Privacy Policy

Effective Date: April 7, 2026 | Last Updated: April 7, 2026

This Privacy Policy describes how Costa Vida ("we," "us," "our," or the "Company") collects, uses, discloses, retains, and protects your personal information when you visit our website at costas-vida.rest, use our online ordering services, interact with our digital platforms, or otherwise engage with us in connection with our food and restaurant services. We are committed to protecting your privacy and handling your personal data with transparency, integrity, and care.

Please read this Privacy Policy carefully before using our website or services. By accessing or using our website, placing an order, creating an account, or otherwise interacting with us, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of our services.

This Privacy Policy applies to all users of our website, customers, newsletter subscribers, loyalty program members, and any individual who interacts with Costa Vida through digital or offline means.

1. Who We Are

Costa Vida is a food and restaurant business operating in the United States. We operate our digital presence through the website costas-vida.rest, providing customers with information about our menu, services, online ordering capabilities, loyalty programs, and other food-related offerings.

Company Name	Costa Vida
Website	costas-vida.rest
Email Address	[email protected]
Country of Operation	United States

If you have any questions, concerns, or requests related to this Privacy Policy or our data practices, you may contact us at any time using the information provided above or detailed in the "Contact Us" section of this policy.

2. Information We Collect

We collect various types of personal information depending on how you interact with us. The categories of information we collect include, but are not limited to, the following:

2.1 Personal Identification Information

When you create an account, place an order, join our loyalty program, or contact us directly, we may collect:

Full name
Email address
Phone number
Mailing address or delivery address
Date of birth (for verification or promotional purposes)
Username and password (for registered accounts)
Profile photo (if voluntarily uploaded)

2.2 Payment and Transaction Information

When you place an order or make a purchase through our website or in-store ordering systems, we may collect:

Credit or debit card details (processed securely through third-party payment processors)
Billing address
Transaction history and order details
Gift card or promotional code information

Note: We do not store full credit or debit card numbers on our servers. All payment information is processed by PCI-DSS compliant third-party payment processors.

2.3 Usage and Behavioral Data

When you visit our website, we automatically collect certain information about your browsing activity and interactions, including:

Pages visited and time spent on each page
Links clicked and buttons interacted with
Search queries made on our website
Items added to cart and order history
Referral URLs (the website that directed you to ours)
Session duration and frequency of visits

2.4 Device and Technical Information

We automatically collect technical information about the device you use to access our website, including:

IP address
Browser type and version
Operating system
Device type (desktop, mobile, tablet)
Screen resolution
Language settings
Time zone
Unique device identifiers

2.5 Location Data

With your permission, we may collect your geolocation data to help you find the nearest Costa Vida location, provide delivery services, or tailor local promotions. You may disable location access through your device settings at any time.

2.6 Communications and Feedback

When you contact us via email, phone, or contact form, or when you submit a review, survey response, or feedback, we collect:

The content of your messages and communications
Any personal information you include in your correspondence
Survey responses and ratings
Social media usernames if you interact with us on social platforms

2.7 Cookie and Tracking Data

We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your activity on our website. Please refer to Section 8 of this Privacy Policy for full details on our cookie practices.

2.8 Information From Third Parties

We may also receive information about you from third-party sources, including:

Social media platforms (if you log in using social media credentials or interact with our social pages)
Marketing and advertising partners
Analytics service providers
Delivery platform partners
Loyalty and rewards program platforms

3. How We Use Your Information

We use the personal information we collect for a variety of legitimate business purposes. We will only use your information in ways that are consistent with the purpose for which it was collected and as outlined in this Privacy Policy.

3.1 Providing and Managing Our Services

Processing and fulfilling your food orders and transactions
Managing your account, loyalty membership, and profile
Facilitating online ordering, delivery, and in-store pickup services
Sending order confirmations, receipts, and status updates
Responding to customer service inquiries, complaints, and feedback
Verifying your identity and preventing fraudulent transactions

3.2 Improving Our Products and Services

Analyzing usage trends and customer behavior to improve our menu, website design, and ordering experience
Conducting internal research and quality assurance
Testing and developing new features and functionalities
Monitoring and resolving technical issues with our website

3.3 Marketing and Communications

Sending promotional emails, newsletters, and special offers (with your consent where required)
Delivering personalized recommendations and targeted advertisements based on your preferences and history
Administering loyalty programs, contests, sweepstakes, and promotional campaigns
Sending birthday rewards or anniversary offers (where applicable)
Retargeting advertisements on third-party platforms such as social media

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any email we send, updating your preferences in your account settings, or contacting us directly at [email protected].

3.4 Legal Compliance and Safety

Complying with applicable federal, state, and local laws and regulations
Responding to lawful requests from government authorities or law enforcement
Enforcing our Terms of Service and other applicable policies
Protecting the rights, property, and safety of Costa Vida, our customers, and the public
Detecting, investigating, and preventing fraudulent, harmful, or illegal activity

3.5 Business Operations

Maintaining accurate business records
Conducting financial audits and reporting
Facilitating mergers, acquisitions, or business transfers (with appropriate safeguards)
Evaluating and improving our supply chain and operational efficiency

4. Sharing Your Information With Third Parties

We do not sell your personal information to third parties for monetary compensation. However, we may share your information with trusted third parties under the following circumstances:

4.1 Service Providers and Vendors

We work with third-party companies and individuals to help us operate our business, provide our services, and improve our offerings. These service providers may have access to your personal information only to the extent necessary to perform their contracted duties and are obligated not to disclose or use it for other purposes. Categories of service providers include:

Payment processing companies (e.g., Stripe, Square, PayPal)
Food delivery platform partners
Email marketing and communication platforms
Cloud hosting and data storage providers
Website analytics providers (e.g., Google Analytics)
Customer relationship management (CRM) software providers
Advertising and remarketing platforms
Loyalty and rewards program operators
IT support and cybersecurity service providers

4.2 Legal Requirements and Law Enforcement

We may disclose your personal information if we are required to do so by law or in response to valid legal processes, including court orders, subpoenas, or requests from government authorities. We may also disclose information when we believe disclosure is necessary to protect our legal rights, comply with applicable regulations, or protect the safety of our customers or the public.

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred to the acquiring entity. We will notify you of any such change in ownership or control of your personal information, and your information will remain subject to the terms of the privacy policy in effect at the time of transfer or a policy offering equivalent protection.

4.4 Advertising and Analytics Partners

We may share anonymized, aggregated, or pseudonymized data with advertising networks and analytics partners to help us understand our customer base, measure advertising effectiveness, and deliver relevant content. These partners are required to handle your data in accordance with applicable privacy laws.

4.5 With Your Consent

We may share your information with other third parties when you have provided explicit consent for such sharing, such as when participating in joint promotions or partnerships with other brands.

5. Data Security

Costa Vida takes the security of your personal information seriously. We implement a combination of technical, organizational, and administrative measures designed to protect your data against unauthorized access, disclosure, alteration, loss, or destruction.

5.1 Security Measures We Employ

Encryption: We use Secure Socket Layer (SSL) / Transport Layer Security (TLS) encryption for data transmitted between your browser and our website.
Access Controls: Access to personal information is restricted to authorized personnel who need it to perform their job functions, subject to strict confidentiality obligations.
Firewalls and Intrusion Detection: We employ firewalls, network monitoring, and intrusion detection systems to protect our infrastructure.
PCI-DSS Compliance: Our payment systems comply with the Payment Card Industry Data Security Standard (PCI-DSS).
Regular Security Audits: We conduct periodic security assessments and vulnerability testing to identify and address potential risks.
Data Minimization: We collect only the personal information that is necessary for the purposes outlined in this policy.
Employee Training: Our staff receives regular training on data privacy and security best practices.

5.2 Limitation of Liability

Despite our best efforts, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. In the event of a data breach that affects your rights and freedoms, we will notify you and the relevant authorities in accordance with applicable legal requirements, including notification obligations under applicable U.S. state laws.

6. Your Privacy Rights

Depending on your state of residence within the United States, you may have certain rights regarding your personal information. We are committed to honoring these rights and have established processes to facilitate your requests.

6.1 California Residents — CCPA/CPRA Rights

If you are a resident of California, you have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), including:

Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the purposes for collection, and the third parties with whom we share your information.
Right to Delete: You have the right to request that we delete personal information we have collected about you, subject to certain exceptions provided by law.
Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you.
Right to Opt-Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising.
Right to Limit Use of Sensitive Personal Information: You have the right to limit how we use and disclose your sensitive personal information.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To submit a CCPA/CPRA rights request, please contact us at [email protected]. We will verify your identity before processing your request and respond within 45 days, with an extension of an additional 45 days when reasonably necessary.

6.2 General U.S. Consumer Rights

In addition to state-specific rights, we honor the following general privacy rights for all users:

Right to Access: You may request a copy of the personal information we hold about you.
Right to Correction: You may request that we update or correct inaccurate or incomplete information.
Right to Deletion: You may request that we delete your personal data, subject to our legal retention obligations.
Right to Data Portability: Where technically feasible, you may request a copy of your personal data in a structured, commonly used, and machine-readable format.
Right to Withdraw Consent: Where we rely on your consent to process your data, you may withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
Right to Opt-Out of Marketing: You may opt out of receiving promotional communications from us at any time.

6.3 How to Exercise Your Rights

To exercise any of the privacy rights described above, please:

Email us at: [email protected]
Visit our website: costas-vida.rest

We may need to verify your identity before processing your request to ensure the security of your personal information. We will not charge a fee for processing your request unless it is excessive or repetitive, in which case we will notify you of the applicable fee before proceeding.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by applicable law.

Type of Data	Retention Period
Account and profile information	For the duration of your account, plus 3 years after account deletion
Order and transaction records	7 years (for tax and legal compliance purposes)
Marketing preferences and communications history	3 years from last interaction
Customer service communications	3 years from date of last communication
Website usage and analytics data	Up to 26 months
Cookie and tracking data	As specified in our Cookie Policy (typically up to 12 months)
Legal compliance and fraud prevention records	As required by applicable law, up to 10 years

When personal information is no longer needed, we will securely delete or anonymize it in accordance with our data disposal procedures. Anonymized or aggregated data that cannot be used to identify you may be retained indefinitely for statistical and research purposes.

8. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies (such as web beacons, pixels, and local storage) to enhance your browsing experience, analyze website performance, and deliver relevant advertisements.

8.1 Types of Cookies We Use

Strictly Necessary Cookies: Essential for the website to function properly. These cannot be disabled without affecting core functionality.
Performance and Analytics Cookies: Help us understand how visitors interact with our website (e.g., Google Analytics).
Functional Cookies: Remember your preferences and settings to provide a more personalized experience.
Marketing and Advertising Cookies: Used to deliver targeted advertisements based on your browsing behavior and interests.

8.2 Managing Your Cookie Preferences

You can manage your cookie preferences through our cookie consent banner, your browser settings, or opt-out tools provided by third-party advertising networks. Please note that disabling certain cookies may affect the functionality of our website and your user experience.

For detailed information about the specific cookies we use, their purposes, and how to manage them, please refer to our Cookie Policy available on our website at costas-vida.rest.

9. Children's Privacy

Age Restriction: Our website and services are intended for individuals who are 18 years of age or older. We do not knowingly collect personal information from children under the age of 18.

Costa Vida's website, online ordering system, loyalty program, and all associated digital services are designed for adult consumers. We do not knowingly solicit, collect, or process personal information from children under the age of 18 without verifiable parental consent, in compliance with the Children's Online Privacy Protection Act (COPPA) and applicable U.S. state laws.

If you are a parent or legal guardian and you believe that your child under the age of 18 has provided us with personal information without your consent, please contact us immediately at [email protected]. Upon verification, we will promptly delete such information from our records.

We encourage parents and guardians to monitor and supervise their children's online activities and to teach them safe and responsible use of the internet, including how to manage their personal information.

10. International Data Transfers

Costa Vida is based in the United States and primarily processes personal information within the United States. However, some of our third-party service providers, technology partners, and cloud infrastructure services may operate in or transfer data to countries outside of the United States.

When we transfer your personal information to service providers or partners located in other countries, we take steps to ensure that appropriate safeguards are in place to protect your information in accordance with applicable U.S. laws, including:

Entering into data processing agreements with standard contractual clauses or equivalent protections where applicable
Conducting due diligence on the data privacy practices of our international service providers
Ensuring that any international transfers comply with applicable U.S. federal and state privacy regulations

By using our website and services, you acknowledge and consent to the transfer of your personal information to countries outside your country of residence, including countries that may not provide the same level of data protection as your home jurisdiction.

11. Third-Party Links and Services

Our website may contain links to third-party websites, social media platforms, delivery apps, and other external services. These third-party sites operate independently of Costa Vida and have their own privacy policies. We are not responsible for the content, privacy practices, or security measures of these external sites.

We encourage you to review the privacy policies of any third-party websites or services you visit or use before providing any personal information. The inclusion of a link on our website does not imply our endorsement or affiliation with the linked site.

12. Legal Basis for Processing (FTC Compliance)

As a U.S.-based business, Costa Vida processes personal information in compliance with the Federal Trade Commission Act (FTC Act), applicable state consumer protection laws, and other relevant U.S. federal and state privacy regulations. Our data processing activities are conducted on the following bases:

Contract Performance: Processing necessary to fulfill your orders, provide services, and manage your account.
Legal Compliance: Processing required by applicable federal, state, or local law.
Legitimate Business Interests: Processing conducted for fraud prevention, security, analytics, and business improvement where such interests do not override your privacy rights.
Consent: Processing for marketing communications and non-essential cookies, where you have provided affirmative consent.

We are committed to complying with all applicable U.S. privacy laws, including but not limited to the California Consumer Privacy Act (CCPA/CPRA), the Children's Online Privacy Protection Act (COPPA), the CAN-SPAM Act, and applicable state data breach notification laws.

13. Do Not Track Signals

Some web browsers include a "Do Not Track" (DNT) feature that signals websites not to track your browsing activity. Currently, there is no universally accepted standard for how websites should respond to DNT signals. Our website does not currently respond to DNT signals from browsers, but we offer alternative opt-out mechanisms as described in Section 8 (Cookies) and Section 6 (Your Privacy Rights) of this policy.

14. Changes to This Privacy Policy

We reserve the right to update, modify, or revise this Privacy Policy at any time to reflect changes in our business practices, technology, legal requirements, or other factors. When we make material changes to this policy, we will:

Update the "Last Updated" date at the top of this page
Post a prominent notice on our website notifying users of the changes
Send an email notification to registered users where the changes are significant and may affect their rights

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal information. Your continued use of our website or services after any changes to this Privacy Policy take effect constitutes your acceptance of those changes.

If you do not agree with the revised Privacy Policy, please discontinue your use of our services and contact us to request deletion of your personal information.

15. How to File a Complaint

If you believe that we have not handled your personal information in accordance with this Privacy Policy or applicable privacy laws, we encourage you to contact us first so that we can address your concerns promptly and fairly.

15.1 Contact Costa Vida Directly

Please reach out to us with a detailed description of your concern:

Email: [email protected]
Website: costas-vida.rest

We will acknowledge your complaint within 10 business days and work to resolve the matter within 30 days. If your complaint requires additional time to investigate, we will notify you of the extended timeline and provide updates throughout the process.

15.2 Filing a Complaint With Regulatory Authorities

If you are not satisfied with our response to your privacy complaint, you have the right to file a complaint with the appropriate regulatory authority:

Authority	Jurisdiction	Contact
Federal Trade Commission (FTC)	United States (Federal)	www.ftc.gov/contact
California Attorney General — Privacy Enforcement	California Residents	oag.ca.gov/privacy
California Privacy Protection Agency (CPPA)	California Residents (CCPA/CPRA)	cppa.ca.gov
Your State Attorney General's Office	All U.S. States	Contact your respective state Attorney General

We are committed to working cooperatively with the appropriate regulatory authorities to resolve any privacy complaints that cannot be resolved directly between us and the individual concerned.

16. Contact Us

If you have any questions, concerns, comments, or requests related to this Privacy Policy or our data practices, please do not hesitate to reach out to us. We are committed to responding to all privacy-related inquiries in a timely and thorough manner.

Costa Vida — Privacy Contact Information

Company Name	Costa Vida
Email Address	[email protected]
Website	costas-vida.rest
Country	United States

We aim to respond to all privacy inquiries within 10 business days. For complex requests or formal rights exercises (such as data deletion or access requests), our target response time is 30 days, with the possibility of a single 30-day extension for particularly complex requests, as permitted by applicable law.

Thank you for trusting Costa Vida with your personal information. We take our responsibility to protect your privacy seriously and remain committed to maintaining the highest standards of data protection, transparency, and consumer trust.

This Privacy Policy was last reviewed and updated on April 7, 2026. Previous versions of this policy are available upon request.