Privacy Policy
Last Updated: June 24, 2026
1. Introduction and Scope
Welcome to Costa Vida. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy applies to all personal information we collect through our website (costavidagrill.click), mobile applications, in-store interactions, online ordering platforms, loyalty programs, and any other services we provide (collectively, the "Services").
By accessing or using our Services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with this policy, please discontinue your use of our Services immediately.
This Privacy Policy is governed by and complies with applicable United States federal and state privacy laws, including but not limited to:
- The California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA)
- The Federal Trade Commission Act (FTC Act) regarding unfair or deceptive practices
- The Children's Online Privacy Protection Act (COPPA)
- The CAN-SPAM Act for electronic marketing communications
- Applicable state consumer protection statutes
2. About Us — Contact Information
The data controller responsible for your personal information is:
| Company Name | Costa Vida |
|---|---|
| Website | costavidagrill.click |
| Email Address | [email protected] |
| Country of Operation | United States |
For any questions, concerns, or requests related to your privacy or this Privacy Policy, you may contact us at any time using the details provided above. We strive to respond to all privacy-related inquiries within a reasonable timeframe, and no later than thirty (30) days from the date of receipt.
3. Information We Collect
We collect various categories of personal information to operate our business and provide you with the best possible dining and ordering experience. The types of information we collect include:
3.1 Personal Identification Information
When you create an account, place an order, sign up for our loyalty program, or contact us, we may collect:
- Full name (first and last name)
- Email address
- Phone number
- Mailing and billing address
- Date of birth (for promotional purposes and age verification)
- Username and password (for account creation)
- Profile photograph (if voluntarily provided)
3.2 Payment and Financial Information
When you make a purchase or payment through our Services, we collect:
- Credit or debit card information (processed securely by our payment processors)
- Billing address associated with your payment method
- Transaction history and purchase records
- Gift card balances and redemption history
- Digital wallet information (such as Apple Pay or Google Pay, where applicable)
Please Note: We do not store full credit or debit card numbers on our own servers. Payment card data is processed by PCI DSS-compliant third-party payment processors. We retain only truncated card identifiers for record-keeping purposes.
3.3 Order and Transaction Data
In connection with your food orders and dining experiences, we collect:
- Items ordered and menu preferences
- Order history and frequency
- Special dietary requests and customizations
- Delivery address and pickup location preferences
- Catering and group order information
- Loyalty points earned and redeemed
3.4 Usage and Website Data
When you visit our website or use our digital platforms, we automatically collect certain technical information, including:
- IP address and approximate geographic location derived from IP address
- Browser type, version, and language settings
- Operating system and device type (desktop, mobile, tablet)
- Referring website URLs and exit pages
- Pages visited, time spent on each page, and navigation patterns
- Search queries entered on our website
- Date and time of your visit
- Clickstream data and interaction logs
3.5 Device Information
If you access our Services via a mobile device or application, we may collect:
- Mobile device unique identifier (Device ID)
- Mobile operating system and version
- Mobile network information
- Push notification token (if you opt in to push notifications)
- GPS or location data (only with your explicit permission)
- Camera or photo library access (only if you voluntarily upload images)
3.6 Communications Data
When you communicate with us, we collect:
- Content of emails, messages, or chat communications you send to us
- Customer service inquiry records and resolution notes
- Survey responses and feedback submissions
- Social media interactions and mentions (where applicable)
- Reviews and ratings you submit on our platforms
3.7 Cookies and Tracking Technologies
We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about your browsing behavior and preferences. For detailed information about how we use these technologies, please refer to Section 9 (Cookie Usage) of this policy.
3.8 Information from Third Parties
We may receive personal information about you from third-party sources, including:
- Third-party food delivery platforms (such as DoorDash, Uber Eats, or Grubhub) when you place orders through those services
- Social media platforms when you connect your social account to our Services
- Marketing partners and advertising networks
- Analytics providers who enrich our data with demographic insights
- Fraud detection and identity verification services
4. How We Use Your Information
We use the personal information we collect for the following purposes:
4.1 Service Provision and Order Fulfillment
- Processing and fulfilling your food orders, whether for pickup, dine-in, or delivery
- Managing your customer account and loyalty program membership
- Sending order confirmation, status updates, and receipts
- Processing payments and managing billing
- Coordinating catering and special event orders
- Providing customer support and resolving disputes
4.2 Business Operations and Improvement
- Improving our menu offerings based on order patterns and preferences
- Optimizing our website and app functionality and user experience
- Conducting internal research and development
- Performing quality assurance and operational assessments
- Training staff and improving service standards
- Maintaining accurate business records and financial accounting
4.3 Analytics and Performance Monitoring
- Analyzing website traffic and user behavior through analytics tools
- Measuring the effectiveness of our marketing campaigns
- Tracking conversion rates and customer acquisition metrics
- Generating anonymized and aggregated statistical reports
- Identifying trends in customer preferences and dining habits
4.4 Marketing and Promotional Communications
- Sending promotional emails, newsletters, and special offers (with your consent where required)
- Personalizing your experience with relevant menu recommendations and deals
- Administering contests, sweepstakes, and loyalty reward programs
- Delivering targeted advertising on our website and third-party platforms
- Retargeting campaigns based on your browsing and purchase history
You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any of our emails, by texting "STOP" in response to SMS messages, or by contacting us directly at [email protected].
4.5 Safety, Security, and Fraud Prevention
- Detecting, investigating, and preventing fraudulent transactions and unauthorized account access
- Ensuring the security and integrity of our systems and Services
- Complying with our legal obligations and enforcing our terms of service
- Protecting the rights, property, and safety of Costa Vida, our customers, and the public
4.6 Legal Compliance
- Complying with applicable federal, state, and local laws and regulations
- Responding to lawful requests from government authorities and law enforcement
- Resolving legal disputes and defending legal claims
- Meeting our tax, accounting, and financial reporting obligations
5. Legal Basis for Processing
Under applicable United States law, our legal bases for collecting and processing your personal information include:
- Contractual Necessity: Processing required to fulfill your orders and perform our contractual obligations to you.
- Legitimate Business Interests: Processing necessary for our legitimate business interests, such as fraud prevention, security, analytics, and service improvement, where such interests are not overridden by your rights.
- Consent: Where we request your consent for specific activities, such as marketing communications or the use of non-essential cookies.
- Legal Obligation: Processing required to comply with applicable law, regulation, or legal process.
6. Sharing Your Information with Third Parties
We do not sell your personal information to third parties for monetary consideration. However, we may share your information with trusted third parties in the following circumstances:
6.1 Service Providers and Vendors
We engage third-party companies and individuals to help us operate our business and provide our Services. These service providers are permitted to use your personal information only as necessary to perform services on our behalf and are contractually bound to maintain the confidentiality and security of your data. Such service providers include:
- Payment processors and financial institutions
- Food delivery platform partners (e.g., DoorDash, Uber Eats, Grubhub)
- Cloud hosting and data storage providers
- Email marketing and communications platforms
- Customer relationship management (CRM) software providers
- Website analytics providers (e.g., Google Analytics)
- Advertising and marketing networks
- Fraud detection and cybersecurity service providers
- Customer support and live chat tool providers
6.2 Business Partners
We may share information with select business partners with whom we collaborate on promotions, loyalty programs, or co-branded offers. Any such sharing will be disclosed to you at the time of collection, and you will have the opportunity to opt out.
6.3 Legal Requirements and Law Enforcement
We may disclose your personal information if required to do so by law or in response to valid legal process, including:
- Subpoenas, court orders, or other legal processes
- Requests from federal, state, or local government authorities
- Investigations by regulatory agencies (such as the FTC)
- Situations involving an imminent threat to public safety or the safety of any individual
6.4 Business Transfers
In the event that Costa Vida is involved in a merger, acquisition, asset sale, restructuring, bankruptcy, or similar transaction, your personal information may be transferred to the successor entity. We will notify you via email or a prominent notice on our website prior to any such transfer, and you will have the opportunity to review any updated privacy policy from the acquiring entity.
6.5 Aggregate and Anonymized Data
We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you with third parties for research, industry analysis, marketing, and other business purposes.
7. Data Security Measures
We take the security of your personal information seriously and implement a range of administrative, technical, and physical safeguards designed to protect your data against unauthorized access, disclosure, alteration, or destruction.
7.1 Technical Safeguards
- Secure Sockets Layer (SSL) / Transport Layer Security (TLS) encryption for all data transmitted between your browser and our servers
- Encryption of sensitive data stored in our databases
- Secure, hashed storage of passwords using industry-standard algorithms
- Firewalls, intrusion detection systems, and regular vulnerability assessments
- Two-factor authentication for internal system access
- Regular security patches and software updates
7.2 Administrative Safeguards
- Role-based access controls limiting employee access to personal information on a need-to-know basis
- Mandatory staff training on data privacy and security best practices
- Binding data processing agreements with all third-party service providers
- Internal data privacy policies and procedures
- Incident response plans for data breaches
7.3 Data Breach Notification
In the event of a data breach that affects your personal information, we will notify you in accordance with applicable state breach notification laws. We will provide timely notice as required by law, and we will cooperate with relevant authorities to investigate and address the breach.
Despite our best efforts, no method of data transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information using commercially reasonable measures, we cannot guarantee absolute security. You use our Services at your own risk.
8. Your Privacy Rights
Depending on your state of residence, you may have certain rights regarding your personal information under applicable U.S. law. We are committed to honoring these rights upon verified request.
8.1 Rights Under the California Consumer Privacy Act (CCPA/CPRA)
If you are a resident of California, you have the following rights:
- Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the sources from which we collected it, the business purposes for collecting it, and the categories of third parties with whom we share it.
- Right to Delete: You have the right to request the deletion of personal information we have collected from you, subject to certain exceptions permitted by law.
- Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you.
- Right to Opt-Out of Sale or Sharing: We do not sell personal information for monetary consideration. However, if we engage in sharing practices that constitute a "sale" or "sharing" under the CCPA/CPRA, you have the right to opt out.
- Right to Limit Use of Sensitive Personal Information: You may have the right to direct us to limit our use of sensitive personal information to what is necessary for providing Services.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights. We will not deny you services, charge different prices, or provide a different quality of service because you exercised your privacy rights.
8.2 General Consumer Privacy Rights (All U.S. Residents)
Regardless of your state of residence, we provide the following rights to all users:
- Right to Access: You may request a copy of the personal information we hold about you.
- Right to Correction: You may request that we update or correct inaccurate personal information in our records.
- Right to Deletion: You may request that we delete your personal information, subject to our legal retention obligations.
- Right to Data Portability: Where technically feasible, you may request that we provide your personal information in a structured, commonly used, machine-readable format.
- Right to Withdraw Consent: Where we rely on your consent to process your data, you may withdraw your consent at any time without affecting the lawfulness of prior processing.
- Right to Opt-Out of Marketing: You may opt out of receiving promotional communications from us at any time.
8.3 How to Exercise Your Rights
To submit a privacy rights request, you may contact us using the following methods:
- By Email: [email protected] (please include "Privacy Rights Request" in the subject line)
- By Website: costavidagrill.click
We will need to verify your identity before processing your request. Verification may involve confirming details such as your name, email address, and account information. We will respond to verifiable consumer requests within 45 days, with the possibility of a one-time extension of an additional 45 days where reasonably necessary, and we will provide notice of such extension within the initial 45-day period.
You may designate an authorized agent to submit requests on your behalf. To do so, you must provide written authorization or power of attorney, and we may require you to verify your identity directly with us.
9. Cookie Usage
Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, personalize content, and deliver relevant advertising. Cookies are small text files stored on your device by your web browser.
9.1 Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Strictly Necessary | Essential for website functionality, such as login sessions, shopping cart management, and security features. | Session / Short-term |
| Performance/Analytics | Collect anonymized information about how visitors use our website (e.g., Google Analytics). | Up to 2 years |
| Functional | Remember your preferences, such as language settings, location, and saved orders. | Up to 1 year |
| Marketing/Advertising | Track browsing behavior across websites to deliver targeted advertisements. | Up to 2 years |
You can manage your cookie preferences through your browser settings or our cookie consent tool available on our website. Please note that disabling certain cookies may affect the functionality of our Services. For full details about the cookies we use, please refer to our Cookie Policy available at costavidagrill.click.
10. Data Retention Periods
We retain your personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, to comply with our legal obligations, resolve disputes, enforce agreements, and conduct our business operations.
| Data Category | Retention Period | Basis |
|---|---|---|
| Account and profile information | Duration of account + 3 years after account closure | Contractual necessity, legal compliance |
| Order and transaction records | 7 years from transaction date | Tax and accounting legal requirements |
| Payment processing records | 7 years from transaction date | Financial regulatory requirements |
| Marketing communication preferences | Until opt-out or account deletion + 1 year | Consent management |
| Customer service correspondence | 3 years from last interaction | Legitimate business interests |
| Website usage and analytics data | Up to 26 months | Analytics platform limitations |
| Cookie data | As specified per cookie type (see Section 9) | Functional and analytical purposes |
| Legal and compliance records | As required by applicable law (minimum 7 years) | Legal obligation |
When personal information is no longer required, we will securely delete, anonymize, or aggregate it in a manner that ensures it can no longer be associated with any individual.
11. Children's Privacy
Our Services are intended for use by individuals who are 18 years of age or older. We do not knowingly collect, solicit, or process personal information from children under the age of 13 in violation of the Children's Online Privacy Protection Act (COPPA), or from individuals under the age of 18 for marketing purposes without appropriate parental consent.
If you are under 18 years of age, please do not use our Services or provide any personal information to us. If you are a parent or guardian and believe that your child under the age of 13 has provided us with personal information, please contact us immediately at [email protected] so that we can take appropriate action to delete such information from our systems.
We do not knowingly target our marketing communications or loyalty programs at individuals under the age of 18. If we discover that we have inadvertently collected personal information from a minor, we will promptly delete that information and notify the parent or guardian as appropriate.
12. International Data Transfers
Costa Vida operates primarily within the United States, and your personal information is collected, stored, and processed on servers located within the United States. However, some of our third-party service providers may operate in or transfer data to other countries.
If your personal information is transferred outside the United States, we will ensure that appropriate safeguards are in place to protect your information in accordance with applicable law. These safeguards may include:
- Standard contractual clauses or data processing agreements with international service providers
- Ensuring service providers operate in countries with adequate data protection standards
- Compliance with applicable international data transfer frameworks
By using our Services, you acknowledge and consent to the transfer of your personal information to the United States and, where applicable, to other countries where our service providers are located.
13. Do Not Track Signals
Some web browsers have a "Do Not Track" (DNT) feature that sends a signal to websites requesting that your browsing activity not be tracked. Currently, there is no universally accepted standard for how websites should respond to DNT signals. As of the date of this Privacy Policy, our website does not respond to DNT signals from browsers. However, you may opt out of certain tracking activities through our cookie consent tool or by contacting us directly.
14. Third-Party Links and Services
Our website and Services may contain links to third-party websites, platforms, and services that are not operated or controlled by Costa Vida. This Privacy Policy does not apply to those third-party sites. We encourage you to review the privacy policies of any third-party sites you visit before providing them with your personal information.
Third-party sites that may be linked from our website include but are not limited to food delivery platforms, social media networks, review platforms, and payment processors. We are not responsible for the privacy practices or content of these third-party sites.
15. Your California Privacy Rights — Shine the Light Law
Under California Civil Code Section 1798.83 (the "Shine the Light" law), California residents may request information regarding the disclosure of their personal information to third parties for those third parties' direct marketing purposes during the preceding calendar year. If you are a California resident and wish to make such a request, please contact us at [email protected] with "California Shine the Light Request" in the subject line.
16. How to File a Complaint
If you have concerns about how we handle your personal information and are not satisfied with our response, you have the right to lodge a complaint with the appropriate regulatory authority.
16.1 Federal Complaints
You may submit a complaint to the Federal Trade Commission (FTC), which enforces federal consumer protection and privacy laws:
- Website: www.ftc.gov/complaint
- Phone: 1-877-FTC-HELP (1-877-382-4357)
- Address: Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, D.C. 20580
16.2 California Residents
California residents may also file a complaint with the California Privacy Protection Agency (CPPA), the agency responsible for enforcing the CCPA/CPRA:
- Website: cppa.ca.gov
- Email: [email protected]
16.3 Other State Residents
Residents of other states with applicable privacy laws (such as Virginia, Colorado, Connecticut, Utah, and Texas) may contact their respective state attorney general's office to file a privacy-related complaint. We encourage you to review your state's specific consumer protection resources.
17. Changes to This Privacy Policy
We reserve the right to update or modify this Privacy Policy at any time in response to changes in our business practices, technological developments, or applicable law. When we make material changes, we will:
- Post the updated Privacy Policy on our website at costavidagrill.click
- Update the "Last Updated" date at the top of this policy
- Send you an email notification if you have an account with us and the change is material
- Display a prominent notice on our homepage for a reasonable period following the update
Your continued use of our Services after the effective date of any updated Privacy Policy constitutes your acceptance of the revised terms. We encourage you to review this page periodically to stay informed about how we protect your information.
18. Contact Us for Privacy Inquiries
If you have any questions about this Privacy Policy, wish to exercise your privacy rights, or want to report a privacy concern, please reach out to our privacy team using the information below:
Costa Vida — Privacy Contact
| Company Name | Costa Vida |
|---|---|
| Email Address | [email protected] |
| Website | costavidagrill.click |
| Country | United States |
We are committed to resolving privacy concerns promptly and transparently. Upon receipt of a privacy inquiry, we will acknowledge your request within 5 business days and endeavor to provide a full response within 30 days, or within any shorter timeframe required by applicable law.