Privacy Policy

Effective Date: April 7, 2026 | Last Updated: April 7, 2026

Important Notice: This Privacy Policy describes how Costa Vida ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you visit our website at costas-vida.click, use our online ordering services, or otherwise interact with us. Please read this policy carefully before using our services. By accessing or using our website, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.

1. About Us

Costa Vida is a food service business operating in the United States. We are committed to protecting the privacy and personal information of our customers, website visitors, and all individuals who interact with our digital platforms. We understand that your privacy matters, and we take our responsibilities under applicable federal and state privacy laws seriously.

Our contact details for all privacy-related inquiries are as follows:

Company Name	Costa Vida
Website	costas-vida.click
Email Address	[email protected]
Country of Operation	United States

2. Scope of This Privacy Policy

This Privacy Policy applies to all personal information collected through:

Our website located at costas-vida.click and any associated subdomains;
Online food ordering platforms, delivery portals, and digital menus operated by Costa Vida;
Email communications, newsletters, promotional campaigns, and loyalty programs;
Customer service interactions, whether conducted by phone, email, or online chat;
In-person interactions at our food service locations where digital data collection tools are used;
Mobile applications, if any, associated with the Costa Vida brand;
Social media pages and accounts managed by Costa Vida.

This policy does not apply to third-party websites, applications, or services that may be linked from our website. We encourage you to review the privacy policies of those third parties independently before providing them with any personal information.

3. Information We Collect

We collect various categories of personal information depending on how you interact with our services. Below is a comprehensive breakdown of the types of data we may collect:

3.1 Personal Identification Information

When you create an account, place an order, sign up for our loyalty program, or contact us, we may collect:

Full name;
Email address;
Phone number;
Mailing and delivery address (including city, state, and ZIP code);
Date of birth (where required for age verification or loyalty programs);
Username and password for online accounts;
Profile picture or avatar, if voluntarily submitted.

3.2 Financial and Transaction Information

When you place an order or make a payment through our website or affiliated platforms, we may collect:

Payment card details (processed and encrypted through PCI-DSS compliant payment processors — we do not store full card numbers on our servers);
Billing address;
Transaction history, order details, and purchase records;
Promotional codes, gift card numbers, and loyalty point balances.

3.3 Usage Data and Online Activity

When you visit our website, we automatically collect certain technical and behavioral data, including:

IP address;
Browser type and version;
Operating system;
Referring URLs (the page you visited before reaching our website);
Pages viewed, time spent on each page, and navigation paths;
Search queries entered on our website;
Date and time of your visit;
Clicks, interactions, and scroll depth on our pages.

3.4 Device Information

We may collect information about the device you use to access our website, including:

Device type (desktop, mobile, tablet);
Device identifiers and advertising identifiers;
Mobile network information;
Screen resolution and hardware configuration;
Installed fonts and plugins (as part of analytics tools).

3.5 Location Data

With your permission, we may collect geolocation data to help you find the nearest Costa Vida location or to facilitate delivery services. You may disable location services at any time through your browser or device settings. We may also derive approximate location information from your IP address.

3.6 Communications and Customer Support Data

When you contact us via email, contact forms, or customer service channels, we collect:

The content of your messages and inquiries;
Feedback, complaints, and reviews you submit;
Records of correspondence and support tickets.

3.7 Marketing and Preference Data

If you subscribe to our marketing communications or participate in surveys and promotions, we collect:

Marketing preferences and opt-in/opt-out records;
Survey responses and feedback;
Promotional engagement data (email open rates, click-through rates).

3.8 Cookie and Tracking Data

We use cookies and similar tracking technologies to collect data about your interactions with our website. Please refer to Section 9 of this policy for detailed information about our cookie practices.

4. How We Use Your Information

We use the personal information we collect for the following purposes:

4.1 Service Provision and Order Fulfillment

Processing and fulfilling your food orders, whether for pickup, dine-in, or delivery;
Creating and managing your online account;
Sending order confirmation, receipts, and status updates;
Facilitating payment processing through secure third-party processors;
Managing loyalty programs and reward points;
Responding to your inquiries, complaints, and customer service requests.

4.2 Personalization and User Experience

Personalizing your website experience based on your past orders and preferences;
Recommending menu items based on your order history;
Saving your preferences for future visits;
Tailoring our content and offers to your interests.

4.3 Marketing and Communications

Sending promotional emails, newsletters, and special offers (only with your consent where required by law);
Notifying you about new menu items, seasonal specials, and events;
Conducting contests, sweepstakes, and promotions;
Sending personalized marketing based on your preferences and behavior, in compliance with applicable laws including the CAN-SPAM Act.

4.4 Analytics and Service Improvement

Analyzing website traffic patterns and user behavior to improve our digital platforms;
Conducting market research and customer satisfaction surveys;
Identifying technical issues and optimizing website performance;
Developing new products, services, and menu offerings based on aggregate customer data.

4.5 Legal Compliance and Security

Complying with applicable federal and state laws, including the Federal Trade Commission (FTC) Act, California Consumer Privacy Act (CCPA/CPRA), and other relevant regulations;
Detecting, preventing, and investigating fraudulent transactions and unauthorized activity;
Enforcing our Terms of Service and other legal agreements;
Responding to lawful requests from law enforcement, regulatory authorities, and courts;
Protecting the rights, property, and safety of Costa Vida, our customers, and the public.

5. Legal Bases for Processing

We process your personal information on the following legal grounds:

Contractual Necessity: Processing required to fulfill your orders, manage your account, and deliver our services;
Legitimate Interests: Processing necessary for fraud prevention, security, analytics, and business operations, balanced against your privacy rights;
Consent: Where you have given explicit consent, such as for marketing emails or the use of non-essential cookies;
Legal Obligation: Processing required to comply with applicable federal and state laws and regulations.

6. Sharing Your Information with Third Parties

We do not sell your personal information for monetary consideration. However, we may share your data with trusted third parties under the following circumstances:

6.1 Service Providers and Business Partners

We engage third-party service providers who assist us in operating our business and delivering our services. These providers are authorized to use your data only as necessary to perform services on our behalf and are contractually bound to protect your information. Categories of service providers include:

Payment processors (e.g., for secure credit/debit card transactions);
Food delivery platform partners;
Email marketing and CRM platforms;
Website hosting and cloud infrastructure providers;
Analytics and data intelligence providers (e.g., Google Analytics);
Customer support software providers;
Fraud detection and cybersecurity services.

6.2 Legal Requirements and Law Enforcement

We may disclose your personal information if we believe in good faith that such disclosure is necessary to:

Comply with a legal obligation, court order, subpoena, or governmental request;
Enforce our Terms of Service or other agreements;
Protect the rights, property, or safety of Costa Vida, our users, or the public;
Investigate suspected or actual fraud, illegal activity, or security incidents.

6.3 Business Transfers

In the event of a merger, acquisition, sale of assets, financing, restructuring, or other business transition, your personal information may be transferred to the acquiring or successor entity. We will notify you by email and/or a prominent notice on our website prior to any such transfer, and you will have the opportunity to exercise your rights as described in this policy.

6.4 Aggregate and De-Identified Data

We may share aggregate, anonymized, or de-identified data with partners, advertisers, and research organizations. This data does not identify any individual and is used for industry analysis, marketing research, and service improvement purposes.

6.5 California-Specific Disclosures (CCPA/CPRA)

If you are a California resident, please note that under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), you have specific rights regarding the disclosure and sale of your personal information. Costa Vida does not sell personal information as defined under the CCPA. However, we may share certain data with advertising partners in ways that may constitute "sharing" under California law for cross-context behavioral advertising purposes. You have the right to opt out of such sharing. Please see Section 10 for your full rights as a California consumer.

7. Data Security

Costa Vida takes the security of your personal information seriously and implements a range of technical, administrative, and physical safeguards to protect your data from unauthorized access, disclosure, alteration, and destruction. Our security measures include:

SSL/TLS Encryption: All data transmitted between your browser and our website is encrypted using industry-standard Secure Socket Layer (SSL) and Transport Layer Security (TLS) protocols;
PCI-DSS Compliance: Payment card data is processed through processors that comply with Payment Card Industry Data Security Standards;
Access Controls: Access to personal data is restricted to authorized personnel with a legitimate business need, and is protected by multi-factor authentication where applicable;
Data Minimization: We collect only the data necessary for the purposes described in this policy;
Regular Security Audits: We conduct periodic vulnerability assessments and security reviews of our systems;
Incident Response: We maintain a data breach response plan and will notify affected individuals and relevant authorities as required by applicable law in the event of a security incident;
Employee Training: Our staff receive regular privacy and data security training.

Please Note: While we take all reasonable precautions to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data, and you transmit information to us at your own risk.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Our general retention guidelines are as follows:

Data Category	Retention Period
Account and registration information	Duration of account plus 3 years after closure
Order and transaction records	7 years (for tax and accounting compliance)
Marketing and communication preferences	Until opt-out or 3 years of inactivity
Customer support records	3 years from last interaction
Website usage and analytics data	26 months (anonymized after 13 months)
Cookie and tracking data	Varies by cookie type (see Section 9)
Legal compliance and fraud prevention records	As required by applicable law (up to 10 years)

When personal data is no longer required, we securely delete or anonymize it in accordance with our data destruction policies. You may request early deletion of your data subject to the limitations described in Section 10.

9. Cookies and Tracking Technologies

Our website uses cookies, web beacons, pixel tags, and similar tracking technologies to enhance your browsing experience, analyze website performance, and deliver relevant content and advertisements.

9.1 Types of Cookies We Use

Strictly Necessary Cookies: Essential for the operation of our website, including session management, shopping cart functionality, and security features. These cookies cannot be disabled without affecting core website functions.
Performance and Analytics Cookies: Collect anonymized information about how visitors use our website, including pages visited, time spent, and error messages. We use tools such as Google Analytics for this purpose.
Functional Cookies: Remember your preferences, such as language settings, saved addresses, and dietary preferences, to provide a more personalized experience.
Marketing and Advertising Cookies: Used to deliver targeted advertisements and promotional content based on your browsing history and interests. These may be placed by us or third-party advertising partners.

9.2 Managing Your Cookie Preferences

You can manage your cookie preferences through our cookie consent banner displayed when you first visit our website. You may also control cookies through your browser settings; however, disabling certain cookies may impact the functionality of our website. For more detailed information about the specific cookies we use and how to opt out, please refer to our dedicated Cookie Policy.

Additionally, you may opt out of interest-based advertising from participating companies by visiting the Digital Advertising Alliance (DAA) opt-out page or the Network Advertising Initiative (NAI) opt-out page.

10. Your Privacy Rights

Depending on your location and applicable law, you may have the following rights with respect to your personal information. We are committed to honoring these rights in a timely and transparent manner.

10.1 Rights Available to All Users

Right to Access: You have the right to request a copy of the personal information we hold about you;
Right to Correction: You have the right to request that we correct any inaccurate or incomplete personal information;
Right to Deletion: You have the right to request that we delete your personal information, subject to certain legal exceptions;
Right to Withdraw Consent: Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing;
Right to Opt Out of Marketing: You may unsubscribe from marketing communications at any time by clicking the "Unsubscribe" link in our emails or by contacting us at [email protected].

10.2 Additional Rights for California Residents (CCPA/CPRA)

If you are a resident of California, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) provides you with the following additional rights:

Right to Know: The right to know what categories of personal information we collect, use, disclose, and retain, and for what purposes;
Right to Data Portability: The right to receive your personal information in a structured, commonly used, and machine-readable format;
Right to Opt Out of Sale/Sharing: The right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising. To exercise this right, click the "Do Not Sell or Share My Personal Information" link on our website footer;
Right to Limit Use of Sensitive Personal Information: The right to limit our use of sensitive personal information to purposes reasonably necessary to provide our services;
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you services, charge different prices, or provide a different quality of service based solely on the exercise of your privacy rights.

To submit a verifiable consumer request under the CCPA/CPRA, please contact us at [email protected] with the subject line "California Privacy Rights Request." We will respond within 45 days of receiving your request, and may extend this period by an additional 45 days where necessary upon prior notice.

10.3 How to Exercise Your Rights

To exercise any of the privacy rights described in this section, you may:

Email us at: [email protected]
Visit our website at: costas-vida.click

We may need to verify your identity before processing your request to ensure that we do not disclose or delete information at the request of an unauthorized party. Verification may require you to provide certain account details or identification information. Authorized agents may submit requests on your behalf, provided they submit written authorization or a power of attorney, and you have verified your identity directly with us.

11. Children's Privacy

Age Restriction: Our website and services are not directed to individuals under the age of 18. We do not knowingly collect, use, or disclose personal information from children under 18 years of age.

If you are under 18 years of age, please do not use our website, create an account, or provide any personal information. If we become aware that we have inadvertently collected personal information from a person under 18, we will take immediate steps to delete that information from our records.

Parents and legal guardians who believe that their child under the age of 18 may have provided personal information to Costa Vida are encouraged to contact us immediately at [email protected] so that we can take appropriate action.

Our practices are consistent with the Children's Online Privacy Protection Act (COPPA), which restricts the collection of personal information from children under 13, as well as applicable state laws governing the privacy of minors.

12. International Data Transfers

Costa Vida is based in the United States, and our website and servers are primarily located in the United States. If you access our services from outside the United States, please be aware that your personal information will be transferred to, stored, and processed in the United States.

The United States may not have the same level of data protection laws as your home country. By using our services and providing us with your personal information, you acknowledge and consent to the transfer, processing, and storage of your information in the United States in accordance with this Privacy Policy.

Where we transfer data internationally to service providers, we take steps to ensure that appropriate safeguards are in place, including the use of contractual protections that require service providers to maintain equivalent standards of data protection.

13. Third-Party Links and Services

Our website may contain links to third-party websites, social media platforms, delivery services, and other external services. These third parties have their own privacy policies, and we have no control over or responsibility for their privacy practices. We encourage you to review the privacy policies of any third-party websites you visit through links on our site.

Our inclusion of a link to a third-party website does not constitute an endorsement of that website or its privacy practices. Costa Vida is not responsible for the content, privacy practices, or data handling of any third-party websites or services.

14. Applicable Laws and Regulatory Framework

Costa Vida's privacy practices are governed by and comply with the following federal and state laws, among others:

Federal Trade Commission (FTC) Act: Governing unfair or deceptive acts or practices in commerce, including privacy and data security;
CAN-SPAM Act: Governing commercial email communications and providing recipients with the right to opt out of marketing emails;
Children's Online Privacy Protection Act (COPPA): Restricting online collection of personal information from children under 13;
California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA): Providing California residents with comprehensive privacy rights regarding their personal information;
California Online Privacy Protection Act (CalOPPA): Requiring operators of commercial websites to post a privacy policy;
Payment Card Industry Data Security Standards (PCI-DSS): Governing the handling of credit and debit card information;
Other applicable state privacy laws that may apply depending on your state of residence.

15. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our data practices, legal requirements, or business operations. When we make material changes to this policy, we will:

Post the updated policy on this page with a revised "Last Updated" date;
Send an email notification to registered users where required by law or where we deem appropriate;
Display a prominent notice on our website home page for a reasonable period following the update.

Your continued use of our website and services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically to stay informed about how we protect your information.

16. How to File a Complaint

If you have concerns about how we handle your personal information and you are not satisfied with our response, you have the right to file a complaint with the appropriate regulatory authority.

16.1 Contacting Costa Vida First

We encourage you to contact us directly in the first instance so that we may address your concerns promptly:

Email: [email protected]
Website: costas-vida.click

We will acknowledge your complaint within 5 business days and aim to provide a full response within 30 days.

16.2 Filing a Complaint with Regulatory Authorities

If you are not satisfied with our response, or if you believe we are processing your data unlawfully, you may file a complaint with the relevant data protection or consumer protection authority:

Federal Trade Commission (FTC): You may file a complaint with the FTC at ftc.gov/complaint regarding unfair or deceptive practices related to privacy and data security.
California Residents: You may file a complaint with the California Privacy Protection Agency (CPPA) at cppa.ca.gov, the state agency responsible for enforcing the CCPA/CPRA.
State Attorneys General: Residents of any U.S. state may contact their state Attorney General's office regarding consumer protection and privacy violations. Contact information for your state's Attorney General can be found at naag.org.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us. We are committed to responding to all privacy inquiries in a timely and thorough manner.

Company	Costa Vida
Email	[email protected]
Website	costas-vida.click

Last Updated: This Privacy Policy was last reviewed and updated on April 7, 2026. By continuing to use our website and services after this date, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.