whom we share it.
- Right to Delete — You have the right to request that we delete your personal information, subject to certain exceptions allowed by law.
- Right to Correct — You have the right to request that we correct inaccurate personal information we hold about you.
- Right to Opt-Out of Sale or Sharing — You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising. Note: We do not sell your personal information in the traditional sense.
- Right to Limit Use of Sensitive Personal Information — You have the right to limit our use of sensitive personal information to the purposes for which it was collected.
- Right to Non-Discrimination — We will not discriminate against you for exercising any of your CCPA rights. We will not deny you goods or services, charge different prices, provide a different level of service quality, or suggest you will receive different treatment for exercising your privacy rights.
- Right to Data Portability — You have the right to receive your personal information in a portable, readily usable format that can be transferred to another entity.
7.2 General Privacy Rights for All U.S. Residents
Regardless of your state of residence, we extend the following rights to all our customers to the extent technically feasible and legally required:
- Right of Access — You may request a copy of the personal information we hold about you.
- Right of Correction — You may request that we update or correct inaccurate information in your profile or records.
- Right of Deletion — You may request that we delete your account and associated personal information, subject to legal retention obligations.
- Right to Withdraw Consent — Where we process your data based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal.
- Right to Opt-Out of Marketing — You may opt out of receiving promotional communications from us at any time.
7.3 How to Exercise Your Rights
To exercise any of the rights described above, please submit a request to us using one of the following methods:
- Email: [email protected] with the subject line "Privacy Rights Request"
- Website: Through any privacy request form available at costavida-cafe.digital
To protect your privacy and security, we may need to verify your identity before processing your request. We will acknowledge receipt of your request within 10 business days and respond fully within 45 days. If we require additional time, we will notify you and explain the reason for the extension.
8. Data Retention
We retain your personal information only for as long as is necessary to fulfill the purposes for which it was collected, to comply with our legal obligations, resolve disputes, and enforce our agreements. The specific retention periods vary depending on the category of data and the purpose for which it was collected.
| Data Category | Retention Period | Reason |
|---|---|---|
| Account information | Duration of account + 3 years after closure | Legal compliance and dispute resolution |
| Order and transaction records | 7 years | Tax and financial compliance obligations |
| Marketing preferences and consent records | Until withdrawal of consent + 2 years | Evidence of consent and opt-out compliance |
| Customer support records | 3 years from last interaction | Service quality and dispute resolution |
| Website usage and analytics data | 26 months (anonymized thereafter) | Website optimization and analytics |
| Payment processing data | As required by PCI-DSS standards (minimum 1 year) | Financial compliance and fraud prevention |
| Cookie and tracking data | Up to 24 months depending on cookie type | Service functionality and analytics |
| Legal correspondence and dispute records | Duration of matter + 7 years | Legal compliance and statute of limitations |
When your personal information is no longer required, we will securely delete or anonymize it in accordance with our data destruction procedures.
9. Children's Privacy
Costa Vida's website, online ordering platform, and related services are not directed at children under the age of 18. We do not knowingly collect, use, or disclose personal information from minors. If you are under 18 years of age, please do not use our website or provide us with any personal information.
In compliance with the Children's Online Privacy Protection Act (COPPA), if we discover that we have inadvertently collected personal information from a child under the age of 13, we will take immediate steps to delete that information from our records. If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at [email protected] and we will promptly investigate and take appropriate action.
For users between 13 and 17 years of age, we strongly recommend that parents and guardians supervise their online activities and refrain from permitting minors to use our food ordering services independently.
10. International Data Transfers
Costa Vida is based in the United States, and your personal information is primarily collected, processed, and stored within the United States. However, some of our third-party service providers, such as cloud hosting providers, analytics platforms, and payment processors, may process or store data in other countries.
If your personal information is transferred outside of the United States to a country that may not provide the same level of data protection as your home jurisdiction, we take steps to ensure that adequate safeguards are in place to protect your information. These safeguards may include:
- Contractual data protection clauses with our service providers that impose obligations equivalent to those under applicable U.S. law
- Ensuring that recipient countries or organizations maintain adequate privacy and security standards
- Implementing technical and organizational measures to protect data in transit and at rest
By using our services, you acknowledge and consent to the potential transfer of your information to countries outside of your state or country of residence for the purposes described in this Privacy Policy.
11. Third-Party Websites and Links
Our website may contain links to third-party websites, social media platforms, delivery service applications, or other external resources that are not operated by Costa Vida. This Privacy Policy applies solely to our website and services at costavida-cafe.digital. We have no control over, and assume no responsibility for, the content, privacy practices, or security of any third-party websites.
We encourage you to review the privacy policies of any third-party websites you visit before providing any personal information. The inclusion of a link to a third-party website does not constitute our endorsement of that website or its privacy practices.
12. California-Specific Disclosures
In compliance with the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), we provide the following additional disclosures for California residents:
12.1 Categories of Personal Information Collected in the Past 12 Months
- Identifiers (name, email, phone, IP address)
- Commercial information (purchase history, food preferences)
- Internet and electronic network activity (browsing history on our website)
- Geolocation data (delivery address, approximate location)
- Inferences drawn from the above to create a profile about preferences
12.2 "Do Not Sell or Share My Personal Information"
While we do not sell personal information in the traditional sense for monetary consideration, certain sharing of data with advertising partners for cross-context behavioral advertising may constitute "sharing" under the CPRA. California residents have the right to opt out of this sharing by contacting us at [email protected] with the subject line "Do Not Sell or Share My Personal Information."
12.3 Shine the Light Law
Under California Civil Code Section 1798.83 ("Shine the Light" law), California residents may request information about our disclosures of personal information to third parties for direct marketing purposes. To make such a request, please contact us at [email protected].
13. FTC Act Compliance
We operate in compliance with the Federal Trade Commission Act (FTC Act) and all applicable FTC regulations and guidelines governing unfair or deceptive trade practices in connection with the collection and use of consumer data. Our data practices are designed to be transparent, fair, and consistent with reasonable consumer expectations. We do not engage in deceptive data collection or use practices, and we make commercially reasonable efforts to honor the privacy commitments we make in this policy.
14. Filing a Privacy Complaint
If you believe your privacy rights have been violated or if you are dissatisfied with our response to your privacy inquiry, you have the right to file a complaint with the appropriate regulatory authority.
14.1 Contact Us First
We encourage you to contact us directly in the first instance to attempt to resolve your concern:
- Email: [email protected]
- Subject Line: "Privacy Complaint"
14.2 Regulatory Authorities
If your concern is not resolved to your satisfaction, you may file a complaint with:
- Federal Trade Commission (FTC): The FTC accepts complaints about unfair or deceptive privacy practices. Visit www.ftc.gov or call 1-877-382-4357.
- California Privacy Protection Agency (CPPA): California residents may file complaints with the CPPA at cppa.ca.gov.
- State Attorney General: Residents of any U.S. state may contact their state Attorney General's office regarding privacy concerns. State Attorneys General have authority to enforce applicable state privacy laws.
15. Changes to This Privacy Policy
We reserve the right to update, modify, or replace this Privacy Policy at any time to reflect changes in our business practices, applicable laws, or regulatory requirements. When we make material changes to this policy, we will:
- Update the "Last Updated" date at the top of this page
- Post a prominent notice on our website at costavida-cafe.digital
- Send an email notification to registered users where required by law or where the changes significantly affect your rights
Your continued use of our website and services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically to stay informed about how we protect your information.
16. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy, our data practices, or your privacy rights, please do not hesitate to reach out to us. We are committed to addressing your privacy concerns promptly and transparently.
Company: Costa Vida
Address: United States
Email: [email protected]
Website: costavida-cafe.digital
Response Time: We aim to respond to all privacy-related inquiries within 10 business days, and no later than 45 days as required under applicable law.
This Privacy Policy was last reviewed and updated on July 18, 2026. It supersedes all previous versions of our Privacy Policy.