Privacy Policy
This Privacy Policy explains how Chopt ("we," "us," "our," or "the Company") collects, uses, discloses, and safeguards your personal information when you visit our website at chopt-tasty.rest, place food orders, use our services, or otherwise interact with us. Please read this policy carefully. By using our website or services, you agree to the practices described in this Privacy Policy.
We are committed to protecting your privacy and handling your personal data in an open and transparent manner. This policy has been drafted in compliance with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other applicable consumer protection regulations.
1. About Us
Chopt is a food service business operating in the United States. We operate the website located at chopt-tasty.rest and provide food-related products and services to our customers.
| Company Name | Chopt |
|---|---|
| Website | chopt-tasty.rest |
| Email Address | [email protected] |
| Location | United States |
For any privacy-related inquiries, questions, or concerns, you may contact us at any time using the contact details provided above or as further described in the "Contact Us" section at the end of this policy.
2. Scope of This Privacy Policy
This Privacy Policy applies to:
- All visitors to our website at chopt-tasty.rest
- Registered account holders who use our online ordering or loyalty platform
- Customers who place orders, whether online, by phone, or in person
- Individuals who sign up for our newsletters, promotions, or marketing communications
- Anyone who contacts us via email, telephone, or through our online contact forms
- Business partners, vendors, or contractors who share personal data with us
This policy does not apply to third-party websites, platforms, or applications that may be linked to from our website. We are not responsible for the privacy practices of those third parties, and we encourage you to review their respective privacy policies before submitting any personal data to them.
3. Information We Collect
We collect various types of information in connection with your use of our website and services. The categories of personal information we collect are described below.
3.1 Information You Provide to Us Directly
When you interact with us, we may collect the following personal information that you voluntarily provide:
- Identity Information: Your full name, username, or similar identifiers.
- Contact Information: Email address, telephone number, billing address, delivery address, and zip code.
- Account Credentials: Username and password when you create an account with us.
- Order and Transaction Information: Details about the food items you have purchased, order history, special dietary requests, and preferences.
- Payment Information: Credit card numbers, debit card numbers, billing information, and other financial data necessary to process your payments. Note that full payment card details are processed by our PCI-DSS compliant third-party payment processors and are not stored directly by us.
- Communications: Messages, inquiries, complaints, or feedback you send us through email, contact forms, or customer service channels.
- Marketing Preferences: Your preferences regarding receiving marketing and promotional communications from us.
- Survey Responses: Any information you provide when you participate in surveys, contests, or promotional activities we conduct.
3.2 Information We Collect Automatically
When you visit our website, we automatically collect certain technical and usage data, including:
- Device Information: IP address, browser type and version, operating system, device type (desktop, mobile, tablet), device identifiers, and hardware configuration.
- Usage Data: Pages you visit, links you click, search terms you enter, time spent on pages, referring URLs, and how you navigate our website.
- Log Data: Server logs that record requests made to our server, timestamps, and error reports.
- Location Data: General geographic location derived from your IP address. We may also collect more precise location data if you grant permission through your browser or device settings.
- Cookie and Tracking Data: Information collected through cookies, web beacons, pixel tags, and similar tracking technologies. Please see Section 8 (Cookie Usage) for more details.
3.3 Information We Receive from Third Parties
We may receive personal information about you from third parties, including:
- Third-Party Delivery Platforms: If you place an order with us through a third-party food delivery platform (such as DoorDash, Uber Eats, Grubhub, or similar services), we may receive your name, contact information, delivery address, and order details from those platforms.
- Social Media Platforms: If you choose to log in or connect your account using a social media platform (e.g., Google, Facebook), we receive certain profile information from those platforms in accordance with your privacy settings on those platforms.
- Analytics Providers: We may receive aggregated or de-identified data from analytics providers that help us understand our website's performance and user behavior.
- Payment Processors: We receive transaction confirmation and payment status information from our payment processors.
- Marketing Partners: We may receive information from advertising and marketing partners to help us better target our promotions and measure the effectiveness of our advertising campaigns.
4. How We Use Your Information
We use the personal information we collect for the following purposes:
4.1 Service Provision and Order Fulfillment
- To process and fulfill your food orders, including delivery or pickup coordination.
- To create and manage your account on our platform.
- To process payments and send you receipts, order confirmations, and related transactional communications.
- To respond to your customer service inquiries, requests, and complaints.
- To provide you with technical support related to your account or our website.
- To send you important notices about changes to our services, terms, or this Privacy Policy.
4.2 Analytics and Website Improvement
- To analyze how users interact with our website and services to improve functionality, design, and user experience.
- To monitor and analyze trends, usage patterns, and activities in connection with our website.
- To conduct research and generate aggregated, anonymized statistical reports about our customers and business performance.
- To test new features, functionalities, or menu offerings before full launch.
- To detect, investigate, and prevent fraudulent transactions, unauthorized access, and other illegal activities.
4.3 Marketing and Promotions
- To send you marketing communications, promotional offers, special deals, and news about Chopt, where you have consented to receive such communications or where we are otherwise permitted by law.
- To personalize your experience on our website by displaying content, offers, and recommendations relevant to your preferences and order history.
- To administer loyalty programs, contests, sweepstakes, or other promotional activities.
- To measure the effectiveness of our advertising campaigns and marketing efforts.
You may opt out of marketing communications at any time by following the unsubscribe instructions included in each marketing email or by contacting us directly at [email protected].
4.4 Legal and Compliance Purposes
- To comply with applicable federal, state, and local laws, regulations, and legal obligations.
- To enforce our Terms of Service and other agreements.
- To respond to lawful requests from courts, law enforcement, government authorities, and other legal bodies.
- To protect the rights, property, and safety of Chopt, our customers, employees, and the public.
5. How We Share Your Information
We do not sell your personal information to third parties for monetary compensation. However, we may share your information in the following circumstances:
5.1 Service Providers and Business Partners
We engage trusted third-party companies and individuals to perform functions on our behalf. These service providers have access to your personal information only as needed to perform their services and are contractually obligated to maintain its confidentiality and security. Categories of service providers include:
- Payment Processors: Companies that securely process credit and debit card transactions.
- Delivery Partners: Third-party logistics or delivery companies that fulfill your food orders.
- Cloud Hosting and IT Services: Providers that store our data and host our website infrastructure.
- Analytics Providers: Services such as Google Analytics that help us understand website traffic and user behavior.
- Email and Marketing Platforms: Services used to send you transactional and promotional emails.
- Customer Support Platforms: Tools that help our team manage and respond to customer inquiries.
- Advertising Networks: Platforms used to deliver targeted advertisements across the internet.
5.2 Legal Requirements and Protection of Rights
We may disclose your personal information if we believe in good faith that such disclosure is necessary to:
- Comply with a legal obligation, court order, subpoena, or government request.
- Enforce our Terms of Service or other contractual agreements.
- Protect the rights, privacy, safety, or property of Chopt, our customers, or others.
- Detect, prevent, or address fraud, security breaches, or technical issues.
- Respond to an emergency that poses a threat to public safety.
5.3 Business Transfers
In the event that Chopt undergoes a merger, acquisition, reorganization, sale of assets, or bankruptcy proceeding, your personal information may be transferred as part of that transaction. We will notify you via email or prominent notice on our website if your personal information becomes subject to a different privacy policy as a result of such a transaction.
5.4 With Your Consent
We may share your personal information with third parties when you have given us your explicit consent to do so. You may withdraw such consent at any time by contacting us at [email protected].
5.5 Aggregated and De-identified Data
We may share aggregated or de-identified information — which cannot reasonably be used to identify any individual — with third parties for research, marketing, analytics, and other purposes.
6. Data Security
We take the security of your personal information very seriously. We have implemented a range of technical, administrative, and physical security measures designed to protect your information from unauthorized access, disclosure, alteration, and destruction. Our security practices include:
- Encryption: We use Secure Socket Layer (SSL) / Transport Layer Security (TLS) encryption to protect data transmitted between your browser and our website.
- Access Controls: We restrict access to personal information to authorized personnel who need it to perform their job duties. All employees with access to personal data are required to maintain its confidentiality.
- Payment Security: All payment transactions are processed through PCI-DSS (Payment Card Industry Data Security Standard) compliant payment processors. We do not store full credit card numbers on our servers.
- Secure Servers: Our website and database are hosted on secure servers with industry-standard protections, including firewalls and intrusion detection systems.
- Regular Security Assessments: We periodically review and update our security practices to address emerging threats and vulnerabilities.
- Employee Training: Our staff receives regular training on data privacy and security best practices.
- Breach Response: We maintain a data breach response plan and will notify affected individuals and relevant authorities as required by applicable law in the event of a data breach.
7. Your Privacy Rights
Depending on your state of residence and applicable law, you may have the following rights regarding your personal information:
7.1 Rights Under the California Consumer Privacy Act (CCPA/CPRA)
If you are a California resident, the CCPA and CPRA provide you with the following rights:
- Right to Know: You have the right to request that we disclose what personal information we have collected, used, shared, or sold about you over the past 12 months, including the categories and specific pieces of personal information, the sources from which it was collected, the purposes for collection, and the categories of third parties with whom it was shared.
- Right to Delete: You have the right to request that we delete personal information we have collected from you, subject to certain exceptions permitted by law (e.g., where we need to retain the data to complete a transaction, detect security incidents, comply with legal obligations, or exercise free speech).
- Right to Correct: You have the right to request that we correct inaccurate personal information we hold about you.
- Right to Opt-Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising. We do not sell personal information for monetary compensation. However, if we engage in any sharing activities that qualify as "sharing" under CPRA, you may opt out.
- Right to Limit Use of Sensitive Personal Information: You have the right to limit our use and disclosure of sensitive personal information to certain permitted purposes.
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights. We will not deny you services, charge you different prices, or provide a different quality of service because you exercised your privacy rights.
- Right to Data Portability: You have the right to receive a copy of your personal information in a portable, readily usable format.
To submit a verifiable consumer request to exercise any of these rights, please contact us at:
- Email: [email protected]
We will respond to verifiable requests within 45 days of receipt. If we require more time, we will inform you of the reason and extension period in writing. We may ask you to verify your identity before processing your request to protect your information.
7.2 Rights Under Other U.S. State Privacy Laws
Residents of other states, including but not limited to Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and Texas, may have similar rights to access, delete, correct, and port their personal data, as well as the right to opt out of targeted advertising and profiling. We are committed to honoring such rights where applicable. Please contact us using the information above to exercise your rights.
7.3 General Rights Available to All Users
- Access: You may request access to the personal information we hold about you.
- Correction: You may ask us to correct or update inaccurate or incomplete information.
- Deletion: You may request that we delete your personal information, subject to applicable legal limitations.
- Opt-Out of Marketing: You may unsubscribe from marketing emails at any time using the "unsubscribe" link in our emails or by contacting us directly.
- Account Deactivation: You may request deactivation of your account by contacting us at [email protected].
8. Cookie Usage
Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and deliver personalized content and advertisements. Cookies are small text files stored on your device when you visit our website.
8.1 Types of Cookies We Use
- Strictly Necessary Cookies: Essential for the website to function properly, including maintaining your session and enabling core features such as the shopping cart and order placement.
- Performance and Analytics Cookies: These cookies collect information about how visitors use our website (e.g., which pages are visited most often) to help us improve our website's performance. We may use tools such as Google Analytics for this purpose.
- Functional Cookies: These enable the website to remember your preferences (such as language settings and saved addresses) to provide a more personalized experience.
- Marketing and Advertising Cookies: These are used to track visitors across websites and display relevant advertisements based on your interests and browsing behavior.
8.2 Managing Cookies
You can control and manage cookies through your browser settings. Most browsers allow you to block or delete cookies. However, please be aware that disabling certain cookies may impact the functionality of our website and your ability to place orders. You may also opt out of interest-based advertising by visiting the Digital Advertising Alliance's opt-out page or the Network Advertising Initiative opt-out page.
For more detailed information about our cookie practices, including how to manage your preferences, please refer to our Cookie Policy available on our website.
9. Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. The following general retention guidelines apply:
| Category of Data | Retention Period |
|---|---|
| Account Information | Duration of account plus 3 years after account closure |
| Order and Transaction Records | 7 years (for tax and accounting compliance) |
| Payment Information | Processed and managed by payment processors per their retention policies; we retain only minimal transaction references |
| Customer Communications | 3 years from last interaction |
| Marketing Preferences | Until you withdraw consent or opt out, plus 1 year |
| Website Usage and Analytics Data | 26 months (anonymized after 13 months) |
| Cookie and Tracking Data | Varies by cookie type (session cookies expire when browser closes; persistent cookies typically 1–2 years) |
| Legal and Compliance Records | As required by applicable law, typically 5–7 years |
After the applicable retention period, we will securely delete or anonymize your personal information so that it can no longer be associated with you.
10. Children's Privacy
We do not knowingly collect, use, or disclose personal information from minors under the age of 18. Our food ordering platform and website are not directed at children, and we do not knowingly permit individuals under 18 to create accounts or submit personal information through our services.
If you are a parent or guardian and believe that your child under 18 has provided us with personal information without your consent, please contact us immediately at [email protected]. If we learn that we have inadvertently collected personal information from a child under 18, we will take prompt steps to delete such information from our records.
Our practices are consistent with the Children's Online Privacy Protection Act (COPPA), which protects the privacy of children under 13 online. If we ever knowingly direct services to children under 13, we will comply fully with COPPA requirements, including obtaining verifiable parental consent prior to collecting any personal information.
11. International Data Transfers
Chopt is based in the United States, and our primary operations, servers, and data storage are located within the United States. However, some of our third-party service providers — including analytics platforms, cloud hosting providers, and marketing tools — may operate in or transfer data to countries outside of the United States.
If your personal information is transferred to, stored in, or processed in a country other than the United States, we will ensure that appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable data protection laws. Such safeguards may include:
- Entering into data processing agreements with third-party service providers that include standard contractual clauses or equivalent protections.
- Ensuring that service providers operate in jurisdictions recognized as providing adequate levels of data protection.
- Implementing technical and organizational measures to protect transferred data.
If you are accessing our website from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country. By using our services, you consent to this transfer, storage, and processing of your information.
12. Do Not Track Signals
Some web browsers have a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. Our website does not currently respond to Do Not Track signals from browsers. However, you can control cookies and tracking through the cookie management options described in Section 8 of this policy.
We continue to monitor developments in DNT standards and may update our practices as clearer industry standards and legal requirements emerge.
13. Third-Party Links
Our website may contain links to third-party websites, applications, or services, including social media platforms, delivery partners, and payment processors. These third-party sites operate independently and have their own privacy policies and terms of service. We are not responsible for the privacy practices or content of third-party sites.
We encourage you to review the privacy policies of any third-party websites you visit before providing them with any personal information. The inclusion of a link on our website does not constitute our endorsement of that third party or its privacy practices.
14. Changes to This Privacy Policy
We reserve the right to update, modify, or revise this Privacy Policy at any time. When we make material changes to this policy, we will:
- Update the "Last Updated" date at the top of this page.
- Post the revised policy on our website at chopt-tasty.rest.
- Notify you by email (if we have your email address on file) or by placing a prominent notice on our website when the changes are significant.
Your continued use of our website and services after the effective date of any updated Privacy Policy constitutes your acceptance of the revised terms. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
15. Filing a Complaint
If you believe we have not adequately addressed your privacy concerns or have handled your personal information in violation of applicable law, you have the right to file a complaint with the relevant data protection or consumer protection authority.
15.1 Federal Trade Commission (FTC)
In the United States, the Federal Trade Commission (FTC) is the primary federal agency responsible for consumer protection and enforcement of privacy-related unfair or deceptive trade practices under the FTC Act. You may file a complaint with the FTC at:
- Website: reportfraud.ftc.gov
- Phone: 1-877-FTC-HELP (1-877-382-4357)
15.2 California Attorney General (for California Residents)
California residents may file a complaint regarding CCPA/CPRA violations with the California Privacy Protection Agency (CPPA) or the California Attorney General's office:
- California Privacy Protection Agency: cppa.ca.gov
- California Attorney General: oag.ca.gov/privacy
15.3 State Attorneys General
Residents of other U.S. states may also have the right to file complaints with their respective state attorney general's office or consumer protection agency. We encourage you to research the appropriate authority for your state of residence.
Before filing a complaint with a regulatory authority, we encourage you to contact us first so that we may have the opportunity to address your concerns directly and promptly.
16. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, or if you wish to exercise any of your privacy rights, please do not hesitate to contact us using the information below:
| Company Name | Chopt |
|---|---|
| Email Address | [email protected] |
| Website | chopt-tasty.rest |
| Location | United States |
We are committed to resolving any privacy concerns you may have. Upon receiving your request or inquiry, we will make every effort to respond within 30 business days. For CCPA/CPRA verifiable consumer requests, we will respond within 45 days as required by law, with the possibility of a single 45-day extension if reasonably necessary.