Privacy Policy

This Privacy Policy describes how Costa Vida ("we," "us," "our," or "the Company") collects, uses, discloses, and safeguards your personal information when you visit our website located at mealcostavida.click (the "Site"), use our online ordering services, interact with our digital platforms, or otherwise engage with us in connection with our food and restaurant services. Please read this policy carefully. By accessing or using our Site and services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.

If you do not agree with the terms of this Privacy Policy, please discontinue your use of our Site and services immediately. We reserve the right to update or amend this Privacy Policy at any time. We will notify you of material changes by posting the updated policy on this page with a revised effective date. Your continued use of the Site following any changes constitutes your acceptance of the revised Privacy Policy.

For questions or concerns about this Privacy Policy or our data practices, you may contact us at: [email protected].

1. About Us

Costa Vida is a food and restaurant business operating in the United States. We provide fresh, made-to-order meals and related food services to our customers, both in-person and through our online digital channels. Our website, mealcostavida.click, allows customers to explore our menu offerings, place orders, participate in loyalty programs, and interact with our brand online.

2. Information We Collect

We collect various categories of personal information depending on how you interact with us. The types of information we collect include, but are not limited to, the following:

2.1 Personal Identification Information

When you create an account, place an order, sign up for our newsletter, participate in a promotion, or otherwise contact us, we may collect personal identification information such as:

• Full name
• Email address
• Phone number
• Mailing address and delivery address
• Date of birth (for age verification or promotional purposes)
• Account username and password (stored in encrypted form)
• Profile preferences and dietary information you voluntarily provide

2.2 Payment and Transaction Information

When you make a purchase through our Site or ordering platform, we collect transaction-related information including:

• Payment card type and last four digits (we do not store full payment card numbers)
• Billing address
• Order history, items purchased, and order amounts
• Transaction identifiers and confirmation numbers

Full payment processing is handled by PCI-DSS-compliant third-party payment processors. We do not retain complete payment card data on our own servers.

2.3 Usage Data and Interaction Data

We automatically collect certain data when you visit and interact with our Site. This information helps us understand how users engage with our services and allows us to improve functionality. Such data includes:

• Pages viewed and features accessed on our Site
• Links clicked and navigation paths taken within the Site
• Time and date of your visit, and duration of your session
• Referring website addresses (how you arrived at our Site)
• Search queries entered on our Site
• Shopping cart activity and abandoned cart data

2.4 Device and Technical Information

We collect information about the device and technology you use to access our Site, including:

• IP address (Internet Protocol address)
• Browser type and version
• Operating system and platform
• Device type (desktop, tablet, mobile)
• Screen resolution and display settings
• Unique device identifiers
• Mobile network information
• Language settings

2.5 Location Data

With your consent, we may collect your precise or approximate geographic location in order to help you find nearby Costa Vida locations, facilitate delivery services, and personalize your experience. You may disable location sharing at any time through your device or browser settings.

2.6 Communications Data

When you contact our customer support team, submit feedback, complete surveys, or participate in promotional contests, we collect the content of those communications along with your contact information and any details you choose to share.

2.7 Cookie and Tracking Technology Data

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about your browsing behavior on our Site. For more details about how we use cookies, please refer to Section 8 of this Privacy Policy.

2.8 Information from Third Parties

We may receive information about you from third-party sources such as social media platforms (if you connect your account or interact with our social media content), advertising partners, analytics providers, and data brokers, subject to their respective privacy policies. We combine this information with data we collect directly from you to improve our services.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Providing and Managing Our Services

• Processing and fulfilling your food orders, both online and in-person
• Creating and managing your customer account
• Processing payments and sending transaction confirmations
• Facilitating delivery and pickup arrangements
• Responding to your inquiries and customer support requests
• Administering loyalty and rewards programs

3.2 Improving Our Services and User Experience

• Analyzing how our Site and services are used to identify areas for improvement
• Conducting internal research and analytics to understand customer preferences
• Testing and developing new features and menu offerings
• Troubleshooting technical issues and maintaining the security of our systems
• Monitoring and preventing fraudulent or unauthorized activity

3.3 Marketing and Communications

• Sending you promotional emails, newsletters, and special offers (with your consent where required)
• Delivering personalized advertisements and recommendations based on your preferences and order history
• Conducting surveys, promotions, contests, and sweepstakes
• Sending service-related notices such as order updates, policy changes, and security alerts
• Retargeting you with relevant advertising on third-party websites and social media platforms

You may opt out of receiving marketing communications at any time by clicking the "unsubscribe" link in any promotional email or by contacting us at [email protected].

3.4 Legal and Compliance Purposes

• Complying with applicable laws, regulations, and legal obligations
• Responding to lawful requests from government authorities or law enforcement
• Enforcing our Terms of Service and other agreements
• Protecting the rights, property, and safety of Costa Vida, our customers, and the public
• Resolving disputes and handling legal claims

4. Legal Basis for Processing (United States)

Our operations are based in the United States, and our data practices are governed by applicable U.S. federal and state privacy laws, including but not limited to:

• The Federal Trade Commission Act (FTC Act) – We comply with the FTC's requirements for fair and transparent data practices, unfair or deceptive trade practices, and reasonable data security measures.
• The California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) – To the extent applicable, we comply with these laws, which provide California residents with specific rights over their personal information. See Section 9 for details on California consumer rights.
• The Children's Online Privacy Protection Act (COPPA) – We do not knowingly collect personal information from children under the age of 13.
• CAN-SPAM Act and the Telephone Consumer Protection Act (TCPA) – We comply with applicable federal laws governing email and phone marketing communications.
• Other applicable state privacy laws including those enacted in Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and other states as applicable.

We process your personal information on the following legal grounds: (a) to fulfill a contract with you or take pre-contractual steps at your request; (b) to comply with our legal obligations; (c) based on your consent, where applicable; and (d) for our legitimate business interests, provided these do not override your fundamental rights and freedoms.

5. Sharing Your Information with Third Parties

We do not sell your personal information to third parties for monetary compensation. However, we may share your information in the following circumstances:

5.1 Service Providers and Business Partners

We work with carefully selected third-party vendors and service providers who assist us in operating our business. These parties may have access to your personal information only to perform specific tasks on our behalf and are contractually obligated to protect it. Such service providers include:

• Payment processors and financial institutions
• Delivery and logistics partners
• Cloud hosting and data storage providers
• Email marketing and communication platforms
• Website analytics providers (e.g., Google Analytics)
• Advertising and retargeting networks
• Customer relationship management (CRM) software providers
• Fraud prevention and identity verification services

5.2 Advertising and Analytics Partners

We may share usage data, device identifiers, and cookie data with advertising networks and analytics companies to help us deliver targeted advertisements and measure the effectiveness of our marketing campaigns. These partners may use such information in accordance with their own privacy policies.

5.3 Social Media Platforms

Our Site may include social media features (e.g., Facebook Like button, Instagram Share). These features may collect your IP address and other data about your interactions with such features. Social media companies operate these features under their own privacy policies.

5.4 Legal Requirements and Law Enforcement

We may disclose your personal information if required to do so by law, court order, or governmental regulation, or if we believe in good faith that such disclosure is necessary to: (a) comply with a legal obligation; (b) protect and defend the rights or property of Costa Vida; (c) prevent or investigate possible wrongdoing in connection with our services; (d) protect the personal safety of users or the public; or (e) protect against legal liability.

5.5 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred to the acquiring entity as part of that transaction. We will notify you via email and/or a prominent notice on our Site of any such change in ownership and advise you of your choices in connection with your personal information.

5.6 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so, for example, when participating in a joint promotion or partner program.

6. Data Security

We take the security of your personal information seriously and have implemented a variety of technical, organizational, and administrative safeguards designed to protect your information from unauthorized access, use, alteration, or disclosure. Our security measures include:

• Encryption: We use Secure Sockets Layer (SSL) / Transport Layer Security (TLS) technology to encrypt data transmitted between your browser and our servers.
• Access Controls: Access to personal information is restricted to authorized personnel who need it to perform their job duties, and is protected by role-based access controls and multi-factor authentication.
• Password Hashing: User passwords are stored using industry-standard one-way hashing algorithms and are never stored in plain text.
• Payment Security: We comply with Payment Card Industry Data Security Standards (PCI-DSS) for the handling of payment information.
• Regular Security Audits: We conduct periodic security assessments, vulnerability scans, and penetration testing to identify and address potential weaknesses in our systems.
• Incident Response: We maintain a data breach response plan to promptly address and notify affected individuals and authorities in the event of a security incident, as required by applicable law.
• Employee Training: Our staff receives regular training on data protection best practices and security awareness.

Despite our best efforts, no method of data transmission over the Internet or electronic storage system is completely secure. We cannot guarantee absolute security of your information. If you believe your information has been compromised, please contact us immediately at [email protected].

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by applicable law. The following retention guidelines apply:

When personal information is no longer needed, we will securely delete or anonymize it in accordance with our data retention procedures. In some cases, we may retain anonymized or aggregated data indefinitely for statistical and research purposes.

8. Cookies and Tracking Technologies

Our Site uses cookies and similar tracking technologies to enhance your browsing experience, analyze Site traffic, and deliver targeted advertising. Cookies are small text files stored on your device when you visit a website.

8.1 Types of Cookies We Use

• Strictly Necessary Cookies: These are essential for the Site to function and cannot be disabled. They include cookies for session management, shopping cart functionality, and security purposes.
• Performance and Analytics Cookies: These help us understand how visitors interact with our Site by collecting information about page visits, time spent, and errors encountered. We use tools such as Google Analytics for this purpose.
• Functionality Cookies: These allow us to remember your preferences, such as language settings, delivery addresses, and menu customizations, to provide a personalized experience.
• Targeting and Advertising Cookies: These track your browsing habits to deliver relevant advertisements across the web, including retargeting ads on social media platforms such as Facebook and Instagram.

8.2 Managing Your Cookie Preferences

You can control and manage cookies through your browser settings. Most browsers allow you to refuse new cookies, disable existing cookies, or receive alerts when new cookies are placed. Please note that disabling certain cookies may affect the functionality of our Site and your ability to use certain features.

You may also opt out of targeted advertising by visiting the Digital Advertising Alliance's opt-out page at optout.aboutads.info or the Network Advertising Initiative at optout.networkadvertising.org.

For more detailed information about our use of cookies and how to manage your preferences, please refer to our Cookie Policy, available on our website.

9. Your Privacy Rights

Depending on your location within the United States, you may have specific rights regarding your personal information. We are committed to honoring these rights in accordance with applicable law.

9.1 Rights for All Users

Regardless of your state of residence, you have the right to:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request that we correct any inaccurate or incomplete personal information we have about you.
• Deletion: Request that we delete your personal information, subject to certain legal exceptions.
• Portability: Request that we provide your personal information in a structured, commonly used, and machine-readable format.
• Opt-Out of Marketing: Opt out of receiving marketing and promotional communications from us at any time.

9.2 California Consumer Rights (CCPA/CPRA)

If you are a resident of California, you have the following additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You have the right to know what personal information we collect about you, how it is used, and with whom it is shared.
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
• Right to Correct: You have the right to request correction of inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale or Sharing: You have the right to opt out of the "sale" or "sharing" of your personal information for cross-context behavioral advertising purposes. We do not sell personal information for monetary compensation, but we may engage in sharing practices that constitute "sharing" under the CPRA.
• Right to Limit Use of Sensitive Personal Information: You have the right to limit our use and disclosure of sensitive personal information to purposes necessary for providing services.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny goods or services, charge different prices, or provide a lower quality of service because you exercised your rights.

To exercise your California privacy rights, please submit a verifiable consumer request to us by email at [email protected] or by visiting our website at mealcostavida.click. We will respond to your request within 45 days, with a possible extension of an additional 45 days where reasonably necessary.

9.3 Rights Under Other State Laws

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), and other states with enacted privacy laws may have similar rights to access, correct, delete, and port their personal data, as well as the right to opt out of targeted advertising and profiling. We honor these rights for residents of all applicable states. To exercise your rights, contact us at [email protected].

9.4 How to Submit a Privacy Rights Request

To exercise any of your privacy rights, you may:

• Email us at: [email protected] with the subject line "Privacy Rights Request"
• Visit our website: mealcostavida.click

We may need to verify your identity before processing your request. We will ask you to provide sufficient information (such as your name, email address, and account information) to confirm your identity. We will not require you to create an account to submit a request, and we will not charge a fee for most requests unless they are excessive or repetitive.

10. Children's Privacy

We are committed to protecting the privacy and safety of children. Our Site and online ordering platform are not directed at children under 18 years of age. We do not knowingly solicit information from, or market to, children under the age of 18.

In compliance with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect personal information from children under the age of 13 without verifiable parental consent. If we become aware that a child under the age of 13 has provided us with personal information, we will take immediate steps to delete such information from our records.

If you are a parent or guardian and believe that your child under the age of 18 has provided us with personal information, please contact us at [email protected] so that we can take appropriate action.

11. International Data Transfers

Costa Vida is a U.S.-based company and our primary data processing activities take place within the United States. However, some of our service providers and business partners may be located in other countries, which means that your personal information may be transferred to, stored, or processed outside of the United States.

When we transfer personal information internationally, we take appropriate steps to ensure that such transfers are made in accordance with applicable law and that your information receives an adequate level of protection. These safeguards may include:

• Using service providers that maintain data security standards comparable to or exceeding our own
• Entering into data processing agreements with appropriate contractual protections
• Relying on recognized legal mechanisms for cross-border data transfers where required by law

Please be aware that data protection laws in other countries may differ from those in the United States. By using our Site and services, you acknowledge and consent to your information being transferred to countries other than your country of residence.

12. Third-Party Links and Services

Our Site may contain links to third-party websites, applications, and services that are not operated by Costa Vida. When you click on such links, you will be directed to those third-party sites. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

We strongly encourage you to review the privacy policy of every website you visit. The inclusion of a link on our Site does not imply our endorsement of that website or its privacy practices.

13. Do Not Track Signals

Some web browsers allow users to transmit "Do Not Track" (DNT) signals to websites they visit. As there is no universal standard for how companies should respond to DNT signals, our Site does not currently alter its data collection and use practices in response to DNT signals. However, you may use the cookie management tools and opt-out mechanisms described in Section 8 of this Privacy Policy to limit tracking of your activity.

14. Automated Decision-Making and Profiling

We may use automated processes to analyze your personal information for certain purposes, including fraud detection, personalized menu recommendations, and loyalty program management. These processes may involve profiling your preferences and behavior based on your order history and Site activity.

We do not make solely automated decisions that produce legal or similarly significant effects about you without human oversight. If you have concerns about automated processing of your data, please contact us at [email protected].

15. How to File a Complaint

If you have concerns about our data practices or believe your privacy rights have been violated, we encourage you to contact us first so that we can address your concerns directly.

15.1 Contact Us

You may file a privacy complaint with us by emailing [email protected] with the subject line "Privacy Complaint." We will acknowledge your complaint within 10 business days and work to resolve it within 45 days.

15.2 File a Complaint with a Regulatory Authority

If you are a California resident and are dissatisfied with our response to your privacy complaint, you may file a complaint with the California Privacy Protection Agency (CPPA) at:

You may also file a complaint with the Federal Trade Commission (FTC) at:

Residents of other states may also have the right to file complaints with their respective state attorney general's offices or designated data protection authorities.

16. Changes to This Privacy Policy

We reserve the right to update, modify, or revise this Privacy Policy at any time. When we make changes, we will post the updated Privacy Policy on this page and update the "Last Updated" date at the top. For significant changes that materially affect your rights, we will provide more prominent notice, such as a banner on our homepage or a notification sent to the email address associated with your account.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the Site and our services after any changes to this Privacy Policy constitutes your acceptance of the updated terms.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to reach out to us through any of the following channels:

We are committed to working with you to resolve any privacy-related concerns and to maintaining the highest standards of data protection in all of our business operations. Thank you for trusting Costa Vida with your personal information.