+1 207-348-6900 [email protected]
Mon-Fri: 9AM-6PM

Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your personal information.

Last Updated: January 15, 2026

1. Introduction

At Costa Vida ("we," "us," or "our"), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website costa-vida.click, use our mobile application, or engage with our food services.

This policy applies to all our services including online ordering, delivery, catering, loyalty programs, and in-restaurant experiences. By accessing our website, using our services, or providing us with your information, you agree to the collection and use of information in accordance with this policy.

Important Note: We never sell your personal data to third parties. Your trust is paramount to us, and we are committed to maintaining the highest standards of data protection.

If you disagree with any part of this privacy policy, please do not access our website or use our services.

2. Information We Collect

2.1 Information You Provide

  • Personal Identification Information: Name, email address, phone number, delivery address, billing address
  • Account Information: Username, password, order history, dietary preferences, favorite orders
  • Payment Information: Credit card details, billing information (stored in encrypted format through secure payment processors)
  • Food Service Specific Information:
    • Allergen information and dietary restrictions
    • Special dietary requirements (vegan, halal, kosher, gluten-free, etc.)
    • Food preferences and customizations
    • Table reservation details and party size
    • Catering event information and requirements
    • Loyalty program participation and rewards data
  • Communication Data: Contact form submissions, customer reviews, feedback, support inquiries
  • Marketing Preferences: Newsletter subscriptions, promotional communications consent

2.2 Automatically Collected Information

  • Device Information: IP address, browser type and version, operating system, device identifiers
  • Usage Data: Pages visited, time spent on pages, clickstream data, search queries, order patterns
  • Location Data: Approximate location based on IP address, GPS location (with permission) for delivery services
  • Cookie Data: Session identifiers, user preferences, analytics data, authentication tokens
  • Transaction Data: Purchase history, payment methods used, order frequency and timing

2.3 Information from Third Parties

  • Social Media: Profile information if you connect your social media accounts
  • Payment Processors: Transaction verification and fraud prevention data
  • Delivery Partners: Delivery status updates and location tracking
  • Marketing Partners: Campaign effectiveness data and audience insights (anonymized)
  • Review Platforms: Public reviews and ratings you've posted about our services

3. How We Use Your Information

3.1 Service Provision

  • Processing and fulfilling your food orders
  • Managing delivery and pickup services
  • Providing customer support and resolving issues
  • Managing your account and authentication
  • Processing payments and managing billing
  • Ensuring food safety by tracking allergen preferences
  • Managing table reservations and catering events
  • Administering loyalty programs and rewards

3.2 Communication

  • Sending order confirmations and status updates
  • Providing delivery notifications and tracking information
  • Responding to customer support inquiries
  • Sending important service announcements and policy changes
  • Marketing communications (only with your explicit consent)
  • Loyalty program updates and reward notifications

3.3 Marketing and Analytics

  • Personalizing your experience and food recommendations
  • Analyzing website traffic and usage patterns
  • Measuring marketing campaign effectiveness
  • Conducting market research for menu development
  • Improving our services based on user feedback
  • Creating anonymized analytics and reporting

3.4 Legal Compliance

  • Complying with legal obligations and regulations
  • Responding to legal requests and court orders
  • Preventing fraud and ensuring transaction security
  • Protecting our rights, property, and safety
  • Resolving disputes and enforcing agreements
  • Meeting food safety and health department requirements

4. Information Sharing and Disclosure

4.1 Service Providers

We share your information with trusted third-party service providers who assist us in operating our business:

  • Payment Processors: To process transactions securely (e.g., Stripe, PayPal)
  • Delivery Companies: To coordinate food delivery services
  • Cloud Storage Providers: For secure data storage and backup (e.g., AWS, Google Cloud)
  • Email Marketing Services: To send newsletters and promotional communications
  • Analytics Tools: To analyze website usage and improve our services
  • Customer Support Platforms: To provide efficient customer service
  • Food Safety Compliance Services: To maintain health and safety standards

4.2 Legal Requirements

We may disclose your information when required by law or to protect our rights:

  • In response to court orders, subpoenas, or legal process
  • To comply with applicable laws and regulations
  • To protect our rights, property, or safety
  • In case of public safety emergencies
  • To investigate and prevent fraud or illegal activities

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets:

  • Your information may be transferred to the new owner
  • We will notify you before your information is transferred
  • The new owner will be required to honor this privacy policy
  • You will have the option to delete your account before the transfer

4.4 With Your Consent

We may share your information for other purposes with your explicit consent.

5. Data Security

5.1 Technical Measures

  • Encryption: All data transmission is protected using SSL/TLS encryption
  • Firewalls: Advanced firewall systems protect our servers from unauthorized access
  • Access Control: Strict access controls ensure only authorized personnel can access your data
  • Monitoring: 24/7 security monitoring to detect and prevent threats
  • Data Backup: Regular encrypted backups to prevent data loss
  • Secure Payment Processing: PCI DSS compliant payment processing

5.2 Organizational Measures

  • Employee Training: Regular security awareness training for all staff
  • Data Handling Procedures: Strict protocols for accessing and handling personal data
  • Confidentiality Agreements: All employees and contractors sign confidentiality agreements
  • Incident Response Plan: Comprehensive plan for responding to security incidents
  • Regular Audits: Periodic security assessments and penetration testing

5.3 Your Responsibilities

  • Use strong, unique passwords for your account
  • Never share your login credentials with others
  • Log out of your account when using public computers
  • Be cautious of phishing emails and suspicious links
  • Report any unauthorized account access immediately
  • Keep your contact information updated for security notifications

Security Breach Notification: In the unlikely event of a data breach that affects your personal information, we will notify you and relevant authorities within 72 hours as required by law.

6. Cookies and Tracking Technologies

We use various tracking technologies to enhance your experience and analyze our services:

Cookie Type Purpose Duration
Essential Cookies Basic site functions, login state, shopping cart Session
Functional Cookies User preferences, language settings, location Up to 1 year
Analytics Cookies Usage analysis, performance monitoring Up to 2 years
Marketing Cookies Personalized advertising, campaign tracking Up to 1 year

Other Tracking Technologies

  • Google Analytics: Website traffic analysis and user behavior insights
  • Facebook Pixel: Ad performance measurement and audience building
  • Web Beacons: Email open rates and engagement tracking
  • Local Storage: Browser-based data storage for enhanced functionality

Cookie Management

You can control cookies through your browser settings. Most browsers allow you to:

  • Accept or reject cookies
  • Delete existing cookies
  • Set preferences for different types of cookies
  • Receive notifications when cookies are being set

Note: Disabling essential cookies may affect website functionality and prevent you from using certain features.

7. Your Rights (GDPR/CCPA Compliance)

You have several rights regarding your personal data:

7.1 Right of Access

You can request to view all personal data we hold about you, including how it's used and who it's shared with.

7.2 Right to Rectification

You can request correction of any inaccurate or incomplete personal data.

7.3 Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data, subject to certain legal obligations.

7.4 Right to Restrict Processing

You can request that we limit how we use your personal data in certain circumstances.

7.5 Right to Data Portability

You can request to receive your personal data in a machine-readable format or have it transferred to another service provider.

7.6 Right to Object

You can object to our processing of your personal data, especially for marketing purposes.

7.7 Right Against Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing.

How to Exercise Your Rights

To exercise any of these rights, please contact us using the information provided in Section 13. We will respond to your request within 30 days and may require identity verification for security purposes.

8. Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16.

  • We do not target advertising to children
  • We do not sell products directly to children
  • If we discover we have collected information from a child under 16, we will delete it immediately
  • Parents who believe their child has provided us with information should contact us immediately

If you are a parent or guardian and you become aware that your child has provided us with personal data, please contact us so we can delete the information.

9. International Data Transfers

9.1 Protection Measures

When we transfer your data internationally, we ensure appropriate protection through:

  • Adequacy Decisions: Transfers to countries with adequate data protection (EU-Japan adequacy decisions)
  • Standard Contractual Clauses (SCCs): EU-approved contract terms for data protection
  • Data Processing Agreements: Binding agreements with all data processors
  • Security Measures: Technical and organizational measures to protect data
  • Regular Audits: Ongoing compliance monitoring and assessments

9.2 Transfer Destinations

  • United States: Cloud storage and processing services
  • European Union: Data analytics and customer support
  • Other Countries: As needed for service provision with appropriate safeguards

10. Data Retention Periods

Information Type Retention Period Reason
Account Information 6 months after account deletion Legal obligations, dispute resolution
Purchase History 7 years Tax and accounting requirements
Marketing Consent Records 3 months after consent withdrawal Consent record keeping, compliance
Website Usage Logs Up to 2 years Security monitoring, analytics
Customer Support Records 3 years Service quality improvement
Payment Information As required by payment processor Fraud prevention, chargebacks
Delivery Address 2 years from last order Reorder convenience, analytics
Allergen Information While account is active + 1 year Food safety, liability protection

Safe Data Disposal

When we delete your data, we ensure:

  • Complete electronic deletion making recovery impossible
  • Physical destruction of any paper records
  • Deletion from all backup systems
  • Detailed records of the disposal process

11. Third-Party Links

Our website may contain links to third-party websites, social media platforms, or services. Please note:

  • We are not responsible for the privacy practices of third-party sites
  • Third-party sites have their own privacy policies and terms
  • We encourage you to review their privacy policies before providing information
  • Your interactions with third-party sites are governed by their policies, not ours
  • We do not control third-party content or practices

Exercise caution when clicking external links and always verify the authenticity of third-party websites.

12. Policy Changes

12.1 Change Notification

We may update this privacy policy from time to time. When we do, we will notify you through:

  • Prominent notice on our website homepage
  • Email notification to registered users
  • Pop-up notification when you log into your account
  • Push notifications through our mobile app (if applicable)

12.2 Significant Changes

For major changes that affect how we collect or use your personal data, we will:

  • Provide at least 30 days advance notice
  • Request your explicit consent for material changes
  • Offer you the option to delete your account if you disagree

12.3 Checking for Changes

  • The most current version is always available on our website
  • Check the "Last Updated" date at the top of this policy
  • Continued use of our services indicates acceptance of changes
  • If you disagree with changes, please discontinue use of our services

13. Contact Information

Get in Touch

Company: Costa Vida

Address: 300 Goose Cove Rd, Deer Isle, ME 04627, USA

Phone: +1 207-348-6900

Email: [email protected]

Business Hours: Monday-Friday: 9AM-6PM EST

Response Commitment: We will respond to all privacy-related inquiries within 3 business days.

13.1 Privacy Complaints

If you have concerns about our privacy practices:

  1. Contact us first using the information above for direct resolution
  2. If unsatisfied, you may contact your local data protection authority
  3. For EU residents: Contact your national supervisory authority
  4. For US residents: File a complaint with the Federal Trade Commission

14. Withdrawal of Consent

14.1 Marketing Consent Withdrawal

You can withdraw your consent for marketing communications at any time:

  • Click the "Unsubscribe" link in any marketing email
  • Update your preferences in your account settings
  • Contact our customer support team
  • Reply "STOP" to SMS marketing messages

14.2 Account Deletion Process

To delete your account and personal data:

  1. Log into your account and visit account settings
  2. Select "Delete Account" option
  3. Confirm your identity for security purposes
  4. Receive confirmation of account deletion
  5. Note: Some data may be retained for legal compliance

Note: Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal.

15. Conclusion

At Costa Vida, protecting your privacy is not just a legal requirement—it's fundamental to building and maintaining trust with our valued customers. We are committed to:

  • Transparent communication about our data practices
  • Implementing industry-leading security measures
  • Respecting your rights and preferences
  • Continuously improving our privacy practices
  • Complying with all applicable privacy laws and regulations

Your trust is essential to our business, and we take our responsibility to protect your personal information seriously. We believe that privacy and great food service go hand in hand.

If you have any questions about this privacy policy or our data practices, please don't hesitate to contact us. We're here to help and ensure your privacy concerns are addressed promptly and thoroughly.

Thank you for choosing Costa Vida and for trusting us with your personal information.

Remember to check this page periodically for updates. Last updated: January 15, 2026