Privacy Policy

This Privacy Policy describes how Costa Vida ("we," "us," "our," or the "Company") collects, uses, discloses, and protects personal information obtained from users ("you," "your") who visit or interact with our website at cost-vida.click (the "Website"), use our online ordering services, participate in our loyalty programs, or otherwise engage with our food service offerings. We are committed to protecting your privacy and handling your personal data with transparency, integrity, and in full compliance with applicable United States federal and state privacy laws.

Please read this Privacy Policy carefully. By accessing or using our Website and services, you acknowledge that you have read, understood, and agree to the practices described in this document. If you do not agree with any part of this Privacy Policy, please discontinue use of our Website and services immediately.

1. Who We Are

Costa Vida is a food service business operating within the United States. We are dedicated to delivering fresh, high-quality food experiences to our customers through our physical locations and digital platforms. Our Website and online systems are used to facilitate online ordering, customer engagement, marketing communications, and loyalty rewards.

For all privacy-related inquiries, requests, or complaints, please contact us at [email protected].

2. Scope of This Privacy Policy

This Privacy Policy applies to all personal information collected through:

• Our Website at cost-vida.click
• Online food ordering platforms and mobile applications operated by or on behalf of Costa Vida
• Email, SMS, and other digital communications between you and Costa Vida
• Loyalty and rewards program registrations
• Customer service interactions (phone, email, chat)
• In-store digital kiosks, Wi-Fi networks, and point-of-sale systems where applicable
• Social media pages and third-party platforms linked to our brand

This policy does not apply to third-party websites, applications, or services that may be linked from our Website. We encourage you to review the privacy policies of any third-party sites you visit.

3. Information We Collect

We collect several categories of personal information depending on how you interact with us. Below is a detailed breakdown of the types of data we may gather.

3.1 Personal Identification Information

When you create an account, place an order, enroll in our loyalty program, or contact us, we may collect:

• Full name
• Email address
• Phone number
• Mailing address and delivery address
• Date of birth (for age verification and birthday rewards)
• Username and password credentials
• Payment information (credit/debit card numbers, billing address — processed through secure third-party payment processors)
• Profile photo (if optionally provided)

3.2 Transaction and Order Information

When you place orders or make purchases through our platforms, we collect:

• Order history and details (items ordered, customizations, frequency)
• Purchase amounts and transaction timestamps
• Preferred store locations
• Payment method type (not full card numbers — those are handled by our payment processor)
• Delivery or pickup preferences
• Loyalty points earned and redeemed

3.3 Usage and Behavioral Data

When you visit our Website, we automatically collect certain information about your browsing activity:

• Pages visited and time spent on each page
• Clickstream data and navigation paths
• Search queries made on our Website
• Features accessed and interactions with our interface
• Referring URLs (where you came from before landing on our site)
• Session duration and frequency of visits

3.4 Device and Technical Information

We automatically receive technical information from your device and browser, including:

• IP address
• Browser type and version
• Operating system and device type (desktop, tablet, mobile)
• Device identifiers and advertising IDs
• Screen resolution and language settings
• Time zone settings
• Network connection type

3.5 Location Data

With your consent, we may collect:

• Precise geolocation data (GPS coordinates) to suggest nearby restaurant locations
• Approximate location data derived from your IP address
• Location preferences saved to your account (favorite store locations)

3.6 Communications Data

When you contact us or respond to our communications:

• Email correspondence content
• Customer service inquiry records
• Survey responses and feedback submissions
• Social media messages and posts directed to our brand accounts
• Records of your marketing communication preferences

3.7 Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, local storage objects, and similar tracking technologies. For detailed information about our use of cookies, please refer to Section 9 (Cookie Policy) of this document.

3.8 Information from Third Parties

We may receive personal information about you from:

• Social media platforms (when you connect your account or use social login)
• Third-party food delivery partners (DoorDash, Uber Eats, Grubhub, etc.)
• Payment processors and fraud detection services
• Analytics and advertising partners
• Publicly available sources

4. How We Use Your Information

We use the personal information we collect for the following purposes:

4.1 Providing and Improving Our Services

• Processing your food orders and managing transactions
• Operating and maintaining your customer account
• Managing loyalty rewards, promotions, and discount programs
• Fulfilling delivery and pickup arrangements
• Responding to customer service inquiries and resolving disputes
• Improving the functionality, performance, and user experience of our Website
• Developing new menu items, services, and features based on customer behavior and feedback

4.2 Analytics and Business Intelligence

• Conducting internal research and data analysis to understand customer preferences
• Tracking Website traffic and usage patterns using analytics tools such as Google Analytics
• Measuring the effectiveness of our promotions and marketing campaigns
• Generating aggregated, anonymized statistical reports
• Performing A/B testing and usability studies

4.3 Marketing and Personalization

• Sending promotional emails, newsletters, and special offer notifications (with your consent where required)
• Delivering SMS or push notification promotions if you have opted in
• Personalizing content, recommendations, and offers based on your order history and preferences
• Running targeted advertising campaigns on social media and third-party advertising networks
• Retargeting website visitors with relevant advertisements

4.4 Legal Compliance and Safety

• Complying with applicable federal and state laws, regulations, and legal processes
• Responding to lawful requests from government authorities and law enforcement
• Detecting, investigating, and preventing fraud, unauthorized access, and other illegal activities
• Enforcing our Terms of Service and other legal agreements
• Protecting the rights, property, and safety of Costa Vida, our customers, and the public

4.5 Business Operations

• Managing vendor and partner relationships
• Facilitating business transactions, such as mergers, acquisitions, or asset sales
• Maintaining business records and accounting obligations
• Training staff and improving operational procedures

5. Legal Basis for Processing

Under applicable United States privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and consistent with Federal Trade Commission (FTC) Act standards for fair and transparent data practices, we process your personal information based on the following lawful grounds:

• Contractual Necessity: Processing required to fulfill orders, manage accounts, and deliver the services you request.
• Legitimate Business Interests: Processing for fraud prevention, Website security, analytics, and service improvement where such interests are not overridden by your privacy rights.
• Consent: Where we rely on your express consent for marketing communications, precise location tracking, or the use of non-essential cookies. You may withdraw consent at any time.
• Legal Obligation: Processing necessary to comply with applicable laws, court orders, or regulatory requirements.

6. Sharing Your Information with Third Parties

We do not sell your personal information for monetary consideration. However, we do share personal information with certain third parties in the circumstances described below.

6.1 Service Providers and Business Partners

We engage trusted third-party companies to perform functions on our behalf, including:

• Payment Processors: To securely process credit/debit card transactions and prevent fraud.
• Technology Providers: Cloud hosting, database management, Website infrastructure, and cybersecurity services.
• Delivery Partners: Third-party food delivery platforms that help fulfill your orders.
• Email and SMS Marketing Platforms: Companies that send marketing communications on our behalf.
• Analytics Providers: Tools such as Google Analytics that help us understand website performance.
• Customer Support Platforms: Help desk software and communication tools.
• Loyalty Program Operators: Platforms that manage rewards points and member accounts.

These service providers are contractually obligated to use your personal information only for the purposes for which it was disclosed and to maintain appropriate security standards.

6.2 Advertising and Marketing Partners

We may share certain data (such as device identifiers, behavioral data, and hashed email addresses) with advertising networks and social media platforms (such as Meta/Facebook, Google, and Instagram) to deliver targeted advertisements and measure advertising effectiveness. This sharing may constitute a "sale" or "sharing" of personal information under California law. California residents have the right to opt out of such sharing. See Section 11 (Your Privacy Rights) for more information.

6.3 Legal Requirements and Law Enforcement

We may disclose your personal information if required to do so by law or in good faith belief that such disclosure is necessary to:

• Comply with a legal obligation, court order, subpoena, or government request
• Enforce our Terms of Service or other agreements
• Protect and defend our legal rights or property
• Prevent or investigate possible wrongdoing in connection with our services
• Protect the personal safety of users of our services or members of the public

6.4 Business Transfers

In the event of a merger, acquisition, restructuring, asset sale, or other business transaction, your personal information may be transferred as part of the transaction. We will notify you via email or a prominent Website notice if such a transfer results in a material change to how your information is used.

6.5 Aggregated and Anonymized Data

We may share aggregated, de-identified data that cannot reasonably be used to identify you with partners, researchers, or the public for business analysis and reporting purposes.

7. Data Security

We take the security of your personal information seriously and implement a variety of administrative, technical, and physical safeguards to protect your data from unauthorized access, use, disclosure, alteration, or destruction.

7.1 Security Measures We Employ

• Encryption: All data transmitted between your browser and our Website is protected using SSL/TLS encryption (HTTPS protocol). Stored sensitive data is encrypted at rest using industry-standard encryption algorithms.
• Access Controls: Access to personal data is restricted to authorized employees and contractors who need it to perform their job functions. We enforce role-based access control (RBAC) policies.
• Secure Payment Processing: Payment card information is processed through PCI-DSS compliant payment processors. We do not store full card numbers on our systems.
• Firewalls and Intrusion Detection: We employ network firewalls, intrusion detection systems, and regular security monitoring to protect our infrastructure.
• Regular Security Audits: We conduct periodic security assessments and vulnerability testing to identify and address potential weaknesses.
• Employee Training: Our staff members are trained on data privacy best practices and security protocols.
• Incident Response: We maintain a data breach response plan and will notify affected individuals and relevant authorities as required by applicable law in the event of a security incident.

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including satisfying legal, accounting, tax, and reporting obligations. The following general retention periods apply:

When personal information is no longer needed, we securely delete or anonymize it in accordance with our data destruction policies. If deletion is not immediately possible (e.g., data stored in backup archives), we will isolate the information from further processing until deletion is feasible.

9. Cookie Policy

Our Website uses cookies and similar tracking technologies to enhance your browsing experience, analyze Website performance, and deliver relevant marketing content. Below is a summary of our cookie practices.

9.1 Types of Cookies We Use

• Strictly Necessary Cookies: These cookies are essential for the Website to function properly. They enable core functionalities such as account login, shopping cart management, and secure checkout. These cookies cannot be disabled without impairing site functionality.
• Performance and Analytics Cookies: These cookies collect information about how visitors use our Website, such as which pages are visited most often. We use tools such as Google Analytics to analyze this data. The information collected is aggregated and does not identify individual users.
• Functional Cookies: These cookies allow our Website to remember your preferences and settings (such as your preferred language, location, or saved orders) to provide a more personalized experience.
• Targeting and Advertising Cookies: These cookies are used to deliver advertisements relevant to you and your interests. They track your browsing habits across our Website and may also be used by third-party advertising partners to serve targeted ads on other websites.
• Social Media Cookies: These cookies enable social media features such as sharing content and logging in through social accounts. They may track your activity across platforms.

9.2 Managing Your Cookie Preferences

You may manage your cookie preferences through our cookie consent banner displayed upon your first visit to our Website. You can also control cookies through your browser settings. Most browsers allow you to refuse, delete, or receive alerts about cookies. Please note that disabling certain cookies may affect the functionality of our Website and services.

For more detailed information about specific cookies we use, their duration, and how to opt out, please refer to our full Cookie Policy available on our Website.

10. Children's Privacy

Costa Vida does not knowingly solicit, collect, or use personal information from children under the age of 13. Our Website is not designed for or targeted at children. We comply fully with the Children's Online Privacy Protection Act (COPPA), which prohibits the collection of personal information from children under 13 without verifiable parental consent.

If you are between 13 and 17 years of age, please do not use our Website or services without the supervision and express consent of a parent or legal guardian.

If we discover that we have inadvertently collected personal information from a child under the age of 13, we will take immediate steps to delete that information from our systems. If you are a parent or guardian and believe that your child has provided personal information to us, please contact us immediately at [email protected] so we can take appropriate action.

11. Your Privacy Rights

Depending on your state of residence, you may have various rights regarding your personal information. We are committed to honoring these rights in accordance with applicable law.

11.1 Rights for All United States Residents

Under general principles established by the Federal Trade Commission (FTC) Act and various state consumer protection laws, you have the right to:

• Know what personal information we collect about you
• Request that we correct inaccurate or incomplete personal information
• Opt out of marketing communications at any time
• Request deletion of your account and associated data (subject to legal retention obligations)

11.2 Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):

• Right to Know: The right to request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for which it is used, and the categories of third parties with whom it is shared.
• Right to Delete: The right to request deletion of personal information we have collected from you, subject to certain exceptions (e.g., information needed to complete a transaction or comply with legal obligations).
• Right to Correct: The right to request correction of inaccurate personal information we maintain about you.
• Right to Opt Out of Sale/Sharing: The right to opt out of the "sale" or "sharing" of your personal information for cross-context behavioral advertising purposes. To exercise this right, click "Do Not Sell or Share My Personal Information" (link available at the bottom of our Website).
• Right to Limit Use of Sensitive Personal Information: The right to limit our use of sensitive personal information (such as precise geolocation or health data) to purposes necessary to provide the services you request.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. This means we will not deny you goods or services, charge you different prices, or provide a lower quality of service because you exercised your privacy rights.
• Right to Data Portability: The right to receive your personal information in a portable, readily usable format where technically feasible.

11.3 Exercising Your Rights

To submit a privacy rights request, you may contact us using any of the following methods:

• Email: [email protected] with the subject line "Privacy Rights Request"
• Website: Submit a request through our online privacy request form at cost-vida.click

We will acknowledge receipt of your request within 10 business days and respond substantively within 45 calendar days. If we require additional time (up to an additional 45 days), we will notify you of the extension and the reason for the delay. We may need to verify your identity before processing your request to ensure we are responding to the correct individual.

11.4 Authorized Agents

California residents may designate an authorized agent to submit a privacy rights request on their behalf. The authorized agent must provide written authorization signed by you, and we may still verify your identity directly before processing the request.

12. Marketing Communications and Opt-Out

We may send you promotional emails, SMS messages, or push notifications about special offers, new menu items, loyalty rewards, and other marketing content. Your choices include:

12.1 Email Marketing

You can opt out of promotional emails at any time by:

• Clicking the "Unsubscribe" link at the bottom of any marketing email we send you
• Emailing us at [email protected] with the subject "Unsubscribe"
• Updating your communication preferences in your online account settings

Please note that even if you opt out of marketing emails, we may still send you transactional communications related to your orders, account activity, or legal notices.

12.2 SMS Marketing

If you have opted in to receive SMS marketing messages, you may opt out at any time by replying "STOP" to any marketing text message. Standard messaging rates from your carrier may apply.

12.3 Targeted Advertising

To opt out of interest-based advertising from third-party advertising networks, you may use the following industry tools:

• Digital Advertising Alliance (DAA): optout.aboutads.info
• Network Advertising Initiative (NAI): optout.networkadvertising.org
• Google Ads Settings: adssettings.google.com

13. International Data Transfers

Costa Vida is a United States-based company, and our primary data processing activities occur within the United States. If you are accessing our services from outside the United States, please be aware that your personal information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country of residence.

By using our Website and services, you consent to the transfer of your personal information to the United States. We take steps to ensure that any international transfer of data is handled with appropriate safeguards, including contractual protections with service providers who process data outside the United States on our behalf.

If you are a California resident or a resident of any other U.S. state with applicable privacy laws, your rights under those laws continue to apply regardless of where your data is processed.

14. Third-Party Links and Services

Our Website may contain links to third-party websites, social media platforms, delivery partners, and other external services. These third-party sites have their own privacy policies, which govern how they collect and use your personal information. We are not responsible for the privacy practices of third-party websites and services. We encourage you to review the privacy policies of any third-party sites you visit.

When you use a third-party food delivery service (such as DoorDash, Uber Eats, or Grubhub) to order from Costa Vida, your personal information is subject to the privacy practices of that third-party platform, in addition to our own policy. Please review their respective privacy policies for more information.

15. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our business practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page
• Post a prominent notice on our Website homepage
• Send an email notification to registered account holders (where required by law)

We encourage you to review this Privacy Policy regularly to stay informed about how we are protecting your information. Your continued use of our Website and services after the effective date of any updated policy constitutes your acceptance of the changes.

16. Filing a Complaint

If you believe that we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with the appropriate data protection or consumer protection authority.

16.1 California Residents

California residents may file a complaint with the California Privacy Protection Agency (CPPA):

• Website: cppa.ca.gov
• Address: California Privacy Protection Agency, 2101 Arena Blvd, Sacramento, CA 95834

16.2 All United States Residents

You may file a consumer complaint with the Federal Trade Commission (FTC):

• Website: reportfraud.ftc.gov
• Phone: 1-877-FTC-HELP (1-877-382-4357)

Before filing a complaint with a regulatory authority, we encourage you to first contact us directly so that we have the opportunity to resolve your concern. Most issues can be addressed promptly through our privacy team.

17. Contact Us

If you have any questions, concerns, requests, or feedback regarding this Privacy Policy or our data handling practices, please do not hesitate to reach out to us. We are committed to addressing your inquiries promptly and transparently.

We will make every effort to respond to your inquiry within 10 business days. For formal privacy rights requests (such as access, deletion, or correction requests), we will respond within the timeframes required by applicable law.