Privacy Policy

Effective Date: June 12, 2026 | Last Updated: June 12, 2026

This Privacy Policy describes how Costa Vida ("we," "us," "our," or the "Company") collects, uses, discloses, and protects the personal information of individuals ("you," "your," or "user") who visit our website at fresh-costavida.click, place food orders online, sign up for our loyalty program, or otherwise interact with our services. We are committed to protecting your privacy and handling your personal data in an open and transparent manner in accordance with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and the Federal Trade Commission Act (FTC Act).

Please read this Privacy Policy carefully. By accessing or using our website, placing an order, or engaging with any of our digital services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy. If you do not agree with our practices, please do not use our services.

For any questions or concerns about this Privacy Policy or our privacy practices, you may contact us using the information provided in the Contact Us section at the end of this document.

1. About Us

Costa Vida is a food service company operating the website fresh-costavida.click. We provide fresh, made-from-scratch Mexican-inspired food through our online ordering platform, loyalty programs, and related digital services. Our contact information is as follows:

Company Name: Costa Vida
Website: fresh-costavida.click
Email: [email protected]
Location: United States

2. Scope and Applicability

This Privacy Policy applies to all personal information collected by Costa Vida through the following channels:

Our website at fresh-costavida.click and any subdomains or related web pages
Online food ordering and delivery services facilitated through our platform
Our loyalty and rewards programs
Email, phone, and customer support communications
Promotions, surveys, sweepstakes, and other marketing activities
Social media pages and third-party platforms where we operate or interact
Any other services that link to or reference this Privacy Policy

This policy does not apply to third-party websites or services that may be linked from our website. We encourage you to review the privacy policies of any third-party services you access through links on our platform.

3. Information We Collect

We collect several categories of personal information depending on how you interact with our services. The information we collect falls into the following categories:

3.1 Personal Identification Information

When you create an account, place an order, sign up for our loyalty program, or contact us, we may collect:

Full name
Email address
Mailing or delivery address
Phone number
Date of birth (for age verification and birthday promotions)
Username and password for account access

3.2 Payment and Financial Information

When you make a purchase through our platform, we or our payment processing partners may collect:

Credit or debit card information (card number, expiration date, CVV)
Billing address
Transaction history and purchase records
Gift card or promotional code information

Please note that we do not store full payment card numbers on our servers. Payment processing is handled by secure, PCI-DSS compliant third-party payment processors.

3.3 Order and Dietary Information

In connection with food orders and dietary preferences, we may collect:

Menu items ordered, customizations, and special instructions
Dietary preferences and food allergy information (if voluntarily provided)
Order history and frequency data
Loyalty points, rewards usage, and redemption history

3.4 Usage and Device Information

When you visit our website or use our digital services, we automatically collect certain technical and behavioral information, including:

IP address and approximate geographic location
Browser type, version, and language settings
Device type, model, and operating system
Referring URLs and exit pages
Pages viewed, links clicked, and time spent on pages
Search terms used on our platform
Session identifiers and interaction logs

3.5 Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about your interactions with our website. For a detailed explanation of how we use cookies, please refer to Section 8 of this Privacy Policy.

3.6 Communications Data

When you contact us for customer support, submit feedback, or communicate with us via email, phone, or social media, we may collect:

The content of your messages or communications
Your contact details used in the communication
Records of any customer service interactions
Survey responses and feedback submissions

3.7 Marketing Preferences

If you opt in to receive marketing communications, we collect:

Your communication preferences (email, SMS, push notifications)
Responses to marketing campaigns
Promotion code usage and redemption data

3.8 Information from Third Parties

We may receive information about you from third-party sources, including:

Social media platforms if you choose to connect your social media account or log in via a social media provider
Third-party delivery partners and food ordering platforms
Analytics providers and advertising partners
Publicly available databases for fraud prevention purposes

4. How We Use Your Information

We use the personal information we collect for a variety of legitimate business purposes, including:

4.1 Providing and Managing Our Services

Processing and fulfilling your food orders, including coordinating delivery or pickup
Creating and managing your customer account
Administering our loyalty and rewards programs
Processing payments and issuing refunds or credits
Sending order confirmations, receipts, and status updates

4.2 Customer Support and Communications

Responding to your inquiries, complaints, and requests
Providing customer service and resolving disputes
Sending important service-related notifications and updates
Communicating changes to our menu, policies, or terms

4.3 Analytics and Service Improvement

Analyzing usage patterns to understand how customers interact with our platform
Monitoring and improving the performance, functionality, and security of our website
Conducting internal research and analysis to improve our food offerings and services
Identifying and resolving technical issues
Measuring the effectiveness of our marketing campaigns

4.4 Marketing and Promotions

Sending promotional emails, newsletters, and special offers (where you have opted in)
Personalizing your experience with targeted content and recommendations based on your order history
Delivering relevant advertisements on our platform and third-party platforms
Conducting surveys, contests, sweepstakes, and promotional events
Sending SMS marketing messages (where you have provided consent)

You may opt out of marketing communications at any time. See Section 11 for more information about your rights.

4.5 Legal Compliance and Safety

Complying with applicable federal, state, and local laws and regulations
Preventing fraud, unauthorized access, and other illegal activities
Enforcing our Terms of Service and other applicable agreements
Responding to lawful requests from law enforcement or regulatory authorities
Protecting the rights, property, and safety of Costa Vida, our customers, and the public

4.6 Business Operations

Conducting financial reporting, auditing, and accounting
Planning and executing business development and strategic initiatives
Facilitating business transactions such as mergers, acquisitions, or asset sales

5. How We Share Your Information

We do not sell, rent, or lease your personal information to third parties for their own marketing purposes without your explicit consent. However, we may share your information in the following circumstances:

5.1 Service Providers and Business Partners

We work with trusted third-party service providers who assist us in operating our business and delivering services to you. These providers are contractually required to use your information only as directed by us and in accordance with this Privacy Policy. Categories of service providers include:

Service Provider Type	Purpose
Payment processors	Securely processing credit/debit card transactions and preventing fraud
Cloud hosting and IT providers	Hosting our website and storing data securely
Email and SMS marketing platforms	Sending promotional and transactional communications
Analytics providers	Analyzing website traffic and user behavior (e.g., Google Analytics)
Delivery and logistics partners	Coordinating food delivery to your location
Customer support platforms	Managing customer service interactions and tickets
Advertising networks	Delivering targeted advertisements on our platform and elsewhere
Fraud prevention services	Detecting and preventing fraudulent transactions and activities

5.2 Legal and Regulatory Requirements

We may disclose your personal information if required to do so by law or in response to valid legal requests from public authorities, such as courts, law enforcement agencies, or regulatory bodies. Disclosures may be made to:

Comply with a legal obligation or court order
Respond to lawful government requests or investigations
Protect and defend our legal rights and interests
Prevent or investigate possible wrongdoing in connection with our services
Protect the personal safety of users of our services or the general public

5.3 Business Transfers

If Costa Vida is involved in a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of its assets, your personal information may be transferred as part of that transaction. We will notify you via prominent notice on our website or via email before your personal information is transferred and becomes subject to a different privacy policy.

5.4 With Your Consent

We may share your personal information with third parties for purposes not described in this Privacy Policy when we have your explicit consent to do so.

5.5 Aggregated and Anonymized Data

We may share aggregated, de-identified, or anonymized information that cannot reasonably be used to identify you with third parties for research, analytics, marketing, or other purposes.

6. Data Security

We take the security of your personal information seriously and implement a variety of technical, administrative, and physical security measures designed to protect your data from unauthorized access, disclosure, alteration, or destruction. Our security practices include:

6.1 Technical Safeguards

Encryption: We use Secure Socket Layer (SSL) / Transport Layer Security (TLS) encryption to protect data transmitted between your browser and our servers. Payment data is encrypted using industry-standard PCI-DSS compliant protocols.
Access Controls: Access to personal information is restricted to authorized employees and contractors who need the information to perform their job functions.
Firewalls and Intrusion Detection: We deploy firewalls, intrusion detection and prevention systems to protect our network infrastructure.
Data Minimization: We collect only the minimum amount of personal data necessary for specified purposes.

6.2 Administrative Safeguards

Employee training on data protection and privacy best practices
Confidentiality agreements with employees and third-party service providers
Regular internal privacy and security audits
Incident response and data breach notification procedures

6.3 Physical Safeguards

Restricted physical access to data storage facilities and server rooms
Secure disposal of physical records containing personal information

Important Notice: Despite our best efforts, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your personal information. If you become aware of any breach or unauthorized use of your data, please contact us immediately at [email protected].

6.4 Data Breach Notification

In the event of a data breach that is likely to result in harm to your rights and freedoms, we will notify affected individuals and relevant regulatory authorities as required by applicable federal and state laws, including applicable state data breach notification statutes. Notification will be provided in a timely manner and in accordance with the legal requirements of the relevant jurisdiction.

7. Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Our general data retention practices are as follows:

Data Category	Retention Period
Account and registration information	Duration of account plus 3 years after account closure
Order history and transaction records	7 years (for tax, accounting, and legal compliance purposes)
Payment information	As long as required by PCI-DSS standards and applicable law
Customer support communications	3 years from the date of the interaction
Marketing preferences and opt-in records	Until you opt out, plus 3 years thereafter
Usage and analytics data	Up to 26 months (in accordance with industry standards)
Cookie and tracking data	Varies by cookie type (see Section 8)
Legal and compliance records	As required by applicable law, typically 7–10 years

After the applicable retention period has expired, we will securely delete, destroy, or anonymize your personal information in accordance with our data retention and disposal policies.

8. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze site performance, and deliver personalized content and advertisements. This section provides a summary of our cookie practices.

8.1 What Are Cookies?

Cookies are small text files that are placed on your device (computer, smartphone, tablet) when you visit a website. They allow the website to recognize your device and remember certain information about your visit, such as your preferences and actions.

8.2 Types of Cookies We Use

Strictly Necessary Cookies: These cookies are essential for the operation of our website, enabling core functions such as page navigation, account authentication, and shopping cart functionality. They cannot be disabled.
Performance and Analytics Cookies: These cookies collect information about how visitors use our website, such as which pages are most frequently visited and any error messages encountered. We use this information to improve our website's performance. Examples include Google Analytics cookies.
Functionality Cookies: These cookies allow our website to remember your preferences (such as language, region, or saved items) and provide enhanced, personalized features.
Targeting and Advertising Cookies: These cookies are used to deliver advertisements relevant to your interests. They also help us measure the effectiveness of our advertising campaigns. These may be set by our advertising partners.

8.3 Managing Cookies

You can control and manage cookies in several ways. Most web browsers allow you to manage your cookie preferences through browser settings. You can choose to accept, reject, or delete cookies. Please note that disabling certain cookies may affect the functionality and performance of our website.

For more information on managing cookies, visit your browser's help documentation or visit www.allaboutcookies.org.

You may also opt out of interest-based advertising by visiting the Network Advertising Initiative opt-out page at www.networkadvertising.org/choices/ or the Digital Advertising Alliance opt-out tool at www.aboutads.info/choices/.

8.4 Do Not Track Signals

Some browsers offer a "Do Not Track" (DNT) feature that signals to websites that you do not wish to have your online activity tracked. Currently, our website does not respond to DNT signals because there is no universally accepted standard for how websites should respond to such signals. We will continue to monitor developments in this area and update our practices accordingly.

9. Children's Privacy

Our website, services, and online ordering platform are intended for use by individuals who are 18 years of age or older. We do not knowingly collect, use, or disclose personal information from children under the age of 13, or in certain states, individuals under the age of 16, without verifiable parental or guardian consent.

Our services are not directed at children. We do not knowingly market to or solicit personal information from minors. If we become aware that we have inadvertently collected personal information from a child under the applicable age threshold without appropriate consent, we will take prompt steps to delete that information from our records.

If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at [email protected] so that we can take appropriate action.

We comply with the Children's Online Privacy Protection Act (COPPA) and applicable state laws regarding the protection of children's privacy online.

10. International Data Transfers

Costa Vida is based in the United States and operates primarily within the United States. The personal information we collect is stored and processed on servers located within the United States. If you are accessing our services from outside the United States, please be aware that your personal information may be transferred to, stored in, and processed in the United States, where data protection laws may differ from those in your country of residence.

By using our services and providing us with your personal information, you consent to the transfer of your personal information to the United States in accordance with this Privacy Policy. We take reasonable steps to ensure that any international transfers of personal data are conducted in compliance with applicable laws and that appropriate safeguards are in place to protect your information.

If you are a resident of a country that has enacted data protection laws governing the transfer of personal data internationally (such as the European Economic Area, United Kingdom, or other jurisdictions), please contact us at [email protected] to learn more about the specific measures we have in place to protect your information during international transfers.

11. Your Privacy Rights

Depending on your location and applicable law, you may have the following rights with respect to your personal information. We are committed to honoring these rights and will respond to your requests in accordance with applicable law.

11.1 Rights Under the California Consumer Privacy Act (CCPA/CPRA)

If you are a California resident, you have the following specific rights under the CCPA as amended by the CPRA:

California Residents: The following rights apply specifically to you under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected it, the business or commercial purposes for collecting it, and the categories of third parties with whom we share it.
Right to Delete: You have the right to request that we delete personal information we have collected from you, subject to certain exceptions (such as legal compliance or completing a transaction).
Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you.
Right to Opt Out of Sale/Sharing: You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising. To exercise this right, please contact us at [email protected].
Right to Limit Use of Sensitive Personal Information: You have the right to limit the use and disclosure of sensitive personal information to what is necessary to perform the services you requested.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge you different prices, or provide you with a lower quality of service because you exercised your privacy rights.

11.2 General Privacy Rights (All Users)

Regardless of your location, we endeavor to provide all users with the following rights:

Right of Access: You have the right to request a copy of the personal information we hold about you.
Right to Correction: You have the right to request that we correct any inaccurate or incomplete personal information we hold about you.
Right to Deletion: You have the right to request that we delete your personal information, subject to certain legal exceptions.
Right to Data Portability: You have the right to receive your personal information in a structured, commonly used, machine-readable format, and to have that information transmitted to another organization where technically feasible.
Right to Withdraw Consent: Where we process your personal information based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out before the withdrawal.
Right to Opt Out of Marketing: You have the right to opt out of receiving marketing communications from us at any time by clicking the "unsubscribe" link in any email we send, replying "STOP" to any SMS message, or contacting us directly.

11.3 How to Exercise Your Rights

To exercise any of your privacy rights, you or your authorized agent may submit a request to us through the following methods:

Email: [email protected]
Website: fresh-costavida.click

When you submit a request, we will need to verify your identity before processing it. We may ask you to provide certain information to confirm your identity, such as your name, email address, and account information. We will respond to your request within 45 days of receipt, or within the time frame required by applicable law. In certain circumstances, we may extend this period by an additional 45 days, in which case we will notify you of the extension.

You may designate an authorized agent to make a request on your behalf. The authorized agent must provide proof of authorization, and we may require you to verify your identity directly with us.

12. Third-Party Links and Services

Our website may contain links to third-party websites, social media platforms, delivery partner platforms, and other external services. These third-party sites have their own privacy policies that govern how they collect, use, and share your information. We are not responsible for the privacy practices of these third parties, and we encourage you to review their privacy policies before providing any personal information to them.

Common third-party services we may link to or integrate with include:

Social media platforms (Facebook, Instagram, Twitter/X)
Third-party food delivery platforms (e.g., DoorDash, Uber Eats, Grubhub)
Google Maps for location services
Payment gateways and processors
Review and rating platforms

13. Marketing Communications and Opt-Out

With your consent, we may send you promotional emails, SMS messages, push notifications, and other marketing communications about our food offerings, promotions, loyalty rewards, and special events. You have the right to opt out of marketing communications at any time.

13.1 How to Opt Out

Email: Click the "Unsubscribe" link at the bottom of any marketing email we send you
SMS: Reply "STOP" to any SMS marketing message
Push Notifications: Adjust your notification settings in your browser or device settings
Account Settings: Update your communication preferences in your account settings on our website
Contact Us: Send an email to [email protected] requesting removal from our marketing list

Please note that even if you opt out of marketing communications, we may still send you transactional and service-related communications that are necessary for us to provide you with our services (such as order confirmations, receipts, and account notifications).

14. California-Specific Disclosures

In addition to the rights described in Section 11.1 above, California residents should be aware of the following disclosures required under California law:

14.1 Categories of Personal Information Collected in the Past 12 Months

In the past 12 months, we have collected the following categories of personal information as defined by the CCPA:

Identifiers (name, email address, phone number, IP address)
Customer records (address, payment information, order history)
Commercial information (purchase history, loyalty rewards data)
Internet or electronic network activity information (browsing history on our site, interaction data)
Geolocation data (approximate location for delivery purposes)
Inferences drawn from the above categories to create a profile about preferences and purchasing behavior

14.2 Shine the Light Law

California Civil Code Section 1798.83 (the "Shine the Light" law) permits California residents to request information about our disclosure of personal information to third parties for their direct marketing purposes during the preceding calendar year. If you are a California resident and wish to make such a request, please contact us at [email protected].

15. How to File a Complaint with a Data Protection Authority

If you believe that we have violated your privacy rights or that our data processing practices are not in compliance with applicable law, you have the right to file a complaint with the relevant data protection or consumer protection authority.

15.1 California Residents

California residents may file a complaint with the California Privacy Protection Agency (CPPA), which is responsible for enforcing the CPRA. You may contact the CPPA as follows:

California Privacy Protection Agency (CPPA)

2101 Arena Boulevard, Sacramento, CA 95834

Website: cppa.ca.gov

15.2 Federal Consumer Protection (All U.S. Residents)

U.S. residents may file a complaint with the Federal Trade Commission (FTC), which enforces the FTC Act and other federal consumer protection laws:

Federal Trade Commission (FTC)

600 Pennsylvania Avenue, NW, Washington, D.C. 20580

Phone: 1-877-382-4357

Website: www.ftc.gov/complaint

15.3 State Attorney General

Depending on your state of residence, you may also have the right to file a complaint with your state's Attorney General office. Many state Attorneys General have consumer protection divisions that handle privacy-related complaints. Please visit the website of your state's Attorney General for more information on how to file a complaint.

We encourage you to contact us first at [email protected] before filing a formal complaint, as we are committed to resolving any privacy concerns promptly and efficiently.

16. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our data practices, applicable laws, or our business operations. When we make material changes to this Privacy Policy, we will:

Post the updated Privacy Policy on our website at fresh-costavida.click with a revised "Last Updated" date
Provide prominent notice on our homepage or in a banner notification
Send an email notification to registered users where the changes are significant

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website or services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

If you do not agree with any changes to this Privacy Policy, please discontinue your use of our services and contact us to request deletion of your personal information.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, our data practices, or your personal information, please do not hesitate to contact us. We are committed to addressing your concerns promptly and transparently.

Privacy Inquiries — Costa Vida

Company Name: Costa Vida
Website: fresh-costavida.click
Email: [email protected]

We aim to respond to all privacy-related inquiries within 30 days of receipt. For requests submitted under the CCPA/CPRA, we will respond within the time frames mandated by applicable law (generally 45 days, with the possibility of a one-time 45-day extension).

When contacting us about a privacy matter, please include the following information to help us address your request efficiently:

Your full name and email address associated with your account (if applicable)
A clear description of your request or concern
The specific right(s) you wish to exercise, if applicable
Any other information that may help us verify your identity and process your request

Costa Vida | Website: fresh-costavida.click | Email: [email protected]