Privacy Policy

Effective Date: July 2, 2026  |  Last Updated: July 2, 2026

Welcome to Chopt. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website choptcafe.click, place orders, or otherwise interact with our food service business. Please read this policy carefully. If you disagree with its terms, please discontinue use of our site immediately.

This Privacy Policy has been drafted in compliance with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other relevant consumer protection regulations. Where your state provides additional privacy protections, we honor those rights as well.


1. Who We Are

Chopt is a food service business operating through the website choptcafe.click. For the purposes of this Privacy Policy, "Chopt," "we," "us," or "our" refers to the company and its authorized representatives. You may contact us regarding any privacy matters using the details below:

Company Name Chopt
Website choptcafe.click
Email Address [email protected]

2. Information We Collect

We collect information about you in a variety of ways depending on how you interact with our services. The categories of information we may collect include the following:

2.1 Personal Identification Information

When you create an account, place a food order, sign up for our newsletter, participate in promotions, or contact our customer support, we may collect:

  • Full name
  • Email address
  • Phone number
  • Billing and delivery address (street address, city, state, ZIP code)
  • Date of birth (where required for age verification)
  • Username and password (encrypted)
  • Profile photographs (if voluntarily uploaded)

2.2 Payment and Transaction Information

To process your food orders and payments, we may collect:

  • Credit card or debit card number (last four digits only — full numbers are processed by our payment processor)
  • Billing address associated with your payment method
  • Transaction history (order date, items purchased, amount paid)
  • Gift card or promotional code details

We do not store full payment card numbers on our servers. Payment processing is handled by PCI-DSS compliant third-party processors.

2.3 Usage and Behavioral Data

When you visit our website, we automatically collect certain information about your browsing behavior, including:

  • Pages and menu items viewed
  • Time spent on each page
  • Links clicked within the website
  • Search queries entered on our site
  • Shopping cart activity (items added, removed, or abandoned)
  • Referring URLs (how you found our website)
  • Date and time stamps of your visits

2.4 Device and Technical Information

We collect technical data from the devices you use to access our website, including:

  • IP address
  • Browser type and version
  • Operating system and platform
  • Device type (desktop, mobile, tablet)
  • Screen resolution
  • Device identifiers (where applicable)
  • Language preferences
  • Geographic location data (city/region level, derived from IP address)

2.5 Communications Data

If you contact us by email, through a contact form, or through any other means, we may retain:

  • The content of your messages
  • Your name and contact details
  • Records of our responses to your inquiries
  • Customer service call recordings or transcripts (where permitted by law and with notice)

2.6 User-Generated Content

If you submit reviews, ratings, photos, comments, or other content to our platform, we collect and store that content as submitted by you.

2.7 Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your online activity on our website. Please refer to Section 9 of this policy for a detailed explanation of our cookie practices.

2.8 Information from Third Parties

We may receive information about you from third-party sources, including:

  • Social media platforms (if you connect a social account or use social login)
  • Food delivery partner platforms
  • Marketing and analytics partners
  • Publicly available databases

3. How We Use Your Information

We use the information we collect for legitimate business purposes, including:

3.1 Service Provision and Order Fulfillment

  • Processing and fulfilling your food orders
  • Managing your account and profile
  • Sending order confirmations, receipts, and delivery notifications
  • Facilitating payment processing and refund requests
  • Providing customer support and resolving disputes
  • Coordinating with delivery partners or in-store pickup

3.2 Analytics and Service Improvement

  • Analyzing usage patterns to improve our menu, website, and mobile experience
  • Understanding customer preferences and behavior
  • Conducting internal research and product development
  • Testing new features and optimizing website performance
  • Measuring the effectiveness of our promotions and marketing campaigns

3.3 Marketing and Promotions

  • Sending promotional emails, newsletters, and offers (with your consent where required)
  • Personalizing content, recommendations, and advertisements based on your preferences
  • Running loyalty programs and rewards schemes
  • Delivering targeted advertising through social media and other digital channels
  • Notifying you about new menu items, seasonal specials, or limited-time offers

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any email we send you or by contacting us at [email protected].

3.4 Legal and Compliance Purposes

  • Complying with applicable laws, regulations, and legal processes
  • Responding to lawful requests from government authorities
  • Enforcing our Terms of Service and other agreements
  • Protecting our rights, property, and the safety of our users and the public
  • Detecting and preventing fraud, unauthorized access, and other illegal activities

3.5 Business Operations

  • Managing our internal business functions and accounting
  • Evaluating or conducting a merger, acquisition, or sale of business assets
  • Training and quality assurance for our staff

4. Legal Bases for Processing

We process your personal data on the following legal grounds under applicable United States privacy laws:

  • Contract Performance: Processing necessary to fulfill your food orders and deliver the services you request.
  • Legitimate Interests: Processing for our legitimate business interests, such as improving our services, preventing fraud, and ensuring website security, where these interests are not overridden by your rights.
  • Consent: Where you have given us clear, affirmative consent, such as for marketing communications or certain cookie uses.
  • Legal Obligation: Processing required to comply with applicable laws and regulatory requirements.

5. Sharing Your Information with Third Parties

We do not sell your personal information to third parties for their own independent marketing purposes. However, we may share your information in the following circumstances:

5.1 Service Providers and Business Partners

We engage trusted third-party companies to help us operate our business and deliver our services. These providers are contractually obligated to use your data only for the purposes we specify and to maintain appropriate security standards. Categories of service providers include:

  • Payment processors (e.g., Stripe, Square) — to process credit card and digital payments
  • Delivery and logistics partners — to fulfill food delivery orders
  • Cloud hosting and IT service providers — to store and manage our data securely
  • Email marketing platforms — to send transactional and promotional emails
  • Analytics providers (e.g., Google Analytics) — to analyze website traffic and user behavior
  • Customer support platforms — to manage support tickets and inquiries
  • Advertising networks — to display relevant advertisements on other websites

5.2 Legal Requirements and Law Enforcement

We may disclose your information if required to do so by law, court order, or governmental authority, or if we believe in good faith that such disclosure is necessary to:

  • Comply with a legal obligation or regulatory requirement
  • Protect the rights or safety of Chopt, our users, or the public
  • Detect, investigate, or prevent fraud or illegal activity
  • Enforce our Terms of Service or other policies

5.3 Business Transfers

In the event of a merger, acquisition, sale of assets, financing, or reorganization of our business, your personal information may be transferred to a successor entity. We will provide notice via our website or by email if such a transfer occurs and the new entity's privacy practices differ materially from ours.

5.4 Aggregated and Anonymized Data

We may share aggregated, de-identified, or anonymized information that cannot reasonably be used to identify you with partners, advertisers, researchers, or the public for purposes such as industry analysis, demographic research, and marketing.

5.5 With Your Consent

We may share your information with additional third parties where you have provided explicit consent for such sharing.


6. Data Security

We take the security of your personal information seriously and implement a range of technical, administrative, and physical safeguards to protect your data from unauthorized access, disclosure, alteration, or destruction.

6.1 Technical Security Measures

  • Secure Socket Layer (SSL) / TLS encryption for all data transmitted between your browser and our servers
  • Encryption of sensitive data stored in our databases
  • Firewalls and intrusion detection systems
  • Regular security vulnerability assessments and penetration testing
  • Multi-factor authentication for internal system access
  • Secure, access-controlled cloud infrastructure

6.2 Administrative and Organizational Measures

  • Limiting access to personal data to employees and contractors who need it to perform their job functions
  • Employee training on data privacy and security best practices
  • Confidentiality agreements with staff and third-party service providers
  • Incident response plans for data breach notification

6.3 Limitations

While we strive to use commercially reasonable means to protect your personal information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security. If you believe your account has been compromised, please contact us immediately at [email protected].


7. Your Privacy Rights

Depending on your state of residence and applicable law, you may have certain rights regarding your personal information. We honor these rights and provide mechanisms for you to exercise them.

7.1 Rights Available to All U.S. Users

  • Right to Know: You may request information about the categories and specific pieces of personal data we have collected about you, the purposes for which we use it, and the categories of third parties with whom we share it.
  • Right to Correct: You may request that we correct inaccurate personal information we hold about you.
  • Right to Delete: You may request that we delete personal information we have collected from you, subject to certain exceptions (e.g., data needed to complete transactions, comply with legal obligations, or prevent fraud).
  • Right to Opt Out of Marketing: You may opt out of receiving promotional communications from us at any time.

7.2 California Residents — CCPA/CPRA Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), effective January 1, 2023:

  • Right to Know (Categories and Specific Pieces): Request disclosure of specific categories and pieces of personal information collected in the past 12 months.
  • Right to Delete: Request deletion of personal information, with limited exceptions.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt Out of Sale or Sharing: We do not sell your personal information. However, if you believe your information is being sold or shared for cross-context behavioral advertising, you may opt out by contacting us.
  • Right to Limit Use of Sensitive Personal Information: You may request that we limit our use of sensitive personal information to what is necessary to perform the requested services.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. We will not deny services, charge different prices, or provide a different level of service based on your exercise of these rights.
  • Authorized Agent: You may designate an authorized agent to submit requests on your behalf. We may require verification of the agent's authority.

To submit a CCPA/CPRA request, please email us at [email protected] with the subject line "California Privacy Request." We will respond within 45 days of receipt of your verifiable consumer request, as required by law.

7.3 Right to Data Portability

Where applicable, you have the right to receive a copy of the personal information we hold about you in a structured, commonly used, and machine-readable format so that it can be transferred to another service provider.

7.4 How to Exercise Your Rights

To exercise any of the rights listed above, you may contact us by:

We may need to verify your identity before processing your request to protect your privacy and security. Verification may require you to provide your name, email address, and order information associated with your account. We will not fulfill a request if we cannot verify your identity.


8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The specific retention periods we apply are:

Category of Data Retention Period
Account information Duration of active account + 3 years after account closure
Order and transaction records 7 years (for tax and accounting compliance)
Payment records 7 years (subject to payment processor retention policies)
Marketing preferences and consent records Until opt-out + 3 years
Customer support communications 3 years from last interaction
Usage and analytics data (aggregated) Up to 5 years
Security logs 1–2 years

After the applicable retention period, we will securely delete or anonymize your personal data. Where deletion is not immediately possible (e.g., data stored in backup systems), we will isolate the data from further processing until deletion is feasible.


9. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and deliver personalized content and advertisements.

9.1 What Are Cookies?

Cookies are small text files placed on your device when you visit a website. They allow the website to recognize your device and remember information about your visit, such as your language preferences, items in your cart, and login status.

9.2 Types of Cookies We Use

  • Essential/Strictly Necessary Cookies: Required for the website to function properly. These cannot be disabled as they enable core functionality such as shopping cart management and secure login.
  • Performance and Analytics Cookies: Help us understand how visitors interact with our website by collecting anonymous usage data (e.g., Google Analytics).
  • Functional Cookies: Remember your preferences (such as language, location, or saved menu items) to provide a personalized experience.
  • Marketing and Advertising Cookies: Used to deliver relevant advertisements based on your interests and browsing behavior. These may be set by us or by advertising partners.

9.3 Managing Cookie Preferences

You can control and manage cookie settings through your browser settings or through our cookie consent tool on the website. Please note that disabling certain cookies may impact the functionality and user experience of our site.

For more detailed information about the cookies we use, the data they collect, and how to manage your preferences, please refer to our Cookie Policy available on our website.


10. Children's Privacy

Age Restriction: Our services are intended for individuals who are 18 years of age or older. We do not knowingly collect personal information from children under the age of 18.

Chopt's food ordering services are designed for use by adults. We do not knowingly market to, collect data from, or create accounts for individuals under 18 years of age. If you are under 18, please do not use our website or submit any personal information to us.

If we become aware that we have inadvertently collected personal information from a child under the age of 18 without verified parental consent, we will take immediate steps to delete that information from our records. Parents or guardians who believe their child has provided us with personal information may contact us at [email protected] to request deletion.

In compliance with the Children's Online Privacy Protection Act (COPPA), we do not engage in the collection, use, or disclosure of personal information from children under 13 under any circumstances.


11. International Data Transfers

Chopt is operated from the United States and our primary data storage and processing infrastructure is located within the United States. If you are accessing our website from outside the United States, please be aware that your personal information will be transferred to, processed, and stored in the United States.

The data protection laws in the United States may differ from those in your country of residence and may not provide the same level of protection. By using our services, you acknowledge and consent to the transfer of your personal information to the United States and the processing of that information as described in this Privacy Policy.

Where we transfer data internationally for the purposes of engaging third-party service providers located outside the United States, we take steps to ensure that appropriate safeguards are in place, including data processing agreements with contractual protections for your personal data.


12. Third-Party Websites and Links

Our website may contain links to third-party websites, social media platforms, payment gateways, and delivery partner portals. These external sites operate under their own privacy policies and practices, which we do not control. We are not responsible for the privacy practices or content of any third-party websites.

We encourage you to review the privacy policies of any third-party websites you visit through links on our site before submitting any personal information. The inclusion of a link to a third-party website does not constitute our endorsement of that website or its privacy practices.


13. Do Not Track Signals

Some browsers offer a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. At this time, our website does not respond to DNT signals because there is no uniform industry standard for how companies should honor DNT requests. We will update this section of our Privacy Policy if and when an agreed-upon standard is adopted.

California residents may also exercise rights related to tracking under California Business and Professions Code Section 22575, which requires us to disclose our response to DNT signals — and we have done so above.


14. How to File a Complaint

If you have concerns about our privacy practices or how we have handled your personal information, we encourage you to contact us directly first so that we may attempt to resolve your concern:

We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days. If you are not satisfied with our response, you may escalate your complaint to the relevant regulatory authority.

14.1 Federal Trade Commission (FTC)

The Federal Trade Commission (FTC) enforces consumer protection and privacy laws in the United States. If you believe we have engaged in unfair or deceptive practices, you may file a complaint with the FTC:

  • Website: www.ftc.gov/complaint
  • Phone: 1-877-382-4357
  • Address: Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580

14.2 California Residents — California Privacy Protection Agency (CPPA)

If you are a California resident and believe your CCPA/CPRA rights have been violated, you may file a complaint with the California Privacy Protection Agency:

  • Website: cppa.ca.gov
  • Address: California Privacy Protection Agency, 2101 Arena Boulevard, Sacramento, CA 95834

14.3 State Attorneys General

Residents of other states may also file privacy-related complaints with their respective State Attorney General's office. We encourage you to visit your state's official government website to find contact information for consumer protection divisions.


15. Changes to This Privacy Policy

We reserve the right to update, modify, or revise this Privacy Policy at any time to reflect changes in our business practices, legal requirements, or improvements to our services. When we make material changes to this policy, we will:

  • Post the updated Privacy Policy on this page with a revised "Last Updated" date
  • Send an email notification to registered users where the changes are significant
  • Display a prominent notice on our website homepage for a reasonable period

Your continued use of our website and services after the effective date of any changes to this Privacy Policy constitutes your acceptance of the revised terms. We encourage you to review this page periodically to stay informed about how we protect your information.


16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact our privacy team. We are committed to addressing your inquiries promptly and transparently.

Privacy Contact Information

Company: Chopt

Website: choptcafe.click

Email: [email protected]

Response Time: We aim to respond to all privacy-related inquiries within 5 business days.

Governing Law: This Privacy Policy is governed by the laws of the United States and applicable state laws. Any disputes arising out of or in connection with this Privacy Policy shall be resolved in accordance with applicable United States federal and state law.

This Privacy Policy was last reviewed and updated on July 2, 2026. © 2026 Chopt. All rights reserved.