Privacy Policy
Welcome to Chopt. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website cafe-chopt.rest, place orders, use our services, or otherwise interact with us. Please read this policy carefully. If you do not agree with the terms of this Privacy Policy, please discontinue use of our website and services.
This Privacy Policy applies to all users in the United States and is designed to comply with applicable federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other applicable state and federal consumer protection regulations.
1. Who We Are
Chopt is a food service business operating through the website cafe-chopt.rest. We provide food ordering, catering, and related hospitality services to our customers across the United States.
| Business Name | Chopt |
|---|---|
| Website | cafe-chopt.rest |
| [email protected] |
For any questions, concerns, or requests related to this Privacy Policy or the handling of your personal information, please contact us at the details provided in Section 14 of this policy.
2. Information We Collect
We collect various types of information in connection with the services we offer. The categories of personal information we may collect include, but are not limited to, the following:
2.1 Personal Identification Information
When you register an account, place an order, make a reservation, subscribe to our newsletter, or contact us directly, we may collect:
- Full name
- Email address
- Phone number
- Billing and shipping/delivery address
- Date of birth (for age verification or promotional purposes)
- Username and password (for account holders)
- Profile photo (if voluntarily provided)
2.2 Payment and Transaction Information
When you make a purchase through our website or in-store using digital payment systems, we may collect:
- Payment card type and last four digits
- Billing address
- Transaction history and order details
- Gift card numbers or promotional codes used
Full payment card numbers are processed by our third-party payment processors and are not stored on our servers. These processors comply with the Payment Card Industry Data Security Standard (PCI DSS).
2.3 Usage and Behavioral Data
We automatically collect information about how you interact with our website and digital services, including:
- Pages visited, links clicked, and features used
- Time and date of visits and session duration
- Search queries entered on our website
- Items added to cart or wishlist
- Browsing history within our platform
- Referral source (how you arrived at our website)
2.4 Device and Technical Information
We collect technical information from the devices you use to access our services, including:
- IP address
- Browser type and version
- Operating system and device type
- Screen resolution and language settings
- Mobile device identifiers (IMEI, advertising ID)
- Geolocation data (if you grant permission)
- Cookie identifiers and similar tracking technologies
2.5 Communications and Feedback
If you contact us by email, phone, chat, or through our website forms, we may collect and retain:
- The content of your messages and inquiries
- Feedback, reviews, and survey responses
- Customer support ticket history
- Records of phone conversations (where permitted by law)
2.6 Information from Third Parties
We may receive information about you from third parties, including:
- Social media platforms (if you log in or share content through them)
- Third-party food delivery platforms and aggregators
- Analytics and advertising partners
- Data brokers (for marketing segmentation purposes)
- Loyalty program partners
3. How We Use Your Information
We use the information we collect for a variety of legitimate business purposes. These include:
3.1 Service Provision and Order Fulfillment
- Processing and fulfilling your food orders and catering requests
- Communicating order confirmations, updates, and delivery notifications
- Managing reservations, special dietary accommodations, and preferences
- Providing customer support and resolving disputes
- Managing your account and login credentials
3.2 Business Operations and Improvement
- Analyzing usage trends to improve our website, menu, and services
- Conducting internal research, audits, and quality assessments
- Detecting, preventing, and investigating fraud, security incidents, and abuse
- Maintaining the safety and integrity of our platform
- Complying with legal obligations and regulatory requirements
3.3 Marketing and Communications
- Sending promotional emails, newsletters, and special offers (with your consent where required)
- Displaying targeted advertisements on our website and third-party platforms
- Running loyalty programs and personalized reward campaigns
- Conducting surveys, contests, and promotional events
- Providing personalized menu recommendations based on your past orders
You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any of our emails or by contacting us at [email protected].
3.4 Legal and Compliance Purposes
- Responding to lawful requests from government authorities
- Enforcing our Terms of Service and other legal agreements
- Protecting our legal rights, interests, and those of our customers
- Complying with tax, accounting, and food safety regulations
4. Legal Bases for Processing
We process your personal information based on the following legal grounds, consistent with applicable U.S. privacy law:
- Contract Performance: Processing is necessary to fulfill your orders and provide the services you have requested.
- Legitimate Interests: We process data to operate and improve our business, detect fraud, and ensure the security of our platform, provided such interests are not overridden by your privacy rights.
- Legal Obligation: We process data where required by applicable law, regulation, or court order.
- Consent: Where required by law, we obtain your explicit consent before processing your data for marketing or non-essential cookies.
5. Cookies and Tracking Technologies
We use cookies, web beacons, pixel tags, and similar tracking technologies to enhance your experience on our website, analyze traffic, and deliver personalized content and advertising.
5.1 Types of Cookies We Use
| Cookie Type | Purpose |
|---|---|
| Strictly Necessary | Essential for website functionality, login sessions, and order processing. |
| Performance / Analytics | Collect anonymous data about website usage to help us improve our services (e.g., Google Analytics). |
| Functional | Remember your preferences, language settings, and saved items. |
| Marketing / Targeting | Track browsing behavior to deliver relevant advertisements across platforms. |
You can control cookie settings through your browser preferences or our cookie consent manager. Please note that disabling certain cookies may affect the functionality of our website. For detailed information about our cookie practices, please refer to our Cookie Policy available on our website.
6. Sharing Your Information with Third Parties
We do not sell your personal information for monetary compensation. However, we may share your information with third parties under certain circumstances as described below.
6.1 Service Providers
We engage trusted third-party service providers who assist us in operating our business, processing transactions, and delivering services. These include:
- Payment processors (e.g., Stripe, Square, or similar PCI-compliant processors)
- Food delivery and logistics partners
- Email marketing and CRM platforms
- Website hosting and cloud infrastructure providers
- Analytics and advertising technology companies
- Customer support software providers
- Accounting and legal service providers
All service providers are required to handle your information in accordance with this Privacy Policy and applicable law. We enter into data processing agreements with our service providers to ensure appropriate safeguards are in place.
6.2 Business Partners
We may share limited information with trusted business partners for co-branded promotions, joint marketing campaigns, or integrated services, provided that you have consented to such sharing or we have a legitimate business reason for doing so.
6.3 Legal Disclosures
We may disclose your personal information if we are required to do so by law or if we believe in good faith that such disclosure is necessary to:
- Comply with a legal obligation, court order, or subpoena
- Respond to a request from a government or law enforcement authority
- Protect and defend our rights, property, or safety
- Prevent or investigate suspected fraud, illegal activity, or security threats
- Protect the rights and safety of our customers and the public
6.4 Business Transfers
In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred to the acquiring entity. We will notify you via email or prominent notice on our website before your information becomes subject to a different privacy policy.
6.5 Aggregated and De-Identified Data
We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you with third parties for research, marketing, analytics, or other business purposes.
7. Data Security
Protecting your personal information is a top priority for Chopt. We implement a comprehensive set of technical, administrative, and physical safeguards to protect your data against unauthorized access, loss, alteration, or disclosure.
7.1 Technical Safeguards
- Secure Sockets Layer (SSL) / Transport Layer Security (TLS) encryption for all data transmitted through our website
- Encryption of sensitive data at rest using industry-standard protocols
- Firewalls, intrusion detection systems, and regular vulnerability scans
- Multi-factor authentication (MFA) for administrative access
- Tokenization of payment card data through PCI DSS-compliant processors
7.2 Administrative Safeguards
- Access to personal data restricted to authorized personnel on a need-to-know basis
- Regular employee training on data privacy and security best practices
- Confidentiality agreements with staff and contractors who handle personal data
- Incident response procedures for detecting and responding to data breaches
7.3 Physical Safeguards
- Secure physical access controls at data processing facilities
- Locked storage for physical records containing personal information
- Secure disposal and destruction of data storage media
8. Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
| Data Category | Retention Period |
|---|---|
| Account and profile information | Duration of account plus 3 years after closure |
| Order and transaction history | 7 years (for tax and accounting compliance) |
| Customer support communications | 3 years from the date of last contact |
| Marketing preferences and consent records | Until withdrawal of consent plus 2 years |
| Website usage and analytics data | 26 months (anonymized thereafter) |
| Cookie data | Varies by cookie type (typically 30 days to 2 years) |
| Payment records | 7 years (per IRS and financial regulations) |
| Legal and compliance records | As required by applicable law |
Upon expiration of the applicable retention period, we will securely delete or anonymize your personal information in accordance with our data disposal procedures.
9. Your Privacy Rights
Depending on your state of residence, you may have specific rights regarding your personal information. We are committed to honoring these rights to the fullest extent required by applicable law.
9.1 Rights Under the California Consumer Privacy Act (CCPA/CPRA)
If you are a California resident, you have the following rights under the CCPA as amended by the CPRA, effective January 1, 2023:
- Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for collection, and the categories of third parties with whom we have shared it.
- Right to Delete: You have the right to request deletion of personal information we have collected from you, subject to certain exceptions permitted by law.
- Right to Correct: You have the right to request correction of inaccurate personal information we maintain about you.
- Right to Opt-Out of Sale or Sharing: While we do not sell personal information for money, we may share information with advertising partners. You have the right to opt out of such sharing. To exercise this right, visit our website or email us at [email protected].
- Right to Limit Use of Sensitive Personal Information: You have the right to limit how we use and disclose certain categories of sensitive personal information.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. We will not deny you services, charge different prices, or provide a lower quality of service as a result of your exercising these rights.
9.2 Rights Available to All U.S. Residents
Regardless of your state of residence, we provide the following baseline rights to all our users:
- Right of Access: You may request access to the personal information we hold about you.
- Right to Correction: You may update or correct inaccurate information through your account settings or by contacting us.
- Right to Deletion: You may request deletion of your personal information, subject to legal and operational requirements.
- Right to Data Portability: You may request a copy of your personal data in a structured, machine-readable format where technically feasible.
- Right to Opt-Out of Marketing: You may unsubscribe from marketing communications at any time.
- Right to Withdraw Consent: Where we rely on your consent to process data, you may withdraw it at any time without affecting the lawfulness of prior processing.
9.3 How to Submit a Privacy Request
To exercise any of the rights listed above, please submit a request to us using the following methods:
- Email: [email protected] with the subject line "Privacy Rights Request"
We will verify your identity before processing your request to protect your privacy and security. We will respond to verified requests within 45 days, with the possibility of an extension of an additional 45 days where necessary, with prior notice to you.
10. Children's Privacy
We do not knowingly collect personal information from children under the age of 18. If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at [email protected]. We will take prompt steps to delete such information from our records.
We comply with the Children's Online Privacy Protection Act (COPPA) and do not direct our services toward minors. If we discover that we have inadvertently collected personal information from a person under 18, we will delete that information as quickly as possible.
11. International Data Transfers
Chopt is based in the United States and our primary data processing activities take place within the United States. However, some of our third-party service providers, technology partners, and cloud infrastructure providers may be located in or operate from other countries, which may include countries outside the United States that have different data protection laws.
When we transfer personal information internationally, we take steps to ensure that appropriate safeguards are in place to protect your data in accordance with applicable U.S. privacy laws. These safeguards may include:
- Entering into data transfer agreements with recipients that include appropriate contractual clauses
- Ensuring that third-party recipients implement adequate technical and organizational security measures
- Verifying that recipient countries provide an adequate level of data protection
By using our website and services, you acknowledge and consent to the transfer of your information to the United States and to other countries as described in this section.
12. Third-Party Links and Services
Our website may contain links to third-party websites, applications, social media platforms, or integrated services that are not operated or controlled by Chopt. These may include social sharing buttons, embedded content, third-party food delivery apps, and payment portals.
We are not responsible for the privacy practices of these third parties. We strongly encourage you to review the privacy policies of any third-party websites or services you access through our platform. This Privacy Policy applies solely to information collected by Chopt through our own website and services.
13. Changes to This Privacy Policy
We reserve the right to update, modify, or replace this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes to this policy, we will:
- Update the "Last Updated" date at the top of this page
- Post a prominent notice on our website
- Send an email notification to registered users where required by law
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our website and services following the posting of changes constitutes your acceptance of the updated policy.
14. Contact Us
If you have any questions, concerns, or comments about this Privacy Policy, our data practices, or if you wish to exercise your privacy rights, please contact our Privacy Team using the information below:
| Business Name | Chopt |
|---|---|
| [email protected] | |
| Website | cafe-chopt.rest |
We are committed to resolving any privacy concerns you may have in a timely and transparent manner. We aim to respond to all privacy-related inquiries within 10 business days of receipt.
15. Filing a Complaint with a Data Protection Authority
If you are not satisfied with our response to your privacy inquiry or believe that we are processing your personal information in violation of applicable law, you have the right to file a complaint with the relevant data protection or consumer protection authority.
15.1 California Residents
California residents may file a complaint with the California Privacy Protection Agency (CPPA), which is the primary regulatory authority responsible for enforcing the CCPA/CPRA:
- California Privacy Protection Agency (CPPA)
- Website: cppa.ca.gov
- Address: 2101 Arena Boulevard, Sacramento, CA 95834
You may also file a complaint with the California Attorney General's Office:
- Website: oag.ca.gov/privacy
15.2 All U.S. Residents
All U.S. residents may file a complaint with the Federal Trade Commission (FTC) regarding unfair or deceptive practices related to privacy and data security:
- Federal Trade Commission (FTC)
- Website: ftc.gov/complaint
- Phone: 1-877-382-4357
- Address: 600 Pennsylvania Avenue NW, Washington, DC 20580
15.3 Other State Residents
Residents of other states with specific privacy legislation (including Virginia, Colorado, Connecticut, Texas, Florida, and others) may contact their respective state attorney general's office or consumer protection agency to file a complaint or seek guidance regarding their privacy rights under applicable state law.
16. Specific Provisions for California Residents — CCPA/CPRA Disclosures
As required by the California Consumer Privacy Act and the California Privacy Rights Act, we provide the following additional disclosures for California residents:
16.1 Categories of Personal Information Collected in the Last 12 Months
| Category | Examples | Collected |
|---|---|---|
| Identifiers | Name, email, IP address, account ID | Yes |
| Customer Records | Address, phone number, payment info | Yes |
| Protected Classifications | Age, dietary restrictions (where provided) | Limited |
| Commercial Information | Order history, transaction records | Yes |
| Internet/Electronic Activity | Browsing history, search queries on our site | Yes |
| Geolocation Data | Delivery address, location for local ordering | Yes (with consent) |
| Inferences | Preferences drawn from usage data | Yes |
| Sensitive Personal Information | Payment card data, account credentials | Yes (encrypted) |
16.2 Purposes for Collecting Personal Information
We collect personal information for the following business and commercial purposes: order fulfillment, payment processing, customer support, marketing and advertising, security and fraud prevention, regulatory compliance, and service improvement.
16.3 Do Not Sell or Share My Personal Information
We do not sell your personal information for monetary consideration. We may share certain data (such as cookie-based browsing data) with advertising technology partners for cross-context behavioral advertising purposes, which may qualify as "sharing" under the CPRA. California residents may opt out of such sharing by contacting us at [email protected] with the subject line "Do Not Share My Personal Information."