Privacy Policy

Effective Date: March 25, 2026 | Last Updated: March 25, 2026

Welcome to Costa Vida. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website vidascosta.digital, place orders, interact with our services, or otherwise engage with us. Please read this policy carefully. If you disagree with its terms, please discontinue use of our site and services.

This Privacy Policy applies to all users of our website and services located in the United States. By accessing or using our platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

1. Who We Are

Costa Vida is a food service business operating under the domain vidascosta.digital. We provide food ordering, delivery coordination, and related digital services to our customers across the United States.

Company Name	Costa Vida
Website	vidascosta.digital
Email Address	[email protected]
Location	United States

For all privacy-related questions, concerns, or requests, you may contact us at [email protected].

2. Information We Collect

We collect information about you in several ways depending on how you interact with our website and services. The categories of personal information we may collect include the following:

2.1 Personal Identification Information

When you create an account, place a food order, sign up for our newsletter, or contact our support team, we may collect personal identification information such as:

Full name
Email address
Phone number
Mailing address and delivery address
Date of birth (for age verification purposes)
Username and password (stored in encrypted form)
Payment information (credit/debit card details, billing address — processed via secure third-party payment processors)

2.2 Order and Transaction Data

When you place a food order or engage in any commercial transaction through our website, we collect information related to that transaction, including:

Items ordered, quantities, and special instructions
Order history and purchase frequency
Preferred restaurant locations or delivery zones
Payment method type (we do not store full card numbers)
Promotional codes or discount redemptions

2.3 Usage Data and Online Activity

As you navigate through our website, certain information is automatically collected about your device and your use of the site, including:

IP address and approximate geographic location derived from it
Browser type, version, and language preferences
Operating system and device type (desktop, tablet, mobile)
Pages visited, time spent on pages, and navigation paths
Referring URLs (which website or link brought you to our site)
Time and date of each visit
Search queries entered within our website
Clickstream data and interaction logs

2.4 Cookie and Tracking Technology Data

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about your browsing behavior and preferences. For a full explanation of our cookie practices, please refer to our Cookie Policy. In brief, we collect:

Session identifiers to keep you logged in
Preference cookies to remember your settings and language
Analytics cookies to understand how users engage with the site
Marketing and advertising cookies to deliver relevant promotions

2.5 Communications Data

If you contact us via email, our website contact form, or any customer support channel, we retain the content of those communications, including:

Your name and contact details as provided in the message
Subject matter and content of your inquiry
Date, time, and method of communication
Our responses and any follow-up correspondence

2.6 Information from Third Parties

We may receive additional information about you from third-party sources and combine it with information we already hold, such as:

Social media platforms (if you choose to log in or share via social accounts)
Payment processors and fraud detection partners
Analytics and advertising technology providers
Publicly available databases or business directories

3. How We Use Your Information

We use the personal information we collect for legitimate business purposes, including but not limited to the following:

3.1 Service Provision and Order Fulfillment

Processing and fulfilling your food orders
Managing your account and preferences
Sending order confirmations, receipts, and delivery status updates
Responding to your customer service inquiries and resolving disputes
Verifying your identity and preventing fraudulent transactions

3.2 Marketing and Promotions

Sending you newsletters, promotional offers, and updates about new menu items or services (with your consent where required)
Personalizing your experience by recommending items based on your order history
Running loyalty programs or referral campaigns
Displaying targeted advertisements on our website or on third-party platforms (subject to your cookie preferences)

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any promotional email or by contacting us at [email protected].

3.3 Analytics and Service Improvement

Analyzing user behavior to improve the functionality, design, and content of our website
Identifying and diagnosing technical issues
Conducting market research and developing new products or services
Monitoring and measuring the effectiveness of our marketing campaigns

3.4 Legal Compliance and Safety

Complying with applicable laws, regulations, and legal processes in the United States
Enforcing our Terms of Service and other agreements
Protecting the rights, property, or safety of Costa Vida, our customers, or others
Cooperating with law enforcement authorities when legally required

3.5 Business Operations

Maintaining internal records and business administration
Conducting due diligence in connection with potential business transactions
Training staff and improving internal processes

4. Legal Basis for Processing (U.S. Residents)

As a business operating in the United States, our data processing activities are governed by applicable U.S. federal and state laws, including the Federal Trade Commission Act (FTC Act), which prohibits unfair or deceptive practices in commerce, including deceptive privacy practices. Where applicable, we also comply with the California Consumer Privacy Act (CCPA) and its amendment, the California Privacy Rights Act (CPRA), for California residents.

We process your personal information on the following grounds:

Contractual necessity: To fulfill orders and provide services you have requested
Legitimate interest: To improve our services, prevent fraud, and conduct marketing activities
Legal obligation: To comply with applicable laws and respond to lawful requests
Consent: For marketing communications and certain cookie usage where consent is required

5. Sharing Your Information with Third Parties

We do not sell, rent, or trade your personal information for monetary compensation. However, we may share your information in the following circumstances:

5.1 Service Providers and Business Partners

We engage trusted third-party vendors and service providers to assist us in operating our business. These parties are authorized to use your information only as necessary to perform services on our behalf and are contractually obligated to protect your data. Categories of service providers include:

Payment processors (e.g., Stripe, Square, or similar providers)
Delivery and logistics partners
Email marketing platforms and communication tools
Cloud hosting and data storage providers
Website analytics providers (e.g., Google Analytics)
Customer relationship management (CRM) software providers
Fraud detection and identity verification services

5.2 Legal Requirements and Law Enforcement

We may disclose your information to government authorities, law enforcement agencies, or other third parties when we believe in good faith that disclosure is necessary to:

Comply with a legal obligation, court order, or government regulation
Protect and defend the legal rights of Costa Vida
Investigate or prevent fraud, security incidents, or illegal activity
Protect the vital interests of our customers or the general public

5.3 Business Transfers

In the event that Costa Vida undergoes a merger, acquisition, asset sale, reorganization, or bankruptcy proceeding, your personal information may be transferred as part of that business transaction. We will notify you via email or a prominent notice on our website before your data is transferred and becomes subject to a different privacy policy.

5.4 Aggregated or Anonymized Data

We may share aggregated, de-identified, or anonymized information with third parties, including advertisers, research organizations, or industry partners, for purposes such as analytics and trend reporting. This type of shared data cannot reasonably be used to identify you personally.

5.5 With Your Consent

We may share your information with other third parties when you have provided your explicit consent to do so, such as opting into a third-party rewards program or participating in a co-branded promotion.

6. Cookie Policy Summary

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and support our marketing efforts. Cookies are small text files placed on your device when you visit a website.

We use the following categories of cookies:

Strictly Necessary Cookies: Required for the website to function properly. These cannot be disabled without impairing core functionality.
Performance and Analytics Cookies: Help us understand how visitors interact with the website and identify areas for improvement.
Functional Cookies: Remember your preferences (e.g., language, location, saved cart items) to provide a more personalized experience.
Marketing and Advertising Cookies: Used to deliver relevant advertisements based on your browsing habits and interests.

You can manage your cookie preferences through your browser settings or our cookie consent tool. Please note that disabling certain cookies may affect the functionality of our website. For full details, please refer to our Cookie Policy.

7. Data Security

We take the security of your personal information seriously and implement a variety of technical, organizational, and administrative safeguards to protect your data from unauthorized access, disclosure, alteration, or destruction. Our security measures include:

Encryption: All data transmitted between your browser and our servers is encrypted using SSL/TLS protocols. Payment data is handled using industry-standard encryption.
Access Controls: Access to personal data is restricted to employees and contractors who need it to perform their job duties. All personnel are bound by confidentiality obligations.
Password Security: User account passwords are stored using strong one-way cryptographic hashing algorithms.
Regular Security Audits: We conduct periodic security assessments and vulnerability tests to identify and address potential risks.
Incident Response Plan: We have established procedures to detect, respond to, and notify affected users in the event of a data breach, in compliance with applicable U.S. state breach notification laws.
Third-Party Vetting: We assess the security practices of our service providers before engaging them.

Despite our best efforts, no method of data transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security. If you believe your account or personal information has been compromised, please contact us immediately at [email protected].

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Our general retention practices are as follows:

Category of Data	Retention Period
Account and profile information	Duration of account activity, plus 3 years after account closure
Order and transaction records	7 years (for tax and accounting compliance)
Customer support communications	3 years from the date of communication
Marketing preferences and consent records	Until consent is withdrawn, plus 1 year
Website usage and analytics data	Up to 26 months (in line with analytics platform defaults)
Cookie and tracking data	As defined per cookie type (session cookies expire when you close your browser; persistent cookies expire as per their set duration)
Security and fraud prevention logs	Up to 5 years

When personal data is no longer required, we will securely delete or anonymize it in accordance with our internal data disposal procedures.

9. Your Rights and Choices

Depending on your state of residence within the United States, you may have certain rights with respect to your personal information. We are committed to honoring these rights in accordance with applicable law.

9.1 Rights Available to All U.S. Users

Right to Know / Access: You may request a copy of the personal information we hold about you, including the categories of data collected, the purposes for which it is used, and any third parties with whom it has been shared.
Right to Correction: You may request that we correct inaccurate or incomplete personal information we maintain about you.
Right to Deletion: You may request that we delete your personal information, subject to certain legal exceptions (e.g., data required to complete a transaction, comply with a legal obligation, or prevent fraud).
Right to Opt-Out of Marketing: You may opt out of receiving commercial email communications from us at any time by using the unsubscribe link in emails or by contacting us directly.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

9.2 Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, you are entitled to additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), including:

Right to Know Specific Information: The right to request disclosure of the specific pieces of personal information collected about you.
Right to Data Portability: The right to receive your personal information in a portable, readily usable format where technically feasible.
Right to Opt-Out of Sale or Sharing: Although we do not sell personal information for monetary value, if we engage in any activity that constitutes a "sale" or "sharing" of personal data under the CCPA/CPRA, you have the right to opt out. You may exercise this right via the "Do Not Sell or Share My Personal Information" link on our website.
Right to Limit Use of Sensitive Personal Information: You have the right to limit the use and disclosure of sensitive personal information (as defined under the CPRA) to what is necessary to perform the requested services.
Right to Correct: The right to request correction of inaccurate personal information.

To exercise any of these rights, please submit a verifiable consumer request to [email protected]. We will respond to your request within 45 calendar days, with a possible extension of an additional 45 days where necessary, as permitted by law.

9.3 Authorized Agent

You may designate an authorized agent to make a request on your behalf. We will require written proof of authorization and may verify the identity of both the consumer and the agent before processing the request.

10. Children's Privacy

Our website and services are intended for use by individuals who are 18 years of age or older. We do not knowingly collect, solicit, or process personal information from children under the age of 13, and we do not direct our services to minors.

If you are under 18 years of age, please do not use our website or provide any personal information to us. If you are under 13 years old, your use of this website is strictly prohibited.

If we become aware that we have inadvertently collected personal information from a child under the age of 13 without verifiable parental consent, we will take immediate steps to delete that information from our systems in accordance with the Children's Online Privacy Protection Act (COPPA).

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected] so that we may take appropriate action.

11. International Data Transfers

Costa Vida is based in the United States, and all data processing activities are primarily conducted within the United States. If you are accessing our website from outside the United States, please be aware that your personal information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country of residence.

By using our website and services, you consent to the transfer of your information to the United States and acknowledge that such transfers are necessary to provide you with the services you have requested.

Where we engage third-party service providers that may process data internationally, we ensure that appropriate safeguards are in place, such as data processing agreements, standard contractual clauses, or other legally recognized mechanisms, to protect the security and privacy of your information during such transfers.

12. Third-Party Websites and Links

Our website may contain links to third-party websites, platforms, or services that are not operated by us. This Privacy Policy does not apply to those third-party platforms. We encourage you to review the privacy policies of any third-party sites you visit, as we have no control over their content or privacy practices and accept no responsibility for them.

Examples of third-party integrations that may be present on our website include social media sharing buttons, embedded maps, payment gateway interfaces, and external review platforms.

13. Do Not Track Signals

Some web browsers offer a "Do Not Track" (DNT) feature that signals to websites that the user does not want their online activities tracked. At this time, our website does not respond to browser-initiated DNT signals in a standardized manner, as there is currently no universally agreed-upon standard for how websites should respond to such signals. We will update our practices if a recognized DNT standard is adopted.

California residents may also make use of the Global Privacy Control (GPC) signal. Where technically feasible and legally required, we will honor GPC signals as opt-out requests under the CCPA/CPRA.

14. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our business practices, applicable laws, or technology. When we make material changes to this policy, we will:

Update the "Last Updated" date at the top of this page
Post the revised policy on our website at vidascosta.digital
Where required by law or where the changes materially affect your rights, notify you by email or via a prominent notice on our website

Your continued use of our website or services after the effective date of any revised Privacy Policy constitutes your acceptance of the updated terms. We encourage you to review this page periodically to stay informed about our privacy practices.

15. How to File a Complaint

If you have concerns about how we handle your personal information and you feel that your privacy rights have been violated, we encourage you to first contact us directly so that we may attempt to resolve the matter:

Costa Vida — Privacy Inquiries
Email: [email protected]
Website: vidascosta.digital

We will acknowledge your complaint within 5 business days and aim to resolve it within 30 calendar days.

15.1 Federal Trade Commission (FTC)

If you are a U.S. resident and believe that we have engaged in unfair or deceptive privacy practices, you have the right to file a complaint with the Federal Trade Commission (FTC), the primary federal consumer protection authority in the United States:

Website: www.ftc.gov/complaint
Phone: 1-877-382-4357 (1-877-FTC-HELP)
Mailing Address: Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580

15.2 California Residents — California Privacy Protection Agency (CPPA)

California residents who believe their rights under the CCPA/CPRA have been violated may file a complaint with the California Privacy Protection Agency (CPPA):

Website: cppa.ca.gov
Email: [email protected]

15.3 State Attorney General Offices

Depending on your state of residence, you may also have the right to file a complaint with your state's Attorney General office, many of which have consumer protection divisions that handle privacy-related complaints. You may locate your state's Attorney General at www.naag.org.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to reach out to us through any of the following channels:

Costa Vida — Privacy Contact Information

Email: [email protected]

Website: vidascosta.digital

Business Hours: Monday through Friday, 9:00 AM – 5:00 PM (local time)

We value your trust and are dedicated to handling your personal information with transparency, respect, and the highest standards of data privacy and security. Thank you for choosing Costa Vida.