Privacy Policy

Welcome to Chopt. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website chopt-cafe.rest, place orders, use our services, or otherwise interact with us. Please read this policy carefully. If you disagree with its terms, please discontinue use of our site and services.

This Privacy Policy applies to all information collected through our website (chopt-cafe.rest), any related mobile applications, and any other sales channels, marketing activities, or events where we may collect personal information.

1. Who We Are

Chopt is a food service business operating in the United States. We operate as a restaurant and café providing fresh, high-quality food products and dining experiences to our customers. For any questions about this Privacy Policy or our data practices, you may contact us at:

  • Business Name: Chopt
  • Website: chopt-cafe.rest
  • Email: [email protected]
  • Location: United States

2. Information We Collect

We collect personal information that you voluntarily provide to us, information automatically collected when you use our website, and information from third-party sources. The types of information we collect include, but are not limited to, the following:

2.1 Personal Information You Provide to Us

When you register an account, place an order, make a reservation, subscribe to our newsletter, participate in promotions, contact customer support, or otherwise engage with Chopt, we may collect:

  • Identity Information: Your first and last name, username, or similar identifier.
  • Contact Information: Email address, telephone number, billing address, delivery address, and mailing address.
  • Account Credentials: Password, security questions, and other authentication information.
  • Payment Information: Credit card numbers, debit card numbers, billing details, and other financial information. Note that full payment card data is processed by our secure third-party payment processors and is not stored on our servers.
  • Order Information: Food preferences, dietary restrictions, allergen information, order history, and transaction records.
  • Communications: Records of your correspondence with us, including emails, chat logs, and feedback forms.
  • Marketing Preferences: Your preferences for receiving marketing communications from us and your communication preferences.
  • Profile Information: Photographs, profile pictures, or other content you upload to your account.

2.2 Information Automatically Collected

When you visit or use our website, we automatically collect certain technical and usage data, including:

  • Device Information: IP address, browser type and version, operating system, device type, device identifiers, and hardware settings.
  • Usage Data: Pages visited, time spent on pages, links clicked, referring URLs, search queries used on our site, and navigation patterns.
  • Log Data: Server logs, access timestamps, error logs, and diagnostic data.
  • Location Data: General geographic location inferred from your IP address, or precise location data if you grant permission through your device settings or our application.
  • Cookie and Tracking Data: Information collected through cookies, web beacons, pixel tags, and similar tracking technologies. Please see Section 7 for more information about our use of cookies.

2.3 Information From Third-Party Sources

We may receive information about you from third parties, including:

  • Social Media Platforms: If you connect a social media account (such as Facebook, Instagram, or Google) to your Chopt account, we may receive profile information, email addresses, and other data available from that platform, subject to your privacy settings on that platform.
  • Delivery Partners: If you order through third-party delivery platforms, we may receive order and fulfillment information.
  • Analytics Providers: We may receive aggregated and de-identified information about website traffic and usage from third-party analytics providers.
  • Advertising Partners: We may receive information from advertising networks and marketing partners to help us measure campaign effectiveness and reach our audience.

2.4 Sensitive Categories of Personal Information

In some cases, particularly when you provide dietary preferences, allergen information, or nutritional requirements, we may collect information that could be considered sensitive personal information under applicable law. We only use this information for the purpose of fulfilling your food orders and providing you with a safe dining experience. We apply additional protections to this category of data.

3. How We Use Your Information

We use the information we collect for a variety of business and legal purposes. Specifically, we use your personal information to:

3.1 Service Provision and Order Fulfillment

  • Process and fulfill your food orders, reservations, and transactions.
  • Manage your account, including account creation, login, and profile maintenance.
  • Process payments and prevent fraudulent transactions.
  • Coordinate delivery or pickup logistics.
  • Respond to your inquiries, complaints, and customer service requests.
  • Send you transactional communications such as order confirmations, receipts, and delivery updates.
  • Accommodate dietary requirements, allergen preferences, and special requests.

3.2 Business Operations and Improvement

  • Monitor and analyze trends, usage, and activity on our website to improve our services and user experience.
  • Conduct research and analytics to understand customer preferences and behavior.
  • Develop new products, menu items, features, and services.
  • Maintain the security, integrity, and performance of our systems and website.
  • Detect and prevent fraud, unauthorized access, and other illegal activities.
  • Train staff and ensure the quality of our services.

3.3 Marketing and Promotions

  • Send you marketing communications, newsletters, promotional offers, and updates about Chopt — where you have provided consent or where we have a legitimate interest to do so.
  • Personalize your experience and display targeted advertisements based on your interests and browsing behavior.
  • Administer contests, promotions, surveys, and loyalty programs.
  • Measure the effectiveness of our marketing campaigns and advertising efforts.

You may opt out of receiving marketing communications at any time by following the unsubscribe link in any marketing email or by contacting us at [email protected].

3.4 Legal and Compliance Purposes

  • Comply with applicable federal, state, and local laws and regulations.
  • Enforce our Terms of Service and other agreements.
  • Respond to legal requests, court orders, subpoenas, or government inquiries.
  • Protect the rights, property, or safety of Chopt, our customers, or others.
  • Resolve disputes, investigate violations, and prevent fraud.

4. Legal Basis for Processing

We process your personal information under the following legal bases, as applicable under United States law, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and the Federal Trade Commission Act (FTC Act):

Purpose Legal Basis
Fulfilling your orders and providing our services Performance of a contract with you
Processing payments and preventing fraud Legitimate business interest; legal compliance
Sending marketing communications Your consent or legitimate business interest
Improving our website and services Legitimate business interest
Complying with legal obligations Legal obligation under applicable law
Protecting our rights and preventing illegal activity Legitimate business interest; legal obligation

5. Sharing Your Information With Third Parties

We do not sell your personal information to third parties. However, we may share your information in the following circumstances:

5.1 Service Providers and Business Partners

We work with trusted third-party companies and individuals who provide services on our behalf, such as:

  • Payment Processors: Companies that securely process credit card and debit card payments.
  • Delivery Services: Third-party delivery partners and logistics companies that fulfill delivery orders.
  • Email and Marketing Platforms: Service providers that help us send newsletters, promotional emails, and notifications.
  • Analytics Providers: Companies such as Google Analytics that help us understand website traffic and usage.
  • Cloud Storage and Hosting: Technology providers that store and host our data and website infrastructure.
  • Customer Support Tools: Platforms that help us manage customer service inquiries and ticketing.

All service providers are contractually obligated to use your information only for the purposes of providing their services to us and must maintain appropriate security measures to protect your data.

5.2 Legal Requirements and Law Enforcement

We may disclose your personal information if required to do so by law or in response to valid legal process, including subpoenas, court orders, or government requests. We may also disclose information where we believe, in good faith, that disclosure is necessary to:

  • Comply with applicable law or legal obligation.
  • Protect and defend the rights or property of Chopt.
  • Prevent or investigate possible wrongdoing in connection with our services.
  • Protect the personal safety of our customers or the public.
  • Protect against legal liability.

5.3 Business Transfers

In connection with any merger, acquisition, asset sale, financing, or other business transaction, we may transfer your personal information to a successor entity, provided that the acquiring entity agrees to honor the commitments made in this Privacy Policy or provides you with advance notice and an opportunity to opt out.

5.4 With Your Consent

We may share your information with third parties when you have given us your explicit consent to do so, such as when you participate in joint promotions or opt into partner marketing programs.

6. Data Security

We take the security of your personal information seriously and implement a range of administrative, technical, and physical safeguards designed to protect it from unauthorized access, use, disclosure, alteration, or destruction.

6.1 Security Measures

  • Encryption: All data transmitted between your browser and our website is encrypted using Secure Socket Layer (SSL) / Transport Layer Security (TLS) technology.
  • Secure Payment Processing: Payment information is processed through PCI-DSS compliant payment processors. We do not store full credit or debit card numbers on our servers.
  • Access Controls: We restrict access to personal information to employees, contractors, and service providers who need it to perform their job functions and who are subject to strict confidentiality obligations.
  • Data Minimization: We only collect the personal information that is necessary for the purposes described in this Policy.
  • Regular Security Reviews: We conduct periodic assessments and audits of our security practices and systems.
  • Incident Response: We maintain a data breach response plan and will notify affected users and applicable authorities in the event of a data breach as required by law.

6.2 Limitations

Despite our best efforts, no method of transmission over the Internet or method of electronic storage is completely secure. While we strive to use commercially reasonable means to protect your personal information, we cannot guarantee its absolute security. You are also responsible for maintaining the confidentiality of your account credentials and should notify us immediately at [email protected] if you suspect any unauthorized access to your account.

7. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and deliver targeted advertising.

7.1 What Are Cookies?

Cookies are small text files placed on your device when you visit a website. They help the website remember your preferences, login status, and browsing behavior across sessions. We also use web beacons (also called pixel tags or clear GIFs), which are tiny images embedded in web pages or emails that help us track usage and campaign effectiveness.

7.2 Types of Cookies We Use

  • Strictly Necessary Cookies: Essential for the operation of our website, including enabling you to log in, place orders, and navigate the site securely.
  • Functional Cookies: Allow us to remember your preferences and personalize your experience, such as your language settings and saved items.
  • Analytics Cookies: Used to collect information about how visitors use our site, including which pages are most popular and how users navigate between them. This helps us improve our website.
  • Marketing and Advertising Cookies: Used to deliver advertisements that are relevant to you and your interests. They may also limit the number of times you see an advertisement and help measure the effectiveness of advertising campaigns.

7.3 Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling certain cookies may affect the functionality of our website. You may also opt out of interest-based advertising by visiting the Digital Advertising Alliance's opt-out page at www.aboutads.info/choices.

For more detailed information about the specific cookies we use and how to manage them, please refer to our Cookie Policy.

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including for satisfying legal, accounting, or reporting requirements.

Category of Data Retention Period
Account and profile information Duration of account plus 3 years after account closure
Order and transaction records 7 years (for tax and accounting purposes)
Payment information (tokenized) Duration of account or until card is removed
Marketing preferences and communications history 3 years from last interaction
Customer support correspondence 3 years from resolution of inquiry
Website usage and analytics data Up to 26 months (in anonymized/aggregated form thereafter)
Cookie and tracking data As specified in cookie settings (typically 30 days to 2 years)
Legal compliance records As required by applicable law (typically 5–7 years)

When your personal information is no longer needed, we will either delete it securely or anonymize it so that it can no longer be linked to you.

9. Your Privacy Rights

Depending on your state of residence, you may have specific rights regarding your personal information. We honor all applicable privacy rights under United States law, including the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) for California residents, as well as privacy laws in other states.

9.1 Rights Available to All Users

  • Right to Know: You have the right to know what personal information we collect about you, how it is used, and with whom it is shared.
  • Right to Access: You may request a copy of the personal information we hold about you.
  • Right to Correction: You may request that we correct any inaccurate or incomplete personal information we hold about you.
  • Right to Deletion: You may request that we delete your personal information, subject to certain legal exceptions.
  • Right to Opt Out of Marketing: You can opt out of receiving marketing emails at any time by using the unsubscribe link in our emails or contacting us directly.

9.2 Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have the following additional rights under the CCPA as amended by the CPRA:

  • Right to Know (Detailed): You may request specific details about the categories of personal information collected, the purposes for collection, the categories of sources, and the categories of third parties with whom it is shared — covering the 12-month period prior to your request.
  • Right to Delete: You may request deletion of personal information we have collected from you, subject to certain exceptions under California law.
  • Right to Correct: You may request correction of inaccurate personal information maintained about you.
  • Right to Opt Out of Sale or Sharing: We do not sell or share your personal information for cross-context behavioral advertising. If this changes, California residents will have the right to opt out.
  • Right to Limit Use of Sensitive Personal Information: You have the right to limit our use and disclosure of sensitive personal information to purposes necessary to provide the requested services.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny goods or services, charge different prices, or provide a different level of quality of services based solely on your exercise of these rights.
  • Right to Data Portability: You may request a copy of your personal information in a portable and readily usable format, where technically feasible.

9.3 How to Submit a Privacy Rights Request

To exercise any of your privacy rights, please contact us using one of the following methods:

We will acknowledge your request within 10 business days and respond fully within 45 calendar days, which may be extended by an additional 45 days where reasonably necessary with prior notice to you. We may need to verify your identity before processing your request. We will not charge a fee for processing reasonable requests, but may charge a reasonable fee or decline requests that are manifestly unfounded or excessive.

9.4 Authorized Agents

California residents may designate an authorized agent to submit privacy rights requests on their behalf. To use an authorized agent, the agent must provide written authorization signed by you, and you may also be required to verify your identity directly with us before the request is processed.

10. Children's Privacy

Our website and services are intended for users who are 18 years of age or older. We do not knowingly collect, solicit, or use personal information from children under the age of 13, as defined under the Children's Online Privacy Protection Act (COPPA). We also do not knowingly sell or share the personal information of consumers between the ages of 13 and 16 without explicit consent, in accordance with the CCPA/CPRA.

If you believe that we have inadvertently collected personal information from a child under the age of 13, please contact us immediately at [email protected], and we will take prompt steps to delete such information from our records.

Parents and guardians who are aware that their minor child has provided us with personal information without appropriate consent are encouraged to contact us so that we can take appropriate action.

11. International Data Transfers

Chopt is based in the United States and our data processing activities primarily take place within the United States. However, some of our third-party service providers may operate in other countries. By using our website and services, you understand that your personal information may be transferred to, stored, and processed in the United States or other countries whose data protection laws may differ from those in your country of residence.

Where we transfer data internationally, we take appropriate steps to ensure that your personal information receives an adequate level of protection, including entering into standard contractual clauses or relying on other lawful transfer mechanisms as required by applicable law.

If you are located outside of the United States and choose to provide personal information to us, please be aware that we transfer data to the United States for processing, consistent with applicable legal requirements.

12. Third-Party Links and Services

Our website may contain links to third-party websites, applications, social media platforms, and services that are not operated by Chopt. This Privacy Policy does not apply to those third-party sites. We are not responsible for the privacy practices of any third-party services. We encourage you to review the privacy policies of every website you visit before providing any personal information. The inclusion of a link to a third-party site does not imply our endorsement of that site or its privacy practices.

13. Do Not Track Signals

Some web browsers offer a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activities tracked. Our website does not currently respond to DNT browser signals. However, you can manage your privacy preferences using the cookie controls described in Section 7 of this Policy.

California's "Shine the Light" law (California Civil Code Section 1798.83) allows California residents to request information about third parties to whom we have disclosed personal information for direct marketing purposes during the previous calendar year. If you are a California resident and wish to make such a request, please contact us at [email protected].

14. Loyalty Programs and Promotions

If you participate in any Chopt loyalty program, rewards program, promotional contest, or survey, we collect information relevant to your participation, including your contact details, transaction history, and preferences. This information is used to administer the program, award points or prizes, and communicate with you about your participation. Participation in such programs is voluntary, and you may withdraw at any time by contacting us.

15. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make material changes, we will notify you by:

  • Posting a prominent notice on our website at chopt-cafe.rest;
  • Updating the "Effective Date" at the top of this Policy; and/or
  • Sending an email notification to the email address associated with your account, where required by law or where we deem appropriate.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website and services after the posting of changes constitutes your acknowledgment of the updated Policy.

16. Filing a Complaint

If you believe that your privacy rights have been violated or that we have failed to comply with this Privacy Policy or applicable data protection laws, we encourage you to contact us first so we can work to resolve your concerns.

If you are not satisfied with our response, you may also have the right to file a complaint with applicable regulatory authorities:

  • Federal Trade Commission (FTC): The FTC enforces consumer protection laws, including prohibitions against unfair or deceptive practices. You may file a complaint at ftc.gov/complaint.
  • California Privacy Protection Agency (CPPA): California residents may file a complaint regarding violations of the CCPA/CPRA with the California Privacy Protection Agency at cppa.ca.gov.
  • State Attorney General: Residents of other states may contact their state's Attorney General's office to report privacy violations or seek further guidance on consumer privacy rights.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to reach out to us. We are committed to addressing your concerns promptly and transparently.

Privacy Inquiries — Chopt

This Privacy Policy was last reviewed and updated on June 20, 2026. It is governed by the laws of the United States, including applicable federal and state privacy regulations such as the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Children's Online Privacy Protection Act (COPPA), and the Federal Trade Commission Act (FTC Act).