Who owns the customer data collected by a Chatime franchisee?
Chatime Franchise · 2025 FDDAnswer from 2025 FDD Document
there are no contractual limits imposed on our access.
We will own all data that you and/or we collect relating to your customers. We will grant you a license to use this data solely for purposes of operating your Chatime location and this license will exist only while you remain an approved franchisee. You must protect all customer data with a level of control proportionate to the sensitivity of data. You must comply with all applicable data protection laws relevant to your, state, county, territory and region as well as our data processing and data privacy policies set forth in the Operations Manual from time to time. You must also comply with the standards established by PCI-DSS to protect the security of credit card information. Full liability for PCI compliance and data protection is your sole responsibility.
You will ensure that connectivity include notation on type of connection speed at your Chatime Store is maintained and available at all times to allow all data generated by the point-of-sale system to be captured by our central polling server. We will have independent access to this information.
Source: Item 11 — Franchisor's Assistance, Advertising, Computer Systems, and Training (FDD pages 27–35)
What This Means (2025 FDD)
According to Chatime's 2025 Franchise Disclosure Document, Chatime retains ownership of all customer data collected by the franchisee. However, Chatime grants the franchisee a license to use this data solely for operating their Chatime location, and this license is valid only while the franchisee remains approved.
This means that while a Chatime franchisee collects data such as customer names, contact information, and purchase history through digital systems like the Revel point of sale system, customer-facing self-serve kiosks, and the Como Chatime digital application, the data ultimately belongs to Chatime. The franchisee is granted access to this data for operational purposes, but Chatime has independent and unlimited access to it as well.
The franchisee is responsible for protecting all customer data with a level of control proportionate to the sensitivity of the data and must comply with all applicable data protection laws. They must also adhere to Chatime's data processing and privacy policies outlined in the Operations Manual and meet the standards established by PCI-DSS to protect credit card information. The franchisee bears full liability for PCI compliance and data protection. Upon termination of the franchise agreement, the franchisee would no longer have rights to use the customer data.