Privacy Policy

Effective Date: May 20, 2026 | Last Updated: May 20, 2026

This Privacy Policy describes how Costa Vida ("we," "us," or "our") collects, uses, discloses, and safeguards your personal information when you visit our website at costavida-eat.rest, place orders, interact with our digital platforms, or otherwise engage with our food services. Please read this policy carefully. If you do not agree with the terms of this Privacy Policy, please discontinue use of our services immediately.

We are committed to protecting your privacy and handling your personal data in an open and transparent manner. This Privacy Policy has been prepared in compliance with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other relevant consumer protection regulations.

1. Who We Are

Costa Vida is a food service business operating in the United States. For all privacy-related matters, you may contact us using the information below:

Company Name	Costa Vida
Email Address	[email protected]
Website	costavida-eat.rest

As a data controller, we determine the purposes and means by which your personal information is processed. We take this responsibility seriously and have implemented comprehensive measures to ensure the protection of your data.

2. Scope of This Privacy Policy

This Privacy Policy applies to all personal information we collect through:

Our website located at costavida-eat.rest
Online ordering systems and food delivery platforms
Email communications, newsletters, and promotional materials
Customer loyalty programs and reward systems
Social media accounts and pages operated by Costa Vida
In-store digital kiosks, point-of-sale systems, and related services
Any mobile applications associated with Costa Vida
Customer service interactions via phone, email, or chat

This policy does not apply to third-party websites or services that may be linked from our website. We encourage you to review the privacy policies of any third-party platforms you visit.

3. Information We Collect

We collect various types of personal information in order to provide and improve our services. The categories of information we collect are described in detail below.

3.1 Personal Identification Information

When you create an account, place an order, or otherwise interact with our services, we may collect:

Full name and preferred name
Email address
Phone number (mobile and/or landline)
Physical delivery address (street address, city, state, ZIP code)
Billing address
Date of birth (for age verification and birthday rewards)
Username and password for account access
Profile photo (if voluntarily provided)

3.2 Payment and Financial Information

To process transactions for food orders and purchases, we collect:

Credit card and debit card information (card number, expiration date, CVV — processed through secure payment processors)
Digital wallet information (such as Apple Pay, Google Pay)
Gift card numbers and balances
Transaction history, including order amounts, dates, and items purchased

Note: We do not store full payment card numbers on our servers. Payment processing is handled by PCI-DSS compliant third-party payment processors.

3.3 Order and Dietary Information

As a food service provider, we collect information related to your dietary preferences and food orders, including:

Food items ordered, customizations, and special instructions
Dietary preferences and restrictions (e.g., vegetarian, gluten-free, allergen information)
Order frequency, favorite items, and purchase history
Pickup or delivery preferences
Selected restaurant or service location

3.4 Usage Data and Online Activity

When you visit our website or use our digital platforms, we automatically collect certain technical information:

Internet Protocol (IP) address
Browser type, version, and language settings
Operating system and device type (desktop, mobile, tablet)
Pages visited, links clicked, and features used on our website
Time and date of your visit, session duration, and page load times
Referring website or source that directed you to our site
Search terms used on our website
Crash reports and error logs

3.5 Device Information

We may collect technical information about the devices you use to access our services:

Device identifiers (such as device ID, advertising ID)
Hardware model and specifications
Network provider and connection type
Mobile application version (if applicable)
Geolocation data (with your permission) for finding nearby locations or processing delivery orders

3.6 Communications and Customer Service Data

When you contact us for support or engage with our communications, we collect:

Content of emails, chat messages, and phone call records
Customer service inquiry history and resolution notes
Feedback, reviews, surveys, and ratings you submit
Social media interactions and mentions

3.7 Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about your online interactions. For detailed information about our use of cookies, please refer to Section 9 of this Privacy Policy.

3.8 Information Collected from Third Parties

We may receive information about you from third-party sources, including:

Third-party food delivery platforms (such as DoorDash, Uber Eats, Grubhub)
Social media platforms when you connect your accounts or interact with our social content
Analytics providers and marketing partners
Publicly available sources for business verification purposes
Fraud prevention and identity verification services

4. How We Use Your Information

We process your personal information for specific, legitimate purposes. We will only use your data in ways that are consistent with this Privacy Policy and applicable law.

4.1 Service Provision and Order Fulfillment

Processing and fulfilling your food orders, whether for pickup, dine-in, or delivery
Creating and managing your customer account
Processing payments and issuing receipts and confirmations
Communicating order status updates and delivery notifications
Providing customer service and resolving complaints or disputes
Operating our loyalty programs and reward systems
Personalizing your experience based on your order history and preferences

4.2 Marketing and Promotional Communications

Sending promotional emails, newsletters, and special offers about Costa Vida products and services
Displaying targeted advertisements on our website and third-party platforms
Conducting surveys and collecting feedback to improve our menu and services
Notifying you about new menu items, seasonal offerings, and limited-time promotions
Personalizing marketing messages based on your purchase history and preferences

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any promotional email or by contacting us at [email protected].

4.3 Analytics and Service Improvement

Analyzing website and app usage patterns to improve functionality and user experience
Conducting research and analysis to develop new products and menu items
Monitoring and evaluating the effectiveness of our marketing campaigns
Identifying and addressing technical issues, bugs, and security vulnerabilities
Generating aggregated, anonymized statistical reports for business planning

4.4 Legal Compliance and Safety

Complying with applicable federal and state laws and regulations
Responding to lawful requests from law enforcement or government authorities
Detecting, investigating, and preventing fraudulent transactions and unauthorized access
Enforcing our Terms of Service and other applicable policies
Protecting the rights, property, and safety of Costa Vida, our customers, and others
Maintaining records required by law, including food safety and tax regulations

4.5 Business Operations

Managing our internal business operations and administrative functions
Conducting employee training related to customer service
Evaluating potential business transactions such as mergers or acquisitions
Auditing our services and ensuring quality control

5. How We Share Your Information

We do not sell your personal information to third parties for monetary consideration. However, we may share your information in the following circumstances:

5.1 Service Providers and Business Partners

We work with carefully vetted third-party service providers who assist us in operating our business. These providers are contractually obligated to use your data only for the purposes we specify and to maintain appropriate security measures. They include:

Payment processors: To securely process credit card and digital payment transactions
Delivery services: Third-party delivery platforms and couriers who fulfill your food orders
Cloud hosting providers: Companies that host our website, databases, and digital infrastructure
Analytics providers: Companies such as Google Analytics that help us understand how users interact with our website
Email marketing platforms: Services that help us send newsletters and promotional communications
Customer support tools: Platforms that facilitate our customer service operations
Fraud prevention services: Companies that help us detect and prevent fraudulent activity
Loyalty program administrators: Partners who help manage customer reward and loyalty programs

5.2 Legal Requirements and Law Enforcement

We may disclose your personal information if we are required to do so by law or in good-faith belief that such action is necessary to:

Comply with a legal obligation, court order, subpoena, or government request
Cooperate with law enforcement agencies investigating illegal activities
Protect and defend the rights or property of Costa Vida
Prevent or investigate potential wrongdoing in connection with our services
Protect the personal safety of users or the public

5.3 Business Transfers

In the event that Costa Vida undergoes a merger, acquisition, reorganization, sale of assets, or bankruptcy proceeding, your personal information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website before your information is transferred and becomes subject to a different privacy policy.

5.4 With Your Consent

We may share your information with third parties for purposes not described in this policy when we have obtained your explicit prior consent to do so.

5.5 Aggregated and De-Identified Data

We may share aggregated, anonymized data that cannot reasonably be used to identify you with third parties for research, marketing, advertising, or other purposes. This type of sharing is not restricted by this Privacy Policy.

6. Data Security

We take the security of your personal information very seriously and have implemented a range of technical, administrative, and physical security measures to protect your data from unauthorized access, disclosure, alteration, or destruction.

6.1 Technical Security Measures

Encryption: All data transmitted between your browser and our servers is protected using industry-standard SSL/TLS encryption (HTTPS)
Secure storage: Sensitive data is stored using encryption at rest with strong cryptographic standards
Access controls: We implement strict role-based access controls, ensuring only authorized personnel can access sensitive data
Firewall protection: Our systems are protected by enterprise-grade firewalls and intrusion detection systems
Payment security: We comply with Payment Card Industry Data Security Standard (PCI-DSS) requirements
Two-factor authentication: Available for customer accounts to add an extra layer of security

6.2 Administrative Security Measures

Regular employee training on data privacy and security best practices
Background checks for employees with access to sensitive data
Comprehensive data protection policies and procedures
Vendor assessment processes to ensure third-party security standards
Incident response plans for data breach scenarios

6.3 Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and the appropriate regulatory authorities in accordance with applicable state and federal breach notification laws, including relevant state breach notification statutes. Notification will be provided without undue delay and within legally required timeframes.

Important: While we implement robust security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information. You are responsible for maintaining the confidentiality of your account credentials.

7. Your Privacy Rights

Depending on your state of residence, you may have specific rights regarding your personal information. We respect these rights and have established processes to facilitate your exercise of them.

7.1 Rights Under the California Consumer Privacy Act (CCPA/CPRA)

If you are a California resident, you have the following rights under the CCPA as amended by the CPRA:

Right	Description
Right to Know	You may request information about the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collecting it, and the categories of third parties with whom we share it.
Right to Delete	You may request that we delete personal information we have collected from you, subject to certain exceptions (such as information needed to complete a transaction or comply with legal obligations).
Right to Correct	You may request that we correct inaccurate personal information we maintain about you.
Right to Opt-Out of Sale/Sharing	You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising.
Right to Limit Use of Sensitive Personal Information	You may direct us to limit the use and disclosure of sensitive personal information (such as precise geolocation or health information) to certain permitted purposes.
Right to Non-Discrimination	We will not discriminate against you for exercising any of your CCPA privacy rights. We will not deny you goods or services, charge different prices, or provide a different level of service.
Right to Data Portability	You may request a copy of your personal information in a portable, readily usable format that allows you to transmit the data to another entity.

7.2 General Privacy Rights (All U.S. Residents)

Regardless of your state of residence, you generally have the following rights:

Right to Access: Request a copy of the personal information we hold about you
Right to Correction: Request that we correct any inaccurate or incomplete information
Right to Opt-Out of Marketing: Unsubscribe from promotional communications at any time
Right to Account Deletion: Close your account and request deletion of associated data

7.3 How to Submit a Privacy Rights Request

To exercise any of the rights described above, you may:

Send an email to [email protected] with the subject line "Privacy Rights Request"
Submit a written request to our address on file

We will verify your identity before processing your request to prevent unauthorized access to your information. We will respond to your request within 45 days of receipt. If we need additional time, we will inform you of the reason and the expected response timeframe. We may extend the response period by an additional 45 days when reasonably necessary.

If you use an authorized agent to submit a request on your behalf, we may require written proof of the agent's authorization and your identity verification.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. The specific retention periods we apply are as follows:

Category of Data	Retention Period
Account and profile information	Duration of account plus 3 years after account closure
Order history and transaction records	7 years (for tax and accounting purposes)
Payment information	As required by PCI-DSS; full card data is not retained after processing
Marketing preferences and opt-out records	Indefinitely (to honor opt-out requests)
Customer service communications	3 years from the date of the last interaction
Website analytics and usage data	26 months from collection
Cookie and tracking data	As specified in our Cookie Policy (typically 1–2 years)
Legal and compliance records	As required by applicable law (typically 5–7 years)

When personal information is no longer required for these purposes, we will securely delete, destroy, or anonymize it in accordance with our data destruction procedures.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website and to understand how our services are used. This section provides a brief overview of our cookie practices.

9.1 Types of Cookies We Use

Strictly Necessary Cookies: Essential for the website to function properly, such as maintaining your shopping cart and login session. These cannot be disabled.
Performance and Analytics Cookies: Help us understand how visitors interact with our website by collecting anonymous usage information (e.g., Google Analytics).
Functional Cookies: Remember your preferences and settings, such as language selection, saved addresses, and past orders.
Marketing and Advertising Cookies: Used to deliver relevant advertisements and track the effectiveness of our marketing campaigns across different platforms.
Third-Party Cookies: Set by our partners and service providers for analytics, advertising, and social media integration purposes.

9.2 Managing Cookie Preferences

You can control and manage cookies through your browser settings. Most browsers allow you to refuse all cookies, accept only certain types of cookies, or notify you when a cookie is set. Please note that disabling certain cookies may affect the functionality of our website and your ability to place orders or access your account.

You may also opt out of interest-based advertising by visiting:

For more detailed information about our use of cookies, including a full list of cookies used on our website, please refer to our dedicated Cookie Policy available on our website.

10. Children's Privacy

Our website, online ordering platform, and related services are intended for use by individuals who are 18 years of age or older. We do not knowingly collect, use, or disclose personal information from children under the age of 13 as defined by the Children's Online Privacy Protection Act (COPPA), nor do we knowingly target individuals under the age of 18 for marketing purposes.

If you are under 18 years of age, you may not use our online services or create an account without the supervision and consent of a parent or legal guardian.

If we become aware that we have inadvertently collected personal information from a child under the age of 13 without verified parental consent, we will take immediate steps to delete that information from our records. If you believe we may have collected information from a minor, please contact us immediately at [email protected].

Parents and guardians who have concerns about their child's privacy in connection with our services are encouraged to contact us directly so we can address those concerns promptly.

11. International Data Transfers

Costa Vida is a food service business operating in the United States, and our primary data processing activities occur within the United States. Your personal information is stored and processed on servers located within the United States.

If you are accessing our services from outside the United States, please be aware that your personal information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country of residence. By using our services, you consent to this transfer and processing of your information in the United States.

We implement appropriate safeguards to ensure that any international transfer of data is handled in compliance with applicable data protection laws. These safeguards may include:

Standard contractual clauses approved by relevant data protection authorities
Binding corporate rules for transfers within corporate groups
Ensuring that recipient countries provide an adequate level of data protection

If you have questions about the international transfer of your data, please contact us at [email protected].

12. Third-Party Links and Integrations

Our website and digital platforms may contain links to third-party websites, social media platforms, and integrated services (such as food delivery apps and payment gateways). This Privacy Policy does not apply to those third-party services, and we are not responsible for the privacy practices of external websites or platforms.

We encourage you to review the privacy policies of any third-party services you access through our website, including:

Food delivery platforms (DoorDash, Uber Eats, Grubhub, etc.)
Social media platforms (Facebook, Instagram, Twitter/X, TikTok)
Payment processors (Stripe, Square, PayPal, etc.)
Mapping and location services (Google Maps)

The inclusion of a link to a third-party website does not constitute our endorsement of that website's privacy practices.

13. Do Not Track Signals

Some web browsers offer a "Do Not Track" (DNT) feature that sends a signal to websites requesting that your browsing activity not be tracked. Currently, there is no universally accepted standard for how websites should respond to DNT signals, and our website does not respond to DNT signals at this time.

However, you may control your tracking preferences through our cookie consent tools and by adjusting your browser settings as described in Section 9 of this Privacy Policy.

14. California Privacy Rights — Additional Disclosures

In addition to the rights described in Section 7, California residents have the following rights under the CCPA/CPRA:

14.1 Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information as defined by the CCPA:

Identifiers (name, email address, IP address, account credentials)
Customer Records (payment information, order history)
Commercial Information (products purchased, transaction history)
Internet or Other Electronic Network Activity (browsing history, website interactions)
Geolocation Data (approximate location for delivery services)
Inferences (preferences and characteristics derived from purchase history)
Sensitive Personal Information (precise geolocation, if enabled; dietary information where relevant)

14.2 Business Purpose for Collection

We collect this information for the business purposes described in Section 4 of this Privacy Policy, including service provision, analytics, marketing, and legal compliance.

14.3 "Shine the Light" Law

California Civil Code Section 1798.83 (also known as the "Shine the Light" law) allows California residents to request information regarding the disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us at [email protected].

15. Filing a Complaint with a Data Protection Authority

If you have concerns about how we handle your personal information and are not satisfied with our response to your privacy rights request, you have the right to file a complaint with the appropriate regulatory authority.

15.1 California Residents

California residents may file a complaint with the California Privacy Protection Agency (CPPA), which is the dedicated agency responsible for enforcing the CCPA/CPRA:

California Privacy Protection Agency (CPPA)
Website: https://cppa.ca.gov
Email: [email protected]

15.2 Federal Consumer Protection Complaints

Consumers in all states may file complaints with the Federal Trade Commission (FTC), which enforces federal consumer protection laws including the FTC Act:

Federal Trade Commission (FTC)
Website: https://www.ftc.gov
Consumer Complaint Center: https://reportfraud.ftc.gov

15.3 State Attorney General Offices

Consumers may also contact their respective state Attorney General's office to report privacy violations or consumer protection concerns. Contact information for state Attorney General offices can typically be found on your state government's official website.

16. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our data practices, legal requirements, or business operations. When we make material changes to this policy, we will:

Update the "Last Updated" date at the top of this Privacy Policy
Post the revised policy on our website at costavida-eat.rest
Send an email notification to registered account holders when the changes are significant
Display a prominent notice on our website for a reasonable period following material changes

Your continued use of our services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

If you disagree with the changes made to this Privacy Policy, you may close your account and discontinue use of our services. To request deletion of your data in connection with account closure, please contact us at [email protected].

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact our privacy team. We are committed to addressing your inquiries promptly and transparently.

Privacy Contact Information

Company: Costa Vida

Email: [email protected]

Website: costavida-eat.rest

Subject Line for Privacy Inquiries: "Privacy Policy Inquiry" or "Privacy Rights Request"

When contacting us regarding a privacy rights request, please include:

Your full name and email address associated with your account
A clear description of your request or concern
Your state of residence (for determining applicable legal rights)
Any other information that will help us identify your records and respond effectively

We will acknowledge receipt of your inquiry within 5 business days and will work diligently to provide a full response within the legally required timeframe.

This Privacy Policy was last updated on May 20, 2026.