Privacy Policy

1. Information We Collect

We collect the following categories of personal information when you use our website or services:

Information you provide directly

• Contact inquiries: name, email address, inquiry type, and message content submitted via our contact form.
• Franchise enquiries: name, email, phone number, country, city, investment range, business background, and how you heard about us.
• Career applications: name, email, phone number, role of interest, portfolio/CV link, and cover note.

Information collected automatically

• Usage and analytics data: pages visited, time on page, traffic source, device type, browser, operating system, and approximate geographic location (country, province/state, city). This is collected via analytics tools (currently under evaluation; see Section 4).
• IP address: used to determine approximate location and for fraud/security purposes; not stored in personally identifiable form beyond what analytics vendors retain.
• Cookies and similar technologies: see our Cookies Policy for full detail.

2. How We Use Your Information

We use personal information for the following purposes:

• To respond to your contact inquiry or franchise enquiry.
• To review and process career applications.
• To understand how visitors use our website so we can improve it (analytics).
• To monitor and protect the security of our website.
• To comply with applicable legal obligations.

Legal basis (EU/UK users)

For users in the European Union or United Kingdom, we process your personal data on the following legal bases:

• Legitimate interests: for website analytics and security monitoring, where our interest in understanding and improving the website is not overridden by your interests or rights.
• Performance of a contract / pre-contractual steps: when processing franchise or careers enquiries.
• Consent: for non-essential cookies and analytics where required (see Section 4).
• Legal obligation: where required by applicable law.

3. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.

We may share your information with:

• Service providers: companies that help us operate our website, send communications, or process analytics (e.g., analytics vendors, hosting providers). These providers are bound by data processing agreements and may only use your data to provide services to us.
• Professional advisors: lawyers, accountants, and insurers, where necessary.
• Law enforcement or regulators: where required by law, court order, or to protect the rights, property, or safety of Chai Churi, its users, or the public.
• Business transfers: if Chai Churi is involved in a merger, acquisition, or asset sale, your data may be transferred as part of that transaction. We will notify you before your data is subject to a different privacy policy.

Do not sell (California residents)

We do not sell personal information as defined under the California Consumer Privacy Act (CCPA/CPRA). We also do not share personal information for cross-context behavioral advertising.

4. Analytics and Tracking

We use web analytics tools to help us understand how visitors interact with our website. Our analytics integration is currently being finalized; we are evaluating PostHog and Vercel Analytics. Once confirmed, this section will be updated to identify the specific vendor, the data it collects, and how long data is retained.

Analytics data may include: page views, session duration, traffic source, approximate location (country / province / city), device type and browser, and interaction events such as store-locator searches, "Get Directions" clicks, and "Call Store" taps.

Where required by law (e.g., Quebec Law 25, EU-GDPR, UK-GDPR), we will request your consent before placing non-essential analytics cookies. You can manage your cookie preferences at any time via our Cookies Policy.

[PLACEHOLDER: confirm vendor before launch]

Analytics vendor: to be confirmed. Once confirmed, update this section with the vendor's name, privacy policy URL, data transfer mechanism, and retention period.

5. Data Retention

We retain personal information for as long as necessary to fulfil the purposes described in this policy, unless a longer retention period is required by law.

• Contact form submissions: [PLACEHOLDER: specify retention period, e.g., 2 years].
• Franchise enquiries: [PLACEHOLDER: specify retention period, e.g., 3 years from last contact].
• Career applications: [PLACEHOLDER: specify retention period, e.g., 12 months if not hired].
• Analytics data: [PLACEHOLDER: confirm with vendor once finalized].

When data is no longer needed, we delete or anonymize it.

6. Your Privacy Rights

Canada (PIPEDA / Quebec Law 25)

If you are in Canada, you have the right to:

• Access personal information we hold about you.
• Request correction of inaccurate or incomplete information.
• Withdraw consent for processing where consent is the lawful basis.
• File a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca) or, for Quebec residents, the Commission d'accès à l'information (cai.quebec.ca).

Quebec residents also have rights under Law 25 (Act respecting the protection of personal information in the private sector), including the right to data portability and the right to de-indexation.

United States (CCPA/CPRA: California Residents)

If you are a California resident, you have the right to:

• Know what personal information we collect, use, disclose, and sell.
• Request deletion of your personal information (subject to exceptions).
• Correct inaccurate personal information.
• Opt out of the sale or sharing of personal information (we do not sell or share).
• Non-discrimination for exercising your rights.
• Limit use and disclosure of sensitive personal information (we do not collect sensitive PI beyond what is necessary).

To submit a request, contact us at info@chaichuri.com. We will respond within 45 days as required by the CCPA.

European Union / United Kingdom (GDPR / UK-GDPR)

If you are in the EU or UK, you have the right to:

• Access: obtain a copy of your personal data.
• Rectification: have inaccurate data corrected.
• Erasure ("right to be forgotten"): request deletion where no overriding reason to retain exists.
• Restriction: limit how we process your data in certain circumstances.
• Portability: receive your data in a machine-readable format.
• Object: object to processing based on legitimate interests.
• Withdraw consent: where processing is based on consent.
• Lodge a complaint: with your local supervisory authority (e.g., the UK Information Commissioner's Office at ico.org.uk, or the relevant EU DPA).

To exercise any of the above rights, contact us at info@chaichuri.com. We will respond within 30 days (or 1 month under GDPR).

Data Protection Officer / Representative

[PLACEHOLDER: appoint a DPO or EU/UK representative if required based on processing volume and confirm here before launch.]

7. International Data Transfers

Chai Churi is based in India. If you are located in the EU, UK, Canada, or elsewhere, your personal information may be transferred to and processed in India, Canada, or other countries where our service providers are based.

For transfers from the EU or UK, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) where required. [PLACEHOLDER: confirm transfer mechanisms with each vendor before launch.]

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, loss, destruction, or alteration. This includes HTTPS encryption on our website and access controls on our systems.

However, no method of transmission over the internet or electronic storage is 100% secure. In the event of a data breach that poses a risk to individuals, we will notify affected individuals and relevant authorities as required by law.

9. Children's Privacy

Our website is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at info@chaichuri.com.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or services. We will update the "Last updated" date at the top of this policy. For material changes, we may provide additional notice (such as a banner on the website).

We encourage you to review this policy periodically.