Privacy Policy

This Privacy Policy explains how Costa Vida ("we," "us," "our," or "the Company") collects, uses, discloses, retains, and protects information about you when you visit our website at cost-vida.digital, use our online ordering services, participate in our loyalty or promotional programs, or otherwise interact with us in connection with our food service operations. Please read this document carefully before using our services.

By accessing or using our website and services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with any part of this Policy, please discontinue use of our website and services immediately.

Costa Vida is committed to protecting your privacy and complying with all applicable privacy and data protection laws in the United States, including but not limited to the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), the Children's Online Privacy Protection Act (COPPA), and other relevant state and federal privacy statutes.

1. Company Information and Contact Details

The data controller responsible for your personal information under this Privacy Policy is:

For all privacy-related inquiries, requests, or concerns, please contact us at [email protected].

2. Information We Collect

We collect several categories of personal information depending on how you interact with Costa Vida. The information we gather helps us provide you with the best possible food ordering experience, improve our services, and comply with legal obligations.

2.1 Personal Identification Information

When you create an account, place an order, sign up for our rewards program, or contact us, we may collect the following personally identifiable information:

• Full name
• Email address
• Phone number
• Mailing or delivery address
• Date of birth (for age verification and promotional purposes)
• Username and password (stored in encrypted form)
• Profile picture (if voluntarily provided)
• Dietary preferences and food allergen information (if voluntarily provided)

2.2 Payment and Transaction Information

When you make a purchase through our website or app, we collect information necessary to process your transaction. This may include:

• Credit or debit card details (processed securely through our payment processors; we do not store full card numbers on our servers)
• Billing address
• Order history and purchase details
• Gift card or promo code usage
• Transaction amounts and timestamps

2.3 Usage and Behavioral Data

When you visit our website or use our mobile application, we automatically collect certain technical and behavioral data, including:

• Pages viewed, links clicked, and features accessed
• Time spent on specific pages or sections
• Search terms entered on our website
• Items added to cart, saved, or favorited
• Interaction logs and session recordings (anonymized)
• Referring website URLs

2.4 Device and Technical Information

We automatically collect technical information about the device and connection used to access our services:

• IP address
• Browser type and version
• Operating system and device type
• Screen resolution and language settings
• Mobile device identifiers (IDFA, GAID) if applicable
• Network information
• Geolocation data (general or precise, depending on your consent and device settings)

2.5 Communication Data

If you contact us through email, web forms, chat, or social media, we collect:

• The content of your messages
• Your contact information as provided
• Records of your correspondence with our support team
• Survey responses and feedback submissions

2.6 Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your browsing behavior on our website. Please refer to Section 9 of this Policy for more information about our use of cookies and your choices.

2.7 Information From Third Parties

We may receive information about you from third-party sources, including:

• Social media platforms when you use social login features (e.g., "Sign in with Google" or "Sign in with Facebook")
• Food delivery platform partners (e.g., DoorDash, Uber Eats, Grubhub)
• Analytics and marketing service providers
• Fraud detection and identity verification services
• Publicly available sources where permitted by law

3. How We Use Your Information

Costa Vida uses the personal information we collect for the following purposes, each of which is grounded in a legitimate legal basis:

3.1 Service Provision and Order Fulfillment

• Processing and fulfilling your food orders, whether for dine-in, takeout, or delivery
• Creating and managing your customer account
• Sending order confirmations, receipts, and status updates
• Facilitating payment processing through secure third-party processors
• Accommodating dietary preferences, allergen notifications, and special requests
• Managing our loyalty and rewards program
• Handling returns, refunds, and dispute resolutions

3.2 Customer Support and Communications

• Responding to your inquiries, complaints, or feedback
• Providing technical support related to our website or app
• Sending service-related notices and important account updates
• Notifying you about changes to our menu, policies, or terms of service

3.3 Marketing and Promotional Purposes

• Sending promotional emails, special offers, and newsletters — only where you have consented or we have a legitimate interest
• Personalizing marketing content based on your order history and preferences
• Running loyalty reward campaigns and birthday promotions
• Conducting targeted advertising through digital platforms, including social media
• Retargeting website visitors with relevant advertisements

You may opt out of marketing communications at any time. See Section 7 for details on your rights.

3.4 Analytics and Service Improvement

• Analyzing usage patterns to improve our website design, menu offerings, and overall user experience
• Conducting market research and customer satisfaction surveys
• Generating aggregated statistical reports about website performance
• Testing new features and functionality before broader rollout
• Optimizing our food ordering processes and reducing cart abandonment

3.5 Safety, Security, and Fraud Prevention

• Verifying user identities and detecting fraudulent transactions
• Protecting against unauthorized access to accounts
• Monitoring for suspicious or malicious activity on our platforms
• Maintaining the integrity and security of our systems and data

3.6 Legal and Compliance Purposes

• Complying with applicable federal, state, and local laws and regulations
• Responding to lawful requests from law enforcement or government authorities
• Enforcing our Terms of Service and other applicable agreements
• Establishing, exercising, or defending legal claims
• Fulfilling tax, accounting, and financial reporting obligations

4. Sharing Your Information with Third Parties

Costa Vida does not sell your personal information to third parties for monetary compensation. However, we do share your information in the following circumstances:

4.1 Service Providers and Business Partners

We share personal information with trusted third-party vendors who assist us in operating our business and delivering services to you. These include:

• Payment Processors: Companies such as Stripe, Square, or similar processors that handle secure payment transactions
• Delivery Partners: Third-party delivery platforms and logistics providers when you request delivery services
• Cloud and Hosting Providers: Infrastructure services that host our website and databases
• Email and SMS Providers: Communication service platforms used to send order updates and marketing messages
• Analytics Providers: Companies like Google Analytics that help us understand how users interact with our website
• Customer Support Tools: Platforms that facilitate customer service interactions and ticketing
• Marketing and Advertising Platforms: Digital advertising networks for targeted campaigns

All service providers are contractually required to handle your information in accordance with this Privacy Policy and applicable law, and are prohibited from using your data for any purpose beyond the services they provide to us.

4.2 Legal Requirements and Government Requests

We may disclose your personal information if required to do so by law or in good-faith belief that such action is necessary to:

• Comply with a legal obligation, court order, subpoena, or governmental request
• Protect and defend the rights or property of Costa Vida
• Prevent or investigate possible wrongdoing in connection with our services
• Protect the personal safety of users or the public
• Protect against legal liability

4.3 Business Transfers

In the event that Costa Vida is involved in a merger, acquisition, asset sale, restructuring, or similar corporate transaction, your personal information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website prior to your information becoming subject to a different privacy policy.

4.4 With Your Consent

We may share your information with other parties when you have given us explicit consent to do so, such as when you participate in joint promotions, sweepstakes, or partner offers.

4.5 Aggregated or De-Identified Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you with third parties for industry research, analytics, or marketing purposes without restriction.

5. Data Security Measures

Costa Vida takes the security of your personal information seriously and implements a range of technical, administrative, and physical safeguards to protect it from unauthorized access, disclosure, alteration, or destruction.

5.1 Technical Safeguards

• SSL/TLS Encryption: All data transmitted between your browser and our servers is encrypted using Secure Socket Layer (SSL) or Transport Layer Security (TLS) protocols
• Data Encryption at Rest: Sensitive data stored in our systems is encrypted using industry-standard encryption algorithms
• Secure Password Storage: User passwords are hashed and salted using robust cryptographic methods before storage
• Firewall Protection: We use firewalls and intrusion detection systems to protect our network infrastructure
• Regular Security Audits: We conduct periodic security assessments and vulnerability testing of our systems
• Access Controls: Access to personal data is restricted to authorized personnel only, based on the principle of least privilege

5.2 Administrative and Organizational Measures

• Employee training on data privacy and security best practices
• Confidentiality agreements for all staff with access to personal data
• Data access policies and procedures aligned with industry standards
• Incident response plans for potential data breaches

5.3 Breach Notification

In the event of a data breach that is likely to result in harm to your rights or interests, we will notify affected users and relevant regulatory authorities in accordance with applicable law, including state breach notification laws. Notifications will be provided without undue delay and, where required, within the timeframes mandated by law.

6. Data Retention Periods

We retain your personal information only for as long as is necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. The following general retention periods apply:

When your personal information is no longer required, we will securely delete or anonymize it in accordance with our data retention procedures.

7. Your Privacy Rights

Depending on your state of residence, you may have certain rights regarding your personal information. Costa Vida respects and supports the exercise of these rights.

7.1 Rights for California Residents (CCPA/CPRA)

If you are a resident of California, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the sources of collection, the purposes of use, and the categories of third parties with whom we share it.
• Right to Delete: You have the right to request deletion of personal information we have collected about you, subject to certain exceptions (e.g., where retention is required for legal compliance or service provision).
• Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising. Costa Vida does not sell personal information for monetary value, but may share certain data with advertising partners. To opt out, contact us at [email protected].
• Right to Limit Use of Sensitive Personal Information: You have the right to limit our use of sensitive personal information to only what is necessary for providing our services.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. You will not receive a lower quality of service or higher prices for exercising your rights.

7.2 General Privacy Rights (All Users)

Regardless of your state of residence, Costa Vida extends the following rights to all users:

• Right of Access: You may request a copy of the personal information we hold about you.
• Right to Rectification: You may request that we correct any inaccurate or incomplete personal information.
• Right to Erasure: You may request deletion of your personal data where there is no compelling reason for continued processing.
• Right to Data Portability: You may request that we provide your data in a structured, commonly used, and machine-readable format.
• Right to Withdraw Consent: Where our processing is based on your consent, you have the right to withdraw that consent at any time.
• Right to Opt-Out of Marketing: You may unsubscribe from marketing emails at any time by clicking the "unsubscribe" link in any email or by contacting us directly.

7.3 How to Exercise Your Rights

To exercise any of the rights described above, please contact us using the following methods:

• Email: [email protected]
• Website: cost-vida.digital

We will respond to verifiable consumer requests within 45 days of receipt. If we require additional time, we will notify you of the extension and the reasons for it. We may need to verify your identity before processing your request to protect your privacy and prevent unauthorized access.

You may designate an authorized agent to make a request on your behalf, provided you furnish written authorization or a power of attorney and we can verify the agent's identity.

8. Children's Privacy

Costa Vida's website and online services are intended for users who are 18 years of age or older. We do not knowingly collect, use, or solicit personal information from individuals under the age of 18.

In compliance with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect personal information from children under the age of 13 without verifiable parental consent. If we become aware that we have inadvertently collected personal information from a child under 13, we will take immediate steps to delete that information from our records.

If you are a parent or guardian and believe that your child has provided personal information to us, please contact us immediately at [email protected] so that we can investigate and take appropriate action.

We encourage parents and guardians to monitor their children's internet usage and to help enforce this Policy by instructing their children never to provide personal information through our website or services without parental permission.

9. Cookie Policy and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and support our marketing activities. This section provides a summary of our cookie practices.

9.1 What Are Cookies?

Cookies are small text files placed on your device when you visit a website. They allow the website to recognize your device and remember certain information about your visit. Cookies can be "session cookies" (deleted when you close your browser) or "persistent cookies" (remaining on your device for a set period).

9.2 Types of Cookies We Use

9.3 Managing Your Cookie Preferences

You can manage and control cookie preferences through your browser settings or through our cookie consent tool available on our website. Most web browsers allow you to refuse or accept cookies, delete existing cookies, and set preferences for certain websites. Please note that disabling certain cookies may affect the functionality of our website and your ability to use some features.

For more detailed information about our use of cookies and your options, please refer to our Cookie Policy.

10. International Data Transfers

Costa Vida is based in the United States and primarily operates within the United States. Your personal information is collected, stored, and processed in the United States, which may not have the same level of data protection laws as your home country if you are accessing our services from outside the United States.

If you are located outside the United States and choose to use our website or services, please be aware that your information will be transferred to and processed in the United States. By using our services, you consent to the transfer of your information to the United States and its processing in accordance with this Privacy Policy.

We take appropriate safeguards to ensure that any international transfer of personal data is conducted in compliance with applicable laws. These safeguards may include:

• Entering into standard contractual clauses approved by relevant regulatory authorities
• Ensuring recipients of data maintain adequate data protection standards
• Obtaining your explicit consent for specific transfers where required

11. Third-Party Links and External Services

Our website may contain links to third-party websites, social media platforms, delivery services, and other external resources. This Privacy Policy applies only to cost-vida.digital and does not govern the privacy practices of any third-party websites or services.

We encourage you to review the privacy policies of any third-party websites you visit. Costa Vida is not responsible for the content, privacy practices, or data handling of third-party websites or services, even if they are linked from our website.

Third-party services that may interact with your data when you use Costa Vida's website include, but are not limited to:

• Google Analytics (analytics and performance tracking)
• Meta Pixel / Facebook (social advertising and remarketing)
• Online food delivery platform partners
• Payment gateway providers
• Social media login providers

12. FTC Act Compliance and Consumer Protection

Costa Vida complies with the Federal Trade Commission Act (FTC Act), which prohibits unfair or deceptive acts or practices in or affecting commerce. Our data collection, use, and sharing practices are designed to be transparent, fair, and consistent with user expectations.

We are committed to:

• Providing clear and accurate information about how your data is collected and used
• Not engaging in deceptive practices related to privacy representations
• Honoring opt-out and consent withdrawal requests promptly
• Maintaining reasonable data security practices as required by the FTC
• Complying with FTC guidance on behavioral advertising and online tracking disclosures

13. Do Not Track Signals

Some web browsers may transmit "Do Not Track" (DNT) signals to websites. Currently, there is no universally agreed-upon standard for how websites should respond to DNT signals. As a result, our website does not currently respond differently to DNT signals.

However, you can manage your cookie and tracking preferences through our cookie consent tool and your browser settings as described in Section 9 of this Policy. We remain committed to providing you with meaningful choices about your data.

14. How to File a Complaint with a Data Protection Authority

If you have concerns about how Costa Vida handles your personal information and are not satisfied with our response to your inquiry, you have the right to file a complaint with the relevant data protection or consumer protection authority.

14.1 United States — Federal and State Authorities

In the United States, you may file a complaint with the following authorities:

We encourage you to contact us first at [email protected] before filing a formal complaint, as we are committed to resolving privacy issues directly and promptly.

15. Changes to This Privacy Policy

Costa Vida reserves the right to update or modify this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes to this Policy, we will:

• Update the "Last Updated" date at the top of this page
• Post a prominent notice on our website
• Send an email notification to registered users (where required or appropriate)

Your continued use of our website or services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. We encourage you to review this Policy periodically to stay informed about how we protect your information.

If we make changes that materially affect your rights or how we use your personal information, we will seek your consent where required by applicable law.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us. We take all privacy inquiries seriously and will respond within a reasonable time.