Privacy Policy

This Privacy Policy describes how Costa Vida ("we," "us," or "our") collects, uses, discloses, and safeguards your personal information when you visit our website at costaxvida.click, place orders, interact with our services, or otherwise engage with us. Please read this policy carefully. If you do not agree with the terms of this Privacy Policy, please discontinue use of our website and services immediately.

We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about our policy or our practices with regard to your personal information, please contact us at [email protected].

1. Who We Are

Costa Vida is a food service business operating in the United States. We operate through our website costaxvida.click and provide food-related products and services to our customers. For the purposes of applicable data protection and privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and consistent with the Federal Trade Commission (FTC) Act, Costa Vida acts as the data controller for personal information collected through this website.

Contact Information for Privacy Matters

Company Name Costa Vida
Website costaxvida.click
Email Address [email protected]

2. Information We Collect

We collect information about you in a variety of ways depending on how you interact with us. Below is a comprehensive breakdown of the categories of personal information we may collect.

2.1 Personal Identification Information

When you create an account, place an order, sign up for our newsletter, or otherwise interact with our services, we may collect the following types of personal identification information:

  • Full name — to identify you and personalize your experience
  • Email address — to send order confirmations, receipts, and marketing communications
  • Phone number — to facilitate order updates and customer support
  • Mailing or delivery address — to fulfill food delivery orders
  • Date of birth — to verify age eligibility and provide birthday promotions
  • Payment information — including credit/debit card numbers, billing addresses, and payment processor tokens (note: full payment card details are processed by our PCI-compliant third-party payment processors and are not stored directly by us)
  • Username and password — for account creation and authentication purposes

2.2 Usage Data and Behavioral Information

When you visit costaxvida.click, we automatically collect certain information about your interactions with our website. This may include:

  • Pages viewed and time spent on each page
  • Links clicked and features used
  • Search queries entered on our website
  • Items added to your cart or wishlist
  • Order history and purchasing patterns
  • Referral URLs (how you arrived at our site)
  • Session duration and navigation paths

2.3 Device and Technical Information

We automatically collect technical information from your device and browser when you access our website, including:

  • IP address — used for geolocation, fraud prevention, and security purposes
  • Browser type and version (e.g., Chrome, Firefox, Safari)
  • Operating system (e.g., Windows, macOS, iOS, Android)
  • Device type (desktop, mobile, tablet)
  • Screen resolution and language settings
  • Time zone
  • Unique device identifiers
  • Cookie identifiers and similar tracking technologies

2.4 Location Data

With your consent, we may collect precise or approximate geolocation data from your mobile device or browser. We use this information to show you nearby Costa Vida locations, provide relevant menu options, and improve our delivery services. You can disable location tracking through your device or browser settings at any time.

2.5 Communications and Feedback

If you contact us via email, telephone, chat, or through our website contact forms, we collect the content of your messages, including any attachments, feedback, complaints, or inquiries you send us. We also collect your responses to surveys, reviews, or promotional activities.

2.6 Information From Third Parties

We may receive information about you from third-party sources, including:

  • Social media platforms (if you log in or connect your account via social login)
  • Third-party food delivery platforms and partners
  • Analytics providers and advertising networks
  • Data brokers and marketing list providers (only where permitted by law)
  • Fraud prevention and identity verification services

3. How We Use Your Information

We use the personal information we collect for a variety of legitimate business purposes. These include:

3.1 Providing and Managing Our Services

  • Processing and fulfilling your food orders
  • Managing your customer account
  • Sending order confirmations, receipts, and delivery updates
  • Responding to your customer service inquiries and support requests
  • Facilitating payment transactions and preventing fraudulent charges
  • Providing access to your order history and account preferences

3.2 Improving Our Website and Services

  • Analyzing how users interact with our website to identify areas for improvement
  • Conducting internal research and data analytics
  • Testing new features, menu items, or website designs
  • Monitoring and maintaining the security and performance of our systems
  • Diagnosing and troubleshooting technical issues

3.3 Marketing and Promotional Communications

  • Sending you newsletters, promotional offers, and special deals (with your consent where required)
  • Personalizing your experience based on your preferences and order history
  • Displaying targeted advertisements on our website or third-party platforms
  • Running loyalty programs, contests, and promotional campaigns
  • Conducting re-marketing activities to remind you of items left in your cart

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any marketing email or by contacting us at [email protected].

3.4 Legal Compliance and Safety

  • Complying with applicable federal and state laws, regulations, and legal processes
  • Enforcing our Terms of Service and other legal agreements
  • Protecting the rights, property, and safety of Costa Vida, our customers, and the public
  • Detecting and preventing fraud, unauthorized access, and other illegal activities
  • Responding to lawful requests from government authorities or law enforcement agencies

4. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and deliver targeted advertising. Cookies are small text files stored on your device when you visit a website.

4.1 Types of Cookies We Use

  • Strictly Necessary Cookies: Essential for the website to function correctly, including shopping cart functionality and user authentication.
  • Performance and Analytics Cookies: Help us understand how visitors interact with our website (e.g., Google Analytics).
  • Functional Cookies: Remember your preferences such as language, location, and login status.
  • Targeting and Advertising Cookies: Used to deliver relevant advertisements and track the effectiveness of our marketing campaigns.

4.2 Managing Your Cookie Preferences

You can control and manage cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or notify you when a new cookie is set. Please note that disabling cookies may affect the functionality of our website. For more detailed information about the cookies we use, please refer to our full Cookie Policy available on our website.

4.3 Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature. At this time, there is no industry-wide consensus on how websites should respond to DNT signals, and our website does not currently alter its data collection practices in response to DNT signals. We will update this policy if and when a standardized approach becomes available.

5. Sharing Your Personal Information With Third Parties

We do not sell your personal information in the traditional sense. However, we may share your information with select third parties in the following circumstances:

5.1 Service Providers and Business Partners

We work with trusted third-party companies that provide services on our behalf. These service providers are only given access to the personal information they need to perform their functions and are contractually obligated to maintain confidentiality and security. They may include:

  • Payment processors (e.g., Stripe, Square, PayPal)
  • Food delivery and logistics partners
  • Cloud hosting and data storage providers
  • Email marketing and communications platforms
  • Website analytics providers (e.g., Google Analytics)
  • Customer relationship management (CRM) software providers
  • Fraud detection and identity verification services
  • Advertising networks and social media platforms

5.2 Legal Requirements and Law Enforcement

We may disclose your personal information when we believe in good faith that disclosure is necessary to:

  • Comply with a subpoena, court order, or other legal process
  • Respond to lawful requests by public authorities, including for national security or law enforcement purposes
  • Protect and defend the rights or property of Costa Vida
  • Prevent or investigate possible wrongdoing in connection with our services
  • Protect the personal safety of our users or the public

5.3 Business Transfers

If Costa Vida undergoes a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of its assets, your personal information may be transferred as part of that transaction. We will notify you via email or prominent notice on our website before your data is transferred and becomes subject to a different privacy policy.

5.4 With Your Consent

We may share your information with other third parties when we have your explicit consent to do so, such as when you participate in co-branded promotions or referral programs.

5.5 "Selling" and "Sharing" Under California Law

Under the CCPA/CPRA, certain disclosures of personal information to third parties for advertising purposes may constitute a "sale" or "sharing" of personal information. California residents have the right to opt out of such activities. Please see Section 8 of this policy for more information about your California privacy rights.

6. Data Security

We take the security of your personal information seriously and implement a variety of technical, administrative, and physical security measures designed to protect your information from unauthorized access, use, alteration, or destruction.

6.1 Security Measures We Implement

  • SSL/TLS Encryption: All data transmitted between your browser and our servers is encrypted using Secure Socket Layer (SSL) or Transport Layer Security (TLS) protocols.
  • Access Controls: We restrict access to personal information to authorized employees and contractors who have a legitimate business need to access it.
  • Password Hashing: User passwords are stored using industry-standard cryptographic hashing algorithms, not in plain text.
  • Firewalls and Intrusion Detection: We use network firewalls and intrusion detection systems to monitor for and prevent unauthorized access to our systems.
  • Regular Security Audits: We conduct periodic security assessments and vulnerability testing of our systems and infrastructure.
  • PCI-DSS Compliance: Our payment processing systems comply with the Payment Card Industry Data Security Standard (PCI-DSS).
  • Data Minimization: We collect only the personal information that is necessary for the purposes described in this policy.

6.2 Limitations of Security

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of your data. In the event of a data breach that affects your rights and freedoms, we will notify you and the relevant authorities as required by applicable law.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

7.1 Retention Periods

Type of Data Retention Period
Account and Profile Information For the duration of your account, plus 3 years after account closure
Order and Transaction Records 7 years (for tax and financial compliance purposes)
Marketing Communications and Preferences Until you opt out, plus 2 years
Website Usage and Analytics Data 26 months (aligned with Google Analytics default retention)
Customer Support Records 3 years from the date of last interaction
Legal and Compliance Records As required by applicable law (typically 5–7 years)
Cookie and Tracking Data As defined in our Cookie Policy (generally up to 13 months)

When personal information is no longer needed, we will securely delete or anonymize it. If deletion is not immediately possible (for example, because information has been stored in backup archives), we will isolate it from further processing until deletion is possible.

8. Your Privacy Rights

Depending on your location within the United States, you may have various rights with respect to your personal information. We are committed to honoring these rights and providing you with the tools to exercise them.

8.1 Rights Available to All Users

  • Right to Access: You have the right to request a copy of the personal information we hold about you.
  • Right to Correction: You have the right to request that we correct any inaccurate or incomplete personal information.
  • Right to Deletion: You have the right to request that we delete your personal information, subject to certain exceptions (e.g., legal obligations, fraud prevention).
  • Right to Portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format.
  • Right to Opt Out of Marketing: You may opt out of receiving marketing communications from us at any time.

8.2 California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected it, the business or commercial purpose for collecting it, and the categories of third parties with whom we share it.
  • Right to Delete: You may request deletion of personal information we have collected from you, subject to exceptions permitted under California law.
  • Right to Correct: You may request correction of inaccurate personal information we maintain about you.
  • Right to Opt-Out of Sale or Sharing: You may direct us to not sell or share your personal information with third parties. To exercise this right, please contact us at [email protected] with the subject line "Do Not Sell or Share My Personal Information."
  • Right to Limit Use of Sensitive Personal Information: You may request that we limit our use of sensitive personal information (as defined under CPRA) to what is necessary for providing our services.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights. We will not deny goods or services, charge different prices, or provide a different level of service because you exercised your privacy rights.

8.3 How to Submit a Privacy Request

To exercise any of the rights described above, you may contact us by:

We will respond to your request within 45 days. If we require more time, we will notify you of the reason and extension period (up to an additional 45 days). We may need to verify your identity before processing your request. We will not charge a fee for processing your first request in any 12-month period, but we reserve the right to charge a reasonable fee for excessive or repetitive requests.

8.4 Authorized Agent

California residents may designate an authorized agent to submit a privacy request on their behalf. The authorized agent must provide written proof of their authority, and we may require direct verification from the individual whose rights are being exercised.

9. Children's Privacy

Our website and services are intended for individuals who are 18 years of age or older. We do not knowingly collect, solicit, or maintain personal information from children under the age of 13, as defined under the Children's Online Privacy Protection Act (COPPA), or from individuals under the age of 16 as provided under certain state privacy laws.

If we learn that we have inadvertently collected personal information from a child under the age of 13 without verifiable parental consent, we will take immediate steps to delete that information from our records. If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at [email protected].

We do not knowingly sell or share the personal information of consumers under 16 years of age. If we discover that we have collected personal information from a consumer between the ages of 13 and 16, we will obtain affirmative authorization before selling or sharing their information, consistent with the requirements of the CCPA/CPRA.

10. International Data Transfers

Costa Vida is based in the United States, and all data we collect is primarily processed and stored within the United States. If you are accessing our website from outside the United States, please be aware that your information may be transferred to, stored, and processed in a country whose data protection laws may differ from those in your home country.

By using our website and services, you acknowledge and consent to the transfer of your personal information to the United States and its processing in accordance with this Privacy Policy. We take appropriate safeguards to ensure that your personal information remains protected in accordance with applicable law, including entering into data processing agreements with international service providers where required.

If you are a resident of the European Economic Area (EEA), United Kingdom, or another jurisdiction with specific international data transfer requirements, please contact us to understand what additional protections apply to your data.

11. Third-Party Websites and Links

Our website may contain links to third-party websites, social media platforms, or other online services that are not operated by Costa Vida. This Privacy Policy does not apply to those third-party sites, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party websites you visit.

The inclusion of a link to a third-party website does not imply our endorsement of that website or its privacy practices.

12. Social Media Features

Our website may include social media features such as Facebook Like buttons, Instagram embeds, and Twitter share buttons. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our website. Your interactions with these features are governed by the privacy policies of the companies that provide them.

13. Compliance With the FTC Act and Federal Regulations

Costa Vida complies with the Federal Trade Commission (FTC) Act, which prohibits unfair or deceptive acts or practices in commerce. We are committed to transparency and honesty in all our data collection and processing activities. We do not engage in deceptive data collection practices and will not use your information in ways that are materially different from what we disclose in this Privacy Policy without first obtaining your consent or providing you with adequate notice and the opportunity to opt out.

We also comply with other applicable federal regulations, including but not limited to the CAN-SPAM Act (commercial email), the Telephone Consumer Protection Act (TCPA) (marketing calls and texts), and the Children's Online Privacy Protection Act (COPPA).

14. How to File a Complaint

If you believe that we have not handled your personal information in accordance with this Privacy Policy or applicable law, we encourage you to first contact us directly so that we may attempt to resolve your concern.

14.1 Contact Us First

Please send your complaint or concern to:

We will acknowledge receipt of your complaint within 10 business days and provide a substantive response within 30 days.

14.2 Filing a Complaint With a Regulatory Authority

If you are not satisfied with our response, or if you believe we are processing your personal data unlawfully, you have the right to file a complaint with the relevant regulatory authority:

  • Federal Trade Commission (FTC): You may file a complaint with the FTC at www.ftc.gov/complaint or by calling 1-877-FTC-HELP (1-877-382-4357). The FTC handles consumer protection complaints related to unfair or deceptive business practices, including privacy violations.
  • California Residents — California Privacy Protection Agency (CPPA): If you are a California resident and believe your CCPA/CPRA rights have been violated, you may file a complaint with the California Privacy Protection Agency at cppa.ca.gov.
  • California Residents — California Attorney General: You may also contact the California Attorney General's office at oag.ca.gov/privacy/ccpa regarding CCPA violations.
  • Other State Residents: Residents of states with comprehensive privacy laws (such as Virginia, Colorado, Connecticut, Texas, or other states with enacted consumer data privacy legislation) may also have the right to appeal our decisions regarding your privacy rights and to file complaints with the relevant state authority.

15. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. When we make material changes to this policy, we will:

  • Update the "Last Updated" date at the top of this page
  • Post a prominent notice on our website homepage
  • Send an email notification to registered users (where required by law)

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website and services after any changes to this policy constitutes your acceptance of the updated terms.

16. Consent

By using our website at costaxvida.click, registering for an account, placing an order, or otherwise interacting with our services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your personal information as described herein.

Where we rely on consent as the legal basis for processing your personal information (for example, for marketing communications), you have the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact our privacy team:

We are committed to working with you to obtain a fair resolution of any privacy concern or complaint. We take all privacy inquiries seriously and will respond to your request promptly and in accordance with applicable law.

This Privacy Policy was last updated on April 9, 2026 and is effective as of that date. © 2026 Costa Vida. All rights reserved.