Privacy Policy

Effective Date: June 25, 2026  |  Last Updated: June 25, 2026

Welcome to Chopt. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website choptsalads.rest, place orders, participate in our loyalty programs, or otherwise interact with our services. Please read this policy carefully. If you disagree with its terms, please discontinue use of our site and services.

This Privacy Policy applies to all information collected through our website (choptsalads.rest), our mobile applications, our in-store services, and any related services, promotions, or events (collectively, the "Services"). By using our Services, you acknowledge that you have read and understood this Privacy Policy.

1. About Us

Chopt operates as a food service business in the United States. Our contact details for all privacy-related matters are as follows:

For any questions, concerns, or requests related to this Privacy Policy or our data practices, please do not hesitate to contact us using the details provided above or in Section 14 of this policy.

2. Information We Collect

We collect several types of information from and about users of our Services, including information you provide directly to us, information collected automatically, and information from third-party sources.

2.1 Personal Information You Provide Directly

When you interact with our Services, you may voluntarily provide us with the following categories of personal information:

  • Identity and Contact Information: Your full name, username or screen name, date of birth, email address, mailing address, billing address, and telephone number.
  • Account Information: Login credentials such as your username and password when you create an account on our platform.
  • Order and Transaction Information: Details of food orders you place, including items selected, customizations, order history, and purchase frequency.
  • Payment Information: Credit or debit card numbers, billing addresses, and other financial information necessary to process your payments. Please note that payment card data is processed by our third-party payment processors and is not stored directly on our servers.
  • Communications: Records of your correspondence with us, including customer service inquiries, feedback forms, and survey responses.
  • Preferences and Dietary Information: Information about your dietary preferences, food allergies, or nutritional goals that you voluntarily provide to personalize your experience.
  • Loyalty Program Information: Details associated with participation in any loyalty, rewards, or referral programs we may offer.
  • Marketing Preferences: Your preferences regarding receiving marketing communications from us or our third-party partners.

2.2 Information Collected Automatically

When you visit or use our Services, certain information is collected automatically through cookies, web beacons, and other tracking technologies. This may include:

  • Usage Data: Pages you visit on our website, links you click, features you use, time and duration of visits, referring URLs, and navigation paths.
  • Device Information: Information about the device you use to access our Services, including device type, operating system and version, browser type and version, device identifiers, and mobile network information.
  • Location Data: General geographic location based on your IP address. With your consent, we may also collect more precise location data from your mobile device to help you find the nearest Chopt location or enable delivery services.
  • Log Data: Server logs containing your IP address, access times, hardware and software information, and error data.
  • Cookie and Tracking Data: Information collected through cookies, pixel tags, web beacons, and similar technologies. Please see Section 8 for more information about our use of cookies.

2.3 Information From Third Parties

We may receive information about you from third-party sources, which we may combine with the information we collect directly. These sources include:

  • Social Media Platforms: If you connect your social media account (e.g., Facebook, Google, Instagram) to our Services or interact with our social media pages, we may receive information from those platforms, subject to their privacy policies and your privacy settings.
  • Analytics Providers: Third-party analytics services that help us understand how our website is used.
  • Delivery Partners: Third-party delivery platforms through which you may place an order associated with our brand.
  • Marketing and Advertising Partners: Data that helps us reach potential customers and measure the effectiveness of our marketing campaigns.
  • Payment Processors: Confirmation of payment transactions and related data.

3. How We Use Your Information

We use the information we collect for a variety of purposes to operate, maintain, and improve our Services, including:

3.1 Service Provision and Order Fulfillment

  • To process and fulfill your food orders, including arranging delivery or pickup.
  • To manage your account, including registration, login, and account maintenance.
  • To process payments and prevent fraudulent transactions.
  • To send you order confirmations, receipts, and transactional communications.
  • To administer loyalty and rewards programs and honor redemptions.
  • To respond to your inquiries, customer service requests, and complaints.

3.2 Analytics and Service Improvement

  • To understand how users interact with our website and mobile apps to improve functionality and user experience.
  • To conduct research and analysis on food preferences and ordering trends to improve our menu offerings.
  • To measure the effectiveness of our promotions and marketing campaigns.
  • To monitor and analyze usage patterns and diagnose technical issues.
  • To develop new products, features, and services.

3.3 Marketing and Personalization

  • To send you promotional emails, newsletters, offers, and information about new menu items, seasonal specials, or events, where you have opted in or where we have a legitimate interest under applicable law.
  • To personalize your experience by tailoring content, product recommendations, and advertisements to your interests and ordering history.
  • To present targeted advertising on our website, mobile apps, and third-party platforms.
  • To facilitate referral programs and social sharing features.

3.4 Legal Compliance and Safety

  • To comply with applicable federal and state laws and regulations, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and the Federal Trade Commission (FTC) Act.
  • To enforce our Terms of Service and other agreements.
  • To protect the rights, property, and safety of Chopt, our customers, and others.
  • To detect, investigate, and prevent fraud, unauthorized activities, and other illegal activities.
  • To respond to legal requests, court orders, and law enforcement inquiries.

4. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes without your explicit consent. However, we may share your information in the following circumstances:

4.1 Service Providers

We engage trusted third-party companies and individuals to perform services on our behalf. These service providers have access to your personal information only to the extent necessary to perform their functions and are contractually obligated to maintain the confidentiality and security of your data. Our service providers include:

  • Payment processors and fraud prevention services
  • Cloud hosting, data storage, and IT infrastructure providers
  • Email service providers and marketing automation platforms
  • Delivery fulfillment and logistics partners
  • Analytics and user behavior tracking providers
  • Customer relationship management (CRM) platforms
  • Loyalty program technology providers

4.2 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your information.

4.3 Legal Requirements and Protection of Rights

We may disclose your personal information when we believe in good faith that disclosure is necessary to:

  • Comply with applicable law, regulation, legal process, or enforceable governmental request.
  • Enforce our Terms of Service or other agreements, including investigation of potential violations.
  • Detect, prevent, or otherwise address fraud, security, or technical issues.
  • Protect the rights, property, or safety of Chopt, our users, employees, or the public as required or permitted by law.

4.4 With Your Consent

We may share your personal information with third parties when we have your consent to do so, including when you opt into specific programs, promotions, or partnerships that involve data sharing.

4.5 Aggregated and Anonymized Data

We may share aggregated, de-identified, or anonymized information that cannot reasonably be used to identify you with third parties for research, marketing, analytics, or other purposes.

5. Data Security

The security of your personal information is important to us. We implement a variety of reasonable technical, administrative, and physical security measures designed to protect your information from unauthorized access, disclosure, alteration, and destruction. Our security measures include:

  • Encryption: We use Secure Socket Layer (SSL) / Transport Layer Security (TLS) encryption to protect data transmitted between your browser and our servers.
  • Access Controls: Access to personal data is restricted to authorized personnel who have a legitimate business need to access it. All employees with access to personal data are required to maintain its confidentiality.
  • Secure Payment Processing: Payment card information is processed using industry-standard PCI DSS compliant payment processing systems. We do not store full credit card numbers on our servers.
  • Data Minimization: We collect only the personal information that is necessary for the purposes described in this policy.
  • Regular Security Assessments: We periodically review and update our security practices and conduct security assessments to identify and address vulnerabilities.
  • Incident Response: We maintain procedures for responding to data security incidents and will notify affected users and relevant regulatory authorities as required by applicable law, including applicable U.S. state data breach notification laws.
Important Notice: No method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. You are responsible for maintaining the confidentiality of your account credentials and for any activities that occur under your account.

6. Your Privacy Rights

Depending on your state of residence within the United States, you may have certain rights regarding your personal information. We are committed to honoring these rights in accordance with applicable law.

6.1 Rights Under the California Consumer Privacy Act (CCPA/CPRA)

If you are a California resident, you have the following rights under the CCPA as amended by the CPRA:

Right Description
Right to Know You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for which it is used, and the categories of third parties with whom we share it.
Right to Delete You have the right to request that we delete personal information we have collected from you, subject to certain exceptions.
Right to Correct You have the right to request that we correct inaccurate personal information that we maintain about you.
Right to Opt-Out of Sale/Sharing You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising.
Right to Limit Use of Sensitive Personal Information You have the right to limit our use and disclosure of sensitive personal information to certain specified purposes.
Right to Non-Discrimination We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny goods or services, charge different prices, or provide a different level of service because you exercised your rights.
Right to Data Portability You have the right to receive your personal information in a portable, and to the extent technically feasible, readily usable format that allows you to transmit the data to another entity.

6.2 General Privacy Rights for All U.S. Users

Regardless of your state of residence, we provide the following options to all our users:

  • Access and Review: You may access and review the personal information associated with your account by logging into your account settings or contacting us directly.
  • Correction and Update: You may update or correct inaccurate personal information through your account settings or by contacting us.
  • Account Deletion: You may request the deletion of your account and associated personal information by contacting us at [email protected].
  • Marketing Opt-Out: You may opt out of receiving marketing emails at any time by clicking the "unsubscribe" link in any marketing email we send you, or by updating your communication preferences in your account settings.
  • Do Not Track: Some browsers offer a "Do Not Track" (DNT) signal. Currently, there is no universal industry standard for responding to DNT signals, and we do not currently alter our data collection practices in response to DNT signals. However, we will monitor developments in this area and update this policy accordingly.

6.3 How to Exercise Your Rights

To exercise any of the rights described above, please submit a verifiable request to us by:

We will respond to your verifiable request within 45 days of receipt. If we require more time (up to an additional 45 days), we will inform you of the reason and the extension period in writing. We do not charge a fee for processing your request unless your request is excessive, repetitive, or manifestly unfounded.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The specific retention periods we apply are as follows:

Category of Data Retention Period
Account and profile information For the duration of your account, plus 3 years after account closure
Order and transaction history 7 years (for tax and financial record-keeping purposes)
Customer service communications 3 years from the date of the interaction
Marketing preferences and opt-outs Indefinitely, to honor your preferences and for compliance records
Website analytics and usage data Up to 26 months
Cookie data As specified in our Cookie settings (typically session to 2 years)
Legal and compliance records As required by applicable law, typically 5-7 years

When personal data is no longer required for its original purpose and no longer required to be retained by law, we will securely delete, destroy, or anonymize it.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies (such as web beacons, pixel tags, and local storage) to collect and use information about you and your interactions with our Services. Cookies are small data files stored on your browser or device.

8.1 Types of Cookies We Use

  • Strictly Necessary Cookies: These cookies are essential for the operation of our website. They enable core functions such as security, account authentication, and shopping cart functionality. You cannot opt out of these cookies.
  • Performance and Analytics Cookies: These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously (e.g., Google Analytics).
  • Functional Cookies: These cookies enable enhanced functionality and personalization, such as remembering your preferences, language settings, and saved items.
  • Targeting and Advertising Cookies: These cookies are used to build a profile of your interests and show you relevant advertisements on our site and other sites. They are usually placed by advertising networks with our permission.

8.2 Managing Your Cookie Preferences

You can control and manage cookies in various ways. Most browsers allow you to refuse or accept cookies, delete existing cookies, and set preferences for certain websites. Please note that if you disable certain cookies, some features of our website may not function properly. For more detailed information about the cookies we use and how to manage them, please refer to our Cookie Policy.

9. Children's Privacy

Age Restriction: Our Services are intended for adults and are not directed to individuals under the age of 18.

We do not knowingly collect, use, or disclose personal information from children under the age of 13 in violation of the Children's Online Privacy Protection Act (COPPA). Furthermore, we do not knowingly collect personal information from individuals under the age of 18 without verifiable parental consent.

If you are a parent or guardian and believe that your child under the age of 18 has provided us with personal information without your consent, please contact us immediately at [email protected]. If we discover that we have collected personal information from a child under 13 without verifiable parental consent, we will take steps to delete that information from our servers as soon as reasonably practicable.

By using our Services, you represent and warrant that you are at least 18 years of age. If you are under 18 years of age, you are not permitted to use our Services.

10. International Data Transfers

Chopt is based in the United States, and your personal information is primarily collected, stored, and processed in the United States. The United States may not have the same data protection laws as the country from which you are accessing our Services.

If you are accessing our Services from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States. By using our Services and providing us with your personal information, you acknowledge and consent to the transfer of your information to the United States and its use in accordance with this Privacy Policy.

Where we transfer personal information internationally, we take appropriate steps to ensure that your data receives an adequate level of protection through contractual safeguards, data processing agreements, and other mechanisms consistent with applicable law. If you have questions about international data transfers, please contact us at [email protected].

11. Third-Party Links and Services

Our website and Services may contain links to third-party websites, apps, or services that are not operated by us, including social media platforms, delivery services, and partner websites. If you click on a third-party link, you will be directed to that third party's site. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services.

We strongly advise you to review the privacy policy of every site you visit before providing any personal information. This Privacy Policy does not apply to any information collected through third-party websites or services.

12. Marketing Communications

With your consent or where we have a legitimate interest as permitted by applicable law, we may use your personal information to send you marketing and promotional communications about our products, services, special offers, new menu items, seasonal promotions, and events.

You may opt out of receiving marketing communications from us at any time by:

  • Clicking the "unsubscribe" or "opt-out" link at the bottom of any marketing email we send you.
  • Updating your communication preferences in your account settings on choptsalads.rest.
  • Contacting us directly at [email protected] with your request.

Please note that even if you opt out of marketing communications, we may still send you non-promotional, transactional emails related to your orders, account, or our ongoing business relationship with you (e.g., order confirmations, account security alerts, and service updates).

13. Filing Complaints with Regulatory Authorities

If you have concerns about our privacy practices that we have been unable to address to your satisfaction, you have the right to lodge a complaint with the appropriate regulatory authority.

13.1 Federal Trade Commission (FTC)

In the United States, consumer privacy complaints related to unfair or deceptive practices may be filed with the Federal Trade Commission (FTC):

Federal Trade Commission
600 Pennsylvania Avenue, NW
Washington, D.C. 20580
Website: www.ftc.gov/complaint
Phone: 1-877-382-4357

13.2 California Attorney General (California Residents)

California residents who believe their rights under the CCPA/CPRA have been violated may file a complaint with the California Privacy Protection Agency (CPPA) or the California Attorney General's Office:

California Privacy Protection Agency
2101 Arena Blvd
Sacramento, CA 95834
Website: cppa.ca.gov

13.3 State Attorneys General

Residents of other U.S. states may file privacy-related complaints with their respective State Attorney General's office. Many states have enacted their own consumer privacy laws and have designated agencies to handle related complaints.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our privacy team using the information below. We are committed to working with you to resolve any privacy concerns promptly and transparently.

We aim to respond to all privacy-related inquiries within 30 days of receipt. For complex requests or those requiring further investigation, we will acknowledge receipt of your inquiry and provide an estimated timeframe for our full response.

15. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes to this Privacy Policy, we will notify you by:

  • Posting a prominent notice on our website (choptsalads.rest) prior to the change becoming effective.
  • Updating the "Last Updated" date at the top of this Privacy Policy.
  • Sending a notification email to the email address associated with your account, where appropriate and required by law.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our Services following the posting of changes constitutes your acceptance of those changes. If you do not agree to the revised Privacy Policy, please discontinue use of our Services and contact us to request deletion of your personal information.

16. Legal Basis and Applicable Law

Our privacy practices are governed by and construed in accordance with the laws of the United States of America. Specifically, we comply with the following applicable laws and regulations:

  • Federal Trade Commission (FTC) Act: We comply with the FTC Act's prohibition on unfair or deceptive acts or practices, which forms the foundation of consumer privacy protection in the United States.
  • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA): We comply with CCPA/CPRA requirements applicable to our operations, providing California residents with the rights described in Section 6 of this policy.
  • Children's Online Privacy Protection Act (COPPA): We comply with COPPA and do not knowingly collect personal information from children under the age of 13.
  • CAN-SPAM Act: Our commercial email communications comply with the requirements of the Controlling the Assault of Non-Solicited Pornography And Marketing (CAN-SPAM) Act.
  • Telephone Consumer Protection Act (TCPA): Where applicable, our SMS and telephone marketing practices comply with the TCPA.
  • State Data Breach Notification Laws: We comply with applicable state data breach notification laws in the event of a security incident affecting personal information.
  • Other Applicable State Privacy Laws: We monitor and comply with privacy laws enacted in other U.S. states, including but not limited to the Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), and similar legislation, as applicable to our operations and your state of residence.

Summary: This Privacy Policy was last updated on June 25, 2026. We are dedicated to maintaining the trust you place in us when you share your personal information. For any questions or concerns, please reach out to us at [email protected]. Thank you for choosing Chopt.