Privacy Policy

Effective Date: April 26, 2026  |  Last Updated: April 26, 2026

This Privacy Policy describes how Costa Vida ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you visit our website at costvida.digital, use our online ordering services, interact with our mobile applications, or otherwise engage with us as a food service provider. We are committed to protecting your privacy and handling your personal data in a transparent, lawful, and responsible manner.

Please read this Privacy Policy carefully. By accessing or using our website, placing an order, or otherwise interacting with our digital platforms, you acknowledge that you have read, understood, and agree to the practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not use our services.

1. About Costa Vida

Costa Vida is a food service business operating in the United States. We provide fresh, high-quality food products and dining experiences to our customers. Our digital platforms are designed to enhance your experience by allowing you to browse our menu, place orders, manage your account, and stay informed about our latest offerings and promotions.

Company Name Costa Vida
Website costvida.digital
Email [email protected]

2. Information We Collect

We collect various categories of personal information depending on how you interact with our business, website, and digital services. The types of information we collect include the following:

2.1 Personal Identification Information

When you create an account, place an order, make a reservation, sign up for our loyalty program, or contact us, we may collect:

  • Full name
  • Email address
  • Phone number
  • Mailing or delivery address
  • Date of birth (for promotional purposes or age verification)
  • Username and password (for account holders)
  • Profile photo (if voluntarily provided)

2.2 Payment and Financial Information

When you make a purchase through our platform, we collect payment-related information, which may include:

  • Credit or debit card number (processed securely through third-party payment processors)
  • Billing address
  • Transaction history and order records
  • Gift card information

We do not store complete payment card details on our servers. Payment processing is handled by PCI-DSS-compliant third-party processors.

2.3 Order and Dining Preference Information

To personalize your experience and improve our service, we may collect:

  • Your food order history and preferences
  • Dietary restrictions and allergen preferences
  • Favorite menu items and customizations
  • Feedback, reviews, and ratings you submit
  • Loyalty program activity and reward points

2.4 Usage and Technical Data

When you visit our website or use our mobile application, we automatically collect certain technical information, including:

  • IP address
  • Browser type and version
  • Operating system and device type
  • Pages visited and time spent on each page
  • Referring URLs and exit pages
  • Clickstream data and navigation patterns
  • Search queries entered on our platform
  • Date and time of your visit

2.5 Location Data

With your permission, we may collect your precise or approximate geographic location to:

  • Help you find the nearest Costa Vida location
  • Facilitate delivery services to your address
  • Provide location-relevant promotions and offers

You may disable location services at any time through your device settings, although this may limit certain features of our service.

2.6 Communications Data

If you contact us through email, phone, live chat, or social media, we may retain records of those communications, including:

  • The content of your messages
  • Attachments you provide
  • Contact details you submit
  • Records of issues raised and our responses

2.7 Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about your interactions with our website. This is described in greater detail in Section 8 of this Privacy Policy.

2.8 Information from Third Parties

We may receive information about you from third-party sources, such as:

  • Social media platforms (if you log in or interact with us via social media)
  • Third-party food delivery platforms (e.g., DoorDash, Uber Eats, Grubhub)
  • Analytics and advertising partners
  • Publicly available sources

3. How We Use Your Information

We use the information we collect for a variety of legitimate business purposes, including:

3.1 Service Provision and Order Fulfillment

  • Processing and fulfilling your food orders, including delivery and pickup
  • Managing your account and loyalty program membership
  • Sending order confirmations, receipts, and status updates
  • Facilitating payment processing and preventing fraudulent transactions
  • Providing customer support and resolving disputes or complaints

3.2 Personalization and User Experience

  • Personalizing your experience on our website and app
  • Recommending menu items based on your past orders and preferences
  • Saving your order history and favorite items for convenience
  • Tailoring promotions and offers to your interests

3.3 Marketing and Communications

  • Sending promotional emails, newsletters, and special offers (with your consent where required)
  • Delivering targeted advertisements on our platforms and third-party websites
  • Notifying you about new menu items, seasonal promotions, and loyalty rewards
  • Conducting surveys, contests, and promotional campaigns

You may opt out of marketing communications at any time by clicking "unsubscribe" in any marketing email or by contacting us directly at [email protected].

3.4 Analytics and Business Improvement

  • Analyzing usage patterns to improve our website, app, and menu offerings
  • Monitoring the performance of our digital platforms
  • Conducting research and analysis to better understand customer preferences
  • Testing new features and service enhancements

3.5 Legal Compliance and Safety

  • Complying with applicable federal, state, and local laws and regulations
  • Responding to legal requests, court orders, or government investigations
  • Enforcing our Terms of Service and other agreements
  • Protecting the rights, safety, and property of Costa Vida, our customers, and the public
  • Detecting and preventing fraud, abuse, and security incidents

4. Sharing Your Information with Third Parties

We do not sell, rent, or trade your personal information to unaffiliated third parties for their own marketing purposes. However, we may share your information in the following circumstances:

4.1 Service Providers and Business Partners

We work with carefully selected third-party service providers who assist us in operating our business and delivering our services. These providers may include:

  • Payment processors — to securely handle transactions
  • Delivery partners — to fulfill food delivery orders
  • Cloud hosting providers — to store and manage our data infrastructure
  • Email and SMS marketing platforms — to communicate with customers
  • Analytics providers — to analyze website and app performance
  • Customer support tools — to manage support inquiries
  • Loyalty program administrators — to manage rewards and points

All service providers are contractually obligated to use your information only for the purpose of providing services to us and to maintain appropriate security standards.

4.2 Advertising and Analytics Partners

We may share anonymized or aggregated data with advertising networks and analytics platforms to measure the effectiveness of our campaigns and improve our marketing efforts. We may also use tools like Google Analytics, Meta Pixel, and similar technologies that involve the transfer of certain usage data to these partners.

4.3 Legal Requirements and Law Enforcement

We may disclose your personal information if required to do so by law or in good faith belief that such action is necessary to:

  • Comply with a legal obligation, including subpoenas, court orders, or regulatory requirements
  • Cooperate with law enforcement agencies or government authorities
  • Protect and defend the rights or property of Costa Vida
  • Prevent or investigate potential wrongdoing in connection with our services
  • Protect the personal safety of our customers, staff, or the public

4.4 Business Transfers

In the event of a merger, acquisition, sale of assets, or other corporate restructuring, your personal information may be transferred to the acquiring entity. We will notify you via email or a prominent notice on our website before your information becomes subject to a different privacy policy.

4.5 With Your Consent

We may share your information with other third parties when you have provided explicit consent for us to do so.

5. Data Security

We take the security of your personal information seriously and implement a range of technical, administrative, and physical safeguards to protect it from unauthorized access, disclosure, alteration, or destruction.

5.1 Security Measures We Employ

  • Encryption: We use SSL/TLS encryption to protect data transmitted between your browser and our servers.
  • Access Controls: We restrict access to personal information to authorized employees and contractors who need it to perform their job functions.
  • Password Protection: Account passwords are stored using industry-standard hashing algorithms.
  • PCI-DSS Compliance: Our payment processing systems adhere to Payment Card Industry Data Security Standards.
  • Regular Security Audits: We conduct periodic reviews of our security practices and vulnerability assessments.
  • Incident Response Plan: We maintain a documented plan for responding to data breaches and security incidents.
Important Notice: While we take reasonable precautions to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information.

5.2 Data Breach Notification

In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and, where required by law, the relevant regulatory authorities, without undue delay and in accordance with applicable United States federal and state laws, including state data breach notification statutes.

6. Your Privacy Rights

Depending on your location within the United States, you may have specific rights regarding your personal information. We are committed to honoring these rights and providing you with meaningful control over your data.

6.1 Rights Under California Law (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

Right Description
Right to Know You may request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, the business purposes for collection, and the third parties with whom we share it.
Right to Delete You may request that we delete personal information we have collected from you, subject to certain exceptions.
Right to Correct You may request that we correct inaccurate personal information we maintain about you.
Right to Opt-Out of Sale/Sharing You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising.
Right to Limit Use of Sensitive Information You may request that we limit our use of sensitive personal information to what is necessary to provide the services you request.
Right to Non-Discrimination We will not discriminate against you for exercising any of your CCPA/CPRA rights.
Right to Data Portability You may request a copy of your personal information in a portable, readily usable format.

To exercise your California privacy rights, please contact us using the information provided in Section 12 of this policy. We will respond to verified requests within 45 days, with the possibility of a 45-day extension when reasonably necessary.

6.2 Rights Under Other U.S. State Privacy Laws

Residents of other U.S. states with applicable privacy laws (including but not limited to Virginia, Colorado, Connecticut, Texas, and other states that have enacted comprehensive consumer privacy legislation) may also have similar rights, including:

  • The right to access personal information we hold about you
  • The right to correct inaccurate personal information
  • The right to delete personal information
  • The right to data portability
  • The right to opt out of targeted advertising and the sale of personal data
  • The right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects

6.3 General Rights Available to All Users

Regardless of your location, we offer the following data management options to all users:

  • Access and Update: You may access and update your account information at any time by logging into your account on our website or app.
  • Email Opt-Out: You may unsubscribe from marketing communications at any time.
  • Account Deletion: You may request deletion of your account by contacting us at [email protected].
  • Cookie Preferences: You may manage cookie preferences through your browser settings or our cookie consent tool.

7. Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, to comply with our legal obligations, resolve disputes, and enforce our agreements. The specific retention periods vary depending on the type of data:

Data Category Retention Period
Account information For the duration of your account, plus 3 years after account closure
Order history and transaction records 7 years (for accounting and legal compliance purposes)
Payment information Retained only as required for transaction processing; card details are not stored long-term
Marketing preferences and communication records Until you opt out, plus 2 years thereafter
Website analytics data Up to 26 months from collection
Customer support communications 3 years from the date of last contact
Cookies and tracking data As specified in our Cookie Policy (varies by cookie type)

When personal information is no longer needed, we securely delete or anonymize it in accordance with our data disposal procedures.

8. Cookies and Tracking Technologies

Our website and digital platforms use cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and deliver personalized content and advertisements.

8.1 Types of Cookies We Use

  • Strictly Necessary Cookies: Essential for the website to function properly, such as session management and security features. These cannot be disabled.
  • Performance and Analytics Cookies: Help us understand how visitors interact with our website by collecting anonymous usage data (e.g., Google Analytics).
  • Functional Cookies: Remember your preferences, such as language settings, saved items, or login status, to provide a more personalized experience.
  • Marketing and Advertising Cookies: Used to deliver targeted advertisements based on your browsing behavior and to measure the effectiveness of our marketing campaigns.

8.2 Managing Cookies

You can manage or disable cookies through your web browser settings. Most browsers allow you to refuse or delete cookies. However, disabling certain cookies may impact your ability to use some features of our website. You can also use tools such as:

  • Google Analytics Opt-out Browser Add-on
  • Network Advertising Initiative (NAI) opt-out tools
  • Digital Advertising Alliance (DAA) opt-out tools

For more detailed information about our use of cookies, please refer to our full Cookie Policy, available on our website at costvida.digital.

9. Children's Privacy

Age Restriction: Our services are intended for individuals who are 18 years of age or older. We do not knowingly collect personal information from children under the age of 18.

Costa Vida's website, app, and online ordering services are not directed at children under the age of 18. We do not knowingly collect, use, or disclose personal information from minors. If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at [email protected].

Upon receiving such a request, we will take prompt action to investigate and, if confirmed, delete the child's personal information from our systems. We comply with the Children's Online Privacy Protection Act (COPPA) and applicable state laws regarding children's online privacy.

10. International Data Transfers

Costa Vida is based in the United States, and your personal information is primarily processed and stored on servers located within the United States. If you access our services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country of residence.

In cases where we transfer data internationally (for example, when working with global service providers), we implement appropriate safeguards to ensure that your personal information receives an adequate level of protection. These safeguards may include:

  • Standard contractual clauses approved by applicable authorities
  • Data processing agreements with service providers that include appropriate privacy and security obligations
  • Ensuring that any transfer is to a country that provides an adequate level of data protection

By using our services, you acknowledge that your personal information may be transferred to and processed in the United States and in other jurisdictions where our service providers operate.

11. Consumer Protection and FTC Compliance

Our privacy practices are designed to comply with the Federal Trade Commission Act (FTC Act), which prohibits unfair or deceptive acts or practices in or affecting commerce, including in the context of consumer data privacy. We are committed to:

  • Being transparent about how we collect and use your data
  • Providing you with meaningful choices regarding your personal information
  • Implementing reasonable security measures to protect your data
  • Honoring any privacy commitments and representations we make to you
  • Not engaging in deceptive practices regarding your personal information

We also strive to comply with all applicable federal and state consumer protection laws, including the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and the privacy laws of other states where our customers reside.

12. Contact Information for Privacy Inquiries

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal information, please contact our Privacy Team using any of the following methods:

Costa Vida — Privacy Inquiries

When submitting a privacy-related request, please include the following information to help us verify your identity and process your request efficiently:

  • Your full name
  • The email address associated with your account (if applicable)
  • A description of your request or concern
  • Your state of residence (for state-specific rights requests)

We will acknowledge receipt of your request within 10 business days and endeavor to respond fully within 45 days. In complex cases, we may require up to 90 days total, and we will inform you of any such extension.

12.1 Authorized Agents

California residents may designate an authorized agent to submit privacy rights requests on their behalf. To use an authorized agent, you must provide written authorization to your agent and verify your identity directly with us. We may deny a request from an agent who cannot provide adequate proof of authorization.

13. How to File a Complaint with Data Protection Authorities

If you believe that we have not adequately addressed your privacy concerns or have violated applicable privacy laws, you have the right to file a complaint with the appropriate regulatory authority. In the United States, relevant authorities include:

13.1 Federal Trade Commission (FTC)

The FTC enforces federal consumer protection laws, including privacy-related regulations. You may file a complaint with the FTC at:

  • Website: www.ftc.gov/complaint
  • Phone: 1-877-382-4357
  • Address: Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580

13.2 California Privacy Protection Agency (CPPA)

If you are a California resident and believe your CCPA/CPRA rights have been violated, you may file a complaint with the California Privacy Protection Agency:

13.3 State Attorney General Offices

Residents of other U.S. states with comprehensive privacy laws may file complaints with their respective State Attorney General's office. We encourage you to visit your state government's official website to find the appropriate contact information.

We encourage you to first contact us directly at [email protected] so that we have an opportunity to resolve your concerns before you escalate the matter to a regulatory authority.

14. Third-Party Links and Services

Our website and app may contain links to third-party websites, social media platforms, or services that are not owned or controlled by Costa Vida. This Privacy Policy does not apply to those third-party services, and we are not responsible for the privacy practices of external websites or applications. We encourage you to review the privacy policies of any third-party services you interact with.

Third-party services that may be embedded in or linked from our platform include, but are not limited to:

  • Social media platforms (Facebook, Instagram, Twitter/X, TikTok)
  • Third-party delivery apps (DoorDash, Uber Eats, Grubhub)
  • Mapping services (Google Maps, Apple Maps)
  • Payment gateways (Stripe, PayPal, etc.)

15. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, business operations, legal requirements, or applicable laws. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Post the revised policy on our website at costvida.digital
  • Send a notification to registered users via email or in-app notification (for significant changes)

Your continued use of our website, app, or services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. If you do not agree with the updated terms, you should discontinue use of our services and contact us to request deletion of your personal information.

We recommend that you review this Privacy Policy periodically to stay informed about how we are protecting your information.

Summary of Key Points

  • We collect personal, usage, payment, and location data to provide and improve our food services.
  • We do not sell your personal information to third parties for their marketing purposes.
  • You have rights to access, correct, delete, and obtain a copy of your personal data.
  • California residents have additional rights under CCPA/CPRA.
  • Our services are for individuals 18 years of age and older.
  • You may contact us at [email protected] with any privacy concerns.

This Privacy Policy was last reviewed and updated on April 26, 2026. Costa Vida is committed to your privacy and to maintaining the trust you place in us when you share your personal information.