+1 504-528-9393 [email protected]
Mon-Fri: 9:00 AM - 6:00 PM

Privacy Policy

Last Updated: February 28, 2026

1. Introduction

At Costa Vida ("we," "our," or "us"), we are deeply committed to protecting your privacy and personal information. This comprehensive Privacy Policy explains how we collect, use, store, and protect your information when you use our website, mobile applications, order our food, visit our restaurants, or engage with our services in the United States.

This policy applies to all Costa Vida services, including online ordering, delivery services, dine-in experiences, catering services, loyalty programs, and any other interactions you may have with our brand. By using our services, creating an account, placing orders, or providing us with your information, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

Important Note: We never sell your personal data to third parties. Your trust is paramount to our business, and we are committed to maintaining the highest standards of privacy protection.

2. Information We Collect

2.1 Information You Provide Directly

We collect various types of personal information that you voluntarily provide to us through different channels:

  • Personal Identification Information: Full name, email address, phone number, postal address, date of birth, and gender
  • Account Information: Username, password (encrypted), security questions and answers, account preferences, and profile information
  • Order History and Food Preferences: Complete purchase history, favorite menu items, customization preferences, dietary restrictions, allergen information, spice level preferences, and frequency of orders
  • Delivery and Location Data: Home address, work address, delivery instructions, GPS coordinates for precise delivery, preferred delivery times, and location-based preferences
  • Payment Information: Credit/debit card details (encrypted and tokenized), billing address, payment method preferences, and transaction history
  • Special Dietary Requirements: Vegan, vegetarian, gluten-free, halal, kosher, keto, and other dietary preferences or restrictions
  • Allergen Information: Detailed allergen profiles to ensure safe food preparation and service
  • Loyalty Program Data: Rewards points, membership tier, earned benefits, redemption history, and program preferences
  • Table Reservation Information: Preferred seating, party size, special occasion details, accessibility requirements, and reservation history
  • Catering Event Details: Event type, guest count, menu selections, delivery logistics, setup preferences, and special requirements
  • Communication Records: Customer service interactions, feedback submissions, survey responses, reviews, ratings, and any correspondence with our team
  • Marketing Preferences: Communication preferences, subscription choices, promotional interests, and opt-in/opt-out selections

2.2 Information Collected Automatically

When you interact with our digital platforms, we automatically collect certain technical and usage information:

  • Device Information: IP address, device type, operating system, browser type and version, screen resolution, device identifiers, and hardware specifications
  • Usage Data: Pages visited, time spent on pages, click patterns, search queries, navigation paths, feature usage, session duration, and interaction patterns
  • Cookie and Tracking Data: Session identifiers, user preferences, shopping cart contents, login status, and analytics data
  • Location Information: Approximate location derived from IP address, GPS coordinates (with permission), and location preferences
  • Performance Data: App performance metrics, error logs, crash reports, and system diagnostics
  • Network Information: Internet service provider, network type, connection speed, and network quality metrics

2.3 Information from Third Parties

We may receive information about you from various third-party sources:

  • Social Media Platforms: Profile information, friends lists, and preferences when you connect your social media accounts
  • Payment Processors: Transaction verification, fraud prevention data, and payment method validation
  • Delivery Partners: Delivery status updates, driver information, and delivery performance metrics
  • Marketing Partners: Demographic information, interest profiles, and engagement metrics from authorized marketing collaborations
  • Data Aggregators: Publicly available information and verified contact details from legitimate data sources
  • Referral Programs: Information from friends who refer you to our services

3. How We Use Your Information

3.1 Service Provision and Enhancement

  • Order Processing: Managing your food orders, processing payments, coordinating kitchen preparation, and ensuring accurate order fulfillment
  • Delivery Services: Coordinating delivery logistics, tracking orders in real-time, providing delivery updates, and optimizing delivery routes
  • Account Management: Creating and maintaining user accounts, authenticating logins, managing preferences, and providing personalized experiences
  • Customer Support: Responding to inquiries, resolving issues, processing refunds, and providing technical assistance
  • Quality Improvement: Analyzing service performance, identifying areas for improvement, optimizing menu offerings, and enhancing user experience
  • Safety and Allergen Management: Ensuring proper handling of dietary restrictions and allergen information to prevent adverse reactions

3.2 Communication and Customer Engagement

  • Order Communications: Sending confirmation emails, delivery notifications, order ready alerts, and pickup reminders
  • Customer Support: Responding to questions, providing assistance, and following up on service issues
  • Important Notices: Communicating policy changes, service updates, security alerts, and other essential information
  • Marketing Communications: Sending promotional offers, new menu announcements, seasonal specials, and loyalty program updates (only with your explicit consent)
  • Feedback Collection: Requesting reviews, conducting satisfaction surveys, and gathering improvement suggestions

3.3 Marketing, Analytics, and Personalization

  • Personalized Recommendations: Suggesting menu items based on previous orders, dietary preferences, and seasonal availability
  • Targeted Advertising: Creating relevant advertisements based on your interests and preferences
  • Usage Analysis: Understanding how customers interact with our services to improve functionality and user experience
  • Market Research: Analyzing trends, customer preferences, and market demands to inform business decisions
  • Campaign Effectiveness: Measuring the success of marketing campaigns and promotional activities
  • Loyalty Program Management: Tracking rewards, managing benefits, and personalizing loyalty offers

3.4 Legal Compliance and Security

  • Legal Obligations: Complying with applicable laws, regulations, and industry standards
  • Fraud Prevention: Detecting and preventing fraudulent activities, unauthorized access, and security breaches
  • Dispute Resolution: Managing customer complaints, resolving conflicts, and handling legal matters
  • Safety Protection: Protecting the rights, property, and safety of our customers, employees, and business operations
  • Regulatory Compliance: Meeting food safety requirements, health regulations, and business licensing obligations

4. Information Sharing and Disclosure

4.1 Service Providers and Business Partners

We work with trusted third-party service providers who help us deliver our services. These partners are bound by strict confidentiality agreements and are only permitted to use your information for the specific services they provide to us:

  • Payment Processors: Secure processing of credit card transactions, fraud detection, and payment verification services
  • Delivery Services: Third-party delivery companies that fulfill your orders, including drivers and logistics coordinators
  • Cloud Storage Providers: Secure data hosting, backup services, and infrastructure management with enterprise-grade security
  • Email and Communication Services: Platforms for sending order confirmations, marketing emails, and customer communications
  • Analytics Providers: Services that help us understand website usage, app performance, and customer behavior patterns
  • Customer Support Tools: Platforms that enable us to provide efficient and effective customer service
  • Marketing Platforms: Services for managing advertising campaigns, social media presence, and promotional activities

4.2 Legal Requirements and Law Enforcement

We may disclose your information when required by law or when we believe such disclosure is necessary:

  • Legal Process: In response to court orders, subpoenas, search warrants, or other valid legal requests
  • Regulatory Compliance: To comply with applicable laws, regulations, and governmental requests
  • Safety and Security: To protect the rights, property, and safety of Costa Vida, our customers, employees, or the public
  • Emergency Situations: In cases where disclosure is necessary to prevent harm or address emergency situations
  • Fraud Investigation: To investigate, prevent, or take action regarding suspected fraud, illegal activities, or violations of our terms

4.3 Business Transfers

In the event of a merger, acquisition, sale of assets, or other business transition, your information may be transferred to the new entity:

  • Customer Notification: We will provide advance notice of any such transfer through email and website announcements
  • Policy Compliance: Any acquiring company will be required to honor this Privacy Policy or provide you with notice of changes
  • Opt-out Options: You will have the opportunity to delete your account before any transfer if you choose not to continue

4.4 With Your Explicit Consent

We may share your information with other parties when you provide explicit consent for specific purposes, such as:

  • Participation in joint promotional campaigns
  • Integration with third-party applications or services
  • Sharing reviews or testimonials publicly
  • Participation in market research studies

5. Data Security

5.1 Technical Security Measures

We implement comprehensive technical safeguards to protect your personal information:

  • Encryption: All data transmission is protected using SSL/TLS encryption with 256-bit security protocols
  • Data Storage: Personal information is stored on secure servers with advanced encryption at rest
  • Firewall Protection: Multiple layers of firewall systems protect against unauthorized access attempts
  • Access Controls: Strict role-based access controls ensure only authorized personnel can access personal data
  • Monitoring Systems: 24/7 security monitoring and intrusion detection systems continuously protect our infrastructure
  • Regular Backups: Automated, encrypted backups ensure data integrity and availability
  • Vulnerability Testing: Regular security assessments and penetration testing to identify and address potential weaknesses

5.2 Organizational Security Measures

Our organizational practices complement our technical security measures:

  • Employee Training: Comprehensive privacy and security training for all staff members who handle personal data
  • Access Policies: Strict policies governing who can access personal information and under what circumstances
  • Confidentiality Agreements: All employees and contractors sign confidentiality agreements protecting customer information
  • Incident Response: Detailed procedures for identifying, containing, and responding to security incidents
  • Regular Audits: Periodic internal and external audits to ensure compliance with security standards
  • Vendor Management: Due diligence and ongoing monitoring of third-party service providers' security practices

5.3 Your Security Responsibilities

While we implement strong security measures, you also play a crucial role in protecting your information:

  • Strong Passwords: Use unique, complex passwords with a combination of letters, numbers, and symbols
  • Password Protection: Never share your account credentials with others
  • Secure Logout: Always log out of your account when using public or shared computers
  • Phishing Awareness: Be cautious of suspicious emails or messages requesting personal information
  • Software Updates: Keep your devices and applications updated with the latest security patches
  • Incident Reporting: Immediately report any suspicious activity or unauthorized access to your account

5.4 Security Breach Notification

In the unlikely event of a data security breach that affects your personal information, we will:

  • Notify affected customers within 72 hours of discovery
  • Report the incident to relevant regulatory authorities as required by law
  • Provide clear information about what happened and what data was involved
  • Outline the steps we are taking to address the incident and prevent future occurrences
  • Offer guidance on protective measures you can take

6. Cookies and Tracking Technologies

We use various types of cookies and tracking technologies to enhance your experience on our website and mobile applications. The table below provides detailed information about each type:

Cookie Type Purpose Duration
Essential Cookies Basic site functionality, secure login, shopping cart maintenance, session management Session duration (deleted when browser closes)
Functional Cookies User preferences, language settings, location preferences, accessibility options Up to 1 year
Analytics Cookies Website usage analysis, performance monitoring, user behavior insights, improvement identification Up to 2 years
Marketing Cookies Personalized advertising, campaign measurement, retargeting, interest profiling Up to 1 year
Social Media Cookies Social sharing functionality, social media integration, content personalization Varies by platform (30 days to 2 years)

6.1 Tracking Technologies We Use

  • Google Analytics: Comprehensive website traffic analysis, user behavior tracking, and conversion measurement
  • Facebook Pixel: Advertisement effectiveness measurement, custom audience creation, and conversion tracking
  • Web Beacons: Email open rate tracking, campaign effectiveness measurement, and user engagement analysis
  • Local Storage: Browser-based data storage for improved performance and user experience
  • Session Storage: Temporary data storage for single-session functionality

6.2 Cookie Management and Control

You have full control over cookie preferences through multiple methods:

  • Browser Settings: Configure your browser to accept, reject, or delete cookies according to your preferences
  • Cookie Banner: Use our website's cookie consent banner to customize your preferences
  • Opt-out Tools: Utilize industry opt-out tools for advertising cookies and tracking
  • Account Settings: Manage tracking preferences through your Costa Vida account dashboard

Important Note: Disabling certain cookies may affect website functionality, including the ability to place orders, save preferences, or access account features.

7. Your Privacy Rights

We respect and uphold your fundamental privacy rights. Depending on your location and applicable laws (including GDPR, CCPA, and other privacy regulations), you may have the following rights:

7.1 Right of Access

You have the right to request and receive a copy of the personal information we hold about you, including:

  • Confirmation of whether we process your personal data
  • Detailed information about the data we collect and store
  • The purposes for which your data is used
  • Information about third parties who receive your data
  • The source of your personal data if not collected directly from you

7.2 Right to Rectification

You can request correction of inaccurate or incomplete personal information, including:

  • Updating contact information and delivery addresses
  • Correcting billing information and payment details
  • Modifying dietary preferences and allergen information
  • Updating account preferences and settings

7.3 Right to Erasure (Right to be Forgotten)

You may request deletion of your personal data when:

  • The data is no longer necessary for the original purpose
  • You withdraw consent for data processing
  • Your data has been unlawfully processed
  • Legal compliance requires data deletion

7.4 Right to Restrict Processing

You can request limitation of how we use your personal information in specific circumstances:

  • When you contest the accuracy of your personal data
  • If processing is unlawful but you prefer restriction over deletion
  • When you need the data for legal claims but we no longer need it
  • While we verify legitimate grounds for processing following your objection

7.5 Right to Data Portability

You have the right to receive your personal data in a structured, machine-readable format and transmit it to another service provider, including:

  • Order history and transaction records
  • Account information and preferences
  • Loyalty program data and rewards information
  • Communication preferences and settings

7.6 Right to Object

You can object to certain types of data processing, particularly:

  • Direct marketing communications and promotional offers
  • Profiling for marketing purposes
  • Processing based on legitimate interests
  • Automated decision-making processes

7.7 Right Against Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produces legal effects or significantly affects you.

7.8 How to Exercise Your Rights

To exercise any of these rights, please contact us using the following methods:

Email: [email protected]

Phone: +1 504-528-9393

Mail: Costa Vida Privacy Team
800 Tchoupitoulas St, New Orleans, LA 70130, USA

Online: Through your account settings or our contact form

We will respond to your request within 30 days and may require identity verification to ensure the security of your personal information.

8. Children's Privacy

Costa Vida is committed to protecting the privacy of children. Our services are not intended for individuals under 16 years of age, and we do not knowingly collect personal information from children.

8.1 Our Commitments

  • We do not intentionally collect, use, or share personal information from children under 16
  • Our website and mobile applications are designed for adult users
  • We do not target advertising to children
  • We require users to confirm they are 16 or older when creating accounts

8.2 If You Are a Parent or Guardian

If you believe your child under 16 has provided us with personal information, please contact us immediately at [email protected]. We will promptly investigate and, if necessary, delete the child's information from our systems.

Parents and guardians have the right to:

  • Review any personal information we may have collected about their child
  • Request deletion of their child's personal information
  • Refuse to permit further collection or use of their child's information

9. International Data Transfers

As a company operating in the United States with potential international service providers, we may transfer your personal information across borders. We ensure all international transfers comply with applicable privacy laws and regulations.

9.1 Protection Measures

When transferring data internationally, we implement appropriate safeguards:

  • Adequacy Decisions: We rely on European Commission adequacy decisions for transfers to countries with adequate data protection
  • Standard Contractual Clauses (SCCs): We use EU-approved standard contractual clauses for transfers to countries without adequacy decisions
  • Data Processing Agreements: Comprehensive agreements with all international service providers governing data protection
  • Security Measures: Technical and organizational measures to ensure data security during transfer and processing
  • Regular Audits: Ongoing compliance monitoring and auditing of international transfer arrangements

9.2 Transfer Destinations

Your personal information may be transferred to and processed in the following regions:

  • United States: Our primary data centers and cloud storage infrastructure
  • European Union: Analytics services and data processing partners
  • Other Countries: As necessary for service provision, always with appropriate protection measures

10. Data Retention Periods

We retain your personal information only as long as necessary for the purposes outlined in this Privacy Policy and as required by applicable laws. The table below outlines our retention periods for different types of information:

Information Type Retention Period Reason for Retention
Account Information 6 months after account deletion Legal obligations, fraud prevention, dispute resolution
Order and Purchase History 7 years from last transaction Tax requirements, accounting obligations, warranty claims
Payment Information As required by payment processors (typically 1-3 years) Fraud prevention, chargeback disputes, refund processing
Marketing Consent Records 3 years after consent withdrawal Proof of consent, compliance with marketing regulations
Website Usage Logs Up to 2 years Security monitoring, analytics, performance optimization
Customer Support Records 3 years from last interaction Service quality improvement, training purposes
Loyalty Program Data 3 years after program termination Benefit fulfillment, program analysis, customer service
Dietary and Allergen Information Until account deletion or update Food safety, allergen management, customer safety

10.1 Safe Data Disposal

When personal information reaches the end of its retention period, we ensure secure disposal:

  • Electronic Data: Complete and irreversible deletion using industry-standard data wiping techniques
  • Physical Records: Secure shredding and destruction of paper documents
  • Backup Systems: Systematic removal from all backup and archive systems
  • Third-Party Data: Coordination with service providers to ensure complete data removal
  • Disposal Records: Maintenance of disposal logs for compliance and audit purposes

11. Third-Party Links and Services

Our website and mobile applications may contain links to external websites, social media platforms, or third-party services that are not operated by Costa Vida. This Privacy Policy applies only to our services and does not cover third-party practices.

11.1 Our Responsibilities

  • We are not responsible for the privacy practices of external websites or services
  • We do not control the content or policies of third-party sites
  • We cannot guarantee the security of information you provide to external services
  • Links to third-party sites do not constitute endorsement of their privacy practices

11.2 Your Responsibilities

  • Review the privacy policies of third-party websites before providing personal information
  • Understand that different privacy rules may apply on external sites
  • Exercise caution when sharing personal information on third-party platforms
  • Contact third-party services directly with privacy concerns about their platforms

12. Policy Changes and Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, services, legal requirements, or business operations. We are committed to providing transparent notice of any changes.

12.1 Change Notification Process

When we make changes to this Privacy Policy, we will notify you through multiple channels:

  • Website Notice: Prominent banner on our homepage and throughout our website
  • Email Notification: Direct email to registered users at least 30 days before changes take effect
  • App Notifications: Push notifications through our mobile application
  • Account Dashboard: Notification in your account settings and dashboard
  • Social Media: Announcements on our official social media channels

12.2 Significant Changes

For material changes that significantly impact your privacy rights, we will:

  • Provide at least 60 days advance notice
  • Clearly explain the nature of the changes
  • Seek explicit consent where required by law
  • Provide options to opt-out or delete your account if you disagree

12.3 Checking for Updates

  • The most current version of our Privacy Policy is always available on our website
  • Check the "Last Updated" date at the top of this policy
  • Continued use of our services after policy updates constitutes acceptance of changes
  • You may discontinue use of our services if you disagree with updated terms

13. Contact Information

We welcome your questions, concerns, and feedback about this Privacy Policy and our data practices. Our dedicated privacy team is available to assist you.

Costa Vida Privacy Team

Company: Costa Vida

Address: 800 Tchoupitoulas St, New Orleans, LA 70130, USA

Phone: +1 504-528-9393

Email: [email protected]

Privacy-Specific Email: [email protected]

Business Hours: Monday-Friday, 9:00 AM - 6:00 PM (Central Time)

13.1 Response Commitment

We are committed to responding to your privacy inquiries promptly:

  • General inquiries: Within 3 business days
  • Privacy rights requests: Within 30 days (as required by law)
  • Urgent security concerns: Within 24 hours
  • Data breach notifications: As required by applicable law

13.2 Filing Complaints

If you have concerns about our privacy practices that cannot be resolved through direct contact:

  • First, please contact our privacy team for resolution
  • If unsatisfied, you may file a complaint with relevant supervisory authorities
  • For EU residents: Contact your local data protection authority
  • For US residents: Contact the Federal Trade Commission or your state attorney general

14. Withdrawal of Consent

You have the right to withdraw your consent for data processing activities at any time. However, withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

14.1 Marketing Consent Withdrawal

You can withdraw consent for marketing communications through several methods:

  • Email Unsubscribe: Use the unsubscribe link in any marketing email
  • Account Settings: Manage communication preferences in your account dashboard
  • Customer Support: Contact our support team to update your preferences
  • SMS Opt-out: Reply "STOP" to any promotional text messages
  • Phone Requests: Call our customer service line to remove your number from marketing lists

14.2 Account Deletion Process

If you choose to delete your Costa Vida account:

  1. Log into your account and navigate to account settings
  2. Select "Delete Account" option
  3. Confirm your identity through security verification
  4. Review information about data that will be retained for legal compliance
  5. Confirm deletion request
  6. Receive confirmation email within 24 hours
  7. Account deletion will be completed within 30 days

14.3 Impact of Consent Withdrawal

Please note that withdrawing consent may affect your ability to:

  • Receive important service updates and order notifications
  • Access personalized recommendations and offers
  • Participate in loyalty programs and rewards
  • Use certain features of our website and mobile application

15. Conclusion

At Costa Vida, we consider privacy protection to be fundamental to our relationship with you. This comprehensive Privacy Policy reflects our commitment to transparency, security, and respect for your personal information.

We understand that trust is earned through consistent actions and clear communication. By choosing Costa Vida, you are entrusting us with your personal information, and we take this responsibility seriously. We continuously evaluate and improve our privacy practices to ensure they meet the highest standards and comply with evolving legal requirements.

Your privacy matters to us, and we are committed to:

  • Maintaining the security and confidentiality of your personal information
  • Using your data only for legitimate business purposes that benefit your experience
  • Providing you with control over your personal information and privacy choices
  • Being transparent about our data collection and use practices
  • Responding promptly to your privacy questions and requests

We encourage you to contact us with any questions, concerns, or suggestions about this Privacy Policy or our privacy practices. Your feedback helps us continue to improve and ensure that our privacy program meets your expectations.

Thank you for choosing Costa Vida and for taking the time to understand how we protect your privacy. We look forward to continuing to serve you while maintaining the highest standards of privacy protection.

Remember: This Privacy Policy was last updated on February 28, 2026. Please check back regularly for any updates or changes.