Mon–Fri 9am–6pm  |  Sat 10am–4pm

Privacy Policy

Effective Date: July 1, 2026  |  Last Updated: July 1, 2026

Welcome to Chopt. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website chopt-new.rest, place orders, use our services, or otherwise interact with us. Please read this policy carefully. If you do not agree with the terms of this Privacy Policy, please discontinue use of our website and services immediately.

This Privacy Policy applies to all information collected through our website, mobile experience, in-store interactions, loyalty programs, email communications, and any related services, sales, marketing, or events (collectively, the "Services").

1. Who We Are

Chopt is a food service business operating in the United States. We are dedicated to providing fresh, high-quality food experiences to our customers. For purposes of this Privacy Policy, "Chopt," "we," "us," and "our" refer to the business operating under this name.

We operate in compliance with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other applicable state and federal regulations.

2. Information We Collect

We collect information about you in various ways when you interact with us. The categories of information we collect include the following:

2.1 Personal Information You Provide Directly

When you create an account, place an order, sign up for our loyalty program, subscribe to our newsletter, contact our support team, or otherwise communicate with us, you may provide us with personal information, including but not limited to:

  • Identifiers: Full name, username, email address, phone number, mailing address, billing address, and date of birth.
  • Payment Information: Credit card numbers, debit card numbers, and other payment details. Note that full payment card details are processed by secure third-party payment processors; we do not store complete card numbers on our servers.
  • Account Credentials: Username, password (stored in encrypted form), and security question answers.
  • Order Information: Items ordered, customization preferences, dietary restrictions, special instructions, order history, and delivery addresses.
  • Communications: Messages, feedback, reviews, and survey responses you send to us.
  • Loyalty Program Data: Points balances, reward redemption history, and membership details.

2.2 Information Collected Automatically

When you access or use our website or digital services, we automatically collect certain technical information, including:

  • Usage Data: Pages visited, links clicked, time spent on pages, referral URLs, search queries, and navigation paths through our website.
  • Device Information: IP address, browser type and version, operating system, device type (desktop, mobile, tablet), screen resolution, language settings, and time zone.
  • Log Data: Server logs including access times, error reports, and crash data.
  • Location Data: General geographic location inferred from your IP address. If you grant permission, we may also collect precise GPS location data from your mobile device to facilitate delivery services or locate nearby Chopt locations.
  • Cookies and Tracking Technologies: Data collected through cookies, web beacons, pixel tags, and similar technologies. Please see Section 8 (Cookie Usage) for more details.

2.3 Information from Third Parties

We may receive information about you from third parties, such as:

  • Social Media Platforms: If you connect your social media account (e.g., Facebook, Google, Apple) to our Services or log in using social sign-on features, we may receive profile information such as your name, email address, and profile picture.
  • Delivery Partners: Third-party delivery platforms (such as DoorDash, Uber Eats, or Grubhub) may share order and contact details with us to fulfill your orders.
  • Analytics Providers: Third-party analytics services may provide us with aggregated and de-identified information about website traffic and user behavior.
  • Marketing Partners: We may receive information from marketing partners to help us reach potential customers or improve our advertising campaigns.

2.4 Sensitive Personal Information

In certain circumstances, we may collect or process sensitive personal information, such as dietary restrictions or allergen information that you voluntarily provide when placing an order. We collect this information solely to fulfill your food service requests and improve your experience. We do not use sensitive personal information for purposes beyond those necessary to provide our Services or as otherwise permitted by applicable law.

3. How We Use Your Information

We use the information we collect for a variety of legitimate business purposes, including the following:

3.1 Service Provision and Order Fulfillment

  • Processing and fulfilling your food orders, including delivery and pickup arrangements.
  • Managing your account and profile.
  • Processing payments and issuing refunds or credits.
  • Administering our loyalty program and reward redemptions.
  • Communicating with you about your orders, account activity, and customer service inquiries.
  • Sending transactional emails such as order confirmations, receipts, and delivery updates.

3.2 Analytics and Service Improvement

  • Analyzing usage patterns and trends to understand how our customers interact with our website and Services.
  • Improving the functionality, design, and content of our website and mobile experience.
  • Conducting research and development to create new menu items, features, and promotions.
  • Monitoring and analyzing the effectiveness of our marketing campaigns.
  • Performing internal audits, data analysis, and research.

3.3 Marketing and Promotions

  • Sending you newsletters, promotional offers, coupons, and updates about new menu items or locations, where you have consented or where we have a legitimate interest to do so.
  • Personalizing your experience on our website by showing you content and offers relevant to your preferences and order history.
  • Conducting sweepstakes, contests, surveys, and other promotional activities.
  • Displaying targeted advertising on our platform and third-party platforms (such as social media and search engines).

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any promotional email, updating your account preferences, or contacting us at [email protected].

3.4 Legal Compliance and Safety

  • Complying with applicable laws, regulations, legal processes, and governmental requests.
  • Detecting, investigating, and preventing fraudulent transactions, abuse, security incidents, and other harmful activity.
  • Enforcing our Terms of Service and other agreements.
  • Protecting the rights, property, and safety of Chopt, our customers, and the public.

4. How We Share Your Information

We do not sell your personal information to third parties for their own independent marketing purposes. We may share your information in the following circumstances:

4.1 Service Providers and Business Partners

We share your information with trusted third-party vendors and service providers who perform services on our behalf, including:

  • Payment Processors: To securely process credit and debit card transactions (e.g., Stripe, Square).
  • Delivery Partners: To fulfill delivery orders placed through our platform or third-party platforms.
  • Cloud Hosting and IT Services: To host our website, store data securely, and maintain our technical infrastructure.
  • Email and SMS Marketing Platforms: To send you transactional and promotional communications.
  • Analytics Providers: Such as Google Analytics, to help us understand website usage and improve our Services.
  • Customer Support Tools: To manage and respond to your inquiries and feedback.
  • Advertising Networks: To display targeted advertisements on third-party platforms.

All third-party service providers are contractually obligated to use your information only as necessary to perform services on our behalf and to maintain appropriate data security measures.

4.2 Legal Requirements and Law Enforcement

We may disclose your personal information if we believe in good faith that such disclosure is necessary to:

  • Comply with a legal obligation, court order, subpoena, or governmental request.
  • Investigate or respond to allegations of fraud, misrepresentation, or illegal activity.
  • Protect the rights, property, or safety of Chopt, our employees, customers, or the public.
  • Enforce our Terms of Service or other agreements.

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, sale of assets, or similar corporate transaction, your personal information may be transferred to the acquiring entity as part of the transaction. We will notify you via email or a prominent notice on our website if such a transfer results in material changes to how your information is used, and you will have the opportunity to exercise your rights under this Privacy Policy.

4.4 With Your Consent

We may share your personal information with other third parties when you have given us your explicit consent to do so, such as when you participate in a co-branded promotion or connect your account to a third-party platform.

4.5 Aggregate and De-Identified Data

We may share aggregated or de-identified information — which cannot reasonably be used to identify you — with third parties for research, marketing, analytics, and other purposes. This type of sharing does not constitute a "sale" of personal information under applicable privacy laws.

5. Data Security

We take the security of your personal information seriously and implement a variety of industry-standard technical, administrative, and physical safeguards designed to protect your information from unauthorized access, disclosure, alteration, and destruction. Our security measures include:

  • Encryption: We use SSL/TLS encryption to protect data transmitted between your browser and our servers. Stored data is encrypted at rest using industry-standard encryption protocols.
  • Access Controls: Access to personal information is restricted to authorized personnel who need it to perform their job functions. Employees are trained on data privacy and security best practices.
  • Secure Payment Processing: Payment card information is processed by PCI DSS-compliant payment processors. We do not store full credit card numbers on our servers.
  • Regular Security Assessments: We conduct periodic security audits, vulnerability assessments, and penetration testing to identify and address potential security risks.
  • Incident Response: We maintain a data breach response plan to promptly detect, investigate, and respond to security incidents in accordance with applicable legal requirements.

Despite our best efforts, no method of transmission over the internet or method of electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee its absolute security. If you believe your account or information has been compromised, please contact us immediately at [email protected].

6. Your Privacy Rights

Depending on your state of residence in the United States, you may have certain rights regarding your personal information. We honor these rights to the fullest extent required by applicable law.

6.1 Rights Under the California Consumer Privacy Act (CCPA/CPRA)

If you are a California resident, you have the following rights under the CCPA as amended by the CPRA:

Right Description
Right to Know You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the purposes for which it was used, and the categories of third parties with whom it was shared.
Right to Delete You have the right to request deletion of your personal information that we have collected, subject to certain exceptions permitted by law.
Right to Correct You have the right to request correction of inaccurate personal information we maintain about you.
Right to Opt-Out of Sale/Sharing You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising. To exercise this right, please contact us at [email protected].
Right to Limit Use of Sensitive Information You have the right to limit our use and disclosure of your sensitive personal information to purposes specifically authorized by the CPRA.
Right to Non-Discrimination You have the right not to receive discriminatory treatment for exercising your CCPA/CPRA privacy rights. We will not deny you goods or services, charge you different prices, or provide you a different quality of service because you exercised your rights.

6.2 General Privacy Rights (All Users)

Regardless of your state of residence, we offer all users the following options:

  • Access and Update: You may access and update your personal information at any time by logging into your account settings or contacting us directly.
  • Opt-Out of Marketing: You may unsubscribe from promotional emails at any time using the unsubscribe link in our emails or by contacting us.
  • Account Deletion: You may request deletion of your account by contacting us. Please note that certain information may be retained as required by law or for legitimate business purposes.
  • Data Portability: You may request a copy of your personal information in a structured, machine-readable format.

6.3 How to Exercise Your Rights

To exercise any of your privacy rights, please submit a verifiable request to us by:

We will verify your identity before processing your request to protect your privacy and security. We will respond to your verifiable consumer request within 45 days of receipt. If we require more time (up to an additional 45 days), we will inform you of the reason and extension period in writing. We will process requests free of charge, unless they are manifestly unfounded, excessive, or repetitive, in which case we may charge a reasonable fee or decline to comply.

You may also designate an authorized agent to make a request on your behalf. We may require the agent to provide proof of authorization and may require you to verify your identity directly with us.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Our general data retention practices are as follows:

Category of Data Retention Period
Account and profile information For the duration of your account, plus up to 3 years after account closure
Order history and transaction records Up to 7 years for tax and accounting purposes
Payment information Retained only as long as necessary to process the transaction; full card details are not stored
Marketing preferences and communications Until you opt out, plus a reasonable period for compliance records
Website usage and analytics data Up to 26 months in aggregate or de-identified form
Customer support communications Up to 3 years from the date of the last interaction
Legal and compliance records As required by applicable law, typically up to 7 years

When your personal information is no longer needed, we will securely delete or anonymize it. If deletion is not immediately possible (for example, because the information is stored in backup archives), we will securely store the information and isolate it from further processing until deletion is possible.

8. Cookie Usage

Our website uses cookies and similar tracking technologies (such as web beacons, pixel tags, and local storage) to enhance your browsing experience, analyze website traffic, and deliver personalized content and advertisements.

8.1 Types of Cookies We Use

  • Strictly Necessary Cookies: These cookies are essential for the operation of our website, enabling you to navigate the site and use core features such as shopping cart functionality and account login. These cookies cannot be disabled.
  • Performance and Analytics Cookies: These cookies collect information about how visitors use our website, such as which pages are visited most often and whether any errors occur. This data helps us improve our website performance. (e.g., Google Analytics)
  • Functionality Cookies: These cookies remember your preferences and settings (such as your location, language, and saved items) to provide a more personalized experience.
  • Targeting and Advertising Cookies: These cookies track your browsing behavior to deliver relevant advertisements on our website and third-party platforms and to measure the effectiveness of advertising campaigns.

8.2 Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or be notified when a new cookie is set. Please note that disabling certain cookies may affect the functionality of our website. For more detailed information about the cookies we use and how to manage them, please refer to our full Cookie Policy, available on our website at chopt-new.rest.

9. Children's Privacy

Our Services are intended for adults aged 18 years and older. We do not knowingly collect, solicit, or process personal information from individuals under the age of 18. If you are under 18, please do not use our Services or provide any personal information to us.

If we become aware that we have collected personal information from a child under the age of 13 without verifiable parental consent, as required under the Children's Online Privacy Protection Act (COPPA), we will take immediate steps to delete that information from our records. If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us at [email protected] so we can take appropriate action.

For users between the ages of 13 and 17, we encourage parents and guardians to monitor their children's internet usage and to supervise any interactions with our website. We do not specifically target our Services to minors.

10. International Data Transfers

Chopt is a United States-based business, and all of our operations, servers, and data storage are located within the United States. If you are accessing our Services from outside the United States, please be aware that your personal information may be transferred to, stored in, and processed in the United States.

The United States may have data protection laws that differ from those in your country of residence. By using our Services and providing us with your personal information, you consent to the transfer of your information to the United States and acknowledge that your information will be processed in accordance with this Privacy Policy and applicable United States law.

If you are located in a jurisdiction with specific data transfer restrictions, such as the European Economic Area (EEA), the United Kingdom, or Switzerland, please contact us at [email protected] to inquire about the appropriate safeguards we have in place for international data transfers.

11. Third-Party Links and Services

Our website may contain links to third-party websites, services, and platforms, including social media networks, delivery partner platforms, and payment processors. This Privacy Policy does not apply to those third-party services, and we are not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policies of any third-party services you access through our website before providing any personal information.

Additionally, our website may include social media plugins (such as Facebook Like buttons or Twitter share buttons) that may allow social media companies to collect information about your visit to our website. Your interactions with these features are governed by the privacy policies of the respective social media companies.

12. Do Not Track Signals

Some web browsers have a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. Because there is currently no uniform standard for recognizing and responding to DNT signals, our website does not currently respond to DNT browser signals. We will continue to monitor developments in DNT technology and standards and will update our practices accordingly.

California residents may also exercise their right to opt out of the sale or sharing of their personal information as described in Section 6.1 of this Privacy Policy.

13. FTC Act Compliance and Consumer Protection

Chopt's privacy and data practices are subject to the jurisdiction of the Federal Trade Commission (FTC) under the FTC Act, 15 U.S.C. § 45, which prohibits unfair or deceptive acts or practices in commerce. We are committed to maintaining fair and transparent data practices and will not engage in any deceptive or misleading representations regarding the collection, use, or sharing of your personal information.

We periodically review and update our privacy practices to ensure compliance with FTC guidance, applicable federal and state laws, and industry best practices. Our commitment to consumer protection means that we will always seek to give you meaningful control over your personal information and provide clear, honest disclosures about how your data is used.

14. State-Specific Privacy Rights

In addition to California's CCPA/CPRA, residents of other states may have privacy rights under their state's applicable laws. As of the effective date of this Privacy Policy, the following states have enacted comprehensive consumer privacy legislation that may apply to our collection and processing of your personal information:

  • Virginia: Consumer Data Protection Act (CDPA)
  • Colorado: Colorado Privacy Act (CPA)
  • Connecticut: Connecticut Data Privacy Act (CTDPA)
  • Utah: Utah Consumer Privacy Act (UCPA)
  • Texas: Texas Data Privacy and Security Act (TDPSA)
  • Oregon: Oregon Consumer Privacy Act (OCPA)
  • Montana: Montana Consumer Data Privacy Act (MCDPA)

If you are a resident of any of these states, you may have rights similar to those described in Section 6 of this Privacy Policy, including rights to access, correct, delete, and obtain a portable copy of your personal information, as well as the right to opt out of certain processing activities. To exercise your rights under applicable state law, please contact us at [email protected].

15. How to File a Complaint

We take your privacy concerns seriously and will do our best to resolve any issues you may have. If you have a concern or complaint about how we handle your personal information, we encourage you to contact us first so that we may attempt to resolve the matter.

15.1 Contacting Us

Please submit your privacy complaint or concern to:

We will acknowledge your complaint within 10 business days and will work to resolve the matter within 45 days. If we need additional time to investigate your complaint, we will notify you and provide an estimated resolution date.

15.2 Filing a Complaint with a Regulatory Authority

If you are not satisfied with our response, or if you believe we have violated applicable privacy law, you have the right to file a complaint with the relevant data protection or consumer protection authority. In the United States, the following authorities may be appropriate:

  • Federal Trade Commission (FTC): The FTC handles consumer complaints related to privacy and data security. You can file a complaint online at ftc.gov/complaint or by calling 1-877-FTC-HELP (1-877-382-4357).
  • California Attorney General (California Residents): California residents who believe their CCPA/CPRA rights have been violated may file a complaint with the California Attorney General's Office at oag.ca.gov.
  • California Privacy Protection Agency (CPPA): California residents may also file complaints with the CPPA, the state agency responsible for enforcing the CPRA, at cppa.ca.gov.
  • State Attorney General: Residents of other states may contact their respective state Attorney General's office to file privacy-related complaints. Contact information for each state's Attorney General can be found at the National Association of Attorneys General (NAAG) website at naag.org.

16. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or for other legitimate business reasons. When we make changes, we will update the "Last Updated" date at the top of this Privacy Policy and, where required by law, notify you of material changes via email or a prominent notice on our website.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our Services after the effective date of any changes to this Privacy Policy constitutes your acceptance of the revised policy.

If we make material changes that significantly affect your privacy rights or how we use your personal information, we will provide at least 30 days' advance notice before the changes take effect. If you do not agree with the updated Privacy Policy, you should discontinue using our Services and may request deletion of your account and personal information as described in Section 6 of this policy.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us. We are committed to addressing your inquiries promptly and transparently.

Privacy Inquiries — Chopt

We aim to respond to all privacy-related inquiries within 10 business days. For urgent security matters or suspected data breaches, please contact us immediately via email with "URGENT — Privacy" in the subject line.

Summary: This Privacy Policy governs how Chopt (chopt-new.rest) collects, uses, shares, and protects your personal information in connection with our food services. We are committed to transparency, your privacy rights, and compliance with applicable United States privacy law, including the CCPA/CPRA and the FTC Act. For questions, contact us at [email protected].