Privacy Policy

This Privacy Policy describes how Dion's Cafe ("Dion's," "we," "us," or "our") collects, uses, discloses, and protects your personal information when you visit our website at dionscafe.digital, place orders, interact with our digital platforms, or otherwise engage with our food and beverage services. Please read this policy carefully. By using our website or services, you agree to the practices described herein.

We are committed to protecting your privacy and handling your personal data with transparency, integrity, and in full compliance with applicable United States privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other relevant federal and state privacy regulations.


1. Who We Are

Dion's Cafe is a food and beverage establishment operating in the United States. We operate the website located at dionscafe.digital and provide online ordering, reservation, loyalty program, and related digital services to our customers.

Business Name Dion's Cafe
Website dionscafe.digital
Email [email protected]
Privacy Inquiries [email protected]

2. Scope of This Privacy Policy

This Privacy Policy applies to:

  • All visitors to dionscafe.digital and any subdomains or related digital properties;
  • Customers who place online orders, make reservations, or sign up for our loyalty and rewards programs;
  • Individuals who subscribe to our email newsletters, promotional communications, or SMS alerts;
  • Users who interact with us through social media platforms, mobile applications, or third-party delivery partners;
  • Job applicants who submit personal information through our careers portal or via email.

This policy does not apply to third-party websites, applications, or platforms that we may link to. We encourage you to review the privacy policies of any third-party sites you visit.


3. Information We Collect

We collect various types of personal information depending on how you interact with our services. The categories of information we collect are described below.

3.1 Personal Identification Information

When you create an account, place an order, sign up for our loyalty program, make a reservation, or contact us, we may collect:

  • Full name
  • Email address
  • Phone number
  • Billing and shipping address (for delivery orders)
  • Date of birth (for age verification and loyalty program benefits)
  • Username and password (for account holders)
  • Profile photo (if optionally uploaded)

3.2 Payment and Transaction Information

When you make a purchase through our website or affiliated online ordering platforms, we collect transaction-related information, including:

  • Payment card type and last four digits (we do not store full card numbers)
  • Billing address associated with your payment method
  • Order history, itemized purchases, and transaction amounts
  • Gift card or loyalty points balances and redemption history

All payment processing is handled by PCI DSS-compliant third-party payment processors. We do not directly store or process full payment card details on our servers.

3.3 Usage Data and Technical Information

When you visit our website, we automatically collect certain technical and behavioral data, including:

  • IP address and approximate geographic location derived therefrom
  • Browser type and version
  • Operating system and device type (desktop, mobile, tablet)
  • Pages visited, time spent on each page, and navigation paths
  • Referring URLs (the website that directed you to ours)
  • Click behavior, scroll depth, and interaction patterns
  • Search queries entered on our website
  • Date and time stamps of your visits

3.4 Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, local storage objects, and similar tracking technologies to enhance your experience and gather usage data. For detailed information about the specific cookies we use, their purpose, and how to manage your cookie preferences, please refer to our Cookie Policy, which is incorporated into this Privacy Policy by reference and available on our website.

Types of cookies we use include:

  • Strictly Necessary Cookies: Required for the website to function properly (e.g., shopping cart functionality, login sessions).
  • Performance and Analytics Cookies: Used to understand how visitors interact with our site (e.g., Google Analytics).
  • Functionality Cookies: Remember your preferences and settings (e.g., language, location).
  • Targeting and Advertising Cookies: Used to deliver relevant advertisements and track ad campaign performance.

3.5 Device Information

We may collect device-specific information when you access our services via mobile devices or applications, including:

  • Device model and manufacturer
  • Unique device identifiers (e.g., IDFA, Android Advertising ID)
  • Mobile network information
  • Push notification tokens (if you opt in to push notifications)
  • Location data (with your permission), to enable location-based features such as finding the nearest Dion's Cafe location

3.6 Communications and Correspondence

If you contact us by email, phone, social media, or through our website contact form, we collect:

  • The content of your message or inquiry
  • Your contact details as provided in the communication
  • Records of our correspondence with you
  • Survey responses, feedback, and reviews you submit

3.7 User-Generated Content

If you leave a review, submit a photo, participate in a contest, or post any content on our platforms, we collect and may display that content publicly, along with your display name or username.

3.8 Information from Third Parties

We may receive information about you from third-party sources, including:

  • Third-party food delivery platforms (e.g., DoorDash, Uber Eats, Grubhub) that process orders on our behalf
  • Social media platforms, if you connect your social account or interact with our social media content
  • Marketing and advertising partners who help us reach relevant audiences
  • Public databases and data enrichment services used for business analytics

4. How We Use Your Information

We use the personal information we collect for the following purposes:

4.1 Service Provision and Order Fulfillment

  • Processing and fulfilling your food orders, whether for delivery, pickup, or dine-in
  • Managing your online account and loyalty program membership
  • Processing payments and refunds
  • Sending order confirmations, receipts, and delivery updates
  • Handling table reservations and waitlist management
  • Responding to customer support requests and resolving complaints

4.2 Marketing and Promotional Communications

  • Sending promotional emails, newsletters, and special offers (with your consent where required)
  • Delivering SMS or push notification campaigns about new menu items, seasonal promotions, or loyalty rewards
  • Personalizing marketing messages based on your order history and preferences
  • Conducting sweepstakes, contests, and promotional events
  • Retargeting you with relevant advertisements on third-party platforms such as Google and Meta

You may opt out of marketing communications at any time. See Section 9 for details on your rights and opt-out options.

4.3 Analytics and Service Improvement

  • Analyzing website traffic, user behavior, and ordering trends
  • Evaluating and improving the performance of our website, menu, and services
  • Conducting market research and customer satisfaction surveys
  • Developing new menu items, features, and service offerings based on customer insights
  • Monitoring and preventing fraudulent activity

4.4 Legal and Compliance Purposes

  • Complying with applicable federal and state laws and regulations
  • Responding to lawful requests from law enforcement, courts, or regulatory agencies
  • Enforcing our Terms of Service and other legal agreements
  • Protecting the rights, safety, and property of Dion's Cafe, our employees, and our customers
  • Maintaining accurate business and financial records as required by law

4.5 Operational and Security Purposes

  • Maintaining the security and integrity of our website and information systems
  • Detecting and preventing unauthorized access, data breaches, and cyberattacks
  • Verifying your identity when you contact us or attempt to access your account
  • Conducting internal audits and quality assurance reviews

5. Legal Basis for Processing (Where Applicable)

Depending on the applicable law and the nature of our interaction with you, we process your personal information on the following legal bases:

  • Contract Performance: Processing necessary to fulfill your orders, manage your account, and provide our services.
  • Legitimate Interests: Analytics, fraud prevention, service improvement, and direct marketing (where balanced against your privacy rights).
  • Consent: Where you have opted in to marketing communications, cookies, or other optional data processing activities.
  • Legal Obligation: Where we are required by federal or state law to collect, retain, or disclose personal information.

6. Sharing Your Information with Third Parties

We do not sell your personal information to third parties for their own commercial purposes. However, we do share information with third parties in the following circumstances:

6.1 Service Providers and Business Partners

We share personal information with trusted third-party vendors and service providers who assist us in operating our business and delivering our services. These include:

  • Payment processors (e.g., Stripe, Square) for secure transaction handling
  • Online ordering platforms and food delivery aggregators
  • Email marketing platforms (e.g., Mailchimp, Klaviyo) for newsletter distribution
  • Analytics providers (e.g., Google Analytics) for website performance insights
  • Customer relationship management (CRM) software providers
  • Cloud hosting and IT infrastructure providers
  • Loyalty program technology vendors
  • Advertising platforms (e.g., Google Ads, Meta Ads) for targeted marketing

All service providers are contractually obligated to use your information only for the purposes we specify, to maintain appropriate security measures, and to comply with applicable privacy laws.

6.2 Legal Requirements and Law Enforcement

We may disclose your personal information when we believe in good faith that disclosure is necessary to:

  • Comply with a legal obligation, court order, subpoena, or lawful government request
  • Enforce our Terms of Service or protect our legal rights
  • Prevent fraud, illegal activity, or threats to safety
  • Protect the vital interests of any individual

6.3 Business Transfers

In the event that Dion's Cafe undergoes a merger, acquisition, reorganization, sale of assets, or bankruptcy proceeding, your personal information may be transferred to the successor entity. We will notify you of any such change in ownership and your choices regarding your information.

6.4 With Your Consent

We may share your information with additional third parties when you have provided explicit consent to do so (for example, participating in a co-branded promotion or sweepstakes).

6.5 Aggregated and De-Identified Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you with third parties for research, analysis, marketing, or industry benchmarking purposes.


7. Data Security Measures

We take the security of your personal information seriously and implement a comprehensive set of administrative, technical, and physical safeguards to protect your data from unauthorized access, disclosure, alteration, or destruction.

7.1 Technical Security Measures

  • SSL/TLS Encryption: All data transmitted between your browser and our website is encrypted using industry-standard SSL/TLS protocols.
  • Data Encryption at Rest: Sensitive personal data stored in our systems is encrypted using AES-256 or equivalent encryption standards.
  • Access Controls: Access to personal data is restricted to authorized personnel on a need-to-know basis, enforced through role-based access control (RBAC).
  • Firewalls and Intrusion Detection: We use firewalls, intrusion detection systems (IDS), and continuous monitoring to protect our network infrastructure.
  • Secure Payment Processing: Payment data is handled by PCI DSS Level 1 compliant processors. We do not store raw payment card data on our servers.

7.2 Organizational Security Measures

  • Regular staff training on data privacy and security best practices
  • Internal data handling and access policies
  • Vendor security assessments and data processing agreements with all third-party service providers
  • Incident response plan for data breaches, including notification procedures

Despite our best efforts, no method of electronic transmission or storage is 100% secure. If you believe your account or personal information has been compromised, please contact us immediately at [email protected].


8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Data Category Retention Period
Account and profile information Duration of account activity + 3 years after account closure
Order and transaction history 7 years (for tax and accounting compliance)
Payment records 7 years (as required by financial regulations)
Marketing preferences and consent records 3 years from the date of last interaction
Customer support communications 3 years from the date of resolution
Website usage and analytics data 26 months (standard analytics retention)
Cookie and tracking data As specified in our Cookie Policy (typically 30 days to 2 years)
Job applicant data (unsuccessful applicants) 1 year from the date of application

After the applicable retention period, we securely delete or anonymize your personal information so that it can no longer be associated with you.


9. Your Privacy Rights

Depending on your state of residence, you may have specific rights regarding your personal information. We honor the privacy rights afforded to residents of all U.S. states and are particularly committed to upholding the rights of California residents under the CCPA/CPRA.

9.1 Rights Available to All Users

  • Right to Know / Access: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for which it was used, and the third parties with whom it was shared.
  • Right to Correction: You have the right to request that we correct inaccurate or incomplete personal information we hold about you.
  • Right to Deletion: You have the right to request that we delete personal information we have collected from you, subject to certain legal exceptions (e.g., where retention is required for legal compliance or to complete a transaction you requested).
  • Right to Opt Out of Marketing: You may opt out of receiving promotional emails at any time by clicking the "unsubscribe" link in any marketing email we send. To opt out of SMS marketing, reply "STOP" to any promotional text message. To opt out of targeted advertising, follow the instructions in our Cookie Policy.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights. We will not deny you services, charge you different prices, or provide a lower quality of service because you exercised your rights.

9.2 Additional Rights for California Residents (CCPA/CPRA)

California residents have the following additional rights under the CCPA as amended by the CPRA:

  • Right to Know About Automated Decision-Making: You have the right to receive information about automated decision-making processes that produce legal or similarly significant effects on you.
  • Right to Limit Use of Sensitive Personal Information: California residents may request that we limit the use and disclosure of sensitive personal information (such as precise geolocation, financial data, or health-related data) to only what is necessary to provide the services you requested.
  • Right to Data Portability: You may request to receive a copy of your personal information in a portable, machine-readable format.
  • Right to Opt Out of Sale or Sharing: Although we do not "sell" personal information in the traditional sense, to the extent that our use of advertising cookies or data sharing with advertising platforms constitutes a "sale" or "sharing" under the CCPA/CPRA, you have the right to opt out. Please visit our Cookie Policy or contact us to exercise this right.

9.3 How to Exercise Your Rights

To exercise any of your privacy rights, please contact us using the following methods:

We will acknowledge your request within 10 business days and respond substantively within 45 days. If we require additional time (up to 90 days total), we will inform you of the extension and the reason for it. We may need to verify your identity before processing your request by asking you to confirm information associated with your account.

You may designate an authorized agent to submit requests on your behalf. Authorized agents must provide written proof of authorization, and we may still require you to verify your own identity directly with us.


10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to improve your experience on our website, analyze site performance, and deliver relevant advertising. You have control over cookie usage through your browser settings and our cookie consent management tool.

When you first visit dionscafe.digital, you will be presented with a cookie consent banner allowing you to accept, reject, or customize non-essential cookies.

Please note that disabling certain cookies may affect the functionality of our website, such as your ability to add items to a cart or maintain a login session.

For full details about the cookies we use, their purposes, their duration, and how to manage your preferences, please review our Cookie Policy.


11. Children's Privacy

In compliance with the Children's Online Privacy Protection Act (COPPA), we do not intentionally collect personal information from children under the age of 13. If you are a parent or guardian and believe that your child under the age of 13 has provided personal information to us without your consent, please contact us immediately at [email protected].

We will take prompt steps to investigate and, where confirmed, delete such information from our systems. We may implement age verification measures to prevent underage individuals from accessing certain features or services on our platform.

If you are between 13 and 17 years of age, please do not use our website or services without the explicit supervision and consent of a parent or legal guardian.


12. International Data Transfers

Dion's Cafe is based in the United States and operates primarily within the U.S. However, some of our third-party service providers and partners may be located in or operate from other countries, which means your personal information may be transferred to, stored in, and processed in countries outside the United States.

When we transfer personal data internationally, we take steps to ensure that appropriate safeguards are in place to protect your information and that such transfers comply with applicable laws. These safeguards may include:

  • Entering into Standard Contractual Clauses (SCCs) with overseas service providers
  • Transferring data only to countries recognized as providing an adequate level of data protection
  • Implementing data processing agreements that include binding privacy and security obligations

If you are located outside the United States and choose to use our services, please be aware that your information will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.


13. Third-Party Links and Integrations

Our website and communications may contain links to third-party websites, social media platforms, or integrated services (such as Google Maps for location information, or third-party delivery platforms). These third-party sites have their own privacy policies, and we are not responsible for their privacy practices or content.

We encourage you to review the privacy policy of every third-party website or application you visit before providing any personal information. The inclusion of a link on our website does not imply our endorsement of the linked site or its privacy practices.


14. California "Shine the Light" Law

California residents may request certain information about our disclosure of personal information to third parties for their direct marketing purposes under California Civil Code Section 1798.83 ("Shine the Light" law). To make such a request, please contact us at [email protected] with the subject line "Shine the Light Request."


15. Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. Currently, there is no uniform industry standard for recognizing or honoring DNT signals. As a result, we do not currently respond to DNT browser signals. However, you may manage your tracking preferences through our cookie consent tool and through your browser or device settings.


16. How to File a Complaint

If you believe that we have not handled your personal information in accordance with this Privacy Policy or applicable law, we encourage you to contact us first so we have the opportunity to address your concern:

We take privacy complaints seriously and will respond to your concern within 30 days.

If you are not satisfied with our response, you may escalate your complaint to the relevant authorities:

16.1 Federal Trade Commission (FTC)

The FTC enforces consumer protection laws, including privacy-related issues, under the FTC Act (15 U.S.C. ยง 45). You may file a complaint with the FTC at:

16.2 California Privacy Protection Agency (CPPA)

California residents may file complaints with the California Privacy Protection Agency, the state authority responsible for enforcing the CCPA/CPRA:

16.3 State Attorney General Offices

You may also contact your state's Attorney General office to report privacy violations or seek guidance on your rights under state privacy laws.


17. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our business practices, applicable law, or technology. When we make material changes to this policy, we will:

  • Update the "Last Updated" date at the top of this page
  • Post a prominent notice on our website
  • Send an email notification to registered users (for significant changes)

Your continued use of our website or services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically to stay informed about how we protect your information.

If any changes significantly affect how we use your personal information, we will seek your consent where required by applicable law before implementing those changes.


18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us using the information below. We are committed to responding promptly and transparently to all privacy-related inquiries.

We aim to acknowledge all privacy inquiries within 5 business days and to provide a full response within 30 business days. For formal rights requests under the CCPA/CPRA, the response timelines described in Section 9 apply.


This Privacy Policy was last reviewed and updated on July 5, 2026. Dion's Cafe is committed to protecting your privacy and earning your trust every time you engage with our brand.