What standards must a Chatime franchisee comply with to protect credit card information?

According to Chatime's 2025 Franchise Disclosure Document, franchisees must adhere to specific standards to protect credit card information and customer data. Chatime franchisees must comply with the standards established by the Payment Card Industry Data Security Standard (PCI-DSS) to ensure the security of credit card information. Additionally, franchisees must follow all applicable data protection laws relevant to their state, county, territory, and region. They must also adhere to Chatime's data processing and data privacy policies as outlined in the Operations Manual, which may be updated periodically.

Chatime retains ownership of all customer data collected by the franchisee. The franchisee is granted a license to use this data solely for operating their Chatime location, and this license remains valid only while they are an approved franchisee. Franchisees are obligated to protect all customer data with a level of control proportionate to the sensitivity of the data.

It is the franchisee's sole responsibility to ensure full compliance with PCI standards and data protection requirements. This includes maintaining adequate connectivity at the Chatime store to allow data capture by Chatime's central polling server. Franchisees are also responsible for covering all initial and ongoing costs associated with the technology stack and any payment procedures specified by Chatime in the Operations Manual or Global Policies and Procedures. This allocation of responsibility highlights the importance of franchisees understanding and budgeting for these compliance requirements.