Privacy Policy

Effective Date: April 26, 2026 | Last Updated: April 26, 2026

Welcome to Costa Vida. This Privacy Policy describes how Costa Vida ("we," "us," or "our") collects, uses, discloses, and safeguards your personal information when you visit our website at costvida.top, place food orders, use our digital services, or otherwise interact with us. Please read this policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access or use our services.

We are committed to protecting your privacy and handling your personal data in an open and transparent manner. This Privacy Policy is designed to comply with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other applicable consumer protection regulations.

1. About Us

Costa Vida is a food business operating in the United States. Our contact details for all privacy-related matters are as follows:

Company Name	Costa Vida
Address	United States
Phone	Not provided
Email	[email protected]
Website	costvida.top

2. Information We Collect

We collect various types of information in connection with your use of our website and services. The categories of personal information we collect are described below.

2.1 Personal Information You Provide Directly

When you interact with us — for example, by placing an order, creating an account, signing up for our newsletter, participating in promotions, or contacting our customer support — we may collect the following personal information:

Identification Information: Your full name, username, or similar identifiers.
Contact Information: Email address, mailing address, billing address, delivery address, and telephone number.
Account Credentials: Password and other security information used for authentication and account access.
Payment Information: Credit card numbers, debit card numbers, billing details, and other payment-related data. Note that full payment card numbers are processed by our third-party payment processors and are not stored on our servers.
Order Information: Details about the food items you have ordered, dietary preferences, special instructions, order history, and transaction records.
Communications: The content of messages you send us via email, contact forms, live chat, or other communication channels, including feedback, complaints, and inquiries.
Marketing Preferences: Your preferences regarding receiving marketing communications from us and your opt-in or opt-out status.
Promotional Entries: Information you provide when entering contests, sweepstakes, or other promotional activities.

2.2 Information Collected Automatically

When you access and use our website, we automatically collect certain technical and usage data, which may include:

Device Information: Device type, operating system and version, browser type and version, screen resolution, and unique device identifiers.
Log Data: Internet Protocol (IP) address, access times and dates, pages viewed, referring URLs, and other standard web server log information.
Usage Data: Clickstream data, search queries on our website, features used, time spent on pages, and other behavioral data about how you interact with our website and services.
Location Data: General geographic location inferred from your IP address. If you grant permission, we may also collect more precise location data (such as GPS coordinates) through your device to facilitate delivery services or to locate nearby Costa Vida locations.
Cookie and Tracking Data: Information collected via cookies, web beacons, pixels, local storage, and similar tracking technologies. Please refer to Section 8 (Cookie Usage) for more details.

2.3 Information from Third Parties

We may receive information about you from third-party sources, including:

Social Media Platforms: If you connect your social media account (such as Facebook, Google, or Apple) to our services or interact with our social media pages, we may receive certain profile information from those platforms, subject to their privacy settings and terms.
Delivery and Logistics Partners: Third-party delivery services that fulfill orders on our behalf may share information related to delivery status and your order experience.
Analytics Providers: Third-party analytics services may provide us with aggregated and anonymized data about website usage patterns.
Marketing and Advertising Partners: We may receive data from advertising partners to help us better understand our customer base and the effectiveness of our marketing campaigns.
Payment Processors: Our payment service providers may confirm transaction status or flag potential fraud.

2.4 Sensitive Personal Information

We may collect certain categories of sensitive personal information, such as dietary restrictions or food allergies that you voluntarily provide to us for the purpose of customizing your food orders. We use this information solely for the purpose of providing you with the food services you request and do not use it for unrelated purposes. In accordance with the CPRA, you have the right to limit our use of your sensitive personal information to purposes strictly necessary for providing our services.

3. How We Use Your Information

We use the personal information we collect for the following purposes:

3.1 Service Provision and Order Fulfillment

Processing and fulfilling your food orders, including delivery and pickup arrangements.
Creating, managing, and maintaining your customer account.
Processing payments and preventing fraudulent transactions.
Sending order confirmations, receipts, and updates about your orders.
Providing customer support and responding to your inquiries, complaints, and requests.
Facilitating loyalty programs, rewards, or other membership benefits.

3.2 Website and Service Improvement

Analyzing how visitors use our website and services to improve functionality and user experience.
Conducting research, testing, and development of new features and menu items.
Monitoring and analyzing trends, usage patterns, and activities in connection with our services.
Diagnosing and resolving technical problems and ensuring the security and integrity of our platform.

3.3 Marketing and Communications

Sending you promotional materials, special offers, newsletters, and updates about Costa Vida — but only where you have consented or where we have a legitimate interest to do so in compliance with applicable law.
Personalizing your experience and delivering content and advertisements relevant to your interests.
Conducting surveys, promotions, contests, and sweepstakes.
Measuring the effectiveness of our marketing campaigns and advertising.

3.4 Legal and Compliance Purposes

Complying with applicable federal, state, and local laws and regulations.
Enforcing our Terms of Service and other agreements.
Protecting the rights, privacy, safety, and property of Costa Vida, our customers, and the public.
Responding to lawful requests from courts, law enforcement agencies, regulatory authorities, and government bodies.
Detecting, preventing, and addressing fraud, security breaches, and other harmful or illegal activities.

3.5 Business Operations

Carrying out internal administrative and business operations, including accounting, auditing, and record-keeping.
Evaluating or conducting a merger, acquisition, reorganization, bankruptcy, or other business transaction involving all or a portion of our assets.

4. Sharing Your Information with Third Parties

We do not sell your personal information to third parties. However, we may share your information with the following categories of recipients under specific circumstances:

4.1 Service Providers and Business Partners

We work with carefully selected third-party companies and individuals who perform services on our behalf. These service providers are granted access to personal information only as necessary to perform their functions and are contractually obligated to protect your data. Categories of service providers include:

Payment processors and financial institutions
Food delivery logistics and courier services
Cloud hosting, data storage, and IT infrastructure providers
Customer relationship management (CRM) software providers
Email marketing and communication platforms
Analytics and website optimization services
Advertising networks and marketing agencies
Fraud detection and cybersecurity providers
Legal, accounting, and professional advisory services

4.2 Legal Requirements and Law Enforcement

We may disclose your personal information if required to do so by law, court order, or other legal process, or if we believe in good faith that such disclosure is necessary to:

Comply with a legal obligation, including obligations under the FTC Act and applicable state laws.
Protect and defend the rights, property, or safety of Costa Vida, our customers, or others.
Prevent, investigate, or address fraud, security issues, or technical problems.
Respond to requests from public authorities, including law enforcement agencies.

4.3 Business Transfers

In the event of a merger, acquisition, sale of assets, financing, reorganization, bankruptcy, or similar corporate transaction, your personal information may be transferred to the acquiring entity or successor organization. We will notify you via email and/or a prominent notice on our website before your personal information is transferred and becomes subject to a different privacy policy.

4.4 With Your Consent

We may share your personal information with other third parties when we have your express consent to do so, or when you direct us to share your data for a specific purpose.

4.5 Aggregated and De-Identified Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you with third parties for research, analytics, industry analysis, marketing, and other business purposes.

5. Data Security

We take the security of your personal information seriously and implement a range of technical, administrative, and physical safeguards designed to protect your data against unauthorized access, disclosure, alteration, and destruction. Our security measures include:

Encryption: We use industry-standard Secure Socket Layer (SSL) / Transport Layer Security (TLS) encryption to protect data transmitted between your browser and our servers.
Access Controls: Access to personal information is restricted to authorized personnel who need it to perform their job responsibilities. All such personnel are subject to confidentiality obligations.
Secure Payment Processing: Payment transactions are processed through PCI-DSS compliant third-party payment processors. We do not store full credit or debit card numbers on our systems.
Regular Security Assessments: We conduct periodic risk assessments, vulnerability scans, and security audits to identify and address potential weaknesses in our systems.
Incident Response: We maintain a data breach response plan and will notify affected users and relevant authorities in the event of a data breach, as required by applicable law.
Employee Training: Our staff receives regular training on data protection best practices and our internal privacy and security policies.

Important Notice: While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee the absolute security of your data and encourage you to take steps to protect your personal information, such as using strong passwords and keeping your account credentials confidential.

6. Your Privacy Rights

Depending on your state of residence, you may have certain rights regarding your personal information under applicable United States privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

6.1 Rights Available to California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights:

Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the sources from which it was collected, the business or commercial purposes for collection, and the categories of third parties with whom we share it.
Right to Access: You have the right to obtain a copy of the personal information we hold about you.
Right to Deletion: You have the right to request that we delete your personal information, subject to certain exceptions (such as where retention is required by law or necessary to complete transactions).
Right to Correction: You have the right to request correction of inaccurate personal information we hold about you.
Right to Opt-Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising. We do not sell personal information as traditionally defined, but if we engage in sharing that qualifies under the CPRA, you may exercise this right.
Right to Limit Use of Sensitive Personal Information: You have the right to direct us to limit the use of your sensitive personal information to purposes necessary for providing our services.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. This means we will not deny you goods or services, charge you different prices, or provide a different level or quality of service because you exercised your privacy rights.
Right to Data Portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format.

6.2 Rights Available to All Users

Regardless of your state of residence, we offer all users the following privacy choices:

Access and Update: You may access and update certain personal information by logging into your account and editing your profile settings.
Marketing Opt-Out: You may opt out of receiving marketing emails from us by clicking the "unsubscribe" link included in any marketing email, or by contacting us directly at [email protected].
Cookie Preferences: You may manage your cookie preferences through our cookie consent banner or your browser settings. See Section 8 for more information.

6.3 How to Exercise Your Rights

To exercise any of the rights described above, please submit a verifiable consumer request to us by:

Emailing us at: [email protected]
Visiting our website at: costvida.top

We will respond to verifiable consumer requests within 45 days of receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We may need to verify your identity before processing your request to protect the security of your information. We will not charge a fee for processing your request unless your request is excessive, repetitive, or manifestly unfounded. Authorized agents may also submit requests on your behalf, subject to verification requirements.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements, and to resolve disputes and enforce our agreements. The specific retention periods depend on the type of data and the purpose for which it is used:

Account Information: We retain your account information for as long as your account remains active and for a reasonable period thereafter (typically up to 3 years) in case you choose to reactivate your account or in the event of a dispute.
Order and Transaction Records: We retain order and payment records for up to 7 years to comply with tax, accounting, and financial record-keeping requirements under applicable U.S. law.
Marketing Communications Data: We retain your marketing preferences and communication history for as long as you remain subscribed, and for up to 2 years following your opt-out in case of any disputes or inquiries.
Usage and Analytics Data: Aggregated and anonymized usage data may be retained indefinitely for analytical and business improvement purposes. Identifiable usage data is generally retained for up to 2 years.
Customer Support Records: Communications related to customer support inquiries are retained for up to 3 years following the resolution of the inquiry.
Legal Hold: Notwithstanding the above, we may retain personal information for longer periods where required by law, regulation, court order, or for the establishment, exercise, or defense of legal claims.

When personal information is no longer needed, we securely delete or anonymize it in accordance with our data disposal procedures.

8. Cookie Usage

Our website uses cookies and similar tracking technologies (such as web beacons, pixels, local storage, and session identifiers) to enhance your browsing experience, analyze website traffic, and deliver personalized content and advertising.

8.1 Types of Cookies We Use

Strictly Necessary Cookies: These cookies are essential for the operation of our website. They enable core functions such as security, user authentication, and order processing. You cannot opt out of these cookies without affecting website functionality.
Performance and Analytics Cookies: These cookies help us understand how visitors interact with our website by collecting information such as pages visited, time spent, and errors encountered. We use this data to improve our website's performance.
Functionality Cookies: These cookies allow our website to remember choices you make (such as your preferred language, location, or login information) to provide a more personalized experience.
Targeting and Advertising Cookies: These cookies are used to deliver advertisements more relevant to your interests, both on our website and on third-party websites. They track your browsing habits and help measure the effectiveness of advertising campaigns.

8.2 Managing Your Cookie Preferences

You can manage or disable cookies through our cookie consent banner when you first visit our website. You may also adjust your browser settings to block or delete cookies. Please note that disabling certain cookies may affect the functionality of our website and your user experience. For more detailed information about the specific cookies we use and how to manage them, please refer to our Cookie Policy.

9. Children's Privacy

Age Restriction: Our website and services are intended for use by individuals who are 18 years of age or older. We do not knowingly collect personal information from children under the age of 18.

Costa Vida's website and food ordering services are not directed to children under the age of 18. We do not knowingly solicit, collect, or retain personal information from minors under 18 years of age. If you are under 18, please do not use our website or services, and do not provide any personal information to us.

If we become aware that we have inadvertently collected personal information from a child under the age of 18, we will take prompt steps to delete such information from our records. Parents or legal guardians who believe that their child may have provided personal information to us are encouraged to contact us immediately at [email protected] so that we can investigate and take appropriate action.

We comply with the Children's Online Privacy Protection Act (COPPA) and applicable state laws regarding the online collection of information from minors.

10. International Data Transfers

Costa Vida is based in the United States, and your personal information is primarily collected, processed, and stored within the United States. By using our website and services, you acknowledge and consent to the processing of your personal information in the United States, where data protection laws may differ from those in your country of residence.

If you access our website or services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States. We take appropriate safeguards to ensure that any international transfer of personal data is handled in compliance with applicable data protection laws, including through the use of contractual protections such as standard contractual clauses where required.

We may also use cloud service providers and other technology partners whose servers may be located in various countries. In all such cases, we require our service providers to maintain appropriate data protection standards consistent with applicable law and our own privacy commitments.

11. Third-Party Websites and Links

Our website may contain links to third-party websites, applications, or services that are not operated or controlled by Costa Vida. These links are provided for your convenience and informational purposes only. We have no control over the privacy practices or content of these third-party sites and are not responsible for their privacy policies or data handling practices.

We encourage you to review the privacy policies of any third-party websites you visit. The inclusion of a link to a third-party website on our website does not imply our endorsement or approval of that website's privacy practices or content.

12. California "Shine the Light" Law

California Civil Code Section 1798.83, also known as the "Shine the Light" law, permits California residents to request information about any personal information we have disclosed to third parties for their direct marketing purposes during the preceding calendar year. If you are a California resident and wish to make such a request, please contact us at [email protected] with "California Shine the Light Request" in the subject line. We will respond to your request within 30 days.

13. Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals websites that you do not want your online activities tracked. At this time, there is no universally accepted standard for how to respond to DNT signals, and our website does not currently respond to DNT signals. We will continue to monitor developments in DNT technology and standards and may update our practices accordingly.

14. How to File a Complaint with a Data Protection Authority

If you believe that we have violated your privacy rights, we encourage you to first contact us directly so we can address your concerns promptly. You may contact us at [email protected].

If you are not satisfied with our response, you have the right to file a complaint with the relevant data protection authority. In the United States, the primary regulatory authority for consumer privacy and unfair business practices is:

Federal Agency	Federal Trade Commission (FTC)
Website	www.ftc.gov
Complaint Portal	reportfraud.ftc.gov

California residents may also file a complaint with the California Privacy Protection Agency (CPPA), the state agency responsible for enforcing the CCPA/CPRA:

State Agency	California Privacy Protection Agency (CPPA)
Website	cppa.ca.gov

Residents of other states may also have the right to file complaints with their respective state attorney general's office or consumer protection agency regarding potential violations of state privacy laws.

15. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our business practices, legal requirements, or technological developments. When we make changes, we will revise the "Last Updated" date at the top of this policy and post the updated policy on our website at costvida.top.

For significant changes that materially affect your rights or our use of your personal information, we will provide more prominent notice, such as sending an email notification to the address associated with your account or displaying a prominent banner on our website. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information.

Your continued use of our website and services after the posting of changes to this Privacy Policy constitutes your acceptance of those changes.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact our privacy team:

Costa Vida — Privacy Inquiries
Email: [email protected]
Website: costvida.top
Location: United States

We are committed to working with you to resolve any concerns you may have about your privacy and the handling of your personal information. We will endeavor to respond to all privacy-related inquiries within 30 days of receipt.