Privacy Policy

Welcome to Chopt. We respect your privacy and are committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website choptgrill.click, place orders, or otherwise interact with our services. Please read this policy carefully. If you do not agree with its terms, please discontinue use of our website and services.

This Privacy Policy applies to all users of choptgrill.click and any related digital platforms, mobile applications, or in-store services operated by Chopt (collectively referred to as "we," "us," or "our"). By using our website or services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

1. About Us

Chopt is a food service business operating in the United States. We are committed to providing high-quality food experiences while maintaining the highest standards of data privacy and security for our customers, visitors, and users.

For all privacy-related inquiries, questions, or complaints, please contact us using the information provided in Section 14 of this policy.

2. Scope and Applicability

This Privacy Policy applies to:

• Visitors who browse our website at choptgrill.click
• Customers who place food orders online or in person
• Users who create accounts or register on our platform
• Individuals who sign up for our newsletters, promotions, or loyalty programs
• Anyone who contacts us via email, phone, or any other communication channel
• Job applicants or business partners who share information with us

This policy does not apply to third-party websites, applications, or services that may be linked from our website. We encourage you to review the privacy policies of any third-party sites you visit.

3. Information We Collect

We collect several types of information to provide and improve our food services, personalize your experience, and communicate with you effectively. The categories of data we collect include:

3.1 Personal Identification Information

When you interact with our services, we may collect information that identifies you as an individual, including but not limited to:

• Full name — used for account creation, order processing, and communication
• Email address — used for order confirmations, account management, and marketing communications
• Phone number — used for delivery coordination, customer support, and promotional messaging (with consent)
• Mailing and delivery address — used to process and deliver food orders
• Billing information — including credit/debit card numbers (processed securely via third-party payment processors), billing address, and transaction history
• Date of birth — collected where relevant for age verification or promotional purposes
• Profile picture or avatar — if voluntarily uploaded to your account

3.2 Order and Transaction Data

We collect information related to your food orders and transactions, including:

• Menu items ordered, customizations, and dietary preferences
• Order history, frequency, and spending patterns
• Payment method type (card type, last four digits)
• Delivery or pickup location details
• Special instructions, notes, or requests made during ordering
• Refunds, cancellations, and complaints related to orders

3.3 Usage and Behavioral Data

When you visit our website or use our digital platforms, we automatically collect certain technical and behavioral information, including:

• Pages visited, links clicked, and time spent on each page
• Search queries made on our platform
• Items viewed or added to cart (including items not purchased)
• Referring website or search engine that led you to our site
• Session duration and frequency of visits
• Interaction with promotional emails or notifications (open rates, click-through rates)

3.4 Device and Technical Information

We collect technical information about the devices you use to access our services:

• IP address and approximate geographic location derived from it
• Browser type and version (e.g., Chrome, Safari, Firefox)
• Operating system and device type (desktop, tablet, mobile)
• Device identifiers (such as mobile advertising IDs)
• Screen resolution and display settings
• Time zone and language preferences
• Network connection type and speed

3.5 Location Data

With your permission, we may collect precise geolocation data to facilitate delivery services, show you nearby locations, or provide location-based promotions. You may disable location sharing through your device settings at any time.

3.6 Communications Data

When you contact our customer service team, submit feedback, or engage with us through any communication channel, we collect:

• The content of your messages, emails, or chat transcripts
• Feedback, reviews, and ratings submitted about our products or services
• Support ticket information and complaint records
• Survey responses and participation in promotions

3.7 Information from Third Parties

We may receive information about you from third-party sources, including:

• Social media platforms (if you log in using social accounts like Google or Facebook)
• Third-party food delivery platforms (such as DoorDash, Uber Eats, or Grubhub)
• Analytics and advertising partners
• Payment processors and fraud detection services
• Public databases and data enrichment services used for business verification

3.8 Sensitive Information

We do not intentionally collect sensitive personal information such as Social Security numbers, government-issued identification numbers, racial or ethnic origin, religious beliefs, or health information. If you voluntarily share dietary restrictions or food allergy information with us, this is used solely to fulfill your food orders and improve your safety.

4. How We Use Your Information

We use the information we collect for the following purposes:

4.1 Service Provision and Order Fulfillment

• Processing and fulfilling food orders, including delivery and pickup coordination
• Managing your account and providing access to our digital platforms
• Processing payments and managing billing inquiries
• Sending order confirmations, receipts, and delivery updates
• Providing customer support and resolving complaints

4.2 Personalization and User Experience

• Personalizing your menu recommendations based on past orders and preferences
• Saving your favorite orders, dietary preferences, and delivery addresses
• Displaying content, promotions, and offers relevant to your interests
• Improving the layout and functionality of our website and apps

4.3 Marketing and Promotions

• Sending promotional emails, newsletters, and special offer notifications (with your consent)
• Administering loyalty programs, contests, sweepstakes, or surveys
• Displaying targeted advertisements on our platform and third-party websites
• Measuring the effectiveness of our marketing campaigns

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any promotional email, contacting us at [email protected], or updating your preferences in your account settings.

4.4 Analytics and Business Improvement

• Analyzing usage patterns and customer behavior to improve our services
• Conducting market research and business intelligence activities
• Monitoring website performance and identifying technical issues
• Developing new menu items, features, or service offerings

4.5 Legal and Compliance Purposes

• Complying with applicable federal, state, and local laws and regulations
• Responding to lawful requests from law enforcement or regulatory authorities
• Enforcing our Terms of Service and other agreements
• Detecting, preventing, and investigating fraud, security breaches, or illegal activity
• Protecting the rights, property, or safety of Chopt, our customers, or others

5. Legal Basis for Processing (U.S. Law Context)

Chopt operates in the United States and complies with applicable federal and state privacy laws, including:

• The California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) — applicable to California residents
• The Federal Trade Commission Act (FTC Act) — governing unfair or deceptive practices in consumer data handling
• Other applicable state privacy laws, including Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), and similar statutes

Our processing of personal data is based on the following grounds:

• Contractual necessity — to fulfill your orders and manage your account
• Consent — for marketing communications and non-essential cookies
• Legitimate interests — for fraud prevention, security, and analytics
• Legal obligation — to comply with applicable laws and regulatory requirements

6. Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, and similar tracking technologies to enhance your experience on our website. These technologies help us remember your preferences, understand how you use our site, and serve you relevant content and advertising.

6.1 Types of Cookies We Use

You can manage your cookie preferences through our cookie consent banner, your browser settings, or by visiting our full Cookie Policy page on our website. Note that disabling certain cookies may affect the functionality of our services.

7. Sharing Your Information with Third Parties

We do not sell your personal information for monetary compensation. However, we may share your information with the following categories of third parties for legitimate business purposes:

7.1 Service Providers and Business Partners

We engage trusted third-party vendors and service providers who assist us in operating our business. These may include:

• Payment processors (e.g., Stripe, Square, PayPal) — for secure payment handling
• Delivery and logistics partners — for order fulfillment and delivery coordination
• Cloud hosting providers — for data storage and website infrastructure
• Email and SMS marketing platforms — for sending communications
• Analytics providers (e.g., Google Analytics) — for website performance analysis
• Customer relationship management (CRM) platforms — for managing customer interactions
• Fraud detection and security services — for protecting our platform

All service providers are contractually obligated to use your data only for the purposes specified by us and to maintain appropriate security measures.

7.2 Third-Party Food Delivery Platforms

If you place orders through third-party platforms such as DoorDash, Uber Eats, or Grubhub, those platforms collect and process your information under their own privacy policies. We encourage you to review those policies separately.

7.3 Legal and Regulatory Disclosure

We may disclose your personal information when we believe in good faith that disclosure is necessary to:

• Comply with a legal obligation, court order, or government request
• Enforce our Terms of Service or protect our legal rights
• Prevent or investigate fraud, security breaches, or illegal activity
• Protect the safety of our customers, employees, or the public

7.4 Business Transfers

In the event of a merger, acquisition, sale of assets, financing, or restructuring, your personal information may be transferred to the successor entity. We will notify you via email or a prominent notice on our website prior to such a transfer taking effect.

7.5 Advertising and Analytics Partners

We may share aggregated, de-identified, or anonymized data with advertising and analytics partners. This information cannot reasonably be used to identify individual users and is used solely for analytical or statistical purposes.

8. Data Security

We take the security of your personal information seriously and implement a range of technical, administrative, and physical safeguards to protect your data from unauthorized access, disclosure, alteration, or destruction.

8.1 Security Measures We Implement

• SSL/TLS encryption — all data transmitted between your browser and our servers is encrypted using industry-standard SSL/TLS protocols
• Payment card security — we comply with PCI DSS (Payment Card Industry Data Security Standards) and do not store full payment card numbers on our servers
• Access controls — we restrict access to personal information to authorized employees and contractors who need it to perform their duties
• Password hashing — account passwords are stored using strong cryptographic hashing algorithms
• Regular security audits — we conduct periodic security assessments and vulnerability testing
• Incident response plan — we maintain a data breach response protocol in compliance with applicable state and federal breach notification laws
• Employee training — all employees handling personal data receive regular privacy and security training

Despite our best efforts, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. In the event of a data breach that poses a risk to your rights or freedoms, we will notify you as required by applicable law.

9. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

When your data is no longer needed, we securely delete or anonymize it in accordance with our internal data disposal procedures.

10. Your Privacy Rights

Depending on your state of residence, you may have specific rights regarding your personal information under applicable U.S. privacy laws. We honor these rights as described below.

10.1 Rights for All Users

• Right to Access — You may request a copy of the personal information we hold about you
• Right to Correction — You may request that we correct inaccurate or incomplete personal information
• Right to Deletion — You may request that we delete your personal information, subject to certain legal exceptions
• Right to Opt Out of Marketing — You may opt out of receiving promotional communications from us at any time

10.2 California Residents — CCPA/CPRA Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), effective January 1, 2023:

• Right to Know — Know what personal information we collect, use, disclose, and sell about you
• Right to Delete — Request deletion of personal information we have collected from you
• Right to Correct — Request correction of inaccurate personal information
• Right to Opt Out of Sale/Sharing — Opt out of the sale or sharing of your personal information for cross-context behavioral advertising
• Right to Limit Use of Sensitive Personal Information — Limit our use of sensitive personal information to necessary purposes
• Right to Data Portability — Receive your personal information in a portable, usable format
• Right to Non-Discrimination — We will not discriminate against you for exercising your CCPA rights

10.3 Rights for Residents of Other States

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas, Oregon, Montana, and other states with comprehensive privacy laws may have similar rights as those described above. We will honor verified requests to the extent required by applicable law in your state.

10.4 How to Exercise Your Rights

To submit a privacy rights request, please contact us by:

• Email: [email protected] — include "Privacy Rights Request" in the subject line
• Website: choptgrill.click — use the contact form available on our site

We will verify your identity before processing any request. We will respond to your request within 45 days. If we need more time, we will notify you in writing and may extend the response period by an additional 45 days (for a total of 90 days) where permitted by law. We will not charge you a fee for making a verifiable request unless the request is excessive or repetitive.

10.5 Authorized Agents

You may designate an authorized agent to submit a privacy rights request on your behalf. To do so, the agent must provide written authorization signed by you, and we may require additional verification of your identity.

11. Children's Privacy

Our website and services are intended for individuals who are 18 years of age or older. We do not knowingly collect, use, or disclose personal information from children under the age of 13, and we do not direct our services to minors.

Our food ordering and account registration services require users to be at least 18 years old. By using our services, you represent and warrant that you are at least 18 years of age.

If we become aware that we have collected personal information from a child under 13 without verifiable parental consent, we will take immediate steps to delete that information from our records. If you believe we may have collected information from a minor, please contact us at [email protected] immediately.

We comply with the Children's Online Privacy Protection Act (COPPA), which restricts the collection of personal information from children under 13 without verifiable parental consent.

12. International Data Transfers

Chopt is based in the United States, and your personal information is primarily collected and processed within the United States. If you access our services from outside the United States, please be aware that your information may be transferred to, stored in, and processed in the United States, where data protection laws may differ from those in your country of residence.

We take appropriate measures to ensure that any international transfers of personal data comply with applicable privacy laws. These measures may include:

• Entering into data processing agreements with service providers that impose appropriate safeguards
• Using standard contractual clauses or other legally approved transfer mechanisms
• Relying on adequacy decisions where applicable

By using our services, you consent to the transfer of your information to the United States and its processing in accordance with this Privacy Policy.

13. Third-Party Links and Services

Our website may contain links to third-party websites, social media platforms, or external services that are not owned or controlled by Chopt. This Privacy Policy applies only to our website and services. We are not responsible for the privacy practices of any third-party websites or services.

We encourage you to review the privacy policies of any third-party sites before providing them with your personal information. Common third-party services you may encounter through our platform include:

• Social media platforms (Facebook, Instagram, Twitter/X, TikTok)
• Google Maps and location services
• Food delivery aggregators and ordering platforms
• Review and ratings platforms (Google Reviews, Yelp)

14. How to File a Complaint

If you believe that your privacy rights have been violated or that we have not handled your personal information in accordance with this Privacy Policy or applicable law, we encourage you to contact us first so we can address your concerns.

14.1 Contact Us Directly

Please send your complaint or concern to:

We will investigate your complaint and respond within 30 days of receipt. We take all privacy complaints seriously and will work to resolve them in a fair and timely manner.

14.2 Filing a Complaint with Regulatory Authorities

If you are not satisfied with our response, or if you believe your rights have been violated, you may file a complaint with the appropriate regulatory authority:

• California Residents: You may file a complaint with the California Privacy Protection Agency (CPPA) at cppa.ca.gov or contact the California Attorney General's Office at oag.ca.gov/privacy.
• All U.S. Consumers: You may file a complaint with the Federal Trade Commission (FTC) at reportfraud.ftc.gov or call 1-877-FTC-HELP (1-877-382-4357).
• State Attorneys General: You may also contact your state's Attorney General office, many of which have consumer protection divisions that handle privacy-related complaints.

15. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Post a prominent notice on our website at choptgrill.click
• Send an email notification to registered users (where required by law or appropriate given the significance of the change)

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our website and services after any changes are posted constitutes your acceptance of the updated Privacy Policy.

If you disagree with any changes to this Privacy Policy, you should discontinue use of our services and may request deletion of your account by contacting us at [email protected].

16. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us using the information below:

We are dedicated to addressing your privacy concerns promptly and transparently. Our privacy team reviews all inquiries and will work with you to ensure your rights are respected and your concerns are resolved.