Privacy Policy

This Privacy Policy describes how Church's Chicken ("we," "us," "our," or the "Company") collects, uses, discloses, and safeguards your personal information when you visit our website at chickchurchs.world, use our online ordering services, participate in our loyalty programs, or otherwise interact with us. Please read this policy carefully. If you do not agree with the terms of this Privacy Policy, please discontinue your use of our services immediately.

We are committed to protecting your privacy and handling your personal data in a transparent, responsible, and lawful manner consistent with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other applicable state privacy statutes.

1. Who We Are

Church's Chicken operates the website chickchurchs.world and provides food-related services, including online ordering, promotions, loyalty programs, and customer support. For all privacy-related inquiries, you may contact us using the information below:

2. Information We Collect

We collect various categories of information from and about users of our website and services. Below is a detailed description of the types of data we may collect:

2.1 Personal Information You Provide Directly

When you create an account, place an order, sign up for promotions, contact customer support, or otherwise interact with us, you may voluntarily provide us with personal information, including but not limited to:

• Identity Data: First name, last name, username, or similar identifier
• Contact Data: Email address, telephone number, billing address, delivery address
• Account Credentials: Username and password (stored in encrypted form)
• Payment Data: Credit or debit card information, billing details (processed through secure third-party payment processors; we do not store full card numbers)
• Order Information: Food preferences, order history, special dietary requests
• Loyalty Program Data: Points balance, rewards history, participation records
• Communications Data: Messages, feedback, or complaints you submit to us through contact forms, email, or customer service channels
• Survey and Promotion Data: Responses to surveys, contests, or promotional activities

2.2 Information Collected Automatically

When you visit our website or use our mobile application, we and our third-party partners automatically collect certain usage and technical information, including:

• Device Information: IP address, device type, operating system, browser type and version, unique device identifiers
• Log Data: Pages visited, links clicked, referring URLs, time and date of your visit, time spent on each page
• Location Data: General geographic location derived from your IP address; precise location data if you grant permission on mobile devices
• Usage Data: Clickstream data, search queries on our site, items added to or removed from shopping cart
• Cookie and Tracking Data: Information collected through cookies, web beacons, pixels, and similar tracking technologies (see Section 8 for more details)

2.3 Information from Third Parties

We may receive personal information about you from third-party sources, including:

• Social Media Platforms: If you connect your social media account or log in through a social sign-on feature
• Marketing Partners: Information from advertising partners, analytics providers, or data brokers to help us better understand our audience
• Payment Processors: Confirmation of payment and fraud screening results
• Delivery Partners: Order status and delivery confirmation from third-party delivery service providers
• Publicly Available Sources: Publicly available information from government databases or social networks

2.4 Sensitive Personal Information

In limited circumstances, we may collect sensitive personal information as defined under applicable law, including dietary preferences that may suggest health or religious considerations. We collect such information only to the extent necessary to fulfill your specific requests and we do not use sensitive personal information for purposes other than those for which it was collected without your explicit consent.

3. How We Use Your Information

We use the personal information we collect for a variety of legitimate business purposes. Specifically, we use your information to:

3.1 Provide and Manage Our Services

• Process and fulfill food orders, including delivery and pickup arrangements
• Create and manage your account and loyalty program membership
• Process payments and prevent fraudulent transactions
• Communicate with you about your orders, account, and customer support inquiries
• Provide location-based services, such as finding the nearest restaurant location

3.2 Improve Our Products and Services

• Analyze how users interact with our website and services to improve functionality and user experience
• Conduct internal research, analytics, and business intelligence activities
• Develop new menu items, offers, and service features based on customer preferences
• Perform quality assurance and troubleshoot technical issues

3.3 Marketing and Promotional Communications

• Send you promotional emails, newsletters, and special offers (with your consent where required by law)
• Personalize marketing messages based on your order history and preferences
• Deliver targeted advertising through third-party advertising networks
• Administer contests, sweepstakes, surveys, and other promotional activities
• Notify you about new menu items, seasonal promotions, and limited-time offers

3.4 Legal Compliance and Safety

• Comply with applicable laws, regulations, legal processes, and governmental requests
• Enforce our Terms of Service and other agreements
• Protect the rights, property, and safety of our company, customers, and others
• Prevent, detect, and investigate fraud, abuse, and other illegal activities
• Respond to legal claims and disputes

3.5 Business Operations

• Manage our internal business operations, including accounting, auditing, and record-keeping
• Facilitate corporate transactions such as mergers, acquisitions, or asset sales
• Train staff and improve customer service delivery

4. Legal Basis for Processing

While the United States does not have a single federal comprehensive privacy law equivalent to the EU's GDPR, we base our data processing activities on the following recognized justifications under applicable U.S. law:

• Contractual Necessity: Processing necessary to fulfill orders or provide services you have requested
• Legitimate Business Interests: Processing necessary for our legitimate business interests, such as fraud prevention, security, and improving our services
• Legal Obligation: Processing required to comply with federal, state, or local laws
• Consent: Processing based on your explicit consent, particularly for marketing communications and certain data uses

5. Sharing Your Information with Third Parties

We do not sell your personal information to third parties for their own independent marketing purposes. However, we may share your information in the following circumstances:

5.1 Service Providers and Business Partners

We engage trusted third-party service providers who perform services on our behalf. These providers are contractually obligated to protect your information and may only use it for the purposes we specify. Such service providers include:

• Payment processors and financial institutions
• Food delivery and logistics partners
• Cloud hosting and data storage providers
• Email service providers and marketing platforms
• Customer relationship management (CRM) software providers
• Analytics and advertising technology providers
• IT support and cybersecurity vendors
• Legal, accounting, and professional advisory firms

5.2 Advertising and Analytics Partners

We may share aggregated or pseudonymized data with advertising networks, social media platforms (such as Meta Platforms, Inc. and Google LLC), and analytics providers to deliver targeted advertisements and measure the effectiveness of our marketing campaigns. These partners may use cookies, pixel tags, and similar tracking technologies on our website.

5.3 Legal Requirements and Law Enforcement

We may disclose your personal information if required to do so by law, court order, or governmental authority, or when we believe in good faith that such disclosure is necessary to:

• Comply with applicable law or legal process
• Protect the rights or property of Church's Chicken
• Prevent or investigate possible wrongdoing in connection with our services
• Protect the personal safety of our customers, employees, or the public

5.4 Business Transfers

In connection with any merger, acquisition, sale of company assets, financing, or reorganization of our business, your personal information may be transferred to the successor entity. We will notify you via email or prominent notice on our website if such a transfer occurs and your information becomes subject to a different privacy policy.

5.5 With Your Consent

We may share your personal information with other parties when you have provided explicit consent for us to do so.

5.6 California "Shine the Light" Law

California Civil Code Section 1798.83 permits California residents to request information about disclosures of personal information to third parties for direct marketing purposes. If you are a California resident and wish to make such a request, please contact us at [email protected].

6. Your Privacy Rights

Depending on your state of residence, you may have specific rights regarding your personal information. We respect and honor these rights as described below:

6.1 Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

6.2 Rights Available to All U.S. Users

Regardless of your state of residence, we offer all users the following privacy controls:

• Access: Request a copy of the personal information we hold about you
• Correction: Request that we update or correct inaccurate information in your account
• Deletion: Request deletion of your account and associated personal data
• Opt-Out of Marketing: Unsubscribe from promotional emails at any time using the unsubscribe link in our emails or by contacting us directly
• Do Not Track: Our website currently does not respond to browser-level "Do Not Track" signals; however, you may manage tracking preferences through our cookie consent tool

6.3 How to Exercise Your Rights

To exercise any of the rights described above, you may submit a verifiable consumer request by:

• Email: [email protected]
• Website: chickchurchs.world (through our Privacy Request form)

We will verify your identity before processing your request. You may also designate an authorized agent to submit requests on your behalf. We will respond to verifiable consumer requests within 45 days as required by the CCPA/CPRA, with a possible extension of an additional 45 days when reasonably necessary.

7. Data Security

We take the security of your personal information seriously and have implemented a range of technical, administrative, and physical safeguards designed to protect your data against unauthorized access, disclosure, alteration, or destruction. Our security measures include:

7.1 Technical Safeguards

• Encryption: All data transmitted between your browser and our servers is encrypted using industry-standard Transport Layer Security (TLS) technology
• Secure Storage: Personal data is stored on secured servers with access controls and encryption at rest
• Firewalls and Intrusion Detection: We deploy network firewalls and intrusion detection systems to monitor and prevent unauthorized access
• Secure Payment Processing: Payment card data is processed through PCI DSS-compliant third-party payment processors; we do not store full card numbers on our servers
• Multi-Factor Authentication: Administrative access to systems containing personal data requires multi-factor authentication

7.2 Administrative Safeguards

• Regular employee training on data privacy and security best practices
• Access to personal data is limited to employees and contractors who have a legitimate business need
• Confidentiality agreements with employees and third-party service providers
• Regular internal privacy audits and security assessments

7.3 Incident Response

In the event of a data breach that is likely to affect your rights and interests, we will notify affected individuals and relevant regulatory authorities in accordance with applicable U.S. state breach notification laws. Most states require notification within a specified period, and we are committed to timely and transparent communication.

8. Cookies and Tracking Technologies

Our website uses cookies, web beacons, pixel tags, and similar tracking technologies to enhance your browsing experience, analyze website traffic, and deliver personalized content and advertising.

8.1 Types of Cookies We Use

• Strictly Necessary Cookies: Essential for the website to function properly; cannot be disabled
• Performance and Analytics Cookies: Help us understand how visitors use our website (e.g., Google Analytics)
• Functionality Cookies: Remember your preferences such as language, location, and login status
• Marketing and Advertising Cookies: Used to deliver relevant advertisements and track the effectiveness of our campaigns
• Social Media Cookies: Enable sharing features and tailored content from social media platforms

8.2 Managing Your Cookie Preferences

You can control cookie settings through our cookie consent management tool available on our website. You may also adjust cookie settings through your browser preferences. Note that disabling certain cookies may affect the functionality of our website and your user experience.

For comprehensive information about our use of cookies, please refer to our Cookie Policy available at chickchurchs.world/cookie-policy.

9. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The specific retention periods we apply are as follows:

When personal information is no longer required, we securely delete, destroy, or anonymize it in accordance with our data retention and disposal policies.

10. Children's Privacy

Our website and online services are intended for use by individuals who are 18 years of age or older. We do not knowingly collect, use, or disclose personal information from children under the age of 13, and we do not direct our services toward children.

Our practices comply with the Children's Online Privacy Protection Act (COPPA), which regulates the online collection of personal information from children under 13. If you are under 13 years of age, please do not use our website or provide us with any personal information.

If we become aware that we have inadvertently collected personal information from a child under 13 without verifiable parental consent, we will take immediate steps to delete such information from our records. If you believe we may have collected information from a child under 13, please contact us immediately at [email protected].

Users between the ages of 13 and 17 should use our services only with the involvement and consent of a parent or legal guardian. By using our website, you represent that you are at least 18 years of age.

11. International Data Transfers

Church's Chicken is headquartered in the United States, and our services are primarily intended for users located in the United States. However, in connection with our operations, your personal information may be transferred to, stored, or processed in countries other than the United States, including countries where our service providers maintain servers or operations.

When we transfer personal data internationally, we take appropriate steps to ensure that your information receives an adequate level of protection. These steps may include:

• Using contractual safeguards, such as data processing agreements with service providers
• Ensuring receiving parties maintain appropriate security and privacy standards
• Obtaining your consent where required by applicable law

By using our website and services, you acknowledge and consent to the transfer of your personal information to the United States and other countries as described in this Privacy Policy.

12. Third-Party Links and Services

Our website may contain links to third-party websites, applications, or services that are not operated by us. This Privacy Policy does not apply to those third-party sites. We encourage you to review the privacy policies of any third-party sites you visit, as we have no control over their content, privacy practices, or data handling procedures.

Our website may integrate with third-party services such as social media platforms, mapping services (e.g., Google Maps), and delivery platforms. Use of these integrated services may result in those third parties collecting information about you according to their own privacy policies.

13. Do Not Sell or Share My Personal Information

In accordance with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have the right to opt out of the sale or sharing of their personal information. While we do not sell personal information in the traditional sense, certain activities such as targeted advertising through third-party cookies may constitute "sharing" under California law.

To opt out of the sale or sharing of your personal information, you may:

• Click the "Do Not Sell or Share My Personal Information" link available on our website footer
• Adjust your cookie preferences through our cookie consent management tool
• Submit a request to [email protected]

We will honor Global Privacy Control (GPC) signals where technically feasible and required by applicable law.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other business needs. When we make material changes, we will:

• Post the updated Privacy Policy on this page with a revised "Last Updated" date
• Send you an email notification if you have an account with us
• Display a prominent notice on our website homepage for a period following the update

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website and services following the posting of changes constitutes your acceptance of those changes.

15. How to File a Complaint

If you believe that your privacy rights have been violated or that we have failed to handle your personal information in accordance with this Privacy Policy or applicable law, we encourage you to contact us first so that we can attempt to resolve your concern.

15.1 Contact Us Directly

Submit your privacy complaint or concern to:

We will acknowledge receipt of your complaint within 10 business days and aim to resolve it within 30 days.

15.2 California Residents — California Attorney General

California residents who are not satisfied with our response may file a complaint with the California Privacy Protection Agency (CPPA) or the California Attorney General's Office:

• California Privacy Protection Agency: cppa.ca.gov
• California Attorney General: oag.ca.gov/privacy/ccpa

15.3 Federal Trade Commission (FTC)

U.S. consumers who believe a company has engaged in unfair or deceptive practices with respect to personal data may file a complaint with the Federal Trade Commission (FTC):

• FTC Complaint Center: ftc.gov/complaint
• FTC Identity Theft Resources: identitytheft.gov

15.4 State-Specific Consumer Protection Agencies

Depending on your state of residence, you may also have the right to file a complaint with your state's Attorney General or consumer protection authority. Most state Attorneys General offices have online complaint portals accessible through their official state government websites.

16. Specific State Privacy Rights

In addition to the rights described above for California residents, users in the following states may have additional privacy rights under their respective state laws:

16.1 Virginia (VCDPA)

Virginia residents have rights under the Virginia Consumer Data Protection Act (VCDPA), including rights to access, correct, delete, and obtain a copy of their personal data, as well as the right to opt out of targeted advertising and profiling.

16.2 Colorado (CPA)

Colorado residents have rights under the Colorado Privacy Act (CPA), including the right to opt out of the processing of personal data for targeted advertising and the right to access, correct, delete, and obtain a copy of their personal data.

16.3 Connecticut (CTDPA)

Connecticut residents have rights under the Connecticut Data Privacy Act (CTDPA), including similar rights to access, correct, delete, and port their personal data, and to opt out of targeted advertising.

16.4 Texas (TDPSA)

Texas residents have rights under the Texas Data Privacy and Security Act (TDPSA), including rights to know, access, correct, delete, and obtain a copy of personal data, and to opt out of the processing for targeted advertising or sale of personal data.

To exercise any rights available to you under state-specific privacy laws, please contact us at [email protected].

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact our Privacy Team using the information below:

This Privacy Policy was last reviewed and updated on March 20, 2026. All rights reserved. Church's Chicken — chickchurchs.world.