Privacy Policy

Effective Date: March 2026
Last Updated: March 2026

This Privacy Policy explains how Papa ERDR, ER Foods, Disrupt Wings and its affiliates, subsidiaries, brands, and franchise support entities (collectively, the “Company,” “we,” “us,” or “our”) collect, use, disclose, retain, and protect personal information. This policy is intended to be brand agnostic and may be adapted for use across a franchise group’s corporate website, brand websites, lead forms, customer service channels, recruiting portals, franchise development pages, and other online and offline touchpoints.

This Privacy Policy should be reviewed and customized by legal counsel before publication, especially if the Company operates in states or countries with specific privacy notice, consent, or consumer-rights requirements.

The Federal Trade Commission states that companies must honor the privacy promises they make and maintain security appropriate to the nature of the data they hold. The California Consumer Privacy Act, as amended by the CPRA, requires covered businesses to provide consumers with notice about collection, use, sharing, sale, and privacy rights.

Scope

This Privacy Policy applies to personal information collected by or on behalf of the Company through:

Corporate and brand websites.
Mobile applications.
Franchise development and inquiry forms.
Customer support communications.
Email, SMS, and other marketing communications.
Vendor, supplier, and business partner interactions.
Job applicant and recruiting channels, where not covered by a separate notice.
In-person events, promotions, surveys, and other interactions.

This Privacy Policy does not apply to:

Websites, products, or services operated solely by independent franchisees, except to the extent the Company controls the relevant data processing.
Third-party websites, platforms, or services that are linked from Company properties.
Employment-related personal information to the extent covered by a separate employee privacy notice.

Because franchise systems often include both corporate entities and independently owned franchise locations, data practices may differ depending on which entity interacts with an individual. A franchise group should clearly identify whether data is handled by the franchisor, an affiliate brand, a shared services entity, or an independently owned franchisee.

Information Collected

Depending on how an individual interacts with the Company, the Company may collect the following categories of personal information:

Identifiers and contact details: name, email address, phone number, mailing address, username, and account credentials.
Commercial information: records of products or services purchased, requested, or considered.
Franchise development information: professional background, areas of interest, investment range, geographic preferences, and related application information.
Business contact information: title, employer, work contact information, and communications in a commercial context.
Internet or network activity: IP address, browser type, device identifiers, pages viewed, referral source, and interactions with websites, apps, emails, or ads.
Geolocation data: general location derived from IP address or, where permitted, more precise device-based location.
Audio, visual, or communication records: call recordings, chat transcripts, support records, voicemails, or event footage.
Professional or employment-related information: resume details, qualifications, references, and recruiting communications.
Sensitive personal information: only where needed and permitted by law, such as account access credentials, financial information, government identifiers, or other sensitive data.
Inferences: preferences, interests, and engagement patterns derived from interactions.

California identifies personal information broadly and recognizes a separate category of sensitive personal information with additional rights related to limiting certain uses and disclosures.

Sources of Information

The Company may collect personal information from the following sources:

Directly from individuals, such as when forms are completed, accounts are created, purchases are made, or communications are sent.
Automatically through cookies, pixels, SDKs, logs, analytics tools, and similar technologies.
From franchisees, affiliates, or shared service providers within the franchise system.
From advertising, analytics, social media, and technology partners.
From public sources and commercially available databases, where permitted by law.
From recruiters, references, referral partners, vendors, or business contacts.

How Information Is Used

The Company may use personal information for the following business and commercial purposes:

To provide, operate, maintain, and improve websites, products, services, and support.
To process inquiries, transactions, reservations, subscriptions, and requests.
To communicate about accounts, services, updates, promotions, events, surveys, and opportunities.
To evaluate franchise, partnership, vendor, or employment inquiries.
To personalize content, offers, and user experiences.
To analyze performance, trends, campaign effectiveness, and site usage.
To detect, prevent, investigate, and respond to fraud, abuse, security incidents, and other harmful activity.
To comply with legal obligations, enforce agreements, and protect rights, safety, and property.
To carry out internal administration, recordkeeping, reporting, and quality assurance.

The FTC advises businesses to collect only what they need, restrict access to sensitive data, and maintain reasonable security for the information they hold.

Cookies and Similar Technologies

The Company and its partners may use cookies, pixels, tags, SDKs, session replay tools, and similar technologies to:

Remember preferences and settings.
Keep websites and applications functioning properly.
Measure traffic and engagement.
Understand how users interact with digital properties.
Support analytics, personalization, and advertising.

Where required by law, the Company will provide notice and obtain consent before using certain non-essential cookies or similar technologies. Users may also be able to control cookies through browser settings, device permissions, cookie preference tools, or legally recognized privacy signals where applicable.

How Information Is Disclosed

The Company may disclose personal information to the following categories of recipients:

Affiliates, subsidiaries, and brands within the franchise group.
Franchisees and prospective franchise operators, where relevant to providing services or responding to inquiries.
Service providers and contractors that support hosting, payment processing, customer service, analytics, marketing, communications, recruiting, security, or operations.
Professional advisors, such as lawyers, auditors, insurers, and consultants.
Government agencies, regulators, law enforcement, or other parties when required by law or necessary to protect rights and safety.
Parties involved in a merger, acquisition, financing, restructuring, bankruptcy, or sale of assets.
Other third parties with an individual’s direction or consent.

If the Company “sells” or “shares” personal information as those terms are defined by California law, it should expressly describe those practices and provide required opt-out methods.

Franchise System Disclosures

Because a franchise group may operate through multiple legal entities and independently owned locations, personal information may be shared across the franchise system for lead routing, customer service, local fulfillment, operations support, reporting, training, brand standards, and marketing coordination. Where a local franchisee independently controls how personal information is used, that franchisee may be a separate business responsible for its own privacy practices. This allocation should be described clearly in public-facing notices to reduce confusion.

Legal Bases for Processing

If the Company is subject to laws that require disclosure of legal bases for processing, personal information may be processed on one or more of the following grounds:

Performance of a contract.
Legitimate business interests.
Compliance with legal obligations.
Protection of vital interests.
Consent, where required.

Data Retention

The Company retains personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide services, maintain business and tax records, comply with legal obligations, resolve disputes, enforce agreements, and support safety, security, and fraud-prevention efforts. Retention periods may vary based on the type of information, the context in which it was collected, and applicable legal requirements.

California requires covered businesses to provide consumers with a fuller description of their privacy practices and rights in their privacy policy.

Data Security

The Company uses administrative, technical, and physical safeguards designed to protect personal information appropriate to the nature of the information and the risks involved. No security measure is perfect or impenetrable, and the Company cannot guarantee absolute security.

The FTC states that businesses have an obligation to maintain security appropriate in light of the nature of the data they possess, and FTC guidance emphasizes written and risk-appropriate security programs for covered entities.

Consumer Privacy Rights

Depending on where an individual lives, that person may have the right to:

Know the categories and, in some cases, specific pieces of personal information collected.
Access personal information.
Request deletion of personal information, subject to exceptions.
Request correction of inaccurate personal information.
Opt out of the sale or sharing of personal information.
Limit certain uses or disclosures of sensitive personal information.
Appeal a denial of a privacy rights request, where applicable.
Receive equal service and pricing without unlawful discrimination for exercising privacy rights.

California residents have rights to know, delete, correct, opt out of sale or sharing, limit certain uses of sensitive personal information, and receive notice at or before collection.

Marketing Choices

Individuals may opt out of marketing emails by using the unsubscribe link in the message or by contacting the Company. SMS marketing choices may be managed by replying with the instructions provided in the message or by contacting the Company. Even if an individual opts out of marketing, the Company may still send transactional or service-related communications.

Children’s Privacy

The Company’s websites, services, and franchise opportunities are not directed to children under 13 unless expressly stated otherwise. The FTC explains that the Children’s Online Privacy Protection Act gives parents control over information websites collect from children and imposes additional obligations on covered operators.

If the Company knowingly collects personal information from children in circumstances governed by COPPA or similar laws, the Company will provide the required notices and obtain any required parental consent.

Third-Party Links and Services

Company websites and communications may contain links to third-party sites, tools, plug-ins, or platforms that are not controlled by the Company. The Company is not responsible for the privacy, security, or content practices of those third parties, and individuals should review their privacy policies separately.

International Transfers

If the Company transfers personal information across borders, it will take steps appropriate to applicable law. The FTC notes that businesses participating in the Data Privacy Framework must self-certify and comply with the applicable principles if relying on that mechanism for EU-U.S. data transfers.

Changes to This Policy

The Company may update this Privacy Policy from time to time. When material changes are made, the Company will revise the “Last Updated” date and take any additional steps required by law. Continued use of the relevant services after an updated policy becomes effective is subject to applicable law.