Privacy Policy

Effective Date: June 26, 2026 | Last Updated: June 26, 2026

Welcome to Chopt. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website choptnow.rest, place orders, or otherwise interact with our services. Please read this policy carefully. If you disagree with its terms, please discontinue use of our site and services immediately.

This Privacy Policy applies to all information collected through our website (choptnow.rest), mobile applications, and any related services, sales, marketing, or events (collectively referred to as the "Services").

1. Who We Are

Chopt is a food service business operating in the United States. We are responsible for your personal data collected through our Services.

Company Name	Chopt
Website	choptnow.rest
Email	[email protected]

For any questions, concerns, or requests relating to this Privacy Policy, please contact us at the details provided above or in the Contact Us section at the end of this document.

2. Information We Collect

We collect information in a variety of ways — information you provide directly to us, information collected automatically when you use our Services, and information obtained from third parties. The categories of personal information we collect include:

2.1 Personal Information You Provide to Us

When you register an account, place an order, subscribe to our newsletter, contact us for support, or otherwise engage with our Services, you may voluntarily provide us with the following categories of personal information:

Identity Data: Full name, username, or similar identifier.
Contact Data: Email address, telephone number, billing address, and delivery address.
Account Data: Username, password, account preferences, and profile information.
Order & Transaction Data: Details about the food and beverages you have ordered, payment method (we do not store full card numbers), order history, and delivery instructions.
Payment Data: We use third-party payment processors and do not directly store complete credit or debit card details. However, we may retain billing address and the last four digits of your card for record-keeping purposes.
Communications Data: Any messages, feedback, reviews, or correspondence you send to us via email, our website contact form, or social media platforms.
Marketing Preferences: Your preferences in receiving marketing communications from us and our third parties, as well as your communication preferences.

2.2 Information Collected Automatically

When you access or use our Services, we automatically collect certain technical information about your device and usage patterns. This information includes:

Usage Data: Pages or screens you view, time spent on pages, links you click, features you use, searches you conduct, and other actions you take on our website.
Device Information: IP address, browser type and version, operating system, device identifiers, screen resolution, language settings, and referring URLs.
Log Data: Server logs that record information about your visit, including access times, error logs, and referral sources.
Location Data: General geographic location based on your IP address. If you grant permission through your browser or mobile device, we may also collect more precise geolocation data to facilitate delivery services.
Cookie and Tracking Data: Information collected through cookies, web beacons, pixel tags, and similar tracking technologies. See Section 7 (Cookies) for more details.

2.3 Information From Third Parties

We may receive information about you from third parties including:

Social Media Platforms: If you connect or log in to our Services using a social media account (e.g., Google, Facebook), we receive profile information such as your name, email address, and profile picture from that platform, subject to your privacy settings on those platforms.
Payment Processors: Our payment partners may share limited transaction confirmation data with us to reconcile payments.
Delivery Partners: Third-party delivery services may share delivery status and logistics data with us.
Analytics Providers: We may receive aggregated or de-identified insights about how users interact with our Services.
Marketing Partners: We may receive information about your interests or demographics from marketing data partners to help us tailor our advertising.

3. How We Use Your Information

We use the information we collect for a range of legitimate business purposes. Below is a detailed description of the purposes for which we process your personal information and the legal bases we rely on under applicable United States law, including the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), and the Federal Trade Commission Act (FTC Act):

3.1 To Provide and Manage Our Services

Process and fulfill your food orders and transactions.
Manage your account and authenticate your identity.
Coordinate delivery and ensure accurate order fulfillment.
Process payments and send you related information, including order confirmations and invoices.
Provide customer support, respond to your inquiries, and resolve disputes.

3.2 To Improve and Personalize Our Services

Analyze usage patterns and trends to understand how our Services are used.
Personalize your experience, including recommending menu items based on your past orders and preferences.
Test new features, products, and service improvements.
Conduct internal research and analytics to help us make informed business decisions.

3.3 For Marketing and Communications

Send you promotional communications, special offers, discounts, and information about new menu items — but only where you have opted in or where we have a legitimate interest and you have not opted out.
Deliver targeted advertising on our website and third-party platforms based on your interests and behavior.
Conduct surveys, contests, and promotions.
Send administrative notices, updates to our policies, and security alerts.

3.4 For Legal and Compliance Purposes

Comply with applicable federal and state laws and regulations, including food safety regulations, tax obligations, and consumer protection laws.
Enforce our Terms of Service and other agreements.
Detect, prevent, and investigate fraud, abuse, security incidents, and other harmful or illegal activity.
Protect the rights, property, and safety of Chopt, our customers, and the public.
Respond to lawful requests from public authorities, including law enforcement.

4. Sharing Your Information With Third Parties

We do not sell your personal information to third parties. However, we may share your information in the following circumstances:

4.1 Service Providers

We engage trusted third-party companies and individuals to perform services on our behalf. These service providers have access to your personal information only to perform specific tasks on our behalf and are obligated not to disclose or use it for any other purpose. Our service providers include:

Payment Processors: To securely process transactions (e.g., Stripe, Square).
Delivery Partners: Third-party logistics and delivery service providers who fulfill your orders.
Cloud Hosting Providers: To host our website, databases, and applications.
Email and SMS Marketing Platforms: To send you communications on our behalf.
Analytics Providers: Such as Google Analytics, to analyze website traffic and usage.
Customer Support Tools: Platforms that help us manage customer inquiries and support tickets.

4.2 Business Transfers

If Chopt is involved in a merger, acquisition, restructuring, sale of assets, or bankruptcy, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any such change in ownership or uses of your personal information.

4.3 Legal Requirements and Law Enforcement

We may disclose your personal information if required to do so by law or in response to valid requests by public authorities (e.g., a court, government agency, or law enforcement authority). We may also disclose information where we believe in good faith that such disclosure is necessary to:

Comply with a legal obligation.
Protect and defend the rights or property of Chopt.
Prevent or investigate possible wrongdoing in connection with our Services.
Protect the personal safety of users of our Services or the public.
Protect against legal liability.

4.4 With Your Consent

We may share your personal information with other third parties when you have given us your explicit consent to do so.

4.5 Aggregated or De-Identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you with third parties for marketing, advertising, research, or other purposes.

5. Data Security

We take the security of your personal information seriously and implement a range of technical, administrative, and physical safeguards designed to protect your data from unauthorized access, use, alteration, disclosure, or destruction. Our security measures include:

5.1 Technical Measures

Encryption: We use Secure Socket Layer (SSL) / Transport Layer Security (TLS) encryption to protect data transmitted between your browser and our servers.
Secure Servers: Our servers are hosted in secure data centers with industry-standard access controls.
Firewalls and Intrusion Detection: We employ firewalls and intrusion detection systems to monitor and protect against unauthorized access.
Payment Security: Payment information is processed by PCI-DSS compliant payment processors. We do not store full payment card details on our servers.

5.2 Administrative Measures

Access to personal information is restricted to employees, contractors, and agents who need it to perform their job functions.
We conduct regular training of staff on privacy and data security best practices.
We maintain internal policies and procedures for handling personal data securely.

5.3 Incident Response

Despite our best efforts, no method of transmission over the internet or method of electronic storage is 100% secure. In the event of a data breach that is likely to affect your rights and freedoms, we will notify affected users and the appropriate authorities as required by applicable law, including relevant state breach notification laws.

Important: You are responsible for maintaining the confidentiality of your account credentials. Please choose a strong password and do not share it with anyone. Notify us immediately at [email protected] if you suspect any unauthorized use of your account.

6. Your Privacy Rights

Depending on your state of residence, you may have certain rights regarding your personal information. We are committed to honoring these rights in accordance with applicable law, including the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

6.1 Rights Available to All Users

Right to Know / Access: You have the right to request that we disclose what personal information we have collected about you, the categories of sources from which it was collected, the purposes for which it is used, and the third parties with whom it is shared.
Right to Correction: You have the right to request that we correct inaccurate personal information we hold about you.
Right to Deletion: You have the right to request that we delete your personal information, subject to certain exceptions (e.g., where we are required to retain it by law or for legitimate business purposes).
Right to Data Portability: Where technically feasible, you may request that we provide your personal information in a structured, commonly used, and machine-readable format.
Right to Opt-Out of Marketing: You may opt out of receiving marketing communications from us at any time by clicking the "unsubscribe" link in any marketing email or by contacting us directly.

6.2 Additional Rights for California Residents

California residents have the following additional rights under CCPA/CPRA:

Right to Opt-Out of Sale or Sharing of Personal Information: We do not sell your personal information. However, if this changes, you will have the right to opt out.
Right to Limit Use of Sensitive Personal Information: You have the right to limit our use and disclosure of sensitive personal information to what is necessary to perform the services you request.
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights. This means we will not deny you services, charge you a different price, or provide you with a lower quality of service because you exercised a right under CCPA/CPRA.

6.3 How to Exercise Your Rights

To exercise any of your rights, please submit a verifiable consumer request to us by:

Email: [email protected]
Website: choptnow.rest

We will respond to verifiable requests within 45 days of receipt. If we require more time (up to 90 days), we will inform you of the reason and the extension in writing. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies (such as web beacons, pixel tags, and local storage) to collect and store information about how you interact with our Services. This helps us improve our website, personalize your experience, and analyze trends.

7.1 Types of Cookies We Use

Cookie Type	Purpose
Strictly Necessary	Essential for the website to function. These cannot be disabled (e.g., session management, security).
Performance / Analytics	Help us understand how visitors interact with our website by collecting and reporting information anonymously (e.g., Google Analytics).
Functional	Allow us to remember your preferences and settings to provide a more personalized experience.
Marketing / Targeting	Used to deliver relevant advertisements to you and track the effectiveness of our marketing campaigns.

7.2 Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to refuse all or certain cookies, delete cookies already stored, and receive a warning before a cookie is stored. Please note that disabling certain cookies may affect the functionality of our website.

For more detailed information about how we use cookies, including how to opt out, please refer to our Cookie Policy.

8. Data Retention

We retain your personal information only for as long as is necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

8.1 Retention Periods

Account Information: Retained for as long as your account is active. If you request account deletion, we will delete or anonymize your account data within 30 days, subject to legal retention obligations.
Order and Transaction Records: Retained for a minimum of 7 years to comply with tax and financial reporting obligations.
Marketing Data: Retained until you opt out of marketing communications, after which we will retain a suppression list to ensure we do not contact you again.
Customer Support Communications: Retained for up to 3 years after the resolution of the inquiry.
Usage and Technical Data: Generally retained for up to 2 years for analytics and security purposes, after which it is deleted or anonymized.
Legal Claims: If relevant to a legal claim or dispute, data may be retained for the duration of the claim and a reasonable period thereafter.

After the applicable retention period has expired, we will securely delete or anonymize your personal information so that it can no longer be associated with you.

9. Children's Privacy

Age Restriction: Our Services are intended for individuals who are 18 years of age or older. We do not knowingly collect personal information from children under the age of 18.

We are committed to protecting the privacy of minors. Our food ordering platform and website are directed to adults only. If you are under the age of 18, please do not use our Services or provide any personal information to us.

If we learn that we have collected personal information from a child under 18 without parental consent, we will take steps to delete that information as soon as possible. If you are a parent or guardian and you believe your child has provided us with personal information without your consent, please contact us immediately at [email protected].

We comply with the Children's Online Privacy Protection Act (COPPA), which prohibits unfair or deceptive practices in connection with the collection and use of personal information from children under 13 years of age.

10. International Data Transfers

Chopt is operated from and within the United States. Our servers and primary operations are based in the United States. If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States.

The data protection laws in the United States may differ from those in your country of residence. By using our Services, you acknowledge and consent to the transfer of your information to the United States and its processing in accordance with this Privacy Policy.

We take appropriate steps to ensure that any transfer of personal information across borders is done securely and in accordance with applicable law. Where required, we implement appropriate safeguards such as contractual clauses to protect your personal data during international transfers.

11. Third-Party Links and Services

Our website and Services may contain links to third-party websites, applications, and services that are not operated by us. For example, we may link to social media platforms, third-party delivery partners, or payment gateway websites.

We have no control over the content, privacy policies, or practices of any third-party sites or services, and we do not accept responsibility or liability for them. We encourage you to review the privacy policies of any third-party sites or services you visit.

The presence of a link to a third-party website does not constitute an endorsement of that site by Chopt.

12. Do Not Track Signals

Some web browsers may transmit "Do Not Track" (DNT) signals to websites they communicate with. There is currently no industry-wide standard for how websites should respond to DNT signals. At this time, our website does not respond to DNT browser signals in a standardized way. We will update this policy if and when a final standard is established and we adopt it.

California residents may also opt out of the sharing of their personal information for targeted advertising purposes. If you are a California resident, you may exercise this right by contacting us at [email protected].

13. Your Choices and Opt-Out Options

We want to give you meaningful control over your personal information. Here is a summary of the choices available to you:

13.1 Email Marketing

If you have opted in to receive marketing emails from us, you may opt out at any time by clicking the "unsubscribe" link in any marketing email we send, or by emailing us at [email protected]. Please note that even if you opt out of marketing emails, we may still send you transactional emails related to your orders and account.

13.2 Account Information

You may update or correct your account information at any time by logging into your account on our website and visiting your profile settings. If you wish to delete your account, please contact us at [email protected].

13.3 Cookies

You may control the use of cookies through your browser settings and our cookie consent tool. See Section 7 for more details.

13.4 Location Data

You may revoke your consent to our collection of precise geolocation data at any time through your device or browser settings.

14. Legal Basis for Processing (CCPA/CPRA Compliance)

As a business operating in the United States and serving customers in California, we comply with the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), as well as the Federal Trade Commission Act (FTC Act), which prohibits unfair or deceptive acts or practices affecting commerce.

We process your personal information on the following legal bases:

Contract Performance: Processing necessary to fulfill your orders and manage your account.
Legal Obligation: Processing required to comply with federal or state law.
Legitimate Interests: Processing for our business interests, such as fraud prevention, security, and improving our Services, where these interests are not overridden by your rights.
Consent: Where you have given us explicit consent to process your personal information for a specific purpose (e.g., marketing communications).

15. Filing Complaints

We take your privacy concerns seriously. If you have a complaint about how we handle your personal information, we encourage you to contact us first so that we can try to resolve the matter directly.

15.1 Contact Us

Please send your complaint to:

Email: [email protected]
Website: choptnow.rest

We will acknowledge your complaint within 5 business days and will endeavor to resolve it within 30 days.

15.2 Regulatory Authorities

If you are not satisfied with our response, or if you believe we are processing your personal information in a way that does not comply with applicable law, you have the right to file a complaint with the appropriate regulatory authority. In the United States, relevant authorities include:

Federal Trade Commission (FTC)
The FTC enforces federal consumer protection laws, including privacy and data security matters.
Website: www.ftc.gov
Phone: 1-877-382-4357
California Privacy Protection Agency (CPPA) — for California Residents
The CPPA enforces the CCPA/CPRA and other California privacy laws.
Website: cppa.ca.gov
State Attorney General Offices
Residents of other states may file complaints with their respective State Attorney General's office regarding potential violations of state privacy laws.

16. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time and at our sole discretion. If we make material changes to this policy, we will notify you by:

Posting the updated Privacy Policy on this page with a new "Last Updated" date.
Sending you an email notification (where we hold your email address and the changes are material).
Displaying a prominent notice on our website.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our Services after any changes to this Privacy Policy constitutes your acceptance of the updated terms.

17. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy, your personal information, or your privacy rights, please do not hesitate to contact our Privacy Team using the following details:

Privacy Contact Information

Company	Chopt
Email	[email protected]
Website	choptnow.rest

We are committed to working with you to resolve any issues or concerns you have about our privacy practices. Our team will respond to your inquiry as quickly as possible and within the timeframes required by applicable law.

Last Updated: This Privacy Policy was last reviewed and updated on June 26, 2026. The previous version of this policy remains available upon request.