Privacy Policy

Effective Date: July 3, 2026  |  Last Updated: July 3, 2026

This Privacy Policy describes how Costa Vida ("we," "us," "our," or "the Company") collects, uses, discloses, and protects your personal information when you visit our website at tacocostavida.click, place orders through our digital platforms, interact with our services, or otherwise engage with us. Please read this policy carefully before using our website or services.

By accessing or using our website and services, you acknowledge that you have read, understood, and agree to the collection and use of your information as described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not use our services.

Costa Vida is committed to protecting your privacy and handling your personal data in an open and transparent manner. This Privacy Policy complies with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and the Federal Trade Commission Act (FTC Act).


1. About Us

Costa Vida operates as a food service business in the United States. Our contact information is as follows:

Company Name Costa Vida
Website tacocostavida.click
Email Address [email protected]

For all privacy-related inquiries, requests, or concerns, please contact us using the information provided above or refer to the Contact Us section at the end of this policy.


2. Scope of This Privacy Policy

This Privacy Policy applies to:

  • All visitors to our website at tacocostavida.click
  • Customers who place orders or make reservations through our website or associated platforms
  • Users who create accounts or loyalty profiles with Costa Vida
  • Individuals who subscribe to our newsletters, promotions, or marketing communications
  • Anyone who contacts us through our website, email, or other digital channels
  • Users who interact with our social media pages or third-party platforms linked from our website

This Privacy Policy does not apply to third-party websites, applications, or services that may be linked from our website. We encourage you to review the privacy policies of any third-party services before providing your personal information to them.


3. Information We Collect

We collect various types of information in connection with the operation of our website and provision of our food services. The categories of information we collect are described below.

3.1 Personal Information You Provide Directly

When you interact with our website or services, you may voluntarily provide us with the following personal information:

  • Identity Information: Full name, username or display name
  • Contact Information: Email address, phone number, mailing address or delivery address
  • Account Credentials: Username and password (stored in encrypted format)
  • Payment Information: Credit or debit card numbers, billing address, and other payment details (processed through secure, PCI-DSS compliant third-party processors; we do not store full card numbers)
  • Order Information: Details of food items ordered, special dietary requirements, preferences, and order history
  • Communications: Messages, feedback, reviews, complaints, or inquiries you send to us
  • Loyalty Program Data: Points accumulated, rewards redeemed, and participation records in any promotional programs we operate
  • Survey Responses: Information you provide when completing surveys or participating in contests or promotions

3.2 Information Collected Automatically

When you visit our website, we automatically collect certain technical and usage information through cookies, web beacons, and similar technologies, including:

  • Device Information: IP address, browser type and version, operating system, device type (desktop, mobile, tablet), screen resolution, and device identifiers
  • Usage Data: Pages visited, time spent on each page, links clicked, search queries entered on our website, referring URLs, and exit pages
  • Log Data: Server logs, error reports, access timestamps, and diagnostic information
  • Location Data: General geographic location inferred from your IP address (city and country level); precise location data only with your explicit consent
  • Session Data: Session tokens, preferences saved during your visit, and shopping cart contents
  • Cookie Data: Data stored through cookies and similar tracking technologies as described in Section 8 of this Policy

3.3 Information from Third Parties

We may receive information about you from third-party sources, including:

  • Social Media Platforms: If you connect your social media account to our services or log in using social login features (such as Facebook or Google), we may receive your name, email address, profile picture, and other information authorized by you on that platform
  • Delivery Partners: Third-party food delivery services that fulfill orders on our behalf may share order and contact information with us
  • Analytics Providers: Aggregated insights about website traffic and user behavior from analytics tools we employ
  • Payment Processors: Confirmation of payment completion and billing verification data
  • Marketing Partners: Information that helps us better understand our customer base and improve our marketing efforts

3.4 Sensitive Personal Information

We may collect certain categories of sensitive personal information in limited circumstances, such as:

  • Dietary and Allergen Information: If you voluntarily disclose food allergies, dietary restrictions (such as vegetarian, vegan, gluten-free), or health-related food preferences when placing an order, we treat this as sensitive health-related data
  • Payment Card Data: Processed in compliance with Payment Card Industry Data Security Standards (PCI-DSS)

We use sensitive personal information only to provide the specific service you request and do not use it for additional purposes such as profiling or advertising without your explicit consent.


4. How We Use Your Information

We use the personal information we collect for the following purposes:

4.1 Service Provision and Order Fulfillment

  • To process and fulfill your food orders, including coordinating delivery or pickup logistics
  • To create and manage your account on our website
  • To process payments and issue refunds when applicable
  • To communicate with you about your orders, including order confirmations, updates, and receipts
  • To provide customer support and respond to your inquiries, complaints, and requests
  • To manage loyalty programs, rewards, and promotional offers

4.2 Website Operation and Improvement

  • To maintain and improve the functionality, security, and performance of our website
  • To analyze how users interact with our website and identify areas for improvement
  • To personalize your experience, including showing you relevant menu items, promotions, and content based on your order history and preferences
  • To conduct internal research and analytics to understand customer trends and preferences
  • To test new features and functionality before rolling them out broadly

4.3 Marketing and Communications

  • To send you promotional emails, special offers, newsletters, and updates about new menu items — but only where you have opted in to receive such communications or where we have a legitimate interest in contacting you as an existing customer
  • To display targeted advertising on our website or on third-party platforms (such as social media) based on your interests and browsing behavior, subject to your consent preferences
  • To run contests, surveys, sweepstakes, and other promotional activities
  • To measure the effectiveness of our marketing campaigns

4.4 Legal and Compliance Purposes

  • To comply with applicable federal, state, and local laws and regulations
  • To enforce our Terms of Service and other applicable agreements
  • To detect, prevent, and respond to fraud, security incidents, or illegal activity
  • To respond to legal requests, court orders, or government inquiries
  • To protect the rights, property, and safety of Costa Vida, our customers, and the public

5. Legal Basis for Processing (For California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) provides you with specific rights regarding your personal information. We process your personal information on the following legal grounds:

  • Contract Performance: Processing necessary to fulfill your orders, manage your account, or perform obligations under our Terms of Service
  • Legitimate Business Interests: Processing for our legitimate business interests, such as fraud prevention, security, website improvement, and analytics, where such interests are not overridden by your privacy rights
  • Consent: Processing based on your explicit consent, such as for marketing communications and non-essential cookies — you may withdraw consent at any time
  • Legal Obligation: Processing required to comply with applicable laws, regulations, or legal processes

6. Sharing Your Information with Third Parties

We do not sell your personal information to third parties for their own marketing purposes. However, we may share your information in the following limited circumstances:

6.1 Service Providers and Business Partners

We engage trusted third-party companies and individuals to perform services on our behalf, including:

  • Payment Processors: To securely process credit card and other payment transactions
  • Delivery Partners: To fulfill food delivery orders placed through our platform
  • Cloud Hosting and IT Services: To host our website and store data securely
  • Email and Communications Providers: To send transactional and marketing emails
  • Analytics Providers: Such as Google Analytics, to help us understand website usage patterns
  • Customer Support Tools: Platforms that help us manage and respond to customer inquiries
  • Marketing and Advertising Platforms: To serve targeted advertisements and measure campaign performance

All service providers are contractually required to process your data only on our behalf, in accordance with our instructions, and in compliance with applicable privacy laws. They are not permitted to use your personal information for their own independent purposes.

6.2 Legal Requirements and Law Enforcement

We may disclose your personal information if we believe disclosure is necessary or required by law, including:

  • In response to a valid subpoena, court order, or legal process
  • To comply with requests from government or regulatory authorities
  • To investigate potential violations of law or our policies
  • To protect the rights, property, or safety of Costa Vida, our users, or others

6.3 Business Transfers

In the event that Costa Vida undergoes a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred to the acquiring entity as part of that transaction. We will notify you via email or prominent notice on our website if such a transfer occurs and if your information becomes subject to a materially different privacy policy.

6.4 With Your Consent

We may share your information with third parties not described above when we have obtained your explicit consent to do so. You may withdraw your consent at any time by contacting us at [email protected].

6.5 Aggregated and Anonymized Data

We may share aggregated or anonymized information (which cannot reasonably be used to identify you) with partners, researchers, or for public reporting purposes without restriction.


7. Data Security

We take the security of your personal information seriously and implement a range of technical, organizational, and administrative safeguards to protect your data from unauthorized access, disclosure, alteration, or destruction.

7.1 Technical Safeguards

  • SSL/TLS Encryption: All data transmitted between your browser and our website is encrypted using Secure Socket Layer (SSL) / Transport Layer Security (TLS) protocols
  • Encrypted Data Storage: Sensitive data, including passwords and payment information, is stored using industry-standard encryption methods
  • PCI-DSS Compliance: Payment card data is processed through Payment Card Industry Data Security Standard (PCI-DSS) compliant payment processors
  • Firewalls and Intrusion Detection: We employ firewalls, intrusion detection systems, and other security tools to protect our infrastructure
  • Access Controls: Access to personal data is restricted to employees and contractors who have a legitimate business need to access it

7.2 Organizational Safeguards

  • Regular employee training on data privacy and security practices
  • Periodic security audits and vulnerability assessments
  • Data breach response plans and incident management procedures
  • Background checks and confidentiality obligations for employees with access to personal data

Despite these measures, no method of data transmission or storage is 100% secure. We cannot guarantee absolute security of your personal information. In the event of a data breach that affects your rights or freedoms, we will notify you and relevant regulatory authorities as required by applicable law.


8. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies (such as web beacons, pixel tags, and local storage) to enhance your browsing experience, analyze website performance, and serve relevant advertising.

8.1 Types of Cookies We Use

  • Strictly Necessary Cookies: Essential for the basic functioning of our website, including maintaining your session and shopping cart. These cannot be disabled.
  • Functional Cookies: Remember your preferences and settings (such as language, location, and saved items) to provide a more personalized experience.
  • Analytics Cookies: Help us understand how visitors interact with our website by collecting information about page views, traffic sources, and user behavior (e.g., Google Analytics).
  • Marketing and Advertising Cookies: Used to deliver targeted advertisements and track the effectiveness of our marketing campaigns. These are set only with your consent.

8.2 Managing Your Cookie Preferences

You can control and manage cookies in the following ways:

  • Using the cookie consent banner displayed when you first visit our website
  • Adjusting your browser settings to block or delete cookies
  • Using opt-out tools provided by advertising networks (such as the NAI opt-out page or the Digital Advertising Alliance's opt-out portal at www.aboutads.info/choices/)

Please note that disabling certain cookies may affect the functionality and performance of our website. For detailed information about the cookies we use, please refer to our Cookie Policy available on our website.


9. Your Privacy Rights

Depending on your location and applicable law, you may have the following rights with respect to your personal information:

9.1 Rights for California Residents (CCPA/CPRA)

If you are a California resident, the CCPA and CPRA provide you with the following rights:

  • Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the purposes for which we use it, and the third parties with whom we share it.
  • Right to Delete: You have the right to request deletion of personal information we have collected from you, subject to certain exceptions (for example, where we need the information to complete a transaction or comply with a legal obligation).
  • Right to Correct: You have the right to request that we correct inaccurate personal information we hold about you.
  • Right to Opt-Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising. We do not sell your personal information as traditionally defined, but we may share certain data with advertising partners.
  • Right to Limit Use of Sensitive Personal Information: You have the right to limit how we use and disclose sensitive personal information to only what is necessary to provide the requested service.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge you a different price, or provide you with a lower level of service because you exercised your privacy rights.
  • Right to Data Portability: You may request a copy of your personal information in a portable and readily usable format.

9.2 General Privacy Rights (All Users)

Regardless of your location, you have the following rights with us:

  • Right of Access: You may request a copy of the personal information we hold about you.
  • Right to Correction: You may request that we correct or update inaccurate or incomplete personal information.
  • Right to Deletion: You may request that we delete your personal information, subject to legal retention requirements.
  • Right to Withdraw Consent: Where we process your data based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before the withdrawal.
  • Right to Opt-Out of Marketing: You may unsubscribe from our marketing communications at any time by clicking the "unsubscribe" link in any email or by contacting us directly.

9.3 How to Exercise Your Rights

To exercise any of the rights described above, please submit a request to us by:

We will respond to your request within 45 days of receipt. In some cases, we may need to verify your identity before processing your request. If we are unable to verify your identity, we may be unable to process your request. We may extend our response time by an additional 45 days where reasonably necessary, provided we notify you of the extension.

You may designate an authorized agent to submit a request on your behalf. The authorized agent must provide written proof of authorization, and we may require you to directly verify your identity with us.


10. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. The retention periods we apply are as follows:

Category of Data Retention Period
Account and registration information For the duration of your account, plus 3 years after account closure
Order history and transaction records 7 years (for tax and accounting compliance)
Payment processing records As required by PCI-DSS standards and applicable financial regulations
Marketing preferences and consent records Until you withdraw consent, plus 3 years as a record of consent
Customer support communications 3 years from the date of last interaction
Website analytics and usage data 26 months (standard analytics retention period)
Cookie and tracking data As specified in our Cookie Policy (generally 12–24 months)
Legal and compliance records As required by applicable law (typically 5–7 years)

Upon expiration of the applicable retention period, we will securely delete or anonymize your personal information. Where deletion is not immediately possible (for example, because data is stored in backup archives), we will securely isolate your personal information and protect it from further processing until deletion is possible.


11. Children's Privacy

Important Notice: Our website and services are intended for users who are 18 years of age or older. We do not knowingly collect personal information from individuals under the age of 18.

Costa Vida's website and food ordering services are not directed to children under the age of 18. We do not knowingly collect, solicit, or use personal information from anyone under the age of 18. If you are under 18, please do not use our website or provide any personal information through our services.

If we become aware that we have inadvertently collected personal information from a child under the age of 18, we will take immediate steps to delete such information from our records. If you are a parent or guardian and believe that your child under the age of 18 has provided us with personal information without your consent, please contact us immediately at [email protected] so that we can take appropriate action.

This policy is consistent with the Children's Online Privacy Protection Act (COPPA), which prohibits the collection of personal information from children under 13 without verifiable parental consent. Our age threshold of 18 years is designed to provide an additional layer of protection for minors.


12. International Data Transfers

Costa Vida is based in the United States and primarily operates within the United States. However, some of our third-party service providers, including cloud hosting and analytics providers, may be located in or process data in countries outside the United States.

When your personal information is transferred internationally, we take appropriate steps to ensure that it receives a level of protection that is consistent with this Privacy Policy and applicable law. These steps may include:

  • Entering into data transfer agreements with service providers that incorporate standard contractual clauses or similar safeguards
  • Ensuring that service providers are certified under applicable data transfer frameworks or maintain equivalent privacy protections
  • Conducting due diligence on the privacy practices of international service providers before engaging them

If you are located outside the United States and choose to use our services, please be aware that your information will be transferred to, processed, and stored in the United States, where data protection laws may differ from those in your country. By using our services, you consent to this transfer and processing.


13. Third-Party Links and Services

Our website may contain links to third-party websites, social media platforms, or delivery service applications that are not operated or controlled by Costa Vida. This Privacy Policy does not apply to those third-party services. We are not responsible for the privacy practices of any third party, and we encourage you to review the privacy policies of any third-party websites or services before providing them with your personal information.

Third-party links on our website may include:

  • Food delivery platforms (such as DoorDash, Uber Eats, or Grubhub)
  • Social media platforms (such as Facebook, Instagram, or Twitter/X)
  • Payment processing services
  • Review and rating platforms (such as Yelp or Google Reviews)

14. Do Not Track (DNT) Signals

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that a user does not want to be tracked across websites. Because there is currently no industry-wide standard for how to respond to DNT signals, our website does not currently respond to browser DNT signals. However, you can manage your tracking preferences through our cookie consent tools and the opt-out mechanisms described in Section 8 of this Policy.

California residents should also note that California's "Shine the Light" law (California Civil Code Section 1798.83) allows California residents to request information about personal information disclosed to third parties for direct marketing purposes. To make such a request, please contact us at [email protected].


15. FTC Act Compliance

Costa Vida is committed to complying with the Federal Trade Commission Act (FTC Act), which prohibits unfair or deceptive acts or practices in or affecting commerce. We maintain commercially reasonable privacy and security practices consistent with FTC guidelines, including:

  • Providing clear and conspicuous notice of our data collection and use practices through this Privacy Policy
  • Implementing appropriate safeguards to protect personal information
  • Honoring our commitments to consumers regarding how their data is used
  • Not engaging in deceptive practices that would mislead consumers about our privacy practices
  • Providing consumers with reasonable choices about how their data is used for marketing purposes

16. Filing a Complaint with a Data Protection Authority

If you have concerns about how we handle your personal information that you believe we have not adequately addressed, you have the right to file a complaint with a relevant regulatory authority.

16.1 For California Residents

California residents may file a complaint with:

16.2 For All U.S. Residents

You may file a complaint with the Federal Trade Commission (FTC) regarding privacy or consumer protection concerns:

We encourage you to contact us first before filing a complaint with a regulatory authority, as we are committed to resolving privacy concerns promptly and fairly. You can reach us at [email protected].


17. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, applicable law, or for other operational, legal, or regulatory reasons. When we make material changes to this Privacy Policy, we will:

  • Post the updated Privacy Policy on this page with a revised "Last Updated" date
  • Send an email notification to registered users where the changes are significant
  • Display a prominent notice on our website homepage for a reasonable period after the update

Your continued use of our website and services after any changes to this Privacy Policy constitutes your acceptance of the updated policy. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. If you do not agree with the revised Privacy Policy, please discontinue use of our services and contact us to delete your account.


18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact our privacy team using the information below:

Privacy Contact Information — Costa Vida

Company Name: Costa Vida

Website: tacocostavida.click

Email: [email protected]

When contacting us about a privacy matter, please include the following information to help us process your request efficiently:

  • Your full name
  • Your email address associated with your account (if applicable)
  • A clear description of your request or concern
  • Any relevant supporting documentation

We are committed to responding to all privacy inquiries within 45 days of receipt. For California residents exercising CCPA/CPRA rights, we will acknowledge your request within 10 business days and provide a substantive response within 45 days (with the possibility of a 45-day extension if reasonably necessary).


This Privacy Policy was last updated on July 3, 2026. Costa Vida is committed to transparency and the responsible handling of your personal information. Thank you for trusting us with your data.