Privacy Policy

Effective Date: July 2, 2026  |  Last Updated: July 2, 2026

Welcome to Chopt. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website choptcafe.rest, place orders, use our services, or otherwise interact with us. Please read this policy carefully. If you do not agree with the terms of this Privacy Policy, please discontinue use of our website and services.

This Privacy Policy applies to all information collected through our website (choptcafe.rest), as well as any related services, sales, marketing, or events. By accessing or using our website and services, you acknowledge that you have read, understood, and agree to be bound by all terms of this Privacy Policy.

1. Who We Are

Chopt is a food service business operating in the United States. We provide customers with food ordering, restaurant services, and related dining experiences through our physical locations and digital platforms.

Company Name Chopt
Website choptcafe.rest
Email Address [email protected]

For any questions, concerns, or requests related to this Privacy Policy, you may contact us at [email protected].

2. Information We Collect

We collect information about you in various ways when you interact with our website, place food orders, create an account, sign up for our newsletter, or communicate with us. The categories of information we collect include the following:

2.1 Personal Information You Provide Directly

When you voluntarily provide information to us — such as when you create an account, place an order, fill out a form, or contact our support team — we may collect the following personal information:

  • Contact Information: Your full name, email address, phone number, and mailing or delivery address.
  • Account Credentials: Username, password (stored in encrypted form), and security questions if applicable.
  • Order Information: Details of your food orders, including menu selections, order history, special dietary requests, and payment method details (note: full payment card numbers are not stored by us — they are processed by our third-party payment processors).
  • Billing Information: Billing address and partial payment details as required to process transactions.
  • Preferences and Dietary Needs: Food preferences, dietary restrictions, and allergen information that you choose to share with us to improve your experience.
  • Communications: Any messages, feedback, reviews, or correspondence you send to us via email, contact forms, or customer service channels.
  • Survey Responses: Responses to optional surveys, promotions, or marketing activities.
  • Loyalty Program Data: If you participate in any loyalty or rewards program, information related to your participation, points, and redemption history.

2.2 Information Collected Automatically

When you visit our website or use our digital services, certain information is collected automatically through cookies, web beacons, and similar tracking technologies. This includes:

  • Device Information: Your IP address, browser type and version, operating system, device type (desktop, mobile, tablet), and unique device identifiers.
  • Usage Data: Pages you visit on our website, time and date of your visit, time spent on each page, links clicked, referring URLs, and navigation paths through our site.
  • Log Data: Server logs that automatically record certain information when you access our website, including your IP address, browser type, the pages you requested, and error reports.
  • Location Data: General geographic location based on your IP address. If you grant permission, we may also collect more precise location data to help you find our nearest locations or facilitate delivery services.
  • Cookie and Tracking Data: Information collected through cookies, pixel tags, and similar technologies. Please see Section 7 (Cookie Usage) for more details.

2.3 Information from Third Parties

We may receive information about you from third-party sources, which we may combine with information we already hold. These sources include:

  • Social Media Platforms: If you choose to log in or connect your account using a social media platform (such as Facebook or Google), we may receive basic profile information from that platform, subject to your privacy settings there.
  • Delivery Partner Platforms: If you order through third-party delivery services or aggregators, those platforms may share your order and contact information with us for order fulfillment purposes.
  • Analytics Providers: Third-party analytics tools may provide us with aggregated demographic or behavioral information about our website visitors.
  • Marketing Partners: We may receive information from advertising partners to help us reach potential customers with relevant offers and promotions.

3. How We Use Your Information

We use the information we collect for a variety of legitimate business purposes. Specifically, we use your personal information for the following purposes:

3.1 Providing and Managing Our Services

  • To process and fulfill your food orders, including coordinating delivery or in-store pickup.
  • To create and manage your customer account.
  • To send you order confirmations, receipts, and important transactional communications.
  • To facilitate payment processing through our authorized third-party payment processors.
  • To manage your participation in loyalty or rewards programs.
  • To respond to your customer service inquiries, complaints, and support requests.

3.2 Improving Our Services and User Experience

  • To analyze how our website is used and identify areas for improvement.
  • To understand customer preferences and food ordering trends to refine our menu and service offerings.
  • To conduct internal research, data analysis, and business reporting.
  • To test and develop new features, products, or services.
  • To troubleshoot technical problems with our website and digital platforms.

3.3 Marketing and Promotions

  • To send you promotional emails, special offers, newsletters, and information about new menu items — only where you have provided consent or where we have a legitimate interest under applicable law.
  • To personalize your experience on our website by displaying content and offers that may be relevant to your interests.
  • To run targeted advertising campaigns on third-party platforms based on your interests and interactions with our website.
  • To inform you about seasonal promotions, limited-time offers, and events.

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any promotional email or by contacting us at [email protected].

3.4 Legal and Compliance Purposes

  • To comply with applicable federal, state, and local laws and regulations.
  • To enforce our terms and conditions and other legal agreements.
  • To detect, prevent, and address fraud, security issues, and other potentially prohibited or illegal activities.
  • To respond to lawful requests from government authorities, courts, or law enforcement agencies.
  • To protect the rights, property, and safety of Chopt, our customers, and the public.

4. How We Share Your Information

We do not sell your personal information to third parties. However, we may share your information with certain trusted parties in the following circumstances:

4.1 Service Providers and Business Partners

We work with third-party vendors and service providers who assist us in operating our business and delivering services to you. These parties are contractually obligated to protect your information and may only use it for the purposes we specify. They include:

  • Payment Processors: Companies that securely handle credit card and payment transactions on our behalf.
  • Delivery Partners: Third-party delivery services that help us fulfill your food orders.
  • Cloud Hosting Providers: Platforms that host our website, databases, and digital infrastructure.
  • Email and Communication Services: Providers that send transactional and marketing emails on our behalf.
  • Analytics Providers: Tools such as Google Analytics that help us understand website usage and performance.
  • Customer Support Platforms: Tools that help our team manage and respond to customer inquiries.
  • Marketing and Advertising Platforms: Services used to deliver targeted advertisements and manage promotional campaigns.

4.2 Legal Requirements and Protection of Rights

We may disclose your personal information if we are required to do so by law or in the good-faith belief that such action is necessary to:

  • Comply with a legal obligation, court order, subpoena, or governmental request.
  • Protect and defend the rights or property of Chopt.
  • Prevent or investigate possible wrongdoing in connection with our services.
  • Protect the personal safety of users of our services or the public.

4.3 Business Transfers

In the event that Chopt is involved in a merger, acquisition, reorganization, sale of assets, bankruptcy, or similar business transaction, your personal information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website if such a transfer occurs and if your information becomes subject to a different privacy policy.

4.4 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified information — which cannot reasonably be used to identify you — with third parties for marketing, research, analytics, and business development purposes. This type of sharing does not constitute a disclosure of personal information.

5. Data Security

We take the security of your personal information seriously and implement a variety of technical, administrative, and physical safeguards to protect it from unauthorized access, use, alteration, or disclosure. Our security measures include, but are not limited to:

  • Encryption: We use SSL/TLS encryption to protect data transmitted between your browser and our website. Sensitive data such as passwords are stored using industry-standard hashing algorithms.
  • Access Controls: Access to personal information is restricted to authorized employees and contractors who need it to perform their job functions, and they are bound by confidentiality obligations.
  • Secure Payment Processing: We do not store full credit card numbers. All payment transactions are processed by PCI-DSS compliant third-party payment processors.
  • Regular Security Assessments: We periodically review our security practices and systems to identify and address potential vulnerabilities.
  • Incident Response: We maintain procedures to respond promptly to any suspected data security breach in accordance with applicable law.
Important Notice: While we implement reasonable security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your personal information. You are responsible for keeping your account credentials confidential and for notifying us promptly if you suspect any unauthorized access to your account.

6. Your Privacy Rights

Depending on your state of residence and applicable laws, you may have certain rights with respect to your personal information. We are committed to honoring these rights in accordance with the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other applicable United States federal and state privacy laws.

6.1 Right to Know and Access

You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business or commercial purposes for collecting it, and the categories of third parties with whom it has been shared.

6.2 Right to Correction

You have the right to request that we correct inaccurate personal information we hold about you, taking into account the nature of the information and the purposes for which it is processed.

6.3 Right to Deletion

You have the right to request that we delete personal information we have collected from you, subject to certain exceptions. We may deny a deletion request if retaining the information is necessary for us to complete a transaction with you, comply with a legal obligation, detect and protect against security incidents, or exercise other rights permitted by law.

6.4 Right to Data Portability

To the extent required by applicable law, you may have the right to receive a copy of the personal information you have provided to us in a structured, commonly used, and machine-readable format, and to transmit that information to another organization.

6.5 Right to Opt Out of Sale or Sharing

Under the CCPA/CPRA, California residents have the right to opt out of the sale or sharing of their personal information. As noted above, we do not sell personal information. However, if we engage in any activities that may qualify as "sharing" for cross-context behavioral advertising purposes under the CPRA, you may opt out of such sharing by contacting us at [email protected].

6.6 Right to Limit Use of Sensitive Personal Information

Under the CPRA, California residents have the right to limit our use and disclosure of sensitive personal information to only those uses necessary to provide the services you have requested or other specific permitted purposes.

6.7 Right to Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. We will not deny you goods or services, charge you different prices, provide you a different level of quality of goods or services, or suggest that you may receive a different price or rate because you exercised your rights under applicable privacy law.

6.8 Right to Opt Out of Marketing

You have the right to opt out of receiving marketing communications from us at any time. You may do so by clicking the unsubscribe link in any marketing email we send or by contacting us directly at [email protected].

6.9 How to Submit a Privacy Rights Request

To exercise any of the rights described above, please contact us by:

We will respond to your request within 45 days of receipt. If we require additional time to process your request (up to 90 days total), we will notify you of the extension and the reasons for it. We may need to verify your identity before processing your request to ensure that we are disclosing information to the correct person.

You may designate an authorized agent to submit a request on your behalf. If you use an authorized agent, we may require proof of written authorization and identity verification before processing the request.

7. Cookie Usage

Our website uses cookies and similar tracking technologies (such as web beacons, pixel tags, and local storage) to enhance your browsing experience, analyze site traffic, and support our marketing efforts.

7.1 Types of Cookies We Use

  • Essential Cookies: These cookies are strictly necessary for the website to function properly. They enable core features such as session management, shopping cart functionality, and secure login. You cannot opt out of these cookies.
  • Analytics and Performance Cookies: These cookies collect information about how visitors use our website, which pages are visited most often, and where visitors navigate from. We use this data to improve our website's performance and user experience. (e.g., Google Analytics)
  • Functional Cookies: These cookies allow our website to remember your preferences, such as your language settings or location, to provide a more personalized experience.
  • Marketing and Advertising Cookies: These cookies track your browsing activity across websites to deliver relevant advertisements and measure the effectiveness of our advertising campaigns. They may be set by our advertising partners.

7.2 Managing Your Cookie Preferences

You can control and manage cookies in several ways. Most browsers allow you to refuse or accept cookies, delete existing cookies, and set preferences for certain websites. Please note that if you disable or refuse cookies, some parts of our website may not function correctly.

For more detailed information about the cookies we use and how to manage them, please refer to our Cookie Policy.

8. Data Retention

We retain your personal information only for as long as is necessary to fulfill the purposes for which it was collected, including the purposes of satisfying any legal, accounting, or reporting obligations, and to resolve disputes and enforce our agreements.

Category of Data Retention Period
Account information Duration of account + 3 years after account closure
Order and transaction records 7 years (for tax and accounting compliance)
Customer service communications 3 years from the date of the last interaction
Marketing preference data Until you opt out + 1 year
Website usage and analytics data Up to 26 months (as configured in analytics tools)
Cookie data Varies by cookie type (session to 2 years)
Legal compliance records As required by applicable law (typically 5–7 years)

When personal information is no longer required for the purposes for which it was collected and no legal obligation requires us to retain it, we will securely delete, anonymize, or destroy the data in accordance with our internal data retention and deletion procedures.

9. Children's Privacy

Age Restriction: Our website and services are intended for users who are 18 years of age or older. We do not knowingly collect, solicit, or process personal information from children under the age of 13, and our services are not directed to minors under the age of 18.

If we discover that we have inadvertently collected personal information from a child under the age of 13, we will take immediate steps to delete that information from our systems. If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at [email protected].

We comply with the Children's Online Privacy Protection Act (COPPA), which imposes certain requirements on operators of websites directed to children under 13. By using our website and services, you represent that you are at least 18 years of age.

10. International Data Transfers

Chopt is based in the United States, and the personal information we collect is processed and stored on servers located within the United States. If you are accessing our website or services from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where privacy and data protection laws may differ from those in your country of residence.

By using our website and providing us with your information, you consent to the transfer of your personal information to the United States. We take appropriate measures to ensure that any international transfers of personal information are conducted in compliance with applicable laws and that your data receives an adequate level of protection.

If you have questions about the international transfer of your personal information, please contact us at [email protected].

11. Third-Party Websites and Links

Our website may contain links to third-party websites, apps, or services that are not operated or controlled by Chopt. This Privacy Policy does not apply to those third-party platforms. We are not responsible for the privacy practices or content of any third-party websites, and we encourage you to read the privacy policies of any third-party websites you visit.

The inclusion of a link to a third-party website on our website does not constitute our endorsement of that website or its privacy practices.

12. Your California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you specific rights regarding your personal information. These rights are described in detail in Section 6 of this Privacy Policy.

In addition to the rights described above, California residents have the right to request a list of categories of personal information disclosed to third parties for their direct marketing purposes during the preceding calendar year, along with the names and addresses of those third parties. To make such a request, please contact us at [email protected].

For purposes of the CCPA/CPRA, we act as a "business" with respect to personal information we collect directly from you through our website and services.

12.1 Categories of Personal Information Collected (CCPA)

In the preceding 12 months, we have collected the following categories of personal information as defined under the CCPA:

  • Identifiers (name, email address, IP address, account username)
  • Commercial information (purchase history, order details)
  • Internet or other electronic network activity information (browsing history on our website, interaction with our ads)
  • Geolocation data (general location based on IP address or, with consent, precise location)
  • Inferences drawn from personal information to create a profile (food preferences, behavioral patterns)
  • Sensitive personal information (dietary restrictions and allergen information, where voluntarily provided)

13. Federal Trade Commission (FTC) Compliance

We are committed to complying with the Federal Trade Commission Act (FTC Act), which prohibits unfair or deceptive acts or practices in commerce, including in connection with privacy and data security. Our privacy practices are designed to be transparent, consistent with our representations to consumers, and in line with reasonable data security standards as expected by the FTC.

If you believe that we have engaged in any unfair or deceptive privacy practices, you have the right to file a complaint with the FTC (see Section 14 below for instructions on how to do so).

14. How to File a Privacy Complaint

If you have concerns about how we handle your personal information, we encourage you to contact us first so that we can address your concerns directly:

We will investigate your complaint and aim to resolve it within 30 days of receipt. If you are not satisfied with our response, you may escalate your complaint to the relevant regulatory authorities:

14.1 Federal Trade Commission (FTC)

The FTC is the primary federal agency responsible for consumer privacy protection in the United States. You can file a complaint with the FTC at:

  • Website: www.ftc.gov/complaint
  • Phone: 1-877-FTC-HELP (1-877-382-4357)
  • Mail: Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580

14.2 California Privacy Protection Agency (CPPA)

If you are a California resident, you may file a complaint with the California Privacy Protection Agency, which enforces the CCPA/CPRA:

14.3 State Attorney General

Depending on your state of residence, you may also have the right to file a complaint with your state's Attorney General office. Many state attorneys general have consumer protection divisions that handle privacy-related complaints.

15. Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. Currently, there is no universally accepted standard for how websites should respond to DNT signals. As such, our website does not currently respond to browser DNT signals. However, you can manage your tracking preferences through your browser settings and by managing cookies as described in Section 7 of this Privacy Policy.

16. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. When we make changes, we will revise the "Last Updated" date at the top of this page and, where required by law, provide additional notice of the changes (such as by sending an email notification to account holders or displaying a prominent notice on our website).

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website and services following the posting of any changes to this Privacy Policy constitutes your acceptance of those changes.

If we make any material changes to the way we collect, use, or share your personal information, we will provide you with prominent notice and, where required, seek your consent.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us:

Privacy Inquiries — Chopt

We are dedicated to resolving any privacy-related concerns you may have promptly and transparently. Our team will acknowledge your inquiry within 5 business days and provide a full response within 30 days, unless a longer period is required by the nature of your request, in which case we will inform you accordingly.

Summary: Your privacy matters to us. We collect information to provide you with the best possible food ordering and dining experience. We protect your data with industry-standard security measures, we do not sell your personal information, and we respect your rights to access, correct, delete, and control how your data is used. For any questions, reach us at [email protected].