Privacy Policy

Welcome to Costa Vida. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website costaxvida.rest, place orders, interact with our services, or engage with us in any capacity. Please read this policy carefully. If you disagree with its terms, please discontinue use of our website and services.

This Privacy Policy applies to all information collected through our website (costaxvida.rest), our online ordering platform, mobile applications, in-store interactions, promotional activities, and any related services, sales, marketing, or events (collectively referred to as the "Services").

1. About Us

Costa Vida is a food service business operating in the United States. We are dedicated to delivering fresh, high-quality food experiences to our customers. For all privacy-related matters, you may contact us using the details provided below:

Company Name Costa Vida
Website costaxvida.rest
Email [email protected]

2. Information We Collect

We collect various types of information in connection with your use of our Services. The categories of information we collect include, but are not limited to, the following:

2.1 Personal Information You Provide to Us

When you voluntarily provide information to us — such as when you register for an account, place a food order, sign up for our loyalty program, contact our customer support, participate in promotions or surveys, or subscribe to our newsletter — we may collect:

  • Identity Information: First name, last name, username, or similar identifiers.
  • Contact Information: Email address, mailing address, billing address, telephone number.
  • Account Credentials: Password or security question answers used to establish and protect your account.
  • Payment Information: Credit or debit card numbers, billing details, and transaction history. Note: Full payment card data is processed by our secure third-party payment processors and is not stored directly on our servers.
  • Order Information: Meal preferences, special dietary requests, order history, and delivery instructions.
  • Loyalty Program Data: Points balances, rewards history, and participation records.
  • Communications: Content of emails, messages, feedback forms, or reviews you submit to us.
  • Marketing Preferences: Your choices regarding receipt of marketing communications from us.

2.2 Information Collected Automatically

When you access our website or use our digital Services, we automatically collect certain technical and usage data, including:

  • Device Information: Hardware model, operating system and version, unique device identifiers, mobile network information, and browser type and version.
  • Log Data: IP address, browser type, referring/exit pages, pages viewed, date and time stamps, and clickstream data.
  • Usage Data: Information about how you interact with our website, including pages visited, time spent on pages, links clicked, and features used.
  • Location Data: General geographic location based on IP address; more precise location data only if you grant permission through your device settings.
  • Cookie Data: Data collected through cookies, web beacons, pixels, and similar tracking technologies (see Section 8 for details).

2.3 Information Collected from Third Parties

We may also receive information about you from third-party sources, such as:

  • Social media platforms (e.g., Facebook, Instagram) if you interact with our social media pages or log in using a social media account.
  • Third-party delivery partners or aggregators through which you place orders.
  • Analytics and advertising partners who provide us with aggregated audience insights.
  • Public databases and background check services, where applicable and permitted by law.

3. How We Use Your Information

We use the personal information we collect for a variety of legitimate business purposes, including:

3.1 Service Provision and Order Fulfillment

  • To process and fulfill your food orders, including coordinating with kitchen staff, delivery partners, and payment processors.
  • To create and manage your user account.
  • To administer our loyalty and rewards program.
  • To send you order confirmations, receipts, and status updates.
  • To respond to your inquiries, complaints, and customer support requests.

3.2 Analytics and Service Improvement

  • To monitor and analyze usage trends, website performance, and user behavior in order to improve our Services.
  • To conduct research and development, test new features, and optimize user experience.
  • To generate aggregated, anonymized statistical data for internal business reporting.
  • To diagnose technical issues and maintain the security and functionality of our platforms.

3.3 Marketing and Communications

  • To send you promotional emails, special offers, newsletters, and information about new menu items or events, where you have provided consent or where permitted by applicable law.
  • To personalize your experience and deliver content and product offerings relevant to your interests.
  • To display targeted advertisements on our website and on third-party websites through our advertising partners.
  • To run contests, sweepstakes, or promotions and notify winners.

3.4 Legal and Compliance Purposes

  • To comply with applicable federal, state, and local laws and regulations.
  • To enforce our Terms of Service and other agreements.
  • To protect our rights, property, and the safety of our customers, employees, and the public.
  • To detect, investigate, and prevent fraudulent transactions and other illegal activities.
  • To respond to lawful requests from public authorities, including law enforcement and regulatory agencies.

4. Sharing Your Information with Third Parties

We do not sell your personal information for monetary consideration. However, we may share your information with certain third parties under the following circumstances:

4.1 Service Providers

We engage trusted third-party vendors and service providers who perform functions on our behalf, including:

  • Payment processing companies (e.g., Stripe, Square, or similar providers).
  • Cloud hosting and data storage providers.
  • Email marketing and communication platforms.
  • Delivery logistics and courier services.
  • Analytics and web performance tools (e.g., Google Analytics).
  • Customer relationship management (CRM) software providers.
  • Cybersecurity and fraud detection firms.

These service providers are contractually obligated to use your information only for the purposes for which it was shared, to maintain appropriate security measures, and to comply with applicable privacy laws.

4.2 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your personal information may be transferred to a successor or affiliate entity as part of that transaction. We will notify you via email and/or a prominent notice on our website if your data becomes subject to a different privacy policy as a result of such a transaction.

4.3 Legal Requirements

We may disclose your information to government authorities, courts, law enforcement agencies, or other authorized parties when we believe disclosure is necessary to:

  • Comply with a legal obligation, subpoena, court order, or governmental request.
  • Enforce our Terms of Service or protect our legal rights.
  • Prevent or investigate possible wrongdoing in connection with our Services.
  • Protect the personal safety of users of our Services or the public.

4.4 With Your Consent

We may share your information with other third parties when you have given us explicit consent to do so, such as when you opt in to co-branded promotions or partner offers.

5. Your Privacy Rights

Depending on your state of residence within the United States, you may have specific legal rights regarding your personal information. We respect and honor these rights as described below.

5.1 Rights Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)

If you are a resident of California, you have the following rights under the CCPA/CPRA:

  • Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the purposes for collection, and the categories of third parties with whom we share your information.
  • Right to Delete: You have the right to request the deletion of personal information we have collected from you, subject to certain exceptions permitted by law.
  • Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you.
  • Right to Opt-Out of Sale or Sharing: While we do not sell personal information for money, if we engage in "sharing" personal information for cross-context behavioral advertising, you have the right to opt out.
  • Right to Limit Use of Sensitive Personal Information: You have the right to limit the use and disclosure of sensitive personal information to only that which is necessary to perform the services you request.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge you different prices, or provide a different level of quality of services because you exercised your rights.

To exercise your California privacy rights, please contact us at [email protected]. We will respond to verified consumer requests within 45 days, with a possible extension of an additional 45 days when reasonably necessary.

5.2 Rights Available to All U.S. Residents

Regardless of your state of residence, we offer the following rights to all users of our Services:

  • Right to Access: You may request a copy of the personal information we hold about you by contacting us at the email address below.
  • Right to Correction: You may request that we update or correct inaccurate or incomplete personal information. You may also update much of your information directly through your account settings.
  • Right to Deletion: You may request that we delete your personal information, subject to our need to retain certain data for legal, safety, or business purposes.
  • Right to Data Portability: You may request a machine-readable copy of the personal information you have provided to us, to the extent technically feasible.
  • Right to Withdraw Consent: Where we process your personal information based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  • Right to Opt-Out of Marketing: You may opt out of receiving promotional communications from us at any time by clicking the "unsubscribe" link in any marketing email or by contacting us directly.

5.3 How to Submit a Privacy Request

To exercise any of the rights described above, please submit a written request to:

Privacy Request Contact
Costa Vida
Email: [email protected]
Website: costaxvida.rest

We may need to verify your identity before processing your request. Verification may require you to provide identifying information such as your name, email address, or account details. We will not fulfill requests from individuals who cannot be verified. You may also designate an authorized agent to make requests on your behalf, provided appropriate authorization is established.

6. Data Security

We take the security of your personal information seriously and implement a range of administrative, technical, and physical safeguards designed to protect your data from unauthorized access, disclosure, alteration, or destruction.

Our security measures include, but are not limited to:

  • Secure Socket Layer (SSL) / Transport Layer Security (TLS) encryption for data transmitted between your browser and our servers.
  • Encrypted storage of sensitive information such as passwords (using industry-standard hashing algorithms).
  • Access controls that limit employee access to personal information on a need-to-know basis.
  • Regular security assessments and vulnerability testing of our digital infrastructure.
  • Firewalls, intrusion detection systems, and anti-malware protections.
  • Employee training on data privacy and security best practices.
  • Contractual data processing agreements with all third-party service providers.

Despite our best efforts, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security of your information. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and relevant authorities as required by applicable law, including the requirements of the FTC Act and applicable state breach notification statutes.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including to comply with legal, accounting, or reporting obligations, resolve disputes, and enforce our agreements. Our general retention practices are as follows:

Data Category Retention Period
Account and registration data Duration of account activity + 3 years after account closure
Order and transaction records 7 years (for tax and legal compliance purposes)
Marketing preferences and communications Until you opt out, plus 1 year
Customer support communications 3 years from date of last interaction
Website usage and analytics data Up to 26 months (anonymized after 13 months where possible)
Cookie and tracking data Varies by cookie type (see Cookie Policy)
Fraud prevention and security logs Up to 5 years

When personal information is no longer required, we will securely delete, anonymize, or aggregate it in accordance with applicable laws and our internal data management policies.

8. Cookie Policy

Our website uses cookies and similar tracking technologies to enhance your experience, analyze traffic, and support our marketing efforts. A cookie is a small text file placed on your device when you visit a website. We use the following categories of cookies:

  • Strictly Necessary Cookies: Essential for the operation of our website, enabling features such as secure login, shopping cart functionality, and session management. These cannot be disabled.
  • Performance and Analytics Cookies: Help us understand how visitors interact with our website by collecting anonymous usage data. This includes tools such as Google Analytics.
  • Functionality Cookies: Remember your preferences and settings (e.g., language, location, saved orders) to enhance your experience.
  • Targeting and Advertising Cookies: Used to deliver relevant advertisements and track the effectiveness of marketing campaigns, both on our website and on third-party platforms.

You may control cookie settings through your browser preferences or through our cookie consent tool available on our website. Please note that disabling certain cookies may affect the functionality of our Services.

For more detailed information about the specific cookies we use, their duration, and how to manage them, please refer to our full Cookie Policy page.

9. Children's Privacy

Our Services are intended for individuals who are 18 years of age or older. We do not knowingly collect personal information from children under the age of 13, and we do not direct our Services to minors.

In compliance with the Children's Online Privacy Protection Act (COPPA), if we become aware that we have inadvertently collected personal information from a child under the age of 13 without verifiable parental consent, we will take prompt steps to delete such information from our systems.

If you are a parent or guardian and you believe your child has provided us with personal information, please contact us immediately at [email protected]. We will investigate and take appropriate action.

Individuals between the ages of 13 and 17 should not use our Services without the direct supervision and consent of a parent or legal guardian. By using our Services, you represent and warrant that you are at least 18 years of age.

10. International Data Transfers

Costa Vida is based in the United States, and our Services are primarily directed at users located within the United States. All data we collect is processed and stored on servers located within the United States.

If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where privacy laws may differ from those in your jurisdiction. By using our Services, you consent to the transfer of your information to the United States.

We take appropriate contractual and technical measures to ensure that any international transfers of personal data are conducted in accordance with applicable legal requirements and that adequate levels of data protection are maintained.

11. Third-Party Websites and Links

Our website may contain links to third-party websites, social media platforms, delivery partner portals, or other online services that are not operated or controlled by Costa Vida. This Privacy Policy does not apply to those third-party websites.

We strongly encourage you to review the privacy policies of any third-party websites you visit. We have no control over and assume no responsibility for the content, privacy practices, or policies of any third-party sites or services.

The inclusion of a link to a third-party website does not constitute an endorsement or recommendation of that website by Costa Vida.

12. Do Not Track (DNT) Signals

Some web browsers offer a "Do Not Track" (DNT) feature that signals to websites that you do not wish to be tracked. Because there is currently no universally accepted standard for responding to DNT signals, our website does not currently respond to DNT browser signals.

However, you may opt out of interest-based advertising and certain forms of tracking through the tools described in our Cookie Policy and through opt-out mechanisms offered by advertising networks such as the Network Advertising Initiative (NAI) and the Digital Advertising Alliance (DAA).

13. Legal Basis for Processing (FTC Act Compliance)

As a business operating in the United States, Costa Vida processes personal information in a manner consistent with the requirements of the Federal Trade Commission Act (FTC Act), which prohibits unfair or deceptive acts or practices in commerce. Our data practices are designed to be:

  • Transparent: We clearly disclose what information we collect, how we use it, and with whom we share it.
  • Fair: We do not collect or use information in ways that are unjustifiably harmful to consumers.
  • Secure: We maintain reasonable security measures proportionate to the sensitivity of the data we process.

For California residents, we additionally comply with the requirements of the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), as described in Section 5.1 of this Privacy Policy.

We also comply with applicable state consumer protection and privacy laws in the states where we operate, including but not limited to:

  • Virginia Consumer Data Protection Act (VCDPA)
  • Colorado Privacy Act (CPA)
  • Connecticut Data Privacy Act (CTDPA)
  • Texas Data Privacy and Security Act (TDPSA)
  • Florida Digital Bill of Rights (FDBR)

14. How to File a Complaint

If you believe that your privacy rights have been violated or that we have not handled your personal information in accordance with this Privacy Policy or applicable law, we encourage you to contact us first so that we can attempt to resolve the issue.

Please send your complaint to:

Costa Vida — Privacy Complaints
Email: [email protected]
Website: costaxvida.rest

We will acknowledge your complaint within 10 business days and work to resolve it within 30 days. We may request additional information from you in order to properly investigate your concern.

If you are not satisfied with our response, you have the right to escalate your complaint to the relevant data protection or consumer protection authority:

  • Federal Trade Commission (FTC): The FTC handles complaints related to deceptive or unfair business practices and privacy violations. You may file a complaint at reportfraud.ftc.gov or by calling 1-877-FTC-HELP (1-877-382-4357).
  • California Residents — California Privacy Protection Agency (CPPA): If you are a California resident and believe your CCPA/CPRA rights have been violated, you may file a complaint with the California Privacy Protection Agency at cppa.ca.gov or with the California Attorney General's Office at oag.ca.gov/privacy.
  • Other State Residents: Residents of other states may contact their respective state attorney general's office or consumer protection agency for guidance on filing a privacy-related complaint.

15. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, applicable laws, or business operations. When we make material changes, we will notify you by:

  • Posting a revised version of this Privacy Policy on our website at costaxvida.rest.
  • Updating the "Last Updated" date at the top of this page.
  • Sending an email notification to registered users when changes are significant.

Your continued use of our Services after the effective date of any updated Privacy Policy constitutes your acceptance of the revised terms. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

16. Contact Us

If you have any questions, concerns, requests, or comments regarding this Privacy Policy or our data practices, please do not hesitate to contact our Privacy team:

We are committed to working with you to obtain a fair resolution of any privacy concern or complaint. Our privacy team is available to assist you and will respond to all legitimate inquiries in a timely manner.

Thank you for trusting Costa Vida with your personal information. We value your privacy and remain dedicated to handling your data with the highest level of care, transparency, and responsibility.