Privacy Policy

Effective Date: June 14, 2026 | Last Updated: June 14, 2026

Important Notice: This Privacy Policy explains how Dions ("we," "us," or "our") collects, uses, shares, and protects your personal information when you visit our website at cafedions.rest, place orders, or interact with our food services. Please read this policy carefully before using our services.

1. Introduction and Who We Are

Welcome to Dions. We are a food service business operating in the United States, committed to providing excellent dining experiences while respecting and protecting the privacy of every individual who interacts with our brand. This Privacy Policy has been prepared in accordance with applicable United States federal and state privacy laws, including but not limited to the Federal Trade Commission Act (FTC Act), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the CAN-SPAM Act, and other relevant consumer protection regulations.

By accessing or using our website at cafedions.rest, placing an order, signing up for our newsletter, or otherwise providing us with your personal information, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with this policy, please discontinue use of our website and services immediately.

Our contact details for all privacy-related inquiries are as follows:

Company Name	Dions
Website	cafedions.rest
Email	[email protected]
Country of Operation	United States

2. Scope of This Privacy Policy

This Privacy Policy applies to all personal information collected by Dions through the following channels:

Our website located at cafedions.rest
Online food ordering systems integrated into or linked from our website
Email communications sent to or received from our business email at [email protected]
In-person interactions at our food establishment
Social media platforms and third-party review sites where we maintain a presence
Loyalty programs, promotions, contests, or surveys conducted by Dions
Any other touchpoint where we collect personal information and reference this Privacy Policy

This policy does not apply to the practices of third-party websites, applications, or services that may be linked to or from our website. We encourage you to review the privacy policies of those third parties before providing them with any personal information.

3. Information We Collect

We collect several categories of personal information depending on how you interact with Dions. Below is a detailed breakdown of the types of data we may collect.

3.1 Personal Identification Information

When you place an order, create an account, contact us, or participate in our programs, we may collect the following identifying information:

Full name
Email address
Phone number
Mailing or delivery address
Date of birth (where required for age verification)
Username and password (for account holders)
Profile picture (if uploaded voluntarily)

3.2 Transaction and Order Information

To fulfill your food orders and process payments, we collect:

Items ordered, quantities, and special dietary instructions
Order history and frequency
Billing address and payment method details (processed securely through third-party payment processors; we do not store full payment card numbers)
Delivery or pickup preferences
Transaction timestamps and order confirmation numbers

3.3 Device and Technical Information

When you visit our website, our servers and analytics tools automatically collect certain technical data, including:

IP address
Browser type and version
Operating system and device type
Screen resolution
Referring URL (the website you came from)
Pages viewed and time spent on each page
Links clicked and interactions with page elements
Time zone and language settings

3.4 Location Data

With your permission, we may collect precise or approximate geolocation data to facilitate delivery services, provide location-specific menus or promotions, and improve our services. You may disable location sharing through your device settings at any time.

3.5 Communications Data

If you contact us via email, phone, or our website contact form, we collect and retain the content of those communications, including your name, contact details, and the substance of your inquiry. This includes feedback, complaints, and customer service interactions.

3.6 Marketing and Preferences Data

We collect information about your preferences when you opt into our newsletter, loyalty programs, or promotional campaigns, including:

Communication preferences (e.g., email, SMS)
Dietary preferences or restrictions you voluntarily share
Favorite menu items and order preferences
Marketing engagement data (open rates, click-through rates)

3.7 Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, and similar tracking technologies on our website. These tools help us understand how visitors use our site, remember your preferences, and deliver personalized content. For more details, please refer to Section 9 of this Privacy Policy, which is dedicated to our Cookie Usage practices.

3.8 User-Generated Content

If you submit reviews, ratings, photos, or other content through our website or social media channels, we may collect and use that content in connection with our services and marketing.

4. How We Use Your Information

Dions uses the personal information we collect for a variety of lawful business purposes. The primary bases for processing your data include fulfillment of contractual obligations, legitimate business interests, your consent, and compliance with legal requirements.

4.1 Service Delivery and Order Fulfillment

Processing and fulfilling your food orders, whether for delivery or pickup
Communicating order confirmations, updates, and delivery status
Managing reservations and table bookings
Processing payments and issuing refunds where applicable
Providing customer support and resolving complaints or disputes

4.2 Account Management

Creating and maintaining your user account on our platform
Authenticating your identity when you log in
Allowing you to view past orders and saved preferences
Managing loyalty rewards, points, and redemption

4.3 Analytics and Business Improvement

Analyzing website traffic, user behavior, and engagement patterns
Understanding popular menu items and purchasing trends
Improving our website design, functionality, and user experience
Conducting internal research and product development
Monitoring and addressing technical issues on our platform

4.4 Marketing and Communications

Sending promotional emails, special offers, and newsletters to subscribers
Informing you about new menu items, seasonal specials, and events
Conducting surveys, contests, and feedback campaigns
Displaying targeted advertisements on third-party platforms based on your interests
Personalizing your experience on our website and in communications

You may opt out of marketing communications at any time by clicking the "Unsubscribe" link in any of our emails or by contacting us at [email protected]. Please note that opting out of marketing emails does not affect transactional or operational communications related to your orders.

4.5 Legal Compliance and Safety

Complying with applicable federal, state, and local laws and regulations
Responding to lawful requests from government authorities or law enforcement
Enforcing our Terms of Service and other applicable agreements
Detecting, preventing, and investigating fraud, security breaches, or illegal activity
Protecting the rights, property, and safety of Dions, our customers, and the public

5. Sharing Your Information with Third Parties

We respect your privacy and do not sell your personal information to third parties for their own independent marketing purposes. However, we may share your information in the following circumstances:

5.1 Service Providers and Business Partners

We engage trusted third-party service providers to help us operate our business and deliver services to you. These providers are contractually obligated to use your information only for the purposes we specify and to implement appropriate security measures. Categories of service providers include:

Payment processors: To securely process credit card and digital payments
Delivery platforms: Third-party delivery services (e.g., DoorDash, Uber Eats, Grubhub) that facilitate the delivery of your orders
Email marketing platforms: To send newsletters and promotional communications
Analytics providers: Such as Google Analytics, to analyze website traffic and user behavior
Cloud hosting and infrastructure providers: To store and process data on our behalf
Customer support tools: To manage and respond to customer inquiries efficiently
SMS and communication platforms: For order update notifications and alerts

5.2 Legal Requirements and Law Enforcement

We may disclose your personal information when we believe, in good faith, that disclosure is necessary to:

Comply with a subpoena, court order, legal process, or governmental request
Enforce our legal rights or defend against legal claims
Protect the safety and security of our users, employees, or the public
Prevent fraud, unauthorized activity, or illegal conduct

5.3 Business Transfers

In the event that Dions undergoes a merger, acquisition, sale of assets, reorganization, or bankruptcy proceeding, your personal information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website if such a transfer occurs and your information becomes subject to a materially different privacy policy.

5.4 With Your Consent

We may share your information with other parties not described above when we have obtained your explicit consent to do so. You may withdraw your consent at any time by contacting us at [email protected].

5.5 Aggregated and De-Identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you with third parties for research, analytics, marketing, or other business purposes without restriction.

6. Data Security

At Dions, we take the security of your personal information seriously. We implement a combination of technical, administrative, and physical safeguards designed to protect your data from unauthorized access, use, disclosure, alteration, or destruction.

6.1 Technical Measures

Secure Sockets Layer (SSL) / Transport Layer Security (TLS) encryption for all data transmitted between your browser and our website
Encrypted storage of sensitive data such as passwords (using industry-standard hashing algorithms)
Firewalls and intrusion detection systems to protect our servers
Regular security patching and software updates
Multi-factor authentication for administrative access to systems containing personal data

6.2 Administrative Measures

Role-based access controls limiting employee access to personal data on a need-to-know basis
Privacy and security training for all staff who handle customer information
Vendor due diligence and contractual data protection obligations for all third-party service providers
Written data protection policies and procedures

6.3 Incident Response

In the event of a data breach that compromises your personal information, we will notify affected individuals as required by applicable law, including relevant state breach notification statutes. Notifications will be provided in a timely manner and will include information about the nature of the breach, the data affected, and steps you can take to protect yourself.

Please Note: While we employ robust security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee the absolute security of your information, and you transmit data to us at your own risk. We encourage you to use strong, unique passwords and to notify us immediately if you suspect any unauthorized use of your account.

7. Your Privacy Rights

Depending on your state of residence and applicable law, you may have certain rights regarding your personal information. We are committed to honoring these rights in accordance with applicable United States privacy laws.

7.1 Rights Under the California Consumer Privacy Act (CCPA/CPRA)

If you are a California resident, you have the following rights under the CCPA as amended by the CPRA:

Right to Know: You have the right to request that we disclose what personal information we have collected about you, the categories and sources of that information, the purposes for which it is used, and the categories of third parties with whom it is shared.
Right to Delete: You have the right to request the deletion of personal information we have collected about you, subject to certain exceptions (e.g., where retention is necessary to complete a transaction or comply with a legal obligation).
Right to Correct: You have the right to request that we correct inaccurate personal information we hold about you.
Right to Opt-Out of Sale or Sharing: You have the right to direct us not to sell or share your personal information with third parties. We do not sell personal information in the traditional sense; however, if any of our advertising practices constitute a "sale" or "sharing" under CCPA/CPRA, you may opt out using the contact information below.
Right to Limit Use of Sensitive Personal Information: You have the right to limit our use of sensitive personal information to purposes directly related to providing our services.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny services, charge different prices, or provide a different quality of service based on your exercise of privacy rights.

7.2 General Privacy Rights (All US Residents)

Right of Access: You may request a copy of the personal information we hold about you.
Right to Correction: You may request that we update or correct inaccurate or incomplete information.
Right to Deletion: You may request that we delete your personal information, subject to applicable legal requirements.
Right to Data Portability: You may request a copy of your personal data in a structured, commonly used, machine-readable format where technically feasible.
Right to Withdraw Consent: Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
Right to Opt-Out of Marketing: You may opt out of receiving marketing communications at any time.

7.3 How to Exercise Your Rights

To exercise any of the rights described above, please submit a verifiable request to us using the following methods:

Email: [email protected]
Subject Line: "Privacy Rights Request"

We will respond to your request within 45 days of receipt. If we need additional time, we will notify you and may extend the response period by an additional 45 days where reasonably necessary. We may need to verify your identity before processing your request to ensure security and prevent fraudulent submissions.

Authorized agents may submit requests on behalf of California residents. We may require written proof of authorization from the consumer before processing such requests.

8. Data Retention

We retain your personal information only for as long as is necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by applicable law. The following general retention guidelines apply:

Category of Data	Retention Period
Account information	For the duration of your account, plus 3 years after account closure
Order and transaction records	7 years (for accounting, tax, and legal compliance purposes)
Customer service communications	3 years from the date of last interaction
Marketing preferences and consent records	3 years from the date of consent or last engagement
Website usage and analytics data	Up to 26 months (as configured with analytics providers)
Payment information	As required by payment card industry standards (PCI DSS)
Legal claims and compliance data	Duration of relevant statute of limitations plus 1 year

Upon expiration of applicable retention periods, we will securely delete or anonymize your personal information so that it can no longer be associated with you. Certain information may be retained in anonymized, aggregated form for statistical or analytical purposes indefinitely.

9. Cookie Usage

Our website at cafedions.rest uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and support our marketing efforts. Cookies are small text files placed on your device when you visit a website.

9.1 Types of Cookies We Use

Essential Cookies: Necessary for the website to function properly, such as maintaining your session when placing an order or logging into your account. These cannot be disabled without affecting site functionality.
Performance and Analytics Cookies: Used to collect information about how visitors use our website (e.g., pages visited, time on site, error messages). We use tools such as Google Analytics for this purpose.
Functional Cookies: Remember your preferences (e.g., saved delivery addresses, preferred language) to improve your experience.
Marketing and Targeting Cookies: Used to deliver relevant advertisements and track the effectiveness of our marketing campaigns on third-party platforms.

9.2 Managing Your Cookie Preferences

You can control and manage cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or set your preferences for specific websites. Please note that disabling certain cookies may affect the functionality of our website and your ability to place orders or access certain features.

For more detailed information about the cookies we use, how we use them, and how to manage your preferences, please refer to our dedicated Cookie Policy available on our website.

10. Children's Privacy

Our website and food services are intended for use by individuals who are 18 years of age or older. We do not knowingly collect, solicit, or process personal information from children under the age of 13, or, where applicable under state law, children under the age of 16.

If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at [email protected]. Upon verification, we will promptly delete such information from our systems in accordance with the Children's Online Privacy Protection Act (COPPA) and other applicable laws.

We do not design our website to appeal to minors, and we do not knowingly allow minors to register for accounts or place orders. If we learn that we have inadvertently collected personal information from a child under the applicable age threshold without verifiable parental consent, we will take immediate steps to delete that information.

11. International Data Transfers

Dions is based in the United States, and the information we collect is primarily stored and processed within the United States. If you are accessing our website from outside the United States, please be aware that your personal information will be transferred to and processed in the United States, where data protection laws may differ from those in your home jurisdiction.

If we transfer personal information to service providers or partners located outside the United States, we take steps to ensure that appropriate safeguards are in place to protect that information in accordance with this Privacy Policy and applicable legal requirements. This may include the use of standard contractual clauses, data processing agreements, or other legally recognized mechanisms for cross-border data transfers.

By using our website and services, you acknowledge and consent to the transfer of your personal information to the United States and to any other countries where our service providers may operate.

12. Third-Party Links and Services

Our website may contain links to third-party websites, social media platforms, delivery service applications, or other external services. These links are provided for your convenience and do not signify that we endorse those third parties or their content. We are not responsible for the privacy practices or the content of any third-party websites.

When you click on a third-party link and leave our website, you are subject to the privacy policy and terms of service of that third party. We encourage you to review the privacy policies of all websites you visit, particularly before submitting any personal information.

Popular third-party services that may be connected to our platform include:

Google Analytics (analytics and reporting)
Meta (Facebook/Instagram) Pixel (advertising and audience insights)
Payment gateways (e.g., Stripe, Square, PayPal)
Food delivery platforms (e.g., DoorDash, Uber Eats, Grubhub)
Email marketing services (e.g., Mailchimp)

13. Do Not Track Signals

Some web browsers offer a "Do Not Track" (DNT) feature that sends a signal to websites requesting that your browsing activity not be tracked. Currently, there is no universally accepted standard for responding to DNT signals, and our website does not currently alter its data collection or use practices in response to browser DNT signals. However, we provide you with choices about how we use your information as described throughout this Privacy Policy.

California residents may also exercise rights under the "Shine the Light" law (California Civil Code Section 1798.83), which allows California residents to request information about the categories of personal information shared with third parties for direct marketing purposes during the preceding calendar year. To make such a request, please contact us at [email protected].

14. How to File a Privacy Complaint

If you believe that Dions has not handled your personal information in accordance with this Privacy Policy or applicable law, we encourage you to contact us first so that we can address your concerns directly.

14.1 Contacting Us

Please send your privacy complaint or concern to:

Email: [email protected]
Subject Line: "Privacy Complaint"
Website: cafedions.rest

We will acknowledge receipt of your complaint within 5 business days and aim to resolve it within 30 days. Complex complaints may require additional time, in which case we will notify you of the expected resolution timeline.

14.2 Regulatory Complaints

If you are not satisfied with our response to your privacy complaint, you may have the right to file a complaint with a relevant regulatory authority:

California Residents: You may file a complaint with the California Privacy Protection Agency (CPPA) at cppa.ca.gov or the California Attorney General's Office at oag.ca.gov.
All US Residents: You may file a complaint with the Federal Trade Commission (FTC) at ftc.gov or by calling 1-877-382-4357.
Residents of Other States: You may also have rights under your state's specific consumer protection or privacy laws. Contact your state's Attorney General or consumer protection office for guidance.

15. State-Specific Privacy Rights

In addition to California, several other states have enacted comprehensive consumer privacy laws that may grant you additional rights. If you reside in one of the following states, you may have rights similar to those described in Section 7, including rights of access, correction, deletion, and portability:

Virginia: Virginia Consumer Data Protection Act (VCDPA)
Colorado: Colorado Privacy Act (CPA)
Connecticut: Connecticut Data Privacy Act (CTDPA)
Utah: Utah Consumer Privacy Act (UCPA)
Texas: Texas Data Privacy and Security Act (TDPSA)
Oregon: Oregon Consumer Privacy Act (OCPA)
Montana: Montana Consumer Data Privacy Act (MCDPA)

To exercise rights under any of these state laws, please contact us at [email protected] and indicate your state of residence in your request.

16. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, applicable laws, or the services we offer. When we make material changes to this policy, we will take the following steps to notify you:

Update the "Last Updated" date at the top of this Privacy Policy
Post a prominent notice on our website at cafedions.rest
Send an email notification to registered account holders where required by law

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website and services after any modifications to this policy constitutes your acceptance of those changes.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact our privacy team. We are committed to resolving all inquiries in a timely and transparent manner.

Business Name	Dions
Email	[email protected]
Website	cafedions.rest
Privacy Inquiries	Please include "Privacy Inquiry" in the subject line of your email

Effective Date: This Privacy Policy is effective as of June 14, 2026. All prior versions of this policy are superseded by this document.