Privacy Policy

Effective Date: June 27, 2026  |  Last Updated: June 27, 2026

Welcome to Chopt. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website choptnow.digital, place orders, use our services, or otherwise interact with us. Please read this policy carefully. If you disagree with its terms, please discontinue use of our site and services.

This Privacy Policy applies to all information collected through our website (choptnow.digital), mobile applications, online ordering systems, loyalty programs, and any related services, promotions, or events (collectively, the "Services").

1. Who We Are

Chopt is a food service business operating in the United States. For purposes of this Privacy Policy, "Chopt," "we," "us," and "our" refer to the company and its affiliates operating the Services described herein.

Company Name Chopt
Website choptnow.digital
Email Address [email protected]
Country of Operation United States

As a business operating in the United States, we are subject to applicable federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other applicable state and federal regulations governing data privacy and consumer protection.

2. Information We Collect

We collect information about you in a variety of ways when you interact with our Services. The categories of personal information we collect are described below.

2.1 Personal Information You Provide Directly

When you register an account, place an order, sign up for our loyalty program, subscribe to marketing communications, submit a form, or otherwise contact us, we may collect the following types of personal information:

  • Identification Data: Full name, username, and account password (encrypted).
  • Contact Information: Email address, phone number, billing address, and delivery address.
  • Payment Information: Credit or debit card details, billing information, and transaction history. Note: Full payment card data is processed by our PCI-DSS-compliant third-party payment processors; we do not store raw card numbers on our servers.
  • Order and Transaction Data: Details about the products or menu items you order, order history, and special dietary preferences or instructions you voluntarily provide.
  • Account Preferences: Saved favorites, dietary preferences, and communication preferences.
  • Communications Data: Messages, feedback, reviews, and correspondence you send to us via email, contact forms, or customer support channels.
  • Loyalty and Promotions Data: Information you provide when participating in loyalty programs, contests, surveys, or promotional activities.

2.2 Information Collected Automatically

When you access or use our website and digital Services, we and our third-party partners automatically collect certain technical and usage data, including:

  • Device Information: IP address, browser type and version, operating system, device type (mobile, tablet, desktop), device identifiers, and hardware specifications.
  • Usage Data: Pages visited, links clicked, time spent on pages, referring URLs, search queries entered on our site, and navigation patterns.
  • Log Data: Server logs that record your interactions with our Services, including timestamps, access times, and error reports.
  • Location Data: General geolocation data inferred from your IP address; precise geolocation if you permit our mobile application to access your device's GPS.
  • Cookie and Tracking Data: Information collected through cookies, web beacons, pixel tags, and similar tracking technologies. See Section 7 for more details.

2.3 Information From Third-Party Sources

We may receive information about you from third-party sources, which we may combine with information we already hold about you:

  • Social Media Platforms: If you choose to log in or register using a social media account (such as Google or Facebook), we receive your basic profile information as authorized by you on that platform.
  • Delivery Partners: Third-party delivery platforms we partner with may share order and contact information with us to fulfill your delivery.
  • Analytics and Advertising Partners: We may receive aggregated or anonymized audience data from advertising and analytics service providers.
  • Public Sources: Publicly available information such as business directory listings or social media profiles.

2.4 Sensitive Personal Information

We do not intentionally collect sensitive personal information such as Social Security numbers, financial account credentials, racial or ethnic origin, religious beliefs, health data (beyond voluntary dietary preferences), or precise geolocation without your explicit consent. If you voluntarily disclose dietary restrictions or allergy information, we treat this with heightened care and use it solely to fulfill your order and ensure your safety.

3. How We Use Your Information

We use the personal information we collect for the following lawful business purposes:

3.1 Service Provision and Order Fulfillment

  • To process and fulfill your food orders, including coordinating delivery or in-store pickup.
  • To create, manage, and maintain your account.
  • To process payments and send transactional communications such as order confirmations, receipts, and delivery updates.
  • To administer loyalty programs, rewards, and promotional offers.
  • To respond to your inquiries, customer service requests, and complaints.

3.2 Analytics and Service Improvement

  • To analyze usage patterns and trends to understand how our website and Services are used.
  • To develop, test, and improve our website, mobile applications, menu offerings, and overall customer experience.
  • To conduct internal research and analytics for business intelligence purposes.
  • To diagnose technical problems and maintain the security and integrity of our Services.

3.3 Marketing and Communications

  • To send you promotional emails, newsletters, special offers, and updates about new menu items — but only where you have opted in or where we have a legitimate interest to do so under applicable law.
  • To personalize your experience and display tailored content, recommendations, and advertisements based on your order history and preferences.
  • To serve targeted advertising on third-party platforms using aggregated or hashed data.
  • To conduct surveys and solicit feedback to improve our products and services.

3.4 Legal Compliance and Safety

  • To comply with applicable federal and state laws, regulations, and legal obligations.
  • To enforce our Terms of Service and other agreements.
  • To detect, investigate, and prevent fraudulent transactions, unauthorized access, and other illegal activities.
  • To protect the rights, property, and safety of Chopt, our customers, and the public.

4. Legal Basis for Processing

As a business operating in the United States, our processing of your personal information is governed primarily by applicable U.S. law, including the FTC Act (which prohibits unfair or deceptive practices in commerce) and state privacy statutes such as the CCPA/CPRA for California residents. We process your personal information based on the following grounds:

  • Contract Performance: Processing necessary to fulfill your orders and provide the Services you have requested.
  • Legitimate Business Interests: Processing necessary for our legitimate business interests, such as improving our Services, preventing fraud, and direct marketing to existing customers, provided these interests are not overridden by your rights.
  • Your Consent: Where we have obtained your explicit consent, such as for marketing communications or the use of non-essential cookies.
  • Legal Obligation: Processing required to comply with applicable laws, court orders, or regulatory requirements.

5. Sharing Your Information With Third Parties

We do not sell your personal information for monetary consideration. However, we may share your information in the following circumstances:

5.1 Service Providers and Business Partners

We engage trusted third-party service providers who assist us in operating our business and delivering our Services. These providers are contractually obligated to use your information only as directed by us and in accordance with this Privacy Policy. Categories of service providers include:

  • Payment Processors: To securely process credit and debit card transactions (e.g., Stripe, Square).
  • Delivery and Logistics Partners: Third-party delivery services used to fulfill delivery orders.
  • Cloud Hosting and IT Infrastructure Providers: To host our website, databases, and applications.
  • Email and Marketing Platforms: To send transactional and marketing emails (e.g., Mailchimp, SendGrid).
  • Analytics Providers: To analyze website traffic and user behavior (e.g., Google Analytics).
  • Customer Support Tools: Platforms used to manage customer service interactions.
  • Fraud Prevention Services: Third parties that help us detect and prevent fraudulent activity.

5.2 Advertising and Analytics Partners

We may share hashed, anonymized, or aggregated data — or in some cases, identifiers such as email addresses in encrypted form — with advertising platforms such as Meta (Facebook), Google Ads, and similar services to run targeted advertising campaigns. You have the right to opt out of such sharing for advertising purposes as described in Section 9 of this policy.

5.3 Legal Requirements and Law Enforcement

We may disclose your personal information when required by law or in good faith belief that such disclosure is necessary to:

  • Comply with a subpoena, court order, regulatory requirement, or other legal process.
  • Respond to lawful requests from government authorities, including law enforcement agencies.
  • Protect and defend the legal rights or property of Chopt.
  • Investigate suspected fraud or violations of our Terms of Service.
  • Protect the personal safety of our users or the public.

5.4 Business Transfers

In the event that Chopt undergoes a merger, acquisition, sale of assets, financing, or other corporate transaction, your personal information may be transferred to the successor entity. We will notify you via email or a prominent notice on our website before your information is transferred and becomes subject to a different privacy policy.

5.5 With Your Consent

We may share your information with third parties in any other cases where you have provided explicit consent.

6. Data Security

We take the security of your personal information seriously and implement a combination of technical, organizational, and physical safeguards designed to protect your data from unauthorized access, disclosure, alteration, and destruction.

6.1 Security Measures We Employ

  • Encryption: All data transmitted between your browser and our servers is encrypted using Transport Layer Security (TLS/SSL) technology. Sensitive data such as passwords is stored using strong cryptographic hashing algorithms (e.g., bcrypt).
  • Access Controls: Access to personal information is restricted to authorized personnel who need it to perform their job functions, and all access is governed by role-based permissions.
  • PCI-DSS Compliance: Payment card data is handled by PCI-DSS-compliant third-party processors. We do not store raw card numbers on our own infrastructure.
  • Regular Security Audits: We conduct periodic vulnerability assessments and security audits to identify and remediate potential risks.
  • Incident Response: We maintain a data breach response plan and will notify affected users and relevant authorities as required by applicable law in the event of a security incident.
  • Secure Data Centers: Our hosting infrastructure is maintained in facilities with physical security controls.

6.2 Your Responsibility

While we implement robust security measures, no method of transmission over the internet or electronic storage is 100% secure. You are responsible for maintaining the confidentiality of your account credentials and for any activity that occurs under your account. Please notify us immediately at [email protected] if you suspect any unauthorized use of your account.

7. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze traffic, and deliver personalized content and advertising.

7.1 What Are Cookies?

Cookies are small text files placed on your device when you visit a website. They allow the website to recognize your device and remember certain information about your visit. We also use related technologies such as web beacons, pixel tags, and local storage objects.

7.2 Types of Cookies We Use

  • Strictly Necessary Cookies: Essential for the operation of our website, including enabling you to log in, add items to your cart, and complete checkout. These cannot be disabled without affecting site functionality.
  • Performance and Analytics Cookies: Collect anonymized information about how visitors use our site, such as which pages are visited most frequently, to help us improve our Services.
  • Functionality Cookies: Remember your preferences, such as saved addresses, language settings, and login information, to personalize your experience.
  • Targeting and Advertising Cookies: Track your browsing behavior across websites to deliver relevant advertising and measure the effectiveness of our marketing campaigns.

7.3 Managing Your Cookie Preferences

You can manage your cookie preferences through our cookie consent tool displayed when you first visit our website. You may also configure your browser settings to refuse all or certain cookies, though this may affect your ability to use certain features of our Services. For more detailed information about the specific cookies we use and your choices, please see our full Cookie Policy available on our website.

To opt out of Google Analytics tracking specifically, you may install the Google Analytics Opt-out Browser Add-on.

8. Data Retention

We retain your personal information only for as long as is necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, and reporting obligations, and to resolve disputes.

Category of Data Retention Period
Account and profile information Duration of the account plus 3 years after account closure
Order and transaction records 7 years (for tax and financial record-keeping purposes)
Payment processing records 7 years (maintained by payment processors per PCI-DSS requirements)
Marketing and communication preferences Until you unsubscribe or withdraw consent, plus 1 year
Customer support communications 3 years from the date of the interaction
Usage and analytics data (aggregated) 26 months (standard Google Analytics retention period)
Cookie and session data Session cookies expire when you close your browser; persistent cookies as specified in our Cookie Policy
Legal compliance and fraud prevention records As required by applicable law or until the resolution of any legal proceedings

When personal information is no longer needed, we securely delete or anonymize it in accordance with our data destruction protocols.

9. Your Privacy Rights

Depending on your state of residence, you may have specific rights regarding your personal information. We are committed to honoring these rights in accordance with applicable law.

9.1 Rights for California Residents (CCPA/CPRA)

If you are a resident of California, you have the following rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):

  • Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business purposes for collecting it, and the categories of third parties with whom we share it.
  • Right to Delete: You have the right to request that we delete personal information we have collected from you, subject to certain exceptions (e.g., information needed to complete a transaction or comply with a legal obligation).
  • Right to Correct: You have the right to request correction of inaccurate personal information we maintain about you.
  • Right to Opt-Out of Sale or Sharing: You have the right to opt out of the "sale" or "sharing" of your personal information for cross-context behavioral advertising purposes. While we do not sell your data for money, we may share data with advertising partners in ways that constitute "sharing" under the CPRA. To opt out, please use the "Do Not Sell or Share My Personal Information" link on our website or contact us directly.
  • Right to Limit Use of Sensitive Personal Information: You have the right to limit our use of sensitive personal information to uses necessary to provide the Services.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge different prices, or provide a different level of service.

9.2 Rights for Residents of Other U.S. States

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas, and other states with comprehensive privacy laws may have similar rights including:

  • Right to Access: Request a copy of the personal information we hold about you.
  • Right to Correction: Request correction of inaccurate personal information.
  • Right to Deletion: Request deletion of personal information we have collected, subject to legal exceptions.
  • Right to Data Portability: Receive a copy of your personal information in a portable, machine-readable format where technically feasible.
  • Right to Opt Out of Targeted Advertising: Opt out of the processing of your personal information for targeted advertising purposes.
  • Right to Appeal: If we decline to take action on your request, you may appeal our decision by contacting us at the address listed in Section 13.

9.3 How to Exercise Your Rights

To exercise any of your privacy rights, please submit a verifiable request to us by:

We will need to verify your identity before processing your request to protect the security of your information. Verification may require you to provide information consistent with what we already have on file. We will respond to verifiable requests within the timeframes required by applicable law (generally within 45 days, with a possible 45-day extension with notice). We will not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded.

You may designate an authorized agent to submit a request on your behalf. We will require written authorization or a power of attorney confirming the agent's authority, along with verification of your identity.

10. Children's Privacy

Age Restriction: Our Services are intended for individuals who are 18 years of age or older. We do not knowingly collect personal information from children under the age of 13, or from minors under 18 without parental consent where required by law.

Our Services are not directed to individuals under 18 years of age, and we do not knowingly collect, solicit, or maintain personal information from anyone under 18. If we become aware that we have inadvertently collected personal information from a person under 18 without appropriate consent, we will take prompt steps to delete that information from our records.

This policy is consistent with the requirements of the Children's Online Privacy Protection Act (COPPA), which governs the online collection of information from children under 13 in the United States. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately at [email protected].

11. International Data Transfers

Chopt is headquartered in the United States, and our Services are primarily directed at users within the United States. All personal information we collect is processed and stored on servers located within the United States.

If you are accessing our Services from outside the United States, please be aware that your information will be transferred to, processed, and stored in the United States. Data protection laws in the United States may differ from those in your country of residence and may not offer the same level of protection. By using our Services, you consent to the transfer of your information to the United States and the processing of your information in accordance with this Privacy Policy and applicable U.S. law.

We take reasonable measures to ensure that any international transfers of personal information are conducted in compliance with applicable legal requirements and that your information receives adequate protection regardless of where it is processed.

12. Third-Party Links and Services

Our website may contain links to third-party websites, applications, or services — including delivery platforms, social media networks, and payment processors — that are not owned or controlled by Chopt. This Privacy Policy applies only to our own Services and does not cover the privacy practices of third-party sites or services.

We have no responsibility or liability for the content, privacy policies, or practices of any third-party websites or services. We encourage you to review the privacy policies of every website you visit or service you use before providing any personal information.

13. Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that a user does not wish to have their online activity tracked. Currently, there is no universally accepted standard for responding to DNT signals, and our website does not alter its data collection practices in response to DNT signals. However, you may exercise your opt-out rights as described in Sections 7 and 9 of this policy.

We do honor the Global Privacy Control (GPC) signal to the extent required by applicable law, including the CPRA for California residents. If your browser or device transmits a GPC signal, we will treat it as a request to opt out of the sale or sharing of your personal information.

14. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, technologies, legal requirements, or for other business reasons. When we make material changes to this policy, we will:

  • Update the "Last Updated" date at the top of this page.
  • Post a prominent notice on our website or send you an email notification (if you have provided us with an email address) prior to the change becoming effective.

Your continued use of our Services after any changes to this Privacy Policy will constitute your acknowledgment of the modifications and your consent to abide by the updated terms. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

15. Filing a Complaint With a Data Protection Authority

If you are a California resident and believe that we have not adequately addressed your privacy concerns, you have the right to file a complaint with the California Privacy Protection Agency (CPPA), which is the state agency responsible for enforcing the CPRA:

California Privacy Protection Agency (CPPA)
Website: https://cppa.ca.gov
Address: 2101 Arena Blvd, Sacramento, CA 95834
Email: [email protected]

You may also file a complaint with the Federal Trade Commission (FTC) if you believe that we have engaged in unfair or deceptive acts or practices in violation of the FTC Act:

Federal Trade Commission (FTC)
Website: https://www.ftc.gov/complaint
Phone: 1-877-FTC-HELP (1-877-382-4357)
Address: 600 Pennsylvania Avenue NW, Washington, D.C. 20580

Residents of other states may also contact their respective state attorneys general or consumer protection offices with privacy-related complaints.

We encourage you to contact us first at [email protected] so that we have the opportunity to address your concerns directly and promptly before you escalate to a regulatory authority.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact our privacy team using the information below. We are committed to resolving privacy inquiries in a timely and transparent manner.

Privacy Contact Information
Company Chopt
Email [email protected]
Website choptnow.digital
Subject Line Privacy Policy Inquiry / Privacy Rights Request

When contacting us about a privacy matter, please include your full name, the email address associated with your account (if applicable), a description of your inquiry or request, and your state of residence so that we can respond most effectively.

We aim to respond to all privacy-related inquiries within 10 business days of receipt, and to complete verifiable consumer rights requests within the timeframes required by applicable law.

Summary: This Privacy Policy was last updated on June 27, 2026. By using the Services provided by Chopt at choptnow.digital, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.