Privacy Policy
This Privacy Policy describes how Costa Vida ("we," "us," "our," or the "Company") collects, uses, discloses, and protects your personal information when you visit our website at vida-costas.digital, use our online ordering platform, interact with our digital services, or engage with us in any other way. Please read this Privacy Policy carefully before using our services.
By accessing or using our website and services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with this policy, please discontinue use of our website and services immediately.
We are committed to protecting your privacy and handling your personal data responsibly, transparently, and in compliance with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other relevant data protection regulations.
1. About Costa Vida
Costa Vida is a food service business operating in the United States. We are dedicated to providing our customers with fresh, high-quality food and an exceptional dining experience. Our digital platforms support online ordering, customer loyalty programs, promotions, and other services designed to enhance your experience with us.
For the purposes of this Privacy Policy, Costa Vida acts as the data controller for any personal information collected through our website and digital services.
Contact Information:
- Company Name: Costa Vida
- Website: vida-costas.digital
- Email: [email protected]
2. Scope of This Privacy Policy
This Privacy Policy applies to:
- All visitors to our website at vida-costas.digital
- Customers who place online orders through our digital platforms
- Users who create accounts or enroll in our loyalty programs
- Individuals who subscribe to our newsletter, email marketing, or promotional communications
- Users who contact us through our website, email, or any other communication channels
- Anyone who interacts with us through social media platforms linked to or associated with Costa Vida
This policy does not apply to third-party websites, applications, or services that may be linked from our website. We encourage you to review the privacy policies of any third-party sites you visit.
3. Information We Collect
We collect various types of personal information depending on how you interact with us. The categories of information we collect are described below.
3.1 Personal Identification Information
When you create an account, place an order, enroll in a loyalty program, or contact us, we may collect:
- Full name
- Email address
- Phone number
- Mailing address and delivery address
- Date of birth (for age verification and birthday promotions)
- Username and password (for account management)
- Profile picture or avatar (if voluntarily provided)
3.2 Payment and Financial Information
When you make purchases through our online ordering system, we collect payment-related information, which may include:
- Credit or debit card type and last four digits
- Billing address
- Transaction history and order records
Please note that full payment card details are processed securely by our third-party payment processors and are not stored directly on our servers. We comply with Payment Card Industry Data Security Standards (PCI-DSS) requirements.
3.3 Order and Transaction Information
We collect information about the orders you place through our digital platforms, including:
- Items ordered and quantities
- Order date, time, and frequency
- Delivery or pickup preferences
- Special instructions or dietary preferences you provide
- Order history and loyalty points earned
3.4 Usage Data and Analytics
When you browse our website or use our digital services, we automatically collect certain technical and behavioral data, including:
- IP address and approximate geographic location
- Browser type, version, and language settings
- Operating system and device type
- Pages visited, links clicked, and navigation patterns
- Time spent on each page and session duration
- Referring URLs (the page you came from before visiting our site)
- Search queries entered on our website
- Features used and interactions with our digital services
3.5 Device Information
We may collect information about the devices you use to access our services, including:
- Device identifiers (such as mobile advertising IDs)
- Hardware model and configuration
- Network information and connection type
- Mobile carrier information (if applicable)
- Time zone settings
3.6 Cookie and Tracking Data
We use cookies and similar tracking technologies to collect information about your interactions with our website. For more information about the specific cookies we use and how to manage your preferences, please refer to Section 9 of this Privacy Policy (Cookie Policy).
3.7 Communications and User-Generated Content
When you communicate with us or engage with our platforms, we collect:
- Messages and inquiries submitted through contact forms
- Email correspondence with our customer service team
- Reviews, ratings, and feedback you submit about our food or services
- Social media comments or messages directed to our official accounts
- Survey responses and contest entries
3.8 Information from Third Parties
We may receive information about you from third-party sources, including:
- Social media platforms (if you connect your account or interact with our social media presence)
- Third-party delivery partners (such as delivery apps or aggregators)
- Analytics providers and advertising partners
- Loyalty program partners
- Publicly available sources
4. How We Use Your Information
We use the personal information we collect for legitimate business purposes, including the following:
4.1 Service Provision and Order Fulfillment
- Processing and fulfilling your food orders placed online or through our platforms
- Managing your customer account and preferences
- Sending order confirmations, receipts, and delivery notifications
- Administering our loyalty program and rewards
- Providing customer support and responding to your inquiries
- Processing refunds, returns, or complaints
4.2 Business Operations and Improvement
- Analyzing usage patterns to improve our website functionality and user experience
- Understanding customer preferences to enhance our menu offerings and services
- Conducting internal research, analytics, and reporting
- Detecting, investigating, and preventing fraudulent transactions and security incidents
- Maintaining accurate business records and complying with our internal policies
4.3 Marketing and Promotional Communications
- Sending promotional emails, special offers, and newsletters (with your consent where required)
- Personalizing promotions and recommendations based on your order history and preferences
- Notifying you about new menu items, seasonal specials, and events
- Running sweepstakes, contests, and promotional campaigns
- Displaying targeted advertising on third-party platforms (in compliance with applicable law)
You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any of our marketing emails or by contacting us directly at [email protected].
4.4 Legal and Compliance Purposes
- Complying with applicable federal, state, and local laws and regulations
- Responding to lawful requests from government authorities and law enforcement
- Enforcing our Terms of Service and other legal agreements
- Protecting the rights, property, and safety of Costa Vida, our customers, and the public
- Exercising or defending legal claims
4.5 Legal Basis for Processing
Under applicable U.S. laws, including the FTC Act and CCPA/CPRA, we process your personal information on the following bases:
- Contract Performance: Processing necessary to fulfill orders and manage your account
- Legitimate Business Interests: Analytics, fraud prevention, and service improvement
- Legal Obligations: Compliance with applicable laws and regulations
- Consent: Marketing communications and non-essential cookies, where required
5. Sharing Your Information with Third Parties
We do not sell your personal information to third parties for monetary consideration. However, we may share your information in the following circumstances:
5.1 Service Providers and Business Partners
We engage trusted third-party service providers who assist us in operating our business and delivering services to you. These providers are contractually obligated to protect your information and may only use it for the specific purposes we authorize. These include:
| Service Provider Category | Purpose |
|---|---|
| Payment Processors | Secure processing of online transactions |
| Delivery and Logistics Partners | Fulfillment of delivery orders |
| Email and Marketing Platforms | Sending promotional and transactional emails |
| Analytics Providers | Website performance analysis and reporting |
| Cloud Hosting and IT Services | Storing and managing data securely |
| Customer Support Platforms | Managing customer service interactions |
| Loyalty Program Technology Providers | Administering rewards and loyalty accounts |
5.2 Legal Requirements and Law Enforcement
We may disclose your personal information when we believe, in good faith, that disclosure is necessary or appropriate to:
- Comply with a legal obligation, court order, subpoena, or governmental request
- Enforce our Terms of Service or other agreements
- Protect the rights, property, or safety of Costa Vida, our users, or the general public
- Detect, prevent, or address fraud, security vulnerabilities, or technical issues
5.3 Business Transfers
In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or substantially all of our assets, your personal information may be transferred as part of the transaction. We will notify you via email or prominent notice on our website before your information is transferred and becomes subject to a different privacy policy.
5.4 With Your Consent
We may share your information with other third parties when you have provided explicit consent to such sharing. You have the right to withdraw your consent at any time.
5.5 Aggregated and De-Identified Data
We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you with third parties for research, analytics, marketing, or other business purposes. Such sharing does not constitute a "sale" of personal information under applicable law.
6. Data Security Measures
Costa Vida takes the security of your personal information seriously. We implement a range of technical, administrative, and physical security measures to protect your data from unauthorized access, disclosure, alteration, or destruction.
6.1 Technical Safeguards
- SSL/TLS Encryption: All data transmitted between your browser and our website is encrypted using industry-standard Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols.
- Data Encryption at Rest: Sensitive personal information stored in our databases is encrypted using appropriate encryption standards.
- Firewalls and Intrusion Detection: We employ firewalls and intrusion detection systems to monitor and protect our network infrastructure.
- Access Controls: Access to personal information is restricted to authorized personnel on a need-to-know basis.
- PCI-DSS Compliance: Our payment processing infrastructure complies with Payment Card Industry Data Security Standards.
6.2 Administrative Safeguards
- Regular employee training on data privacy and security practices
- Internal data handling policies and procedures
- Vendor due diligence and contractual data protection obligations
- Periodic security audits and risk assessments
6.3 Limitations
While we implement robust security measures, no system is 100% immune to security breaches. We cannot guarantee absolute security of your personal information. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and relevant authorities as required by applicable law, including state breach notification laws applicable in the United States.
7. Your Privacy Rights
Depending on your state of residence and applicable law, you may have certain rights regarding your personal information. We are committed to honoring these rights in accordance with applicable United States privacy laws.
7.1 California Residents — CCPA/CPRA Rights
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), including:
- Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for which it is used, and the categories of third parties with whom we share it.
- Right to Delete: You have the right to request the deletion of personal information we have collected about you, subject to certain exceptions.
- Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you.
- Right to Opt-Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising purposes.
- Right to Limit Use of Sensitive Personal Information: You have the right to limit our use and disclosure of sensitive personal information to certain permitted purposes.
- Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your CCPA/CPRA rights.
- Right to Data Portability: You have the right to receive your personal information in a portable, usable format.
7.2 Rights for All U.S. Residents
Regardless of your state of residence, we honor the following privacy rights to the extent required by applicable federal and state law:
- Right to Access: Request access to the personal information we hold about you.
- Right to Correction: Request correction of inaccurate or incomplete personal information.
- Right to Deletion: Request deletion of your personal information, subject to legal retention requirements.
- Right to Opt-Out of Marketing: Opt out of receiving marketing and promotional communications from us at any time.
- Right to Portability: Receive a copy of your personal information in a structured, commonly used, and machine-readable format.
7.3 How to Exercise Your Rights
To exercise any of your privacy rights, please contact us using the following methods:
- Email: [email protected]
- Website: vida-costas.digital
When submitting a request, please provide sufficient information to verify your identity, including your full name, email address associated with your account, and the nature of your request. We may require additional verification to process your request and protect your security.
We will respond to verifiable consumer requests within 45 days of receipt. In certain circumstances, we may extend this period by an additional 45 days and will notify you of the extension. We do not charge a fee for reasonable requests unless they are excessive or repetitive.
7.4 Authorized Agents
California residents may designate an authorized agent to submit requests on their behalf. We may require proof of the agent's authorization and verification of the consumer's identity before processing such requests.
8. Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements.
| Category of Information | Retention Period |
|---|---|
| Account and Profile Information | Duration of account activity plus 3 years after account closure |
| Order and Transaction Records | 7 years (for tax, accounting, and legal compliance purposes) |
| Payment Information | As required by PCI-DSS standards and applicable law |
| Marketing Preferences and Opt-Out Records | Duration of relationship plus 5 years |
| Customer Service Communications | 3 years from date of last interaction |
| Website Usage and Analytics Data | Up to 26 months (or as configured in analytics tools) |
| Cookie and Tracking Data | Varies by cookie type (see Cookie Policy section) |
| Legal and Compliance Records | As required by applicable federal and state law |
When personal information is no longer needed, we securely delete, destroy, or anonymize it in accordance with our data retention policies and applicable law.
9. Cookie Policy
Our website uses cookies and similar tracking technologies (such as web beacons, pixel tags, and local storage) to enhance your browsing experience, analyze website traffic, and deliver personalized content and advertisements.
9.1 Types of Cookies We Use
| Cookie Type | Purpose | Retention |
|---|---|---|
| Strictly Necessary Cookies | Essential for website functionality, including login sessions and cart management | Session / Short-term |
| Performance and Analytics Cookies | Collecting data on how visitors use our website (e.g., Google Analytics) | Up to 24 months |
| Functional Cookies | Remembering your preferences, language settings, and saved order choices | Up to 12 months |
| Marketing and Advertising Cookies | Delivering targeted advertisements and tracking campaign effectiveness | Up to 13 months |
| Third-Party Cookies | Set by third-party platforms (social media, advertising networks) | Varies by provider |
9.2 Managing Your Cookie Preferences
You can manage your cookie preferences at any time through the following methods:
- Browser Settings: Most web browsers allow you to control cookies through their settings. You can configure your browser to refuse all cookies or to alert you when cookies are being sent.
- Cookie Consent Tool: Where we provide a cookie consent banner or preference center on our website, you can adjust your preferences directly through that tool.
- Opt-Out Tools: For advertising cookies, you can use industry opt-out tools such as the Network Advertising Initiative (NAI) opt-out tool or the Digital Advertising Alliance (DAA) opt-out tool.
Please note that disabling certain cookies may affect the functionality of our website and your ability to use certain features, including online ordering.
10. Children's Privacy
If you are under 18 years of age, you are not permitted to create an account, place orders independently through our digital platform, or provide any personal information to us without the supervision and consent of a parent or legal guardian.
If we become aware that we have inadvertently collected personal information from a child under the age of 13 without verifiable parental consent, we will take immediate steps to delete such information from our systems. If you believe that a child has provided us with personal information without parental consent, please contact us immediately at [email protected].
Parents and guardians who wish to review, correct, or request the deletion of any personal information collected from their minor child may contact us using the information provided in the Contact section of this policy.
11. International Data Transfers
Costa Vida is based in the United States, and our primary data processing activities take place within the United States. However, some of our third-party service providers may be located in, or operate servers in, countries outside of the United States.
If your personal information is transferred to or processed in countries outside of the United States, we take appropriate steps to ensure that such transfers are carried out in compliance with applicable law and that adequate protections are in place to safeguard your information. These measures may include:
- Entering into data processing agreements with service providers that incorporate appropriate contractual safeguards
- Ensuring that service providers are certified under recognized data protection frameworks
- Implementing technical and organizational measures to protect data during transfer and processing
By using our website and services from outside the United States, you understand and acknowledge that your personal information may be transferred to and processed in the United States, where data protection laws may differ from those in your country of residence.
12. Do Not Track (DNT) Signals
Some web browsers and mobile operating systems offer a "Do Not Track" (DNT) feature that signals to websites that you do not want your online browsing activities tracked. Currently, there is no universally accepted standard for responding to DNT signals, and our website does not alter its data collection practices in response to DNT signals.
However, you may manage your tracking preferences through our cookie consent tool and the browser and opt-out options described in Section 9 of this Privacy Policy. We will continue to monitor developments in DNT standards and update our practices accordingly.
13. Third-Party Links and Services
Our website may contain links to third-party websites, applications, or services, including social media platforms, delivery partners, and other food-related services. These third-party sites have their own privacy policies and data practices that are independent of ours.
We are not responsible for the privacy practices, content, or security of any third-party websites or services. We encourage you to review the privacy policies of any third-party site you visit before providing any personal information. Inclusion of a link to a third-party website on our platform does not constitute an endorsement of that site or its privacy practices.
14. Changes to This Privacy Policy
We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, legal obligations, or business operations. When we make material changes to this policy, we will:
- Post the updated Privacy Policy on our website with a revised "Last Updated" date
- Send a notification to your registered email address (where applicable)
- Display a prominent notice on our website for a reasonable period following the update
Your continued use of our website and services after any changes to this Privacy Policy constitutes your acceptance of the updated policy. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
15. Filing Complaints with Data Protection Authorities
If you have concerns about how we handle your personal information and are not satisfied with our response, you have the right to file a complaint with relevant regulatory authorities.
15.1 California Residents
California residents may file complaints regarding violations of the CCPA/CPRA with the:
Website: cppa.ca.gov
Address: 2101 Arena Blvd, Sacramento, CA 95834
The CPPA is responsible for enforcing California's comprehensive privacy laws.
Additionally, the California Attorney General's office handles consumer privacy complaints:
Website: oag.ca.gov/privacy/ccpa
15.2 Federal Level
All U.S. residents may file complaints related to unfair or deceptive business practices with the:
Website: reportfraud.ftc.gov
Phone: 1-877-382-4357
The FTC enforces consumer protection laws, including those related to privacy and data security.
15.3 Other State Privacy Regulators
Residents of other states with comprehensive privacy laws (including, but not limited to, Virginia, Colorado, Connecticut, Texas, and Oregon) may have the right to appeal to their respective state Attorney General's office or designated data protection authority. We encourage you to consult with your state's consumer protection resources for guidance specific to your jurisdiction.
16. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data handling practices, please do not hesitate to contact us. We are committed to addressing your privacy concerns promptly and transparently.
Company: Costa Vida
Website: vida-costas.digital
Email: [email protected]
Subject Line for Privacy Requests: "Privacy Policy Inquiry" or "Data Subject Request"
We aim to respond to all privacy-related inquiries and data subject requests within 45 days of receipt. For complex requests, we may require up to 90 days and will inform you of any extension within the initial 45-day period.
If you are submitting a request to exercise your privacy rights, please include your full name, email address, and a clear description of your request to help us process it efficiently.
This Privacy Policy was last reviewed and updated on March 18, 2026. Costa Vida is committed to maintaining the privacy and security of your personal information in accordance with all applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and the Federal Trade Commission Act (FTC Act).