Chai Churi
LocationsLocationsAboutAboutCareersCareersFranchiseFranchiseContactContact
MENU

Contents

  • 1. Information We Collect
  • 2. How We Use Your Information
  • 3. How We Share Your Information
  • 4. Analytics and Tracking
  • 5. Data Retention
  • 6. Your Privacy Rights
  • 7. International Data Transfers
  • 8. Data Security
  • 9. Children's Privacy
  • 10. Changes to This Policy

Privacy Policy

Last updated: 26 May 2026

Chai Churi Inc. and its affiliates ("Chai Churi", "we", "us", "our") are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use our website at chaichuri.com, submit forms, or interact with our services.

1. Information We Collect

We collect the following categories of personal information when you use our website or services:

Information you provide directly

  • Contact inquiries: name, email address, inquiry type, and message content submitted via our contact form.
  • Franchise enquiries: name, email, phone number, country, city, investment range, business background, and how you heard about us.
  • Career applications: name, email, phone number, role of interest, portfolio/CV link, and cover note.

Information collected automatically

  • Usage and analytics data: pages visited, traffic source, device type, browser, operating system, approximate geographic location (country, province/state, city), and named interaction events. This data is collected via PostHog analytics β€” see Section 4 for full detail.
  • IP address: used to derive approximate location for analytics and for security purposes. We do not store your IP address in a personally identifiable form beyond what PostHog retains per its data processing terms.
  • Language preference: stored in a first-party cookie (NEXT_LOCALE) to remember your chosen language (English or French).
  • Cookies and similar technologies: see our Cookies Policy for full detail.

Information we do not collect

We do not collect payment card details, government ID numbers, biometric data, precise GPS coordinates, or sensitive personal information beyond what is listed above. We do not use Vercel Analytics, Google Analytics, Meta Pixel, or any other third-party analytics or advertising tracking service. Our only analytics vendor is PostHog.

2. How We Use Your Information

We use personal information for the following purposes:

  • To respond to your contact inquiry or franchise enquiry.
  • To review and process career applications.
  • To understand how visitors use our website so we can improve the menu, store locator, franchise, and careers experiences (analytics).
  • To monitor and protect the security of our website.
  • To comply with applicable legal obligations.

Legal basis (EU/UK users)

For users in the European Union or United Kingdom, we process your personal data on the following legal bases:

  • Legitimate interests: for website analytics and security monitoring, where our interest in understanding and improving the website is not overridden by your interests or rights.
  • Performance of a contract / pre-contractual steps: when processing franchise or careers enquiries at your request.
  • Consent: for non-essential analytics cookies where required under GDPR or UK-GDPR.
  • Legal obligation: where required by applicable law.

Legal basis (Indian users β€” DPDPA 2023)

For users in India, we process personal data on the basis of consent obtained at the time of collection, or as permitted under the Digital Personal Data Protection Act, 2023 for legitimate uses including responding to enquiries, reviewing applications, and operating our website.

3. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.

We may share your information with:

  • Service providers acting on our behalf: companies that help us operate our website, handle analytics, or process enquiries. These include PostHog (analytics), our hosting provider (Vercel), and Railway (backend). These providers are contractually bound to process your data only for the purpose of providing services to us.
  • Franchise and careers teams: relevant internal personnel who review and respond to your enquiry or application.
  • Professional advisors: lawyers, accountants, and insurers, where necessary and subject to confidentiality obligations.
  • Law enforcement or regulators: where required by law, court order, or to protect the rights, property, or safety of Chai Churi, its users, or the public.
  • Business transfers: if Chai Churi is involved in a merger, acquisition, or asset sale, your data may transfer as part of that transaction. We will notify you before your data becomes subject to a materially different privacy policy.

Do not sell or share (California / US state law)

We do not sell personal information and do not share personal information for cross-context behavioral advertising, as those terms are defined under the California Consumer Privacy Act (CCPA/CPRA) and applicable US state privacy laws.

4. Analytics and Tracking

We use PostHog as our sole analytics vendor to understand how visitors interact with our website. PostHog processes analytics data on our behalf as a data processor. Its privacy policy is available at posthog.com/privacy.

Analytics data collected via PostHog may include:

  • Page views and navigation paths.
  • Traffic source (referrer).
  • Approximate geographic location (country, province/state, city β€” derived from IP; precise coordinates are not collected).
  • Device type, operating system, and browser.
  • Web vitals performance metrics (e.g., LCP, FID, CLS).
  • Named product events: store locator searches, Get Directions clicks, Call Store taps, store selection, CTA clicks, franchise and contact form submissions (success/failure signal only β€” form content is not sent to PostHog), career application submissions (success/failure only), language changes, social link clicks, and navigation link clicks.

What we do not send to PostHog: names, email addresses, phone numbers, form message content, CV links, franchise background text, or any other personally identifiable field submitted through our forms. We also do not enable broad interaction autocapture, generic form-submit autocapture, or session recording in our PostHog configuration. We do not use Vercel Analytics or any advertising/marketing tracking technology.

PostHog data is stored in the United States (us.posthog.com region). Data transfers from the EU, UK, or other regulated regions to PostHog's US infrastructure are governed by PostHog's Data Processing Agreement and applicable transfer mechanisms. For EU/UK users, we will seek your consent before placing non-essential analytics cookies where required. For Quebec (Canada) users, we seek opt-in consent before placing analytics cookies. You may manage your preferences via our Cookies Policy.

5. Data Retention

We retain personal information for as long as necessary to fulfil the purposes described in this policy, unless a longer retention period is required by law.

  • Contact form submissions: retained for 2 years from the date of submission, then deleted or anonymized.
  • Franchise enquiries: retained for 3 years from last contact, then deleted or anonymized unless we enter into a franchise relationship with you (in which case contractual records may be retained longer).
  • Career applications: retained for 12 months from the date of application if you are not selected. If you are offered and accept a position, records will be retained as required by employment law in the applicable jurisdiction.
  • Analytics data (PostHog): retained for 2 years from collection. PostHog project-level retention settings will be confirmed before production launch.
  • Language preference cookie: retained for 1 year.

When data is no longer needed, we delete it or anonymize it so it can no longer be linked to you.

6. Your Privacy Rights

Your rights depend on where you are located. To exercise any right described below, contact us at info@chaichuri.com. We will respond within the timeframe required by applicable law (typically 30–45 days). We will not discriminate against you for exercising any privacy right.

India β€” Digital Personal Data Protection Act, 2023 (DPDPA)

If you are in India, you have the following rights under the DPDPA 2023:

  • Right to information: to obtain a summary of the personal data we process about you and the processing activities we undertake.
  • Right to correction and erasure: to request correction of inaccurate or incomplete personal data, or erasure of personal data that is no longer needed for the purpose for which it was collected, or where consent has been withdrawn.
  • Right to grievance redressal: to have grievances addressed by our Grievance Officer (contact details at the bottom of this page).
  • Right to nominate: to nominate another individual to exercise your rights in the event of your death or incapacity.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

As Chai Churi is headquartered in India (Sahibzada Ajit Singh Nagar, Punjab), the DPDPA 2023 applies to our primary operations. The Rules under the DPDPA are expected to specify further obligations; we will update this policy as required when those Rules are notified.

Canada β€” PIPEDA and Quebec Law 25

If you are in Canada, you have the right to:

  • Access personal information we hold about you and request a copy.
  • Request correction of inaccurate or incomplete information.
  • Withdraw consent for processing where consent is the lawful basis (subject to legal or contractual restrictions).
  • File a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca).

Quebec residents have additional rights under Law 25 (Act respecting the protection of personal information in the private sector), including:

  • The right to data portability (to receive your data in a technology-neutral format).
  • The right to de-indexation (to request that information disseminated online be de-indexed).
  • The right to withdraw consent to the collection, use, or communication of personal information.
  • The right to file a complaint with the Commission d'accΓ¨s Γ  l'information (cai.quebec.ca).

For Quebec residents, we seek meaningful opt-in consent before placing any non-essential analytics cookie on your device.

United States β€” State Privacy Laws

There is currently no federal privacy law in the United States. The following rights are available to residents of states with enacted privacy legislation:

  • California (CCPA/CPRA): right to know what personal information we collect, use, and disclose; right to delete; right to correct; right to opt out of sale or sharing (we do not sell or share); right to non-discrimination; right to limit use of sensitive personal information (we do not collect sensitive PI beyond what is necessary). We will respond to verified requests within 45 days.
  • Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), and similar state laws: rights to access, correction, deletion, portability, and to opt out of targeted advertising (we do not conduct targeted advertising) are recognized. Contact us at info@chaichuri.com to exercise these rights.

United Kingdom β€” UK GDPR and Data Protection Act 2018

If you are in the United Kingdom, you have the right to:

  • Access: obtain a copy of the personal data we hold about you (subject access request).
  • Rectification: have inaccurate or incomplete data corrected.
  • Erasure ("right to be forgotten"): request deletion of personal data where there is no overriding legitimate reason to retain it.
  • Restriction: limit how we process your data in certain circumstances.
  • Portability: receive your data in a structured, commonly used, machine-readable format.
  • Object: object to processing based on legitimate interests or for direct marketing purposes.
  • Withdraw consent: where processing is based on consent, withdraw it at any time.
  • Lodge a complaint: with the UK Information Commissioner's Office at ico.org.uk.

We will respond to UK subject access requests and other rights requests within one month. We do not have a current UK establishment; our lead contact for UK-related requests is info@chaichuri.com.

Australia β€” Privacy Act 1988 and Australian Privacy Principles (APPs)

If you are in Australia, we handle your personal information in accordance with the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs). You have the right to:

  • Access (APP 12): request access to personal information we hold about you. We will respond within 30 days. In limited circumstances access may be refused; if so, we will explain why.
  • Correction (APP 13): request correction of personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading.
  • Complaint: lodge a complaint with us first (see contact details below). If unsatisfied, you may escalate to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

We take reasonable steps under APP 8 to ensure that overseas recipients of your personal information (such as PostHog in the United States) provide a level of privacy protection that is at least comparable to the APPs.

In the event of an eligible data breach under the Notifiable Data Breaches (NDB) scheme, we will notify affected individuals and the OAIC as required by law.

United Arab Emirates β€” Federal Decree-Law No. 45 of 2021 (PDPL)

If you are in the UAE, we handle your personal data in accordance with the UAE Personal Data Protection Law (PDPL), Federal Decree-Law No. 45 of 2021 and its implementing regulations. You have the right to:

  • Access: request a copy of the personal data we process about you.
  • Correction: request correction of inaccurate or incomplete personal data.
  • Erasure: request deletion of personal data that was collected or processed unlawfully, or is no longer needed for the purpose it was collected.
  • Withdraw consent: where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
  • Object to direct marketing: object to the use of your personal data for direct marketing purposes. We do not currently conduct direct marketing.
  • Complaint: lodge a complaint with the UAE Data Office (the supervisory authority under the PDPL).

Cross-border transfers of UAE resident personal data to countries not recognized as providing adequate protection require appropriate safeguards (such as contractual clauses). We address these transfers in Section 7 below.

European Union β€” GDPR

If you are in the European Union, you have the same rights as UK users listed above under the EU General Data Protection Regulation (GDPR), enforced by your national supervisory authority (e.g., CNIL in France, BfDI in Germany, DPC in Ireland). We will respond within one calendar month. For complaints, contact the relevant EU Data Protection Authority in your member state.

We do not currently have an EU establishment or appointed EU representative. If our processing of EU residents' data reaches a threshold requiring an EU representative under Article 27 GDPR, we will appoint one and update this policy.

7. International Data Transfers

Chai Churi is headquartered in India. Your personal data may be transferred to and processed in countries other than your country of residence, including India, the United States (our analytics vendor PostHog and hosting via Vercel), and other countries where our service providers operate.

India to/from other countries

Our primary operations and data storage are in India (SAS Nagar, Punjab). Transfers of personal data from India are governed by the DPDPA 2023. The Rules specifying restrictions on cross-border data transfers are expected to be notified by the Indian government; we will update our practices accordingly once those Rules are published.

EU and UK transfers

For transfers of personal data from the European Union or United Kingdom to countries without an adequacy decision (including India and the United States), we rely on Standard Contractual Clauses (SCCs) as adopted by the European Commission, and the UK International Data Transfer Agreement (IDTA) or UK Addendum to EU SCCs, as applicable. Our analytics vendor PostHog maintains a Data Processing Agreement that incorporates these mechanisms.

Canadian transfers

Personal data collected from Canadian residents may be transferred to India and the United States for processing. We ensure that service providers receiving Canadian residents' personal data are bound by contractual obligations providing substantially similar protections to PIPEDA. Quebec residents' data is transferred only where appropriate measures are in place as required under Law 25.

Australian transfers

Where we disclose personal information about Australian residents to overseas recipients (including PostHog in the United States), we take reasonable steps under APP 8 of the Privacy Act 1988 to ensure those recipients handle the information in a manner consistent with the Australian Privacy Principles. By using our website, you may be taken to consent to overseas disclosure where we cannot secure APP-equivalent commitments from recipients.

UAE transfers

Transfers of UAE residents' personal data outside the UAE are made subject to appropriate contractual safeguards where required under the UAE PDPL and its implementing regulations. We maintain data processing agreements with vendors who receive UAE residents' data.

United States

We do not rely on the EU-US Data Privacy Framework for transfers involving our own data, as we are not a US-based entity. Transfers to US service providers (PostHog, Vercel, Railway) are governed by the transfer mechanisms described for each originating jurisdiction above.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, loss, destruction, or alteration. These measures include HTTPS encryption for all data in transit, access controls on our backend systems, and contractual data security obligations with all service providers.

No method of transmission over the internet or electronic storage is 100% secure. In the event of a data breach that is likely to pose a risk to individuals, we will notify affected individuals and relevant authorities as required by the laws applicable to our operations and to the affected individuals' jurisdiction (including India's DPDPA, UK-GDPR, Australian NDB scheme, and UAE PDPL breach notification requirements).

9. Children's Privacy

Our website is not directed to individuals under the age of 16 (or 13 in jurisdictions where a lower age threshold applies). We do not knowingly collect personal information from children below the applicable minimum age. If you believe we have inadvertently collected information from a child, please contact us immediately at info@chaichuri.com and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy to reflect changes in our data practices, legal requirements, or services. We will update the "Last updated" date at the top of this page. For material changes, we will provide additional notice on the website. We encourage you to review this policy periodically.

Continued use of our website after any changes take effect constitutes your acknowledgment of the updated policy.

Questions about this policy?

Contact us at info@chaichuri.com or write to: Chai Churi Inc., Top Floor, SCO 121, Phase 3B-2, Sector 60, Sahibzada Ajit Singh Nagar, Punjab 160059, India.

Chai Churi

Punjab-born chai culture, built for global growth.

ExploreMenuLocationsAboutFranchiseCareersContact
LegalPrivacy PolicyCookies PolicyTerms of Service
Address

Top Floor, SCO 121 Phase 3B-2, Sector 60 Sahibzada Ajit Singh Nagar Punjab 160059, India

Office Timing

Mon-Sat: 10:00 AM – 6:30 PM

Contact

Phone: +91 6000690002

Email: info@chaichuri.com

Β© 2026 Chai Churi. All rights reserved.