Privacy Policy

This Privacy Policy explains how Chopt ("we," "us," "our," or "the Company") collects, uses, discloses, retains, and protects your personal information when you visit our website at choptsalads.click, place orders, use our services, or otherwise interact with us. We are committed to protecting your privacy and handling your personal data with transparency, integrity, and in full compliance with applicable United States federal and state privacy laws.

Please read this Privacy Policy carefully. By accessing or using our website and services, you acknowledge that you have read, understood, and agree to the practices described in this policy. If you do not agree with any part of this policy, you should discontinue use of our website and services immediately.

For questions, concerns, or requests related to your privacy, please contact us at: [email protected]

1. About Us

Chopt is a food service business operating in the United States. We provide fresh, customizable salad and food products to our customers through our website and physical service locations. Our website, choptsalads.click, serves as a platform for customers to browse our menu, place orders, and interact with our brand.

2. Scope of This Privacy Policy

This Privacy Policy applies to:

• All visitors to our website at choptsalads.click
• Customers who register for an account with us
• Customers who place orders through our website or digital platforms
• Individuals who subscribe to our newsletters, promotions, or marketing communications
• Users who participate in surveys, contests, loyalty programs, or other promotional activities
• Anyone who contacts us by email, phone, or through online contact forms

This policy does not apply to third-party websites, applications, or services that may be linked from our website. We encourage you to review the privacy policies of any third-party sites you visit.

3. Information We Collect

We collect several categories of personal information depending on how you interact with our website and services. The categories are described below:

3.1 Personal Identification Information

When you create an account, place an order, or contact us, we may collect the following personally identifiable information ("PII"):

• Full name
• Email address
• Phone number
• Billing and shipping address
• Date of birth (when voluntarily provided or required for promotional offers)
• Username and password (for registered accounts)
• Payment information (credit/debit card numbers, billing details — processed through secure third-party payment processors)
• Dietary preferences, food allergies, and special instructions (when voluntarily provided)

3.2 Order and Transaction Information

We collect information about the transactions you conduct with us, including:

• Order history and purchase records
• Items purchased, customizations, and order frequency
• Payment method type (not full card numbers)
• Transaction date, time, and amount
• Delivery or pickup preferences
• Loyalty program points and redemption history

3.3 Usage Data and Website Activity

When you visit our website, we automatically collect certain technical data about your visit, including:

• IP address
• Browser type and version
• Operating system
• Pages viewed and time spent on each page
• Referring URLs (the website you came from)
• Links clicked and features used
• Search terms entered on our website
• Date and time of your visit
• Geographic location data (city/region level, derived from IP address)

3.4 Device Information

We collect information about the devices you use to access our website:

• Device type (desktop, mobile, tablet)
• Device identifiers and hardware models
• Mobile network information
• Screen resolution and display settings
• Software and app versions

3.5 Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about your browsing behavior on our website. This includes session cookies, persistent cookies, and third-party analytics cookies. For detailed information about our use of cookies, please refer to Section 9 of this Privacy Policy and our dedicated Cookie Policy.

3.6 Communications Data

When you contact us via email, phone, or through our website contact form, we may retain:

• The content of your messages and correspondence
• Customer service interaction records
• Feedback and survey responses
• Reviews and testimonials you submit

3.7 Information from Third Parties

We may receive information about you from third parties, including:

• Social media platforms (if you connect your account or interact with our social pages)
• Third-party delivery platforms (e.g., DoorDash, Grubhub, Uber Eats) when you place orders through them
• Marketing and analytics partners
• Publicly available data sources

4. How We Use Your Information

We use the personal information we collect for legitimate business purposes, including the following:

4.1 Service Provision and Order Fulfillment

• Processing and fulfilling your food orders
• Managing your account and profile
• Arranging delivery or preparing orders for pickup
• Processing payments and issuing refunds or credits
• Sending order confirmations, receipts, and status updates
• Providing customer support and resolving complaints or disputes

4.2 Personalization and User Experience

• Remembering your preferences and past orders
• Recommending menu items based on your order history
• Customizing the content you see on our website
• Saving your dietary restrictions and preferences for a better ordering experience

4.3 Marketing and Promotional Communications

• Sending promotional emails, newsletters, and special offers (with your consent where required)
• Providing information about new menu items, seasonal specials, and loyalty rewards
• Conducting targeted advertising campaigns on third-party platforms
• Delivering personalized promotions based on your preferences and behavior

4.4 Analytics and Business Improvement

• Analyzing website traffic, user behavior, and usage patterns
• Evaluating and improving our menu offerings, website design, and services
• Conducting internal research, reporting, and business analytics
• Measuring the effectiveness of our marketing campaigns

4.5 Legal Compliance and Safety

• Complying with applicable federal and state laws and regulations
• Responding to lawful requests from law enforcement or government agencies
• Enforcing our Terms of Service and other agreements
• Protecting against fraud, unauthorized transactions, and security threats
• Maintaining food safety records and compliance documentation as required by law

5. Legal Basis for Processing Personal Information

As a business operating in the United States, our data processing activities are governed by applicable federal and state laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) for California residents, and the Federal Trade Commission (FTC) Act for general consumer protection. We process your personal information based on the following grounds:

• Contractual Necessity: To fulfill our obligations to you when you place an order or use our services
• Legitimate Business Interests: For analytics, fraud prevention, security, and improving our services
• Legal Obligation: To comply with applicable laws, regulations, and legal processes
• Consent: For marketing communications and certain cookie placements, where your explicit consent is required or sought

6. Sharing Your Information with Third Parties

We do not sell your personal information to third parties. However, we may share your information with trusted third parties under the following circumstances:

6.1 Service Providers and Business Partners

We engage third-party service providers who assist us in operating our business and delivering services to you. These providers are contractually obligated to handle your data securely and only for the purposes we specify. They include:

• Payment processors (e.g., Stripe, Square) for secure payment handling
• Delivery and logistics partners for order fulfillment and delivery services
• Email service providers for sending transactional and marketing emails
• Analytics providers (e.g., Google Analytics) for website traffic analysis
• Cloud hosting and IT infrastructure providers for website hosting and data storage
• Customer support platform providers for managing customer inquiries
• Loyalty program administrators for managing rewards programs

6.2 Third-Party Delivery Platforms

When you place an order through a third-party delivery platform (such as DoorDash, Grubhub, or Uber Eats), your information is subject to both our Privacy Policy and the privacy policy of that third-party platform. We encourage you to review those policies carefully.

6.3 Social Media and Advertising Platforms

We may share certain information (such as email addresses or device identifiers in hashed form) with social media platforms (e.g., Meta/Facebook, Instagram) and digital advertising networks to deliver targeted advertising and measure campaign effectiveness. This sharing occurs in compliance with applicable data privacy laws.

6.4 Legal Requirements and Law Enforcement

We may disclose your personal information when we believe disclosure is necessary or required to:

• Comply with a legal obligation, court order, subpoena, or governmental request
• Protect the rights, property, or safety of Chopt, our customers, or the public
• Investigate or prevent fraud, security breaches, or other illegal activities
• Enforce our Terms of Service or other legal agreements

6.5 Business Transfers

In the event of a merger, acquisition, sale of assets, restructuring, or other business transaction, your personal information may be transferred to the successor entity. We will notify you of any such transfer and any material changes to privacy practices via email or prominent notice on our website.

6.6 With Your Consent

We may share your information with other third parties when you have given us your explicit consent to do so.

7. Data Security

We take the security of your personal information seriously and implement a combination of technical, organizational, and administrative safeguards to protect your data from unauthorized access, disclosure, alteration, or destruction.

7.1 Technical Safeguards

• SSL/TLS encryption for all data transmitted between your browser and our website
• Encryption of sensitive data at rest (including payment information)
• Firewalls and intrusion detection systems
• Secure access controls with multi-factor authentication for internal systems
• Regular security vulnerability assessments and penetration testing

7.2 Organizational Safeguards

• Access to personal data is restricted to employees and contractors who need it to perform their duties
• Staff training on data privacy and security best practices
• Data processing agreements with all third-party service providers
• Incident response procedures for addressing data breaches

8. Your Privacy Rights

Depending on your state of residence, you may have the following rights with respect to your personal information. We honor these rights to the fullest extent required by applicable law.

8.1 Rights Under the California Consumer Privacy Act (CCPA/CPRA)

If you are a resident of California, you have the following rights under the CCPA as amended by the CPRA:

8.2 Rights for Other U.S. State Residents

Residents of other U.S. states with comprehensive privacy laws — including but not limited to Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and other states with similar enacted legislation — may have comparable rights to access, correct, delete, and port their personal data, and to opt out of targeted advertising. We will honor these rights to the extent required by the laws of your state of residence.

8.3 How to Exercise Your Rights

To exercise any of your privacy rights, please submit a verifiable consumer request using any of the following methods:

• Email: [email protected] with the subject line "Privacy Rights Request"
• Website: choptsalads.click (via our contact form)

We will acknowledge your request within 10 business days and respond to your request within 45 calendar days. If we require additional time (up to 90 days total), we will notify you of the extension and the reason. We may need to verify your identity before processing your request to protect the security of your information.

You may also designate an authorized agent to submit a request on your behalf. We may require written proof of the agent's authorization and verification of your own identity before processing such requests.

9. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and deliver personalized content and advertising.

9.1 Types of Cookies We Use

• Essential/Strictly Necessary Cookies: Required for the website to function properly (e.g., maintaining your session, remembering items in your cart). These cannot be disabled.
• Performance and Analytics Cookies: Help us understand how visitors use our website by collecting anonymous usage data. These include tools such as Google Analytics.
• Functional Cookies: Remember your preferences and settings (e.g., language, location, dietary preferences) to enhance your experience.
• Marketing and Targeting Cookies: Used to deliver relevant advertisements and track the effectiveness of our campaigns on third-party platforms.

9.2 Managing Your Cookie Preferences

You can manage and control cookie settings through your browser settings at any time. Most browsers allow you to refuse cookies, delete existing cookies, or be notified when cookies are set. Please note that disabling certain cookies may affect the functionality of our website and limit your ability to use some features.

For California residents, you have the right to opt out of cookies that constitute "sharing" of personal information for cross-context behavioral advertising under the CPRA. To exercise this right, please contact us at [email protected].

For full details about our cookie practices, please visit our Cookie Policy on our website at choptsalads.click.

10. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. The following general retention periods apply:

After the applicable retention period expires, we will securely delete or anonymize your personal information in accordance with our data destruction procedures.

11. Children's Privacy

Our website and services are intended for individuals who are 18 years of age or older. We do not knowingly collect, use, or disclose personal information from individuals under the age of 18.

In compliance with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect personal information from children under the age of 13. If you are under 18, please do not use our website or provide any personal information to us.

If we become aware that we have inadvertently collected personal information from a child under the age of 13 (or under 18, as applicable), we will take prompt steps to delete that information from our records. If you are a parent or guardian and believe your child has provided personal information to us without your consent, please contact us immediately at [email protected].

12. International Data Transfers

Chopt is based in the United States and primarily processes personal information within the United States. Our servers and service providers are located in the United States. If you are accessing our website from outside the United States, please be aware that your information will be transferred to and processed in the United States, where data protection laws may differ from those in your country of residence.

By using our website and services from outside the United States, you consent to the transfer of your personal information to the United States. We take reasonable steps to ensure that any international transfers of personal data are handled in accordance with applicable privacy laws and that your information receives an appropriate level of protection.

If you are a resident of a country with specific data transfer restrictions (such as the European Union or United Kingdom), please note that we will implement appropriate safeguards as required by applicable international data protection law for any data transfers affecting your information.

13. Do Not Track Signals

Some web browsers offer a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activities tracked. Currently, there is no universally accepted standard for how companies should respond to DNT signals. At this time, our website does not respond to browser DNT signals. However, you can manage your privacy preferences through the cookie settings and opt-out mechanisms described in this Privacy Policy.

14. Third-Party Links and Websites

Our website may contain links to third-party websites, social media pages, and online platforms that are not operated or controlled by Chopt. This Privacy Policy applies solely to our website and services. When you click on a link to a third-party website, you will leave our site and be subject to the privacy practices of that third party.

We are not responsible for the privacy practices, content, or data security of any third-party websites. We strongly encourage you to review the privacy policies of any third-party sites you visit before providing any personal information.

15. Your California Privacy Rights — Additional Disclosures

In addition to the rights outlined in Section 8, California residents should note the following disclosures required under the CCPA/CPRA:

15.1 Categories of Personal Information Collected in the Past 12 Months

• Identifiers (name, email, IP address, phone number)
• Commercial information (purchase history, order records)
• Internet or network activity information (browsing data, cookie data)
• Geolocation data (approximate location from IP address)
• Inferences drawn from personal information (preferences, behavior profiles)
• Sensitive personal information (dietary restrictions and food allergies — only when voluntarily provided)

15.2 "Shine the Light" Law

Under California Civil Code Section 1798.83 ("Shine the Light" law), California residents who have provided personal information to businesses with which they have an established business relationship may request information about the disclosure of that personal information to third parties for direct marketing purposes during the preceding calendar year. To make such a request, please contact us at [email protected].

16. Filing Complaints with Regulatory Authorities

If you believe your privacy rights have been violated and you have not received a satisfactory resolution from us, you have the right to file a complaint with the appropriate regulatory authority.

16.1 California Privacy Protection Agency (CPPA)

California residents may file a complaint with the California Privacy Protection Agency, which is the primary authority responsible for enforcing the CCPA/CPRA:

• Website: https://cppa.ca.gov
• Address: California Privacy Protection Agency, 2101 Arena Blvd., Sacramento, CA 95834

16.2 Federal Trade Commission (FTC)

For consumer protection complaints at the federal level, you may contact the Federal Trade Commission (FTC):

• Website: https://www.ftc.gov/complaint
• Phone: 1-877-382-4357
• Address: Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580

16.3 State Attorney General Offices

Depending on your state of residence, you may also have the right to file a privacy complaint with your state's Attorney General's office. Many states with consumer privacy laws (including Virginia, Colorado, Connecticut, and Texas) allow residents to seek enforcement through the state Attorney General.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our business practices, legal requirements, or the services we offer. When we make material changes to this policy, we will:

• Update the "Last Updated" date at the top of this page
• Post a prominent notice on our website at choptsalads.click
• Send an email notification to registered users (for significant changes that may materially affect your rights)

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website and services after the effective date of a revised Privacy Policy constitutes your acceptance of the changes.

18. Contact Us

We take your privacy seriously and are committed to addressing any questions, concerns, or requests you may have regarding your personal information. If you have any questions about this Privacy Policy, wish to exercise your privacy rights, or want to report a potential privacy issue, please contact us using the information below:

We are committed to working with you to resolve any privacy concerns fairly and promptly. Please allow us up to 10 business days to acknowledge your inquiry, and up to 45 calendar days to provide a full response to privacy rights requests.