Privacy Policy

This Privacy Policy describes how Church's Chicken ("we," "us," "our," or the "Company") collects, uses, discloses, retains, and protects your personal information when you visit or interact with our website located at chickenchurchz.digital (the "Website"), use our mobile applications, place orders, participate in our loyalty programs, or otherwise engage with our services (collectively, the "Services"). Please read this Privacy Policy carefully before using our Services.

By accessing or using our Website and Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please discontinue use of our Website and Services immediately.

This Privacy Policy is governed by and complies with applicable United States federal and state privacy laws, including but not limited to the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), the CAN-SPAM Act, the Children's Online Privacy Protection Act (COPPA), and other applicable state privacy statutes.

1. About Us and How to Contact Us

Church's Chicken operates this Website and provides food-related products and services to consumers across the United States. We are committed to protecting your privacy and handling your personal data responsibly and transparently.

For any questions, concerns, or requests related to this Privacy Policy or your personal information, you may contact us using the following details:

Our privacy team is available to respond to your inquiries within 30 days of receipt, in accordance with applicable legal requirements.

2. Scope of This Privacy Policy

This Privacy Policy applies to all individuals who interact with our Services, including but not limited to:

• Visitors to our Website at chickenchurchz.digital
• Customers who place online food orders through our Website or mobile application
• Members of our loyalty and rewards programs
• Individuals who subscribe to our newsletters, promotional emails, or marketing communications
• Individuals who contact us through customer support channels
• Participants in our surveys, contests, or promotional events

This Privacy Policy does not apply to the practices of third-party websites, services, or applications that may be linked to or from our Website. We encourage you to review the privacy policies of any third-party services you visit.

3. Information We Collect

We collect various categories of personal information depending on how you interact with our Services. The information we collect falls into the following categories:

3.1 Personal Identification Information

When you create an account, place an order, or contact us, we may collect:

• Full name (first and last)
• Email address
• Phone number
• Mailing address and delivery address
• Date of birth (for age verification and promotional purposes)
• Username and password for account access
• Profile photo or avatar (if voluntarily provided)

3.2 Payment and Financial Information

When you make a purchase through our Website or app, we collect payment-related information necessary to process your transaction, including:

• Credit card or debit card number (last four digits stored; full number processed by secure payment processors)
• Billing address
• Payment method type (Visa, MasterCard, PayPal, Apple Pay, Google Pay, etc.)
• Transaction history and order records

We do not store full payment card numbers on our servers. All payment transactions are processed through PCI-DSS-compliant third-party payment processors.

3.3 Order and Transaction Data

• Items ordered, quantities, customizations, and special instructions
• Order history and purchase frequency
• Preferred restaurant locations and delivery addresses
• Loyalty points earned and redeemed
• Promotional offers applied at checkout

3.4 Usage and Technical Data

When you visit our Website or use our mobile app, we automatically collect technical information, including:

• Internet Protocol (IP) address
• Browser type and version
• Operating system and device type
• Pages visited and time spent on each page
• Links clicked and interactions performed
• Referring URL (the website you came from)
• Date and time of your visit
• Session identifiers and crash/error logs

3.5 Device Information

• Device model and manufacturer
• Mobile network information
• Unique device identifiers (UDID, IDFA, or Android Advertising ID)
• Mobile operating system version
• Push notification tokens (if you consent to push notifications)

3.6 Location Data

With your consent, we may collect your precise geolocation data to help you find nearby restaurant locations, facilitate delivery services, and provide location-relevant offers. You may disable location services at any time through your device settings.

• GPS coordinates (when location services are enabled)
• Approximate location derived from IP address
• Delivery address and preferred restaurant location

3.7 Communications Data

When you communicate with us, we may retain records of those communications, including:

• Customer support inquiries submitted via email, phone, or live chat
• Survey responses and feedback
• Reviews and ratings submitted by you
• Social media messages or mentions directed at us

3.8 Cookie and Tracking Technology Data

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect data about your browsing behavior and preferences. For more detailed information, please see Section 9 (Cookie Usage) of this Privacy Policy.

3.9 Information You Provide Voluntarily

• Dietary preferences and food allergies (if voluntarily disclosed)
• Participation data in contests, sweepstakes, or surveys
• Referral information (if you participate in our referral program)
• Social media account information (if you use social login features)

4. How We Use Your Information

We use the personal information we collect for the following purposes:

4.1 Service Provision and Order Fulfillment

• Processing and fulfilling your food orders, including delivery and pickup coordination
• Managing your customer account and loyalty rewards profile
• Sending order confirmations, receipts, and status updates
• Processing refunds, returns, and resolving transaction disputes
• Communicating with you regarding your account or orders

4.2 Personalization and Customer Experience

• Personalizing your experience based on past orders and preferences
• Recommending menu items, combos, or promotions that may interest you
• Saving your favorite orders and delivery addresses for convenience
• Customizing content displayed on the Website or app based on your location and preferences

4.3 Analytics and Service Improvement

• Analyzing usage patterns and Website traffic to improve our Services
• Conducting internal research, testing, and product development
• Monitoring and improving Website performance and uptime
• Understanding customer satisfaction through feedback and reviews
• Identifying and addressing technical issues and security vulnerabilities

4.4 Marketing and Promotional Communications

• Sending you promotional emails, newsletters, and special offers (where you have provided consent or where permitted by law)
• Sending push notifications about deals, promotions, and loyalty rewards
• Running targeted advertising campaigns on third-party platforms (e.g., Facebook, Google, Instagram)
• Administering sweepstakes, contests, or promotional events

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any email we send you, by adjusting your notification preferences in your account settings, or by contacting us at [email protected].

4.5 Legal and Compliance Purposes

• Complying with applicable laws, regulations, and legal obligations
• Responding to lawful requests from law enforcement or government authorities
• Enforcing our Terms of Service and other agreements
• Protecting the rights, property, and safety of our Company, our customers, and the public
• Detecting, preventing, and investigating fraud, abuse, or other illegal activity

4.6 Business Operations

• Managing supplier, partner, and franchise relationships
• Conducting business analytics, financial reporting, and strategic planning
• Facilitating corporate transactions such as mergers, acquisitions, or asset sales

5. How We Share Your Information

We do not sell your personal information to third parties for monetary compensation. However, we may share your information with the following categories of recipients under limited circumstances:

5.1 Service Providers and Business Partners

We engage trusted third-party vendors and service providers who assist us in operating our business and providing the Services. These parties are contractually obligated to use your information only for the purposes we specify and in compliance with applicable privacy laws. Such vendors may include:

• Payment processors (e.g., Stripe, PayPal, Braintree) for secure transaction handling
• Delivery and logistics partners for order fulfillment and last-mile delivery
• Cloud hosting and IT infrastructure providers (e.g., Amazon Web Services, Google Cloud)
• Analytics providers (e.g., Google Analytics, Mixpanel) for Website and app performance analysis
• Email marketing platforms (e.g., Mailchimp, Klaviyo) for sending communications
• Customer support software providers for managing support tickets
• Advertising networks (e.g., Meta Ads, Google Ads) for targeted marketing campaigns
• Fraud detection and security services for protecting your account and transactions

5.2 Franchise Locations

When you place an order at or interact with a specific Church's Chicken franchise location, limited information necessary to fulfill your order may be shared with that franchise operator. Franchise locations are required to adhere to our privacy standards.

5.3 Legal Requirements and Law Enforcement

We may disclose your personal information if required to do so by law or in good-faith belief that such disclosure is necessary to:

• Comply with a legal obligation, court order, subpoena, or government request
• Protect and defend the rights or property of Church's Chicken
• Prevent or investigate possible wrongdoing in connection with the Services
• Protect the personal safety of users of the Services or the public

5.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred to the acquiring entity. We will notify you via email or a prominent notice on our Website before your personal information is transferred and becomes subject to a different privacy policy.

5.5 With Your Consent

We may share your information with third parties in other ways if you have given us your explicit consent to do so.

6. Data Security

We take the security of your personal information seriously and implement a range of technical, administrative, and physical safeguards designed to protect your data from unauthorized access, disclosure, alteration, loss, or destruction. Our security measures include:

6.1 Technical Measures

• SSL/TLS Encryption: All data transmitted between your browser and our servers is encrypted using industry-standard Secure Socket Layer (SSL) and Transport Layer Security (TLS) protocols.
• Data Encryption at Rest: Sensitive personal and financial data stored in our databases is encrypted using AES-256 encryption.
• Firewalls and Intrusion Detection: We deploy firewalls, intrusion detection systems, and continuous network monitoring to prevent unauthorized access.
• Access Controls: Access to personal data is restricted to authorized employees and contractors who require it for their job functions, enforced through role-based access controls (RBAC).
• Multi-Factor Authentication (MFA): We require MFA for internal system access to prevent unauthorized logins.
• Regular Security Audits: We conduct regular vulnerability assessments and penetration testing to identify and remediate security risks.

6.2 Organizational Measures

• Employee training on data privacy and security best practices
• Confidentiality agreements for all employees and contractors with access to personal data
• Data minimization practices — we only collect and retain information that is necessary for specified purposes
• Incident response procedures to detect, report, and respond to data breaches promptly

6.3 Limitations

Despite our best efforts, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data. In the event of a data breach that affects your personal information, we will notify you in accordance with applicable state data breach notification laws, including the requirements of your respective state.

7. Your Rights and Choices

Depending on your state of residence within the United States, you may have certain rights regarding your personal information. We respect and honor these rights as required by applicable law.

7.1 Rights Under the California Consumer Privacy Act (CCPA/CPRA)

If you are a California resident, you have the following rights under the CCPA as amended by the CPRA:

• Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the sources from which it was collected, the business purposes for which it is used, and the categories of third parties with whom it is shared.
• Right to Delete: You have the right to request the deletion of personal information we have collected from you, subject to certain exceptions permitted by law.
• Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you.
• Right to Opt Out of Sale or Sharing: You have the right to opt out of the "sale" or "sharing" of your personal information for cross-context behavioral advertising purposes.
• Right to Limit Use of Sensitive Personal Information: You have the right to limit our use and disclosure of sensitive personal information to what is necessary to provide the Services.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. We will not deny you goods or services, charge you different prices, or provide you with a lower quality of service because you exercised your privacy rights.
• Right to Data Portability: You have the right to receive a copy of your personal information in a portable and readily usable format.

7.2 Rights Under Other State Privacy Laws

Residents of other states with applicable privacy legislation (including but not limited to Virginia, Colorado, Connecticut, Texas, Florida, and other states with enacted consumer privacy laws) may also have rights similar to those described above, including rights to access, correct, delete, and port their personal data, and to opt out of targeted advertising. We honor these rights to the extent required by applicable law.

7.3 How to Exercise Your Rights

To submit a privacy rights request, you may:

• Email us at [email protected] with the subject line "Privacy Rights Request"
• Visit our Website at chickenchurchz.digital and use the privacy request form

We will verify your identity before processing your request to protect your privacy and security. We will respond to verifiable consumer requests within 45 days, with the possibility of a one-time extension of an additional 45 days where reasonably necessary, with prior notice to you.

You may designate an authorized agent to submit requests on your behalf. The authorized agent must provide written permission signed by you, and we may require you to verify your identity directly with us.

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Our general retention guidelines are as follows:

When personal information is no longer needed for the purposes for which it was collected, we will securely delete, destroy, or anonymize it in accordance with our data retention and disposal procedures.

9. Cookie Usage

Our Website and mobile application use cookies and similar tracking technologies such as web beacons, pixel tags, local storage objects, and session identifiers to enhance your user experience, analyze site performance, and deliver personalized content and advertising.

9.1 Types of Cookies We Use

• Strictly Necessary Cookies: Essential for the operation of our Website, including enabling you to log in, add items to your cart, and complete transactions. These cookies cannot be disabled.
• Performance and Analytics Cookies: Help us understand how visitors interact with our Website by collecting information about page visits, traffic sources, and user behavior (e.g., Google Analytics).
• Functionality Cookies: Allow us to remember your preferences, such as your preferred restaurant location, saved addresses, and language settings.
• Targeting and Advertising Cookies: Used to deliver relevant advertisements to you based on your interests, both on our Website and on third-party platforms. These may include cookies from Meta, Google, and other advertising partners.

9.2 Managing Your Cookie Preferences

You may control and manage cookies through your browser settings or through our cookie consent management tool available on our Website. Please note that disabling certain cookies may affect the functionality and performance of our Services.

For detailed information about the cookies we use, including a full list of cookies, their purposes, and how to manage them, please refer to our Cookie Policy.

10. Children's Privacy

In compliance with the Children's Online Privacy Protection Act (COPPA), we do not intentionally collect personal information from children under the age of 13. If we become aware that a child under 13 has provided us with personal information without verifiable parental consent, we will take immediate steps to delete such information from our records.

Individuals between the ages of 13 and 17 are also not permitted to use our Services without parental or guardian supervision and consent. Our ordering platform, loyalty program, and user accounts are designed for adult consumers only.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately at [email protected] so that we can take appropriate action.

11. International Data Transfers

Church's Chicken is headquartered in the United States, and our Services are primarily directed at residents of the United States. Your personal information is collected and processed within the United States, which may have different data protection laws than the country in which you reside.

If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate. By using our Services, you consent to such transfers.

When we transfer personal data internationally, we take appropriate safeguards to ensure that your information receives an adequate level of protection, including:

• Entering into Standard Contractual Clauses (SCCs) with international service providers where required
• Ensuring that recipient countries provide adequate data protection under applicable frameworks
• Implementing contractual data protection obligations on all third-party data processors

12. Third-Party Links and Services

Our Website may contain links to third-party websites, applications, and services that are not owned or controlled by Church's Chicken. These include social media platforms (Facebook, Instagram, Twitter/X, TikTok), delivery partner websites, and payment gateways.

We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites. We strongly encourage you to review the privacy policies of every website you visit. The inclusion of a link on our Website does not imply our endorsement of the linked site or its privacy practices.

13. Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want to be tracked. Currently, there is no universally accepted standard for responding to DNT signals. As a result, our Website does not currently respond to DNT browser signals.

However, California residents may also exercise their right to opt out of the sharing of personal information for cross-context behavioral advertising purposes by contacting us or using our privacy request mechanism, as described in Section 7 of this Privacy Policy.

14. California Shine the Light Law

Under California Civil Code Section 1798.83 (the "Shine the Light" law), California residents who have an established business relationship with us have the right to request information about whether we have disclosed personal information to third parties for the third parties' direct marketing purposes. To make such a request, please contact us at [email protected] with the subject line "California Shine the Light Request."

15. How to File a Complaint with a Data Protection Authority

If you have concerns about our privacy practices that have not been resolved to your satisfaction after contacting us, you have the right to file a complaint with the appropriate regulatory authority.

15.1 Federal Trade Commission (FTC)

The Federal Trade Commission is the primary federal agency responsible for consumer protection and enforcement of certain privacy laws in the United States. You may file a complaint with the FTC at:

• Website: reportfraud.ftc.gov
• Phone: 1-877-FTC-HELP (1-877-382-4357)
• Address: Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580

15.2 California Privacy Protection Agency (CPPA)

California residents may also file complaints with the California Privacy Protection Agency, which oversees enforcement of the CCPA/CPRA:

• Website: cppa.ca.gov
• Email: [email protected]

15.3 State Attorneys General

Residents of all states may also contact their respective State Attorney General's office to file privacy-related complaints. Contact information for your state's Attorney General can typically be found on your state government's official website.

16. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our business practices, legal requirements, or data processing activities. When we make material changes to this Privacy Policy, we will:

• Update the "Last Updated" date at the top of this page
• Post a prominent notice on our Website or app notifying users of the changes
• Send an email notification to registered users for significant changes (where required by law)

Your continued use of our Services after the effective date of any changes to this Privacy Policy constitutes your acceptance of the revised policy. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

17. Legal Basis for Processing (Where Applicable)

Under applicable United States privacy laws and to the extent required, our legal bases for processing your personal information include:

• Performance of a Contract: Processing necessary to fulfill your orders, manage your account, and provide our Services.
• Legitimate Interests: Processing for our legitimate business interests such as fraud prevention, network security, analytics, and improving our Services, where such interests are not overridden by your rights.
• Legal Obligation: Processing necessary for compliance with applicable laws, regulations, court orders, and government requests.
• Consent: Processing based on your voluntary and informed consent, including for marketing communications and the use of non-essential cookies. You may withdraw your consent at any time without affecting the lawfulness of processing prior to withdrawal.

18. Contact Us

If you have any questions, comments, or concerns about this Privacy Policy, our data practices, or if you wish to exercise your privacy rights, please contact our privacy team using the following information: