Privacy Policy

Effective Date: May 15, 2026 | Last Updated: May 15, 2026

This Privacy Policy describes how Costa Vida ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you visit our website at costavida-meal.digital, place orders, use our digital services, or otherwise interact with us. Please read this policy carefully. By using our website or services, you agree to the practices described in this Privacy Policy.

We are committed to protecting your privacy and handling your personal data with transparency, integrity, and in compliance with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other applicable state and federal regulations.

1. Who We Are

Costa Vida is a food service business operating in the United States. We offer food ordering, delivery, and restaurant-related services through our digital platform.

Company Name	Costa Vida
Website	costavida-meal.digital
Email Address	[email protected]
Country of Operation	United States

For all privacy-related inquiries, requests, or concerns, please contact us using the information provided in Section 14 of this policy.

2. Information We Collect

We collect various categories of personal information depending on how you interact with our website and services. Below is a comprehensive breakdown of the types of data we may collect:

2.1 Personal Identification Information

When you create an account, place an order, or contact us, we may collect:

Full name
Email address
Phone number
Mailing or delivery address
Date of birth (for age verification purposes)
Username and encrypted password
Profile photo (if voluntarily provided)

2.2 Payment and Financial Information

When you make a purchase through our platform, we collect payment-related data, which may include:

Credit card or debit card number (processed through encrypted, PCI-DSS compliant payment processors)
Billing address
Transaction history and order details
Digital wallet information (e.g., Apple Pay, Google Pay)

Note: We do not store full credit or debit card numbers on our servers. All payment processing is handled by third-party payment processors who maintain their own security standards.

2.3 Order and Transaction Data

We collect information related to your food orders and transactions, including:

Items ordered and customizations
Order history and frequency
Delivery instructions and special requests
Loyalty program activity (if applicable)
Refund and complaint records

2.4 Usage and Behavioral Data

When you browse our website or use our digital services, we automatically collect certain usage data, such as:

Pages visited and time spent on each page
Links clicked and features used
Search queries entered on our platform
Referring website or source that brought you to our site
Shopping cart activity
Session duration and exit pages

2.5 Device and Technical Information

We automatically collect technical information from your device, including:

IP address
Browser type and version
Operating system and device type (desktop, tablet, mobile)
Screen resolution
Device identifiers
Language and time zone settings

2.6 Location Data

With your permission, we may collect location information to provide delivery services and show nearby restaurant options. This may include:

Precise GPS location (only when you grant permission through your device)
Approximate location based on your IP address
Delivery address you provide manually

2.7 Communications Data

If you contact us via email, phone, or contact form, we collect and retain records of:

Your inquiry or message content
Date and time of contact
Our response to you
Customer service interaction records

2.8 Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your browsing behavior. Please see Section 8 of this policy for more detailed information about our use of cookies.

3. How We Use Your Information

We use the personal information we collect for the following purposes:

3.1 Service Provision and Order Fulfillment

Processing and delivering your food orders
Managing your user account and preferences
Processing payments and issuing receipts
Sending order confirmations and delivery updates
Coordinating with delivery partners or in-house drivers
Handling returns, refunds, and complaints

3.2 Customer Support

Responding to inquiries, questions, and feedback
Resolving disputes and technical issues
Verifying your identity when needed for account security

3.3 Analytics and Service Improvement

Analyzing usage patterns to improve website functionality
Understanding customer preferences to optimize our menu
Conducting internal research and reporting
Monitoring website performance and uptime
Testing new features and site updates

3.4 Marketing and Promotional Communications

With your consent where required by law, we may use your information to:

Send promotional emails, special offers, and newsletters
Notify you about new menu items, limited-time deals, or loyalty rewards
Show targeted advertisements on our website or third-party platforms
Conduct customer satisfaction surveys

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any marketing email or by contacting us at [email protected].

3.5 Legal Compliance and Safety

Complying with applicable federal, state, and local laws
Preventing fraud, abuse, and unauthorized account access
Enforcing our Terms of Service and other agreements
Protecting the rights, property, and safety of our users and our company
Responding to lawful requests from government authorities

3.6 Personalization

Remembering your preferences and saved orders
Recommending menu items based on your order history
Customizing your user experience on our platform

4. Legal Basis for Processing Your Data

While the United States does not have a single federal privacy law analogous to GDPR, we process your data in accordance with applicable legal frameworks and on the following legal bases:

Contractual Necessity: Processing required to fulfill your orders and deliver services you have requested.
Legitimate Business Interests: Processing for analytics, fraud prevention, and service improvement where your rights are not overridden.
Consent: Processing for marketing, non-essential cookies, and optional features where you have given clear consent.
Legal Obligation: Processing required to comply with applicable federal and state laws, court orders, or governmental requests.

5. Sharing Your Information with Third Parties

We do not sell your personal information to third parties. However, we may share your data in the following circumstances:

5.1 Service Providers and Business Partners

We share necessary information with trusted third-party vendors and service providers who assist us in operating our business, including:

Payment Processors: To securely process your transactions (e.g., Stripe, Square)
Delivery Partners: To coordinate food delivery to your location
Analytics Providers: Such as Google Analytics, to analyze website usage
Email Marketing Platforms: To send promotional communications with your consent
Cloud Hosting Providers: To host our website and store data securely
Customer Support Tools: To manage and respond to customer service requests

All service providers are contractually obligated to use your information only for the specified purpose and to maintain appropriate security safeguards.

5.2 Legal Requirements and Law Enforcement

We may disclose your personal information when required by law or in good faith belief that disclosure is necessary to:

Comply with a legal obligation, court order, or government request
Protect and defend our legal rights or property
Prevent or investigate possible wrongdoing in connection with our services
Protect the personal safety of users or the public

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred to the acquiring entity. We will notify you via email or prominent notice on our website prior to any such transfer and advise you of any choices you may have.

5.4 Aggregated and De-identified Data

We may share aggregated or de-identified information — data that cannot reasonably be used to identify you personally — with third parties for research, marketing, analytics, or other business purposes without restriction.

6. Data Security

We take the security of your personal information seriously and implement industry-standard technical and organizational measures to protect your data against unauthorized access, loss, misuse, alteration, or disclosure.

6.1 Technical Security Measures

SSL/TLS Encryption: All data transmitted between your browser and our servers is encrypted using SSL/TLS technology (HTTPS).
Data Encryption at Rest: Sensitive data stored on our servers is encrypted using industry-standard encryption algorithms.
Firewalls and Intrusion Detection: We employ firewalls, intrusion detection systems, and regular security scans to protect our infrastructure.
Password Hashing: User passwords are hashed using strong cryptographic algorithms and are never stored in plaintext.
Access Controls: Access to personal data is restricted to authorized personnel who require it to perform their job functions.

6.2 Organizational Security Measures

Regular employee training on data privacy and security practices
Strict internal data access policies and role-based permissions
Vendor due diligence and data processing agreements with all third-party service providers
Regular security audits and vulnerability assessments
Incident response plan for data breach notification and remediation

Important: While we implement robust security measures, no method of data transmission or storage over the internet is 100% secure. We cannot guarantee absolute security of your information. In the event of a data breach affecting your rights, we will notify you in accordance with applicable state and federal breach notification laws.

7. Your Privacy Rights

Depending on your state of residence, you may have specific rights regarding your personal information. We honor these rights for all users to the extent required by applicable law.

7.1 Rights Under the California Consumer Privacy Act (CCPA/CPRA)

If you are a California resident, you have the following rights:

Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for collecting it, and the categories of third parties with whom we share it.
Right to Delete: You have the right to request deletion of personal information we have collected from you, subject to certain exceptions (e.g., information needed to complete a transaction or comply with legal obligations).
Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you.
Right to Opt-Out of Sale or Sharing: We do not sell your personal information. However, if we ever engage in sharing that constitutes a "sale" under CCPA, you have the right to opt out.
Right to Limit Use of Sensitive Personal Information: You may have the right to limit our use and disclosure of sensitive personal information.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA privacy rights. We will not deny goods or services, charge different prices, or provide a different level of service because you exercised your rights.

7.2 General Rights for All US Users

Right to Access: Request a copy of the personal information we hold about you.
Right to Correction: Request correction of inaccurate or incomplete information.
Right to Deletion: Request deletion of your personal data where we have no legitimate reason to retain it.
Right to Data Portability: Request a machine-readable copy of your personal data that you can transfer to another service provider.
Right to Withdraw Consent: Where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing.
Right to Object to Marketing: Opt out of receiving direct marketing communications at any time.

7.3 How to Exercise Your Rights

To exercise any of the rights listed above, please submit a request by:

Email: [email protected]
Website: costavida-meal.digital

We will verify your identity before processing any request. We will respond to your request within 45 days as required by the CCPA, and may extend this period by an additional 45 days when reasonably necessary with prior notice.

8. Cookie Policy

We use cookies and similar tracking technologies on our website to enhance your browsing experience, analyze site traffic, and deliver relevant content and advertisements.

8.1 Types of Cookies We Use

Cookie Type	Purpose	Duration
Strictly Necessary	Required for the website to function (e.g., login sessions, shopping cart)	Session / Short-term
Analytical / Performance	Collect anonymous data on how users interact with the site (e.g., Google Analytics)	Up to 2 years
Functional	Remember your preferences, language settings, and saved items	Up to 1 year
Marketing / Targeting	Deliver personalized ads and track campaign effectiveness	Up to 1 year

8.2 Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or receive a notification before a cookie is placed. Please note that disabling certain cookies may impact the functionality of our website.

For more detailed information about the cookies we use, please refer to our full Cookie Policy available on our website. You may also opt out of certain tracking by visiting the Network Advertising Initiative Opt-Out page or Digital Advertising Alliance Opt-Out.

9. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Data Category	Retention Period
Account information	Duration of account + 3 years after account closure
Order and transaction records	7 years (for tax and accounting compliance)
Payment information	As required by PCI-DSS standards (typically up to 1 year)
Marketing preferences and consent records	Until you withdraw consent + 2 years
Customer support communications	3 years from last interaction
Website usage and analytics data	Up to 26 months
Cookies and tracking data	Per cookie type (see Section 8)

When personal information is no longer needed, we will securely delete, anonymize, or aggregate it in a manner that prevents re-identification.

10. Children's Privacy

Age Requirement: Our services are intended for individuals who are 18 years of age or older.

Our website and services are not directed to children under the age of 18. We do not knowingly collect, use, or disclose personal information from individuals under 18 years of age. If you are under 18, please do not use our services or submit any personal information to us.

If we become aware that we have inadvertently collected personal information from a child under the age of 18, we will take prompt steps to delete such information from our records. If you believe we may have collected information from a minor, please contact us immediately at [email protected].

We comply with the Children's Online Privacy Protection Act (COPPA), which restricts the collection of personal information from children under 13. If we discover that personal information from a child under 13 has been collected without verifiable parental consent, we will delete it immediately.

11. International Data Transfers

Costa Vida is based in the United States, and your personal information is primarily stored and processed within the United States. If you access our services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country of residence.

By using our services, you consent to the transfer of your personal information to the United States in accordance with this Privacy Policy. We take appropriate safeguards to ensure that your personal information remains protected in accordance with this policy, including:

Entering into data transfer agreements with international service providers where applicable
Ensuring that any international partners maintain equivalent data protection standards
Implementing technical and organizational measures to secure data in transit and at rest

12. Third-Party Links and Services

Our website may contain links to third-party websites, social media platforms, or embedded content (such as maps or payment portals). These third-party services have their own independent privacy policies, and we have no control over their data collection practices. We encourage you to review the privacy policies of any third-party websites you visit.

Our inclusion of a link to a third-party website does not imply endorsement of that site's privacy practices or any association with its operators.

13. How to File a Privacy Complaint

If you have concerns about how we handle your personal information, we encourage you to first contact us directly so we can attempt to resolve your concern:

Email: [email protected]
Website: costavida-meal.digital

We will acknowledge your complaint within 5 business days and aim to resolve all privacy complaints within 30 days of receipt.

13.1 Regulatory Complaints

If you are not satisfied with our response, or if you believe your privacy rights have been violated, you may file a complaint with the appropriate regulatory authority:

Federal Trade Commission (FTC): The FTC enforces consumer protection laws, including privacy-related violations under the FTC Act. You may file a complaint at reportfraud.ftc.gov or call 1-877-FTC-HELP (1-877-382-4357).
California Privacy Protection Agency (CPPA): California residents may file a complaint regarding CCPA/CPRA violations with the California Privacy Protection Agency at cppa.ca.gov.
State Attorney General Offices: Residents of other states may contact their state's Attorney General office for privacy-related complaints and enforcement actions.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to reach out to us:

Company	Costa Vida
Email	[email protected]
Website	costavida-meal.digital
Country	United States

We are committed to working with you to resolve any privacy concerns promptly and effectively. When contacting us about a privacy request, please include your name, contact information, a clear description of your request or concern, and any relevant account details (such as the email address associated with your account) to help us process your inquiry efficiently.

15. Changes to This Privacy Policy

We reserve the right to update, modify, or replace this Privacy Policy at any time to reflect changes in our practices, legal requirements, or business operations. When we make material changes to this policy, we will:

Update the "Last Updated" date at the top of this page
Post the revised policy on our website at costavida-meal.digital
Send an email notification to registered users where required by law or where the changes significantly affect your rights

Your continued use of our website and services following the posting of any changes constitutes your acceptance of those changes. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Summary: Costa Vida is committed to protecting your personal information. We collect only what is necessary to provide our food services, use it transparently for legitimate purposes, and give you meaningful control over your data. If you have any questions or concerns, please contact us at [email protected].