+1 801-802-8432 [email protected]
1621 N State St, Orem, UT 84057

Privacy Policy

Effective Date: March 19, 2026  |  Last Updated: March 19, 2026

This Privacy Policy describes how Costa Vida ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you visit our website at vidacosta.rest, place orders through our platform, or otherwise interact with our services. Please read this policy carefully to understand our practices regarding your personal data and how we will treat it.

By accessing or using our website, placing an order, or otherwise engaging with our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the terms described here, please discontinue use of our services immediately.

Costa Vida is committed to protecting your privacy and ensuring that your personal information is handled responsibly, transparently, and in accordance with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), and the Federal Trade Commission (FTC) Act governing consumer protection and unfair or deceptive practices.

1. About Us

Costa Vida is a food service business operating in the United States. We provide fresh, made-to-order food and beverage products to our customers through our restaurant locations and online ordering platform.

Business Name Costa Vida
Website vidacosta.rest
Email Address [email protected]

For all privacy-related inquiries, requests, or concerns, you may contact us using the information provided above or through the dedicated contact section at the end of this policy.

2. Information We Collect

We collect various types of information in connection with your use of our website and services. The categories of personal information we collect are described in detail below.

2.1 Personal Identification Information

When you create an account, place an order, sign up for our loyalty program, subscribe to our newsletter, or contact us directly, we may collect the following personal identification information:

  • Full name
  • Email address
  • Phone number
  • Mailing or delivery address
  • Date of birth (for age verification and birthday promotions)
  • Username and password for account management
  • Profile photograph (if voluntarily provided)

2.2 Payment and Transaction Information

When you make a purchase through our platform, we collect payment-related information necessary to process your transaction. This may include:

  • Credit or debit card details (processed securely through our third-party payment processors)
  • Billing address
  • Transaction history and order details
  • Gift card numbers or promotional codes used

Please note that we do not store full credit card numbers on our servers. Payment processing is handled by PCI-DSS compliant third-party payment processors who maintain their own security standards and privacy practices.

2.3 Usage Data and Activity Information

We automatically collect certain information about how you interact with our website and services. This usage data includes:

  • Pages visited and content viewed
  • Time and date of your visit
  • Duration spent on each page
  • Links clicked and features used
  • Search queries entered on our website
  • Items added to cart, saved, or ordered
  • Referring website URLs (how you arrived at our site)
  • Exit pages and navigation paths

2.4 Device and Technical Information

We collect technical information from the devices you use to access our website, including:

  • IP address
  • Browser type and version
  • Operating system and version
  • Device type (desktop, mobile, tablet)
  • Device identifiers and hardware model
  • Screen resolution and display settings
  • Language preferences
  • Time zone settings
  • Mobile network information

2.5 Location Information

With your consent, we may collect precise geolocation information to help you find the nearest Costa Vida location, facilitate delivery services, or provide location-based promotions. You may disable location sharing through your browser or device settings at any time. We may also derive approximate location from your IP address.

2.6 Communications and Feedback

When you contact us via email, phone, or through our website contact forms, we collect the information you provide in those communications, including your name, contact details, the content of your message, feedback, complaints, or reviews you submit about our food, services, or experience.

2.7 Cookies and Tracking Technologies

We use cookies and similar tracking technologies (such as web beacons, pixel tags, and local storage) to enhance your experience on our website. Information collected through these technologies is described in Section 7 of this Privacy Policy and in our dedicated Cookie Policy available on our website.

2.8 Social Media Information

If you choose to connect with us or log in through a social media platform (such as Facebook, Google, or Apple), we may receive certain profile information from that platform, including your name, email address, profile picture, and any other information you have made publicly available or granted permission to share. We handle such information in accordance with this Privacy Policy.

2.9 Information from Third Parties

We may receive personal information about you from third-party sources, including:

  • Delivery service partners (such as DoorDash, Uber Eats, or Grubhub)
  • Marketing and advertising partners
  • Analytics service providers
  • Loyalty program partners
  • Publicly available databases

3. How We Use Your Information

We use the personal information we collect for a variety of legitimate business purposes. These include:

3.1 Service Provision and Order Fulfillment

  • Processing and confirming your food orders
  • Managing your customer account and preferences
  • Facilitating delivery or pickup services
  • Processing payments and issuing receipts
  • Administering our loyalty and rewards programs
  • Providing customer support and responding to inquiries
  • Sending order status updates and notifications

3.2 Website Performance and Analytics

  • Analyzing how users navigate and interact with our website
  • Monitoring and improving website performance and functionality
  • Identifying and resolving technical issues or bugs
  • Understanding customer preferences to improve our menu offerings
  • Conducting internal research and development
  • Generating aggregate statistical reports about website usage

3.3 Marketing and Promotional Communications

  • Sending you promotional emails, offers, and newsletters (with your consent where required)
  • Displaying personalized advertisements on our website and third-party platforms
  • Notifying you about new menu items, seasonal specials, and limited-time offers
  • Administering contests, sweepstakes, and promotional campaigns
  • Conducting surveys and collecting feedback to improve our services
  • Sending birthday or anniversary promotions where applicable

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any email we send, by contacting us at [email protected], or by updating your account preferences. Please note that even if you opt out of marketing emails, we may still send you transactional or service-related communications.

3.4 Legal Compliance and Safety

  • Complying with applicable federal, state, and local laws and regulations
  • Responding to lawful requests from government authorities or law enforcement
  • Enforcing our Terms of Service and other agreements
  • Detecting, preventing, and investigating fraud, security incidents, and other illegal activities
  • Protecting the rights, property, and safety of Costa Vida, our customers, and the public

3.5 Business Operations

  • Managing our internal business processes and operations
  • Evaluating and improving our food quality and customer service
  • Training our staff and improving operational efficiency
  • Planning for new restaurant locations or service expansions
  • In connection with a merger, acquisition, or sale of business assets

4. Sharing Your Information with Third Parties

We do not sell your personal information to third parties for monetary compensation. However, we may share your information with select third parties under the following circumstances:

4.1 Service Providers and Business Partners

We work with trusted third-party service providers who assist us in operating our business and delivering our services. These providers are contractually obligated to use your information only for the purposes we specify and to maintain appropriate security standards. Categories of service providers include:

  • Payment Processors: To securely process credit card and online payments
  • Delivery Partners: Third-party delivery platforms to fulfill food delivery orders
  • Cloud Hosting Providers: To host and maintain our website and databases
  • Analytics Providers: Such as Google Analytics, to help us understand website usage
  • Email Marketing Platforms: To manage and send promotional and transactional emails
  • Customer Support Software: To manage customer inquiries and support tickets
  • Loyalty Program Administrators: To operate our rewards and points programs

4.2 Legal Requirements and Law Enforcement

We may disclose your personal information if we believe in good faith that such disclosure is necessary to:

  • Comply with a legal obligation, court order, subpoena, or government request
  • Enforce our Terms of Service or other contractual agreements
  • Protect and defend the rights, property, or safety of Costa Vida, our users, or the public
  • Prevent or investigate suspected fraud or other illegal activities
  • Respond to an emergency that threatens the safety of any person

4.3 Business Transfers

In the event that Costa Vida undergoes a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our business assets, your personal information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website before your personal information is transferred and becomes subject to a different privacy policy.

4.4 Aggregated and De-Identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you with third parties for research, marketing, analytics, or other business purposes. For example, we may share statistical reports about customer ordering trends with food industry partners or investors.

4.5 With Your Consent

We may share your personal information with additional third parties when you have provided explicit consent to do so, such as when you participate in a co-branded promotion or integrated loyalty program.

5. Data Security

We take the security of your personal information seriously and implement a range of technical, administrative, and physical security measures to protect your data from unauthorized access, disclosure, alteration, or destruction.

5.1 Security Measures We Employ

  • Encryption: We use SSL/TLS encryption to protect data transmitted between your browser and our servers. Sensitive information such as payment details is encrypted both in transit and at rest.
  • Access Controls: Access to personal information is restricted to authorized personnel on a need-to-know basis. All employees who handle personal data undergo privacy and security training.
  • Secure Payment Processing: We use PCI-DSS compliant third-party payment processors and do not store raw payment card data on our systems.
  • Firewalls and Intrusion Detection: Our systems are protected by industry-standard firewalls and intrusion detection and prevention systems.
  • Regular Security Audits: We conduct periodic security assessments and vulnerability testing to identify and address potential weaknesses in our systems.
  • Data Minimization: We collect only the personal information that is necessary for the purposes described in this Privacy Policy.

5.2 Limitations of Security

While we employ robust security measures, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of your personal information. In the event of a data breach that may affect your rights and freedoms, we will notify you in accordance with applicable law, including relevant state data breach notification statutes.

You are also responsible for maintaining the confidentiality of your account credentials. Please use a strong, unique password for your Costa Vida account and do not share your login information with others. Contact us immediately if you suspect unauthorized access to your account.

6. Your Privacy Rights

Depending on your state of residence within the United States, you may have various rights regarding your personal information. We are committed to honoring these rights in accordance with applicable law.

6.1 Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):

  • Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the sources from which we collected it, the business purposes for collecting it, and the categories of third parties with whom we share it.
  • Right to Delete: You have the right to request deletion of personal information we have collected from you, subject to certain exceptions (such as information needed to complete a transaction or comply with legal obligations).
  • Right to Correct: You have the right to request correction of inaccurate personal information that we maintain about you.
  • Right to Opt Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising. You may exercise this right by contacting us or using the "Do Not Sell or Share My Personal Information" link available on our website.
  • Right to Limit Use of Sensitive Personal Information: Where applicable, you have the right to limit our use and disclosure of sensitive personal information to only what is necessary to perform services or provide goods.
  • Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising any of your privacy rights under the CCPA/CPRA. We will not deny you goods or services, charge you different prices, or provide a different level or quality of service based on your exercise of these rights.

6.2 General Rights for All Users

Regardless of your state of residence, we respect your right to:

  • Access Your Information: Request a copy of the personal information we hold about you.
  • Correct Your Information: Update or correct inaccurate or incomplete personal information through your account settings or by contacting us.
  • Delete Your Account: Request deletion of your account and associated personal information, subject to applicable legal retention requirements.
  • Data Portability: Request that we provide your personal information in a structured, commonly used, and machine-readable format where technically feasible.
  • Withdraw Consent: Where our processing of your personal information is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  • Opt Out of Marketing: Unsubscribe from promotional communications at any time.

6.3 How to Exercise Your Rights

To exercise any of the rights described above, please submit a verifiable consumer request by:

We will respond to your request within 45 days of receipt, or within the timeframe required by applicable law. In some cases, we may need to verify your identity before processing your request. We will not charge a fee for processing your request unless it is excessive, repetitive, or manifestly unfounded, in which case we will notify you of the fee before proceeding.

7. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and deliver targeted advertising.

7.1 Types of Cookies We Use

  • Strictly Necessary Cookies: Essential for the website to function properly. These include session cookies that maintain your login status and shopping cart contents.
  • Performance and Analytics Cookies: Help us understand how visitors interact with our website by collecting anonymous usage statistics. We use tools such as Google Analytics for this purpose.
  • Functional Cookies: Remember your preferences and settings (such as language, location, and saved menu favorites) to enhance your experience.
  • Targeting and Advertising Cookies: Used to deliver advertisements relevant to your interests, both on our website and on third-party platforms. These cookies track your browsing activity across websites.

7.2 Managing Your Cookie Preferences

You can control and manage cookies through your browser settings. Most browsers allow you to refuse or delete cookies. However, please be aware that disabling certain cookies may affect the functionality of our website and your ability to use certain features such as online ordering or account login.

You may also opt out of interest-based advertising by visiting the Network Advertising Initiative opt-out page at optout.networkadvertising.org or the Digital Advertising Alliance opt-out page at optout.aboutads.info.

For more detailed information about our use of cookies and how to manage your preferences, please refer to our full Cookie Policy available on our website at vidacosta.rest.

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, to provide our services, to comply with our legal obligations, to resolve disputes, and to enforce our agreements. The specific retention period depends on the type of data and the purpose for which it is used.

Data Category Retention Period
Account and profile information Duration of account plus 3 years after account closure
Order and transaction records 7 years (for tax and financial compliance purposes)
Marketing preferences and opt-out records 5 years from the date of last interaction
Customer support communications 3 years from date of last correspondence
Website usage and analytics data 26 months (in line with Google Analytics defaults)
Cookie data As specified in individual cookie expiry settings (typically 30 days to 2 years)
Legal claim and dispute records Duration of legal proceedings plus applicable statute of limitations

After the applicable retention period expires, we will securely delete or anonymize your personal information. In some cases, we may retain anonymized or aggregated data indefinitely for statistical and research purposes.

9. Children's Privacy

Important Notice: Our services are intended for individuals who are 18 years of age or older. We do not knowingly collect personal information from children under the age of 13, or under the age of 16 where higher protections apply under state law.

Costa Vida's website and online ordering services are not directed at children under the age of 13. We do not knowingly collect, use, or disclose personal information from children under 13 years of age without verifiable parental consent, as required by the Children's Online Privacy Protection Act (COPPA).

If you are a parent or guardian and you believe that your child under the age of 13 has provided us with personal information without your consent, please contact us immediately at [email protected]. Upon verification, we will promptly delete such information from our records.

We also encourage parents and guardians to monitor their children's online activities and to help enforce our policy by instructing their children never to provide personal information on our website without parental permission.

10. International Data Transfers

Costa Vida is a United States-based business and our primary data processing activities occur within the United States. However, some of our third-party service providers (such as cloud hosting or analytics providers) may store or process data in servers located outside of the United States.

If your personal information is transferred to countries outside of the United States that may have different data protection laws, we take steps to ensure that appropriate safeguards are in place to protect your information. These safeguards may include:

  • Standard contractual clauses or data processing agreements with third-party service providers
  • Ensuring service providers are certified under recognized privacy frameworks
  • Conducting due diligence on the data protection practices of international service providers

By using our services, you acknowledge and consent to the transfer, processing, and storage of your personal information in the United States and in other countries as described in this policy, in accordance with applicable privacy laws.

11. Third-Party Links and Services

Our website may contain links to third-party websites, social media platforms, or integrated services that are not owned or operated by Costa Vida. This Privacy Policy does not apply to those third-party sites or services. We encourage you to review the privacy policies of any third-party websites you visit before providing any personal information.

We are not responsible for the privacy practices, content, or security of any third-party websites or services linked from our platform. The inclusion of a link to a third-party website does not constitute an endorsement by Costa Vida of that website or its content.

12. Do Not Track Signals

Some web browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. Currently, there is no universally accepted standard for how websites should respond to DNT signals, and we do not currently alter our data collection and use practices in response to DNT signals from your browser.

However, you may limit tracking through cookie settings, browser privacy settings, and by opting out of interest-based advertising as described in Section 7 of this Privacy Policy. California residents also have the right to opt out of the sale or sharing of personal information as described in Section 6.

13. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our business practices, legal requirements, or technological developments. When we make material changes to this policy, we will:

  • Update the "Last Updated" date at the top of this page
  • Post a prominent notice on our website informing users of the changes
  • Send an email notification to registered account holders where required by law

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website and services following the posting of changes constitutes your acceptance of the updated Privacy Policy.

If we make changes that materially and adversely affect your rights under this Privacy Policy, we will provide at least 30 days' advance notice before such changes take effect, where required by applicable law.

14. Filing a Complaint with a Regulatory Authority

If you believe that we have not adequately addressed your privacy concerns, you have the right to file a complaint with the appropriate regulatory authority.

14.1 Federal Trade Commission (FTC)

The Federal Trade Commission (FTC) enforces consumer protection laws in the United States, including privacy and data security practices. If you believe we have engaged in unfair or deceptive practices related to your personal data, you may file a complaint with the FTC:

  • Website: www.ftc.gov/complaint
  • Phone: 1-877-FTC-HELP (1-877-382-4357)
  • Mail: Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580

14.2 California Privacy Protection Agency (CPPA)

California residents may file complaints regarding CCPA/CPRA violations with the California Privacy Protection Agency (CPPA):

14.3 State Attorney General Offices

You may also file a complaint with your state's Attorney General's office, which may have jurisdiction over consumer privacy matters in your state. Many state Attorneys General have consumer protection divisions that handle privacy-related complaints.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us. We are committed to addressing your privacy inquiries promptly and thoroughly.

Costa Vida — Privacy Inquiries

When contacting us with a privacy rights request, please include your full name, email address associated with your account, the nature of your request, and any relevant details to help us locate your information and process your request efficiently.

We aim to respond to all privacy-related inquiries within 45 days of receipt. If additional time is required to process your request, we will notify you within the initial 45-day period and provide an estimated completion date.

We value your trust and are dedicated to handling your personal information with the care, respect, and transparency it deserves. Thank you for choosing Costa Vida.

Effective Date: March 19, 2026. This Privacy Policy supersedes all previous privacy notices issued by Costa Vida. If you have any concerns about your data prior to this date, please contact us at [email protected].