Privacy Policy

This Privacy Policy describes how Church's Chicken (referred to as "we," "us," "our," or "the Company") collects, uses, discloses, retains, and protects personal information obtained from visitors and users of our website chickschurchs.rest and any related digital services, mobile applications, online ordering platforms, loyalty programs, and other touchpoints (collectively, the "Services"). Please read this Privacy Policy carefully before using our Services. By accessing or using our website or any of our Services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.

We are committed to protecting your privacy and handling your personal information with transparency, integrity, and respect. This policy is designed to comply with applicable United States federal and state privacy laws, including but not limited to the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other applicable federal and state consumer protection regulations.

If you do not agree with the terms of this Privacy Policy, please discontinue use of our Services immediately. If you have questions or concerns, please contact us using the information provided at the end of this document.

1. About Us and Our Contact Information

For the purposes of this Privacy Policy, the data controller responsible for your personal information is:

All privacy-related inquiries, requests, and complaints should be directed to the contact details above. We aim to respond to all legitimate privacy requests within the timeframes required by applicable law.

2. Scope of This Privacy Policy

This Privacy Policy applies to all personal information collected by Church's Chicken through:

• Our website at chickschurchs.rest and any subdomains thereof;
• Online food ordering and delivery platforms operated by or on behalf of Church's Chicken;
• Our loyalty and rewards programs;
• Customer service interactions, including via email, phone, or online chat;
• Promotional campaigns, sweepstakes, contests, and surveys;
• Social media interactions and third-party platforms where Church's Chicken has an official presence;
• In-store digital kiosks, point-of-sale systems, and Wi-Fi networks operated by Church's Chicken;
• Any other means by which you provide personal information to us.

This Privacy Policy does not apply to the practices of third-party companies, websites, or services that we do not own or control, even if links to those services are provided on our website. We encourage you to review the privacy policies of any third-party services you access.

3. Information We Collect

We collect several categories of personal information depending on how you interact with our Services. The types of information we may collect include:

3.1 Personal Identification Information

When you create an account, place an order, register for our loyalty program, or otherwise interact with our Services, we may collect:

• Full name;
• Email address;
• Phone number;
• Mailing address and delivery address;
• Date of birth (for age verification and birthday promotions);
• Username and password for account access;
• Profile picture or avatar (if you choose to upload one);
• Payment information (credit card, debit card, digital wallet details — processed through secure, PCI-DSS compliant processors).

3.2 Order and Transaction Information

When you place food orders or make purchases through our Services, we collect:

• Order history, including items ordered, order amounts, and order frequency;
• Delivery and pickup preferences;
• Special dietary preferences or instructions you provide;
• Transaction records and receipts;
• Loyalty points and reward redemption history;
• Payment method details (we do not store full payment card numbers; these are handled by our secure payment processors).

3.3 Usage Data and Technical Information

When you visit or interact with our website or digital Services, we automatically collect certain technical information, including:

• IP address;
• Browser type and version;
• Operating system and device type;
• Pages visited, links clicked, and time spent on pages;
• Referring URLs and exit pages;
• Search queries entered on our website;
• Session duration and frequency of visits;
• Crash reports and performance data.

3.4 Device Information

If you access our Services via a mobile device or application, we may also collect:

• Device identifier (such as a mobile advertising ID);
• Hardware model and specifications;
• Mobile network information;
• Application version and settings;
• Geolocation data (with your explicit consent) for store locator and delivery features.

3.5 Communications and Customer Service Information

When you contact our customer service team, submit feedback, or communicate with us in any way, we collect:

• The content of your messages and communications;
• Records of interactions with our customer service representatives;
• Feedback, reviews, ratings, and survey responses you provide.

3.6 Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, local storage, and similar tracking technologies to collect information about your activity on our website and interactions with our email communications. Please refer to Section 9 of this Privacy Policy for detailed information about our use of cookies and your choices.

3.7 Information Collected from Third Parties

We may also receive personal information about you from third parties, such as:

• Social media platforms, if you log in using a social media account or interact with our social media content;
• Third-party food delivery partners (e.g., DoorDash, Uber Eats, Grubhub) that facilitate orders on our behalf;
• Marketing and analytics partners who help us understand our audience and improve our Services;
• Fraud detection and prevention service providers;
• Publicly available sources.

4. How We Use Your Personal Information

We use the personal information we collect for a variety of legitimate business purposes, including:

4.1 Providing and Managing Our Services

• Processing your food orders and facilitating delivery or pickup;
• Creating and managing your account and loyalty program membership;
• Processing payments and maintaining transaction records;
• Sending order confirmations, receipts, and status updates;
• Responding to your inquiries, complaints, and customer service requests;
• Administering promotional campaigns, contests, sweepstakes, and surveys.

4.2 Improving and Personalizing Our Services

• Analyzing usage patterns and trends to improve our website, menu offerings, and overall customer experience;
• Personalizing your experience by recommending menu items based on your order history and preferences;
• Conducting internal research, analytics, and reporting;
• Testing new features, products, and services before public launch;
• Monitoring and improving the performance, security, and reliability of our Services.

4.3 Marketing and Communications

• Sending promotional emails, newsletters, and special offers about Church's Chicken products and services (with your consent where required by law);
• Delivering targeted advertising on our website, third-party websites, and social media platforms based on your interests and browsing behavior;
• Notifying you about loyalty points, rewards, and personalized offers;
• Sending push notifications through our mobile application (where you have enabled this feature).

You may opt out of marketing communications at any time by following the unsubscribe instructions included in our emails or by contacting us at [email protected].

4.4 Legal Compliance and Safety

• Complying with applicable federal, state, and local laws and regulations;
• Responding to lawful requests from government authorities, courts, or law enforcement agencies;
• Detecting, preventing, and addressing fraud, security breaches, and other harmful or unlawful activities;
• Enforcing our Terms of Service and other applicable agreements;
• Protecting the rights, property, and safety of Church's Chicken, our customers, and the public.

4.5 Business Operations and Transfers

• Managing our business operations, including accounting, auditing, and financial reporting;
• In connection with a merger, acquisition, reorganization, sale of assets, or other business transaction, where your information may be transferred as part of the transaction (subject to appropriate confidentiality obligations).

5. Legal Basis for Processing Personal Information

Where applicable under federal and state law, we process your personal information based on the following legal grounds:

• Contract Performance: Processing necessary to fulfill your orders and provide the Services you request;
• Legitimate Interests: Processing for our legitimate business interests, such as improving our Services, preventing fraud, and conducting analytics, provided those interests do not override your fundamental privacy rights;
• Consent: Where you have given us your explicit consent to process your information for a specific purpose, such as receiving marketing communications or enabling location tracking;
• Legal Obligation: Processing necessary to comply with applicable laws and regulations or to respond to lawful government requests.

6. Sharing Your Personal Information with Third Parties

We do not sell, rent, or trade your personal information to third parties for their own independent marketing purposes. However, we may share your personal information with third parties in the following circumstances:

6.1 Service Providers and Business Partners

We engage trusted third-party companies and individuals to perform services on our behalf. These service providers are contractually obligated to use your information only as directed by us and in accordance with this Privacy Policy. Categories of service providers include:

• Payment processors and financial institutions;
• Third-party food delivery platforms (e.g., DoorDash, Uber Eats, Grubhub);
• Cloud computing and data storage providers;
• Email and SMS marketing platform providers;
• Website analytics providers (e.g., Google Analytics);
• Customer relationship management (CRM) software providers;
• Advertising technology partners and ad networks;
• Fraud prevention and identity verification services;
• Legal, accounting, and professional advisory services.

6.2 Legal Requirements and Safety

We may disclose your personal information if we believe in good faith that such disclosure is necessary to:

• Comply with a legal obligation, court order, subpoena, or government request;
• Enforce our Terms of Service or other agreements;
• Protect our rights, property, or safety, or the rights, property, or safety of our employees, customers, or the public;
• Detect, prevent, or address fraud, security issues, or technical problems.

6.3 Business Transfers

In the event of a merger, acquisition, joint venture, reorganization, dissolution, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred to the acquiring or successor entity. We will provide notice of any such transfer and the application of a new or different privacy policy.

6.4 With Your Consent

We may share your personal information with third parties for purposes not described in this Privacy Policy when we have obtained your explicit consent to do so.

6.5 Aggregated or De-Identified Information

We may share aggregated or de-identified information that cannot reasonably be used to identify you with third parties for research, analytics, marketing, or other business purposes.

7. Your Privacy Rights

Depending on your state of residence and applicable law, you may have certain rights regarding your personal information. We respect and honor these rights as described below.

7.1 Rights for California Residents (CCPA/CPRA)

If you are a resident of California, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants you the following rights:

• Right to Know: You have the right to request that we disclose what personal information we have collected about you, the categories of sources, the business or commercial purpose for collecting it, the categories of third parties we share it with, and the specific pieces of personal information we hold about you.
• Right to Delete: You have the right to request that we delete the personal information we have collected about you, subject to certain exceptions permitted by law (such as completing transactions, legal compliance, or security purposes).
• Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you.
• Right to Opt Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising purposes. To exercise this right, please contact us at [email protected].
• Right to Limit Use of Sensitive Personal Information: To the extent we collect sensitive personal information, you have the right to limit our use of such information to what is necessary to perform the Services.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge you different prices, provide a different quality of service, or suggest that you will receive a different level of service because you exercised your rights.

To submit a verifiable consumer request under the CCPA/CPRA, please contact us at [email protected]. We will verify your identity before processing your request and respond within 45 days, with an extension of an additional 45 days where necessary and with prior notice.

7.2 Rights for All United States Users

Regardless of your state of residence, we offer all users the following rights and choices:

• Right to Access and Review: You may access and review the personal information associated with your account by logging into your account settings.
• Right to Correction: You may update or correct inaccurate information in your account at any time through your account settings or by contacting us.
• Right to Deletion: You may request that we delete your account and associated personal information by contacting us at [email protected].
• Right to Data Portability: Upon request, we will provide you with a copy of your personal information in a structured, commonly used, and machine-readable format, to the extent technically feasible.
• Right to Opt Out of Marketing: You may opt out of receiving marketing communications at any time by clicking the "unsubscribe" link in our emails or by contacting us directly.
• Right to Withdraw Consent: Where processing is based on your consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.

7.3 Exercising Your Rights

To exercise any of the rights described in this section, please submit your request to:

• Email: [email protected]
• Website: chickschurchs.rest

We may need to verify your identity before processing your request. We will not charge a fee for processing your request unless it is excessive, repetitive, or manifestly unfounded. We will inform you of any applicable fee before completing your request.

8. Data Security

We take the security of your personal information seriously and implement a variety of industry-standard technical, administrative, and physical safeguards designed to protect your information from unauthorized access, disclosure, alteration, misuse, or destruction. Our security measures include:

• Encryption: We use Secure Socket Layer (SSL) / Transport Layer Security (TLS) encryption to protect data transmitted between your browser or device and our servers;
• Access Controls: We restrict access to personal information to authorized employees, contractors, and agents who have a legitimate business need to know such information, and who are bound by confidentiality obligations;
• Payment Security: We use PCI-DSS compliant payment processors and do not store full payment card numbers on our systems;
• Firewalls and Intrusion Detection: We employ network security measures including firewalls and intrusion detection systems to monitor and protect against unauthorized access;
• Regular Security Assessments: We conduct periodic security assessments and penetration testing to identify and address potential vulnerabilities;
• Employee Training: We provide regular privacy and security training to our employees and contractors;
• Incident Response: We maintain a data breach response plan and will notify affected users and applicable regulatory authorities as required by law in the event of a security breach involving personal information.

Despite our efforts, no security system is completely impenetrable or foolproof. We cannot guarantee the absolute security of your personal information. You are also responsible for maintaining the security of your account credentials and should notify us immediately if you suspect unauthorized access to your account.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies (such as web beacons, pixel tags, and local storage objects) to operate and improve our website and Services, personalize your experience, and deliver relevant advertising.

9.1 Types of Cookies We Use

• Strictly Necessary Cookies: Required for the website to function properly. These cannot be disabled without affecting website functionality.
• Performance and Analytics Cookies: Help us understand how visitors interact with our website by collecting and reporting information anonymously (e.g., Google Analytics).
• Functionality Cookies: Allow our website to remember your preferences (such as your location, language, and saved orders) to provide a personalized experience.
• Targeting and Advertising Cookies: Used to deliver advertisements that are relevant and engaging to you and to track the effectiveness of our advertising campaigns.

9.2 Your Cookie Choices

You can control and manage cookies in several ways:

• Through our cookie consent tool displayed when you first visit our website;
• By adjusting your browser settings to refuse or delete cookies (note that this may affect the functionality of our website);
• By opting out of interest-based advertising through tools such as the Digital Advertising Alliance (DAA) Opt-Out Tool or the Network Advertising Initiative (NAI) Opt-Out Tool.

For more detailed information about the cookies we use and how to manage your preferences, please refer to our full Cookie Policy available on our website at chickschurchs.rest.

10. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by applicable law. The factors we consider when determining retention periods include:

• The nature and sensitivity of the personal information;
• The purpose for which the information was collected and the ongoing need for it;
• Whether you have an active account or ongoing relationship with us;
• Our legal obligations, including tax, accounting, and regulatory requirements;
• Any applicable statute of limitations or potential litigation needs;
• Our legitimate business interests, such as fraud prevention and service improvement.

As general guidance, we apply the following retention periods:

When personal information is no longer needed, we will securely delete or anonymize it in accordance with our data destruction policies.

11. Children's Privacy

Our Services are intended for use by individuals who are 18 years of age or older. We do not knowingly collect, solicit, or process personal information from children under the age of 13, and we do not direct our Services or marketing to children. Our digital Services, online ordering platforms, loyalty programs, and promotional campaigns are designed for adult consumers.

We comply with the Children's Online Privacy Protection Act (COPPA). If we learn that we have inadvertently collected personal information from a child under the age of 13 without verifiable parental consent, we will take prompt steps to delete such information from our systems.

If you are a parent or legal guardian and believe that your child under 13 has provided us with personal information without your consent, please contact us immediately at [email protected]. We will investigate the matter and take appropriate action.

We also recommend that parents and guardians monitor their children's use of online services and exercise appropriate oversight of their digital activities.

12. International Data Transfers

Church's Chicken is based in the United States, and your personal information is primarily collected, processed, and stored in the United States. The United States may not offer the same level of data protection as the country in which you reside, and by using our Services, you acknowledge and consent to the transfer of your personal information to the United States and its processing there.

If we transfer personal information to service providers or partners located in other countries, we take appropriate steps to ensure that such transfers are protected by adequate safeguards, including:

• Entering into data processing agreements with service providers that include appropriate contractual protections;
• Ensuring that third-party service providers are contractually bound to maintain appropriate data security and privacy standards;
• Only transferring data to countries that provide adequate protection for personal information, or using other lawful transfer mechanisms as required by applicable law.

If you are located outside of the United States and choose to use our Services, please be aware that your information may be transferred to, stored, and processed in a jurisdiction that may have different privacy laws than those in your country of residence.

13. Third-Party Websites and Links

Our website and Services may contain links to third-party websites, social media platforms, and applications that are not owned or controlled by Church's Chicken. This Privacy Policy does not apply to such third-party services. We have no control over the content, privacy practices, or security measures of third-party websites, and we are not responsible for their privacy practices.

We encourage you to review the privacy policies of every third-party website or application that you visit or use. Your interactions with third-party platforms (such as Facebook, Instagram, Twitter/X, Google, or food delivery apps) are governed by those platforms' own terms and privacy policies.

14. Do Not Track Signals

Some web browsers support a "Do Not Track" (DNT) feature that signals to websites that you prefer not to be tracked. At this time, there is no universally accepted standard for how companies should respond to DNT signals, and our website does not currently respond to DNT browser signals. However, you can manage your tracking preferences through your cookie settings and the opt-out tools described in Section 9 of this Privacy Policy.

We will update this section of our Privacy Policy if an industry-wide standard for DNT compliance is established.

15. FTC Compliance and Consumer Protection

We are committed to compliance with the Federal Trade Commission Act (FTC Act), which prohibits unfair or deceptive acts or practices in commerce. Our privacy and data security practices are designed to be transparent, fair, and consistent with FTC guidelines and enforcement priorities, including:

• Providing clear and conspicuous notice of our data collection and use practices;
• Obtaining appropriate consent for data collection and marketing communications;
• Honoring consumer choices and opt-out requests in a timely manner;
• Implementing reasonable data security measures to protect consumer information;
• Not engaging in deceptive or misleading representations about our privacy practices.

16. How to File a Complaint

If you have concerns about how we handle your personal information and are not satisfied with our response, you have the right to file a complaint with the relevant regulatory authority.

16.1 Complaints to the Federal Trade Commission (FTC)

United States residents may file a complaint about privacy practices with the Federal Trade Commission (FTC), which is the primary federal agency responsible for enforcing consumer protection laws, including privacy-related regulations:

• FTC Website: www.ftc.gov/complaint
• FTC Consumer Response Center: 600 Pennsylvania Avenue NW, Washington, DC 20580
• FTC Phone: 1-877-382-4357

16.2 Complaints for California Residents

California residents may also file a complaint with the California Privacy Protection Agency (CPPA), which oversees enforcement of the CCPA/CPRA:

• CPPA Website: cppa.ca.gov
• Address: 2101 Arena Blvd., Sacramento, CA 95834

Alternatively, California residents may file a complaint with the California Attorney General's Office:

• Website: oag.ca.gov/privacy/privacy-laws

16.3 State Attorney General Offices

Residents of other U.S. states may contact their respective State Attorney General's office for guidance on consumer privacy complaints. Most state attorneys general have consumer protection divisions that handle privacy-related concerns.

We encourage you to contact us first at [email protected] before filing a formal complaint, so that we have the opportunity to address your concerns directly and promptly.

17. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our business practices, legal requirements, or applicable regulations. When we make material changes to this Privacy Policy, we will:

• Update the "Last Updated" date at the top of this Privacy Policy;
• Post the revised Privacy Policy on our website at chickschurchs.rest;
• Where required by law or where we deem it appropriate, notify you of significant changes via email or a prominent notice on our website.

Your continued use of our Services after the effective date of any updated Privacy Policy constitutes your acceptance of the revised terms. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please do not hesitate to contact our Privacy Team:

We will use reasonable efforts to respond to your privacy inquiries and requests within the timeframes required by applicable law. Please include sufficient information in your request to allow us to identify your account (if applicable) and verify your identity.