Privacy Policy

Effective Date: June 29, 2026 | Last Updated: June 29, 2026

Welcome to Chopt ("we," "our," "us," or "the Company"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website choptgrill.rest, place an order, interact with our services, or otherwise engage with us. Please read this policy carefully. If you disagree with its terms, please discontinue use of our site and services immediately.

We operate as a food business based in the United States. As such, this Privacy Policy is governed by applicable federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other applicable U.S. federal and state regulations. Where California-specific rights apply, we have noted them clearly in this document.

1. Who We Are

Chopt is a food service business operating through our website and related digital properties. We provide customers with online ordering, menu information, promotional offers, loyalty programs, and other food-related services.

Company Name	Chopt
Website	choptgrill.rest
Email Address	[email protected]
Address	United States
Phone	Not provided — please contact us via email at [email protected]

2. Information We Collect

We collect information about you in a variety of ways depending on how you interact with us. The categories of personal information we may collect include, but are not limited to, the following:

2.1 Personal Identification Information

When you create an account, place an order, sign up for our newsletter, or contact us, we may collect:

Full name
Email address
Phone number
Delivery or billing address
Date of birth (where required for age verification or promotional purposes)
Username and password for account access

2.2 Payment and Transaction Information

When you make a purchase or complete a transaction through our platform, we or our payment processors may collect:

Credit or debit card details (processed securely by third-party payment processors; we do not store full card numbers)
Billing address
Order history and transaction records
Applied discount codes or promotional credits

2.3 Usage and Behavioral Data

When you browse our website, we automatically collect information about your interactions, including:

Pages visited and content viewed
Links clicked and navigation paths
Time and date of your visit
Duration of time spent on specific pages
Search queries made within our site
Referring URLs or websites that directed you to our site
Shopping cart and checkout behaviors

2.4 Device and Technical Information

We automatically collect certain technical information from your device and browser, including:

IP address
Browser type and version
Operating system and device type (desktop, mobile, tablet)
Screen resolution
Language settings
Device identifiers and mobile advertising IDs
Cookie identifiers and session tokens

2.5 Location Data

With your permission, or as inferred from your IP address, we may collect approximate or precise geographic location information to:

Identify the nearest Chopt location or delivery zone
Provide location-relevant promotions or menu offerings
Calculate delivery fees and estimated delivery times

2.6 Communications and Feedback Data

If you contact us via email, our contact form, live chat, or other communication channels, we may collect:

Your name and contact information
The content of your message or inquiry
Any attachments or supporting documents you share
Records of our responses to you

2.7 Marketing and Preference Data

When you subscribe to our marketing communications or loyalty programs, we collect:

Communication preferences (email, SMS, push notifications)
Interests and dietary preferences (where voluntarily provided)
Feedback from surveys or reviews
Loyalty points, rewards activity, and redemption history

2.8 Information From Third Parties

We may receive information about you from third parties such as:

Social media platforms (if you connect your account or interact with our social content)
Third-party food delivery platforms (e.g., DoorDash, Uber Eats, Grubhub) that facilitate orders on our behalf
Analytics providers that aggregate anonymized behavioral data
Advertising networks that track cross-site activity with your consent

Note: We only collect personal information that is necessary, relevant, and proportionate to the purposes described in this Privacy Policy. We do not collect sensitive categories of data such as racial or ethnic origin, health conditions, or religious beliefs, unless you voluntarily provide them.

3. How We Use Your Information

We use the personal information we collect for various lawful purposes related to our business operations, including:

3.1 Providing and Managing Our Services

Processing and fulfilling food orders, including delivery and pickup
Managing your account and maintaining account security
Processing payments and issuing refunds or credits where applicable
Communicating with you about your orders, account, or inquiries
Enabling loyalty program participation and reward redemptions

3.2 Analytics and Service Improvement

Analyzing usage patterns and customer behavior to improve our website and menu offerings
Conducting internal research and development
Identifying and fixing technical errors or bugs on our platform
Evaluating the effectiveness of our digital marketing campaigns
Generating aggregated and anonymized statistical reports

3.3 Marketing and Promotional Communications

Sending you promotional emails, special offers, and newsletters (with your consent or under a legitimate interest basis)
Delivering personalized recommendations based on your order history and preferences
Running targeted advertising campaigns on social media and third-party platforms
Notifying you about new menu items, seasonal promotions, or events at Chopt locations

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any marketing email, or by contacting us at [email protected]. Opting out of marketing will not affect transactional communications (e.g., order confirmations).

3.4 Legal Compliance and Safety

Complying with applicable laws, regulations, and legal processes
Responding to lawful requests from government authorities or law enforcement
Enforcing our Terms of Service and other agreements
Detecting, preventing, and addressing fraud, security incidents, or unauthorized activity
Protecting the safety and rights of our customers, employees, and the public

3.5 Business Operations and Administration

Maintaining internal business records and accounting
Administering employee, contractor, and supplier relationships (where applicable)
Evaluating and executing potential mergers, acquisitions, or business restructuring

4. How We Share Your Information

We do not sell your personal information to third parties for their own marketing purposes. However, we may share your information in the following circumstances:

4.1 Service Providers and Business Partners

We engage trusted third-party service providers who assist us in operating our business and providing services to you, including:

Payment processors (e.g., Stripe, Square) to securely handle financial transactions
Delivery and logistics providers who fulfill food delivery orders
Email and SMS marketing platforms to distribute communications on our behalf
Cloud hosting and infrastructure providers who store and manage our data systems
Customer support tools that help us manage your inquiries and feedback
Analytics providers (e.g., Google Analytics) that help us understand website usage
Advertising networks that facilitate targeted digital advertising

All third-party service providers are required to protect your personal information and are prohibited from using it for any purpose other than providing services to us.

4.2 Legal Requirements and Law Enforcement

We may disclose your personal information if we believe in good faith that such disclosure is necessary to:

Comply with a legal obligation, court order, subpoena, or government request
Enforce our Terms of Service or protect our legal rights
Prevent or investigate suspected illegal activity, fraud, or security threats
Protect the personal safety of our users, employees, or the public

4.3 Business Transfers

In the event of a merger, acquisition, bankruptcy, reorganization, or sale of all or a portion of our assets, your personal information may be transferred to the acquiring entity. We will notify you via email and/or a prominent notice on our website if such a change occurs and your information is subject to a different privacy policy.

4.4 With Your Consent

We may share your information with other third parties when you have provided explicit consent for such sharing, or when you direct us to do so (e.g., by connecting your account to a third-party platform or app).

5. Cookies and Tracking Technologies

We use cookies, pixel tags, web beacons, local storage, and similar tracking technologies on our website to enhance your browsing experience, analyze usage patterns, and deliver personalized content.

5.1 Types of Cookies We Use

Strictly Necessary Cookies: Essential for core website functionality, such as maintaining your shopping cart and login session.
Performance and Analytics Cookies: Help us understand how visitors use our site (e.g., Google Analytics).
Functional Cookies: Remember your preferences such as language, location, and saved menu items.
Marketing and Advertising Cookies: Track your activity across sites to deliver relevant advertising.

5.2 Managing Your Cookie Preferences

You can manage or disable cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. For detailed information on the specific cookies we use and how to manage them, please refer to our Cookie Policy, which is available on our website.

You may also opt out of interest-based advertising by visiting:

6. Data Security

We take the security of your personal information seriously and implement a range of technical, administrative, and physical safeguards to protect it from unauthorized access, disclosure, alteration, and destruction.

6.1 Security Measures We Employ

Encryption: All data transmitted between your browser and our servers is encrypted using Secure Socket Layer (SSL) / Transport Layer Security (TLS) technology.
Secure Payment Processing: We use PCI-DSS compliant third-party payment processors and do not store raw credit card information on our servers.
Access Controls: Access to personal data is restricted to authorized employees and contractors who need it to perform their job functions.
Password Hashing: Account passwords are stored in encrypted, hashed formats and are never stored in plain text.
Regular Security Audits: We conduct periodic security assessments and vulnerability testing of our systems.
Incident Response: We maintain a data breach response plan and will notify affected users and relevant authorities in accordance with applicable law.

Important: Despite our best efforts, no method of electronic transmission or storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security. We encourage you to use strong, unique passwords and to keep your account credentials confidential.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements. The specific retention periods depend on the type of information and the purpose for which it was collected.

Data Category	Retention Period
Account and profile information	Until account deletion, plus up to 3 years for legal compliance
Order and transaction records	7 years (as required for tax and accounting purposes)
Payment processing data	As required by our payment processors and applicable law
Marketing preferences and communications	Until opt-out, plus 2 years for record-keeping
Website usage and analytics data	Up to 26 months (Google Analytics default)
Customer support communications	3 years from the date of resolution
Cookie data	As specified in individual cookie settings (session to 2 years)

After the applicable retention period expires, we will securely delete or anonymize your personal information. If deletion is not immediately possible (e.g., because data is stored in backup archives), we will isolate your data from further processing until deletion is feasible.

8. Your Privacy Rights

Depending on your location and applicable law, you may have certain rights with respect to your personal information. We are committed to honoring these rights in accordance with applicable U.S. federal and state law.

8.1 Rights Available to All U.S. Residents

Right to Access: You have the right to request information about the personal data we hold about you.
Right to Correction: You may request that we correct inaccurate or incomplete personal information.
Right to Opt Out of Marketing: You may unsubscribe from marketing communications at any time.
Right to File a Complaint: You have the right to file a complaint with the appropriate regulatory authority if you believe your privacy rights have been violated.

8.2 Additional Rights for California Residents (CCPA/CPRA)

If you are a resident of California, you have the following additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the purposes for collection, and the categories of third parties with whom we share it.
Right to Delete: You may request deletion of the personal information we have collected about you, subject to certain exceptions (e.g., data needed to complete a transaction, legal compliance, or fraud prevention).
Right to Correct: You may request correction of inaccurate personal information we maintain about you.
Right to Opt Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising. We do not sell personal information in the traditional sense, but if applicable, you may exercise this right by contacting us.
Right to Limit Use of Sensitive Personal Information: You have the right to limit our use of sensitive personal information to specific purposes allowed by law.
Right to Data Portability: You may request a copy of the personal information we hold about you in a structured, commonly used, machine-readable format.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny services, charge different prices, or provide a different quality of service as a result of your exercise of privacy rights.

8.3 How to Exercise Your Rights

To exercise any of your privacy rights, please submit a verifiable consumer request to us using the following methods:

Email: [email protected]
Website: choptgrill.rest

We will respond to your request within 45 days of receipt. If we require additional time (up to 90 days total), we will inform you of the reason and extension period in writing. We may need to verify your identity before processing your request. We will only use the information you provide to verify your identity and fulfill your request.

You may designate an authorized agent to submit requests on your behalf. The authorized agent must provide written permission from you, and we may require verification of both the agent's authority and your identity.

9. Children's Privacy

Age Restriction: Our website and services are intended for individuals who are 18 years of age or older. We do not knowingly collect personal information from children under the age of 18.

We are committed to complying with the Children's Online Privacy Protection Act (COPPA) and other applicable laws protecting children's privacy. Our website is not directed to children under 18, and we do not knowingly solicit or collect personal information from minors.

If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at [email protected]. Upon verification, we will promptly delete such information from our records and take appropriate steps to prevent future collection.

If we discover that we have inadvertently collected personal information from a child under 18, we will take immediate steps to delete that information securely from our systems.

10. International Data Transfers

Chopt is based in the United States, and your personal information is primarily collected, stored, and processed within the United States. If you are accessing our website or services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the U.S. or in other countries where our service providers maintain facilities.

The United States may not offer the same level of data protection as your home country. By using our services and submitting your personal information, you consent to the transfer of your data to the United States and other countries in accordance with this Privacy Policy.

We take appropriate safeguards to ensure that your personal information receives an adequate level of protection wherever it is processed, including entering into appropriate data transfer agreements with our service providers and partners as required.

If you have questions about international data transfers, please contact us at [email protected].

11. Third-Party Links and Websites

Our website may contain links to third-party websites, applications, or services that are not owned or controlled by Chopt. This Privacy Policy applies only to our website and services. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

We strongly encourage you to review the privacy policies of any third-party websites you visit before providing your personal information. The presence of a link to a third-party site on our website does not constitute our endorsement of that site or its privacy practices.

12. Social Media and Third-Party Platforms

Our website may include social media features, such as Facebook "Like" buttons, Instagram feeds, or Twitter/X sharing widgets. These features may collect your IP address, track which pages you visit on our site, and set cookies to enable proper functionality. Your interactions with these features are governed by the privacy policy of the company providing them, not by this Privacy Policy.

If you choose to interact with our brand on social media platforms or connect your social media account with our services, those platforms may share certain profile information with us in accordance with your privacy settings on those platforms and their respective privacy policies.

We may also use third-party food delivery platforms (such as DoorDash, Grubhub, or Uber Eats) to fulfill orders. When you place an order through these platforms, your personal information is subject to both our Privacy Policy and the privacy policies of those platforms.

13. How to File a Privacy Complaint

If you believe we have violated your privacy rights or have a concern about our data practices, we encourage you to contact us first so we can address your concern directly and promptly.

13.1 Contact Us

Submit your privacy complaint or concern to:

Email: [email protected]
Website: choptgrill.rest

We will acknowledge your complaint within 5 business days and work to resolve it within 30 days. If your complaint involves a complex matter, we will keep you informed of progress and the expected resolution timeline.

13.2 Filing a Complaint With Regulatory Authorities

If you are not satisfied with our response to your privacy complaint, you have the right to file a complaint with the applicable regulatory authority:

For California Residents: You may file a complaint with the California Privacy Protection Agency (CPPA) or the California Attorney General's Office.
Website: cppa.ca.gov
California AG: oag.ca.gov/privacy
For All U.S. Residents — FTC Complaints: You may file a complaint with the Federal Trade Commission (FTC) regarding unfair or deceptive business practices related to privacy.
FTC Complaint Center: reportfraud.ftc.gov
Phone: 1-877-FTC-HELP (1-877-382-4357)
State Attorneys General: Many U.S. states have consumer protection offices where you can file privacy-related complaints. Contact your state's Attorney General office for more information.

14. Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. Currently, there is no universally accepted standard for how websites should respond to DNT signals. As such, our website does not currently respond to DNT browser signals. We will continue to monitor developments in this area and update our practices accordingly.

If you are a California resident, please note that under California's "Shine the Light" law (California Civil Code Section 1798.83), you have the right to request information about whether we disclose your personal information to third parties for direct marketing purposes. To make such a request, contact us at [email protected].

15. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. When we make material changes, we will:

Update the "Last Updated" date at the top of this page
Post a prominent notice on our website informing you of the changes
Send an email notification to registered users where the changes are material (where feasible and required by law)

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website or services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.

If you disagree with any changes to this Privacy Policy, you should discontinue use of our website and services and, if applicable, request deletion of your account and personal data.

16. Contact Information for Privacy Inquiries

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us. We are committed to addressing your privacy concerns promptly and transparently.

Privacy Contact Details

Company: Chopt

Email: [email protected]

Website: choptgrill.rest

Location: United States

Response Time: We aim to respond to all privacy inquiries within 5 business days.

When contacting us about a privacy matter, please include:

Your full name and contact information
A clear description of your inquiry or the right you wish to exercise
Your relationship with us (e.g., customer, website visitor, loyalty program member)
Any relevant account information (such as your registered email address) to help us locate your records

17. Legal Basis and Applicable Law

This Privacy Policy is governed by the laws of the United States, including but not limited to:

Federal Trade Commission Act (15 U.S.C. § 45) — governing unfair or deceptive acts or practices in commerce
Children's Online Privacy Protection Act (COPPA), 15 U.S.C. §§ 6501–6506 — protecting the privacy of children under 13
CAN-SPAM Act (15 U.S.C. § 7701 et seq.) — governing commercial email communications
California Consumer Privacy Act (Cal. Civ. Code § 1798.100 et seq.) and its amendment under the California Privacy Rights Act (CPRA) — for California residents
California "Shine the Light" Law (Cal. Civ. Code § 1798.83) — for California residents regarding third-party marketing disclosures
Other applicable state privacy laws as they come into effect

Any disputes arising from or related to this Privacy Policy shall be governed by the laws of the United States and the applicable laws of the state in which Chopt primarily operates.

Chopt Privacy Policy

Effective Date: June 29, 2026

For questions or concerns: [email protected] | choptgrill.rest