Privacy Policy

Privacy Policy

Last Updated: March 11, 2024

Shake Shack has adopted this privacy policy (this “Policy”) in order to inform you of its policies with respect to the personal information Shake Shack collects about you through our interactions with you and through our products, services, events, and programs – including our website located at www.shakeshack.com (the “Website”), Shake Shack mobile applications (the “Mobile App”), related websites, mobile apps and other digital properties, other websites, mobile apps and digital properties that link to this Policy, and online and offline services related thereto, including Shake Shack physical locations including self-service devices located thereat (like kiosks) (each a “Service,” and collectively, the “Services”).

In this Policy, the terms “Shake Shack,” “we,” and “us” refer to Shake Shack Enterprises, LLC, its affiliated companies including direct and indirect parent companies and subsidiaries which own and operate the Services including, without limitation, restaurants branded as ‘Shake Shack’ owned and operated by us in the United States of America (excluding Shake Shack restaurants located in airports, train stations, arenas, museums, stadiums, roadside rest areas, and other locations operated by our licensees).  Information collected by Shake Shack licensees is governed by their own privacy policies and procedures as well.

Your use of our Services is subject to this Policy and our Terms of Use. If you do not agree with the Terms of Use or this Policy, you must refrain from using our Services.

 The Information We Collect

Information You Provide to Us

In connection with your visits and interactions with us through the Services, we may collect information from you. The following describes common types of information you may provide us.

Information from Patrons (Guests) and Account Holders

  • Account and Profile Creation. When you create an account to use the Services, we may collect certain information you provide us, such as contact information (such as your name, phone number, and email address), other registration and profile information (such as birthday and dietary restrictions), and payment information, including ZIP code.
  • Order Information. When you place an order through the Services, you provide us details about your order, including the type and amount of food or other product you are ordering, dietary restrictions, pick-up or delivery time, location, address, and instructions, and contact information (including name, phone number, and email address), payment information, including ZIP code.
  • Payment Information. We use third-party payment processors and related service providers that power our eCommerce and point-of-sale experiences, and other portions of the Services enabling you to purchase products from us, to process payments made to us. In connection with the processing of credit card payments, we receive limited information such as the last 4-digits of your card and your zip code. All such information is collected directly by our third-party processors, who use your information to process the transaction and for their security, legal and compliance purposes, and for fraud detection.
  • Communications. If you contact us, we may receive information such as your name, email address, and phone number. We also will receive the contents of any communications you have with us. This might include requests, questions, and/or issues regarding your food orders, your account, our Services, or other topics you might raise.
  • Events and Programs. If you register for or attend an event or program that we host, sponsor, or attend, we may receive information such as your name, email address, phone number, and other information related to your attendance at the event or program from those who interact with or express interested in Shake Shack or our Services.  We may also collect information at such events, such as still images or audiovisual materials depicting you.
  • Surveys, Promotions, and Sweepstakes. If you decide to participate in any surveys, sweepstakes, contests, giveaways, or other promotions,  you may provide certain information, such as basic contact information and other information relevant to the survey or promotion.
  • Audio or Visual Information, such as CCTV footage, as well as other information related to the security of our premises, collected if you visit one of our physical locations or attend an off-site event or program, or audio recordings if you call our customer service phone number.
  • Health Information. We may collect health data from Guests and account holders as we deem appropriate to provide a safe space for them and our employees in response to public health guidance or mandates from government authorities or as otherwise required by law. 

Information from Suppliers, Vendors, Business Partners, Licensees, and Similar Businesses

  • Contact and Business Information. If you are a company or other organization that we engage with, or personnel of the foregoing, we may collect your name, phone number, email address, and postal address, government identifier, and  business name, industry, locations, other information related to your employer, and any other information you choose to provide us, including through third-party portals and platforms.
  • Financial and Transactional Information. If we need to make payments to you or receive payments from you, we may collect financial account and related transactional information.
  • Communications. If you contact us, we may receive information such as your name, email address, and phone number. We also will receive the contents of any communications you have with us. This might include requests, questions, and/or issues regarding your food orders, your account, our Services, or other topics you might raise.
  • Events and Programs. If you register for or attend an event or program that we host, sponsor, or attend, we may receive information such as your name, email address, phone number, and other information related to your attendance at the event or program from those who interact with or express interested in Shake Shack or our Services.  We may also collect information at such events, such as still images or audiovisual materials depicting you.
  • Surveys, Promotions, and Sweepstakes. If you decide to participate in any surveys, promotions, or sweepstakes, you may provide certain information, such as basic contact information and other information relevant to the survey, promotion, or sweepstakes.

Information We Collect Through Automated Means

We may also automatically collect information from you in relation to your use of the Services or engagement with us:

  • Usage Data. We may collect and analyze information about how you use our Services. This information includes the dates and times you access our Services, the features you use and the pages you visit, the type(s) of browser through which you access our Services, the content you upload or post to our Services, error logs and other system activity, and the webs or applications through or from which you access our Services. We also collect and analyze information about your transactions through our Services, including the type of services you requested or received, the date and time for which an order was placed or requested, and the amount charged.
  • Device Data. We collect and analyze information about the device(s) you use to access our Services. This information might include your IP address, information about your device’s hardware, the operating system on your device and the version of that operating system, your language preferences, unique device identifiers, advertising identifiers, and information about the mobile network you use. 
  • Location Information. When you use the Services, we and our service providers may collect precise location information (in accordance with your device settings and permissions) as well as collect general location information from your computer or mobile device. “General” location information means information to identify the city and state in which your device is located based on its IP address. This information allows us to give you access to content that varies based on your general location (e.g., nearby locations or delivery status). We will ask your permission before collecting your precise GPS location information. In such instances, we may use your precise geo-location information to provide customized services, content, promotional offers, and other information that may be of interest to you. Please note that precise geolocation information is considered “sensitive personal information” under certain privacy laws, and we process this information in accordance with applicable legal requirements. You can disable precise geolocation tracking on your device. For more information, see the “Your Rights and Choices” section below.
  • Information from Cookies and Similar Technologies. We and our service providers may collect information through the use of “cookies” and similar technologies, such as tracking pixels, to understand how you navigate through and interact with our Services, to learn what content is popular, to enhance the Services and provide you with a more relevant and personalized experience, for authentication and advertising purposes, to save your preferences, for fraud detection and security, and to collect certain usage, device and location information as described above. We may also collect this kind of information when you interact with email messages or other communications we send you. Cookies are small text files that web servers place on your device; they are designed to store basic information and to help websites and apps recognize your browser. We may use both session cookies and persistent cookies. A session cookie disappears after you close your browser. A persistent cookie remains after you close your browser and may be accessed every time you use our Services. Tracking pixels (sometimes referred to as web beacons or clear GIFs) are tiny electronic tags with a unique identifier embedded in websites, online ads, and/or email; they are designed to collect usage information like ad impressions or clicks and email open rates, measure the popularity of our Services and associated advertising, and access cookies. We and our vendors (including Google Analytics) also use these technologies and the information collected by them for data analytics purposes. You can find more information about Google’s analytics practices at google.com/policies/privacy/partners. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-Out Browser Add-on To generally update your cookies settings to notify you when a cookie is being set or updated or to disable cookies altogether, please consult your web browser settings. Please note that if you delete or choose not to accept cookies from us, you may miss out on certain features of our Services.

Information We Collect from Others

We may collect information about you from third parties, including the following:

  • Food and Delivery Platforms and Service Providers. If you place an order with a third-party platform or provider, the provider may provide us information relating to your purchase or delivery, including your name, phone number, order details, and delivery information.
  • Log-in Services and Social Network Information. If you access the Services through a third-party connection or log-in (e.g., through a social network), you may allow us to have access to and store certain information from your social network profile. This information may include your name, profile picture, your “likes,” and your list of friends, depending on your settings on such services. If you do not wish to have this information disclosed, do not use a social networking connection to access the Services. For a description of how social networking sites handle your information, please refer to their privacy policies and terms of use, which may permit you to modify your privacy settings.
  • Business Partners and Service Providers. We use both business partners and service providers, such as payment processors, gift card or merchandise providers, survey providers, and analytics providers to perform services on our behalf.  Some of these partners may have access to information about you that we may or may not otherwise have (for example, where you sign up directly with that provider) and may disclose some or all of this information with us. 
  • Other Account Holders or Guests. Another account holder or guest may provide us with your information, such as contact information in relation to an order or a referral program. If you submit someone else’s personal information to us, you represent that you are authorized to provide this information to us.

How We Use the Information We Collect

We and our service providers use the information we collect from and about you for the following business and operational purposes:

  • Provide, improve, enhance, personalize, and promote our Services
  • Analyze use of our Services
  • Manage, verify, and authenticate your information, account, and interactions with us
  • Communicate with you, including for marketing and promotional purposes
  • Gain insights into prospective customers that might have an interest in our Services
  • Facilitate transactions, deliveries, and payments
  • Provide customer support, including responding to questions, requests, and issues
  • Manage health and safety in our physical locations
  • Conduct research and improve and develop our Services, items, and products
  • Secure our Services and find and help prevent fraud and abuse
  • Understand, detect, and resolve problems with the Services
  • Resolve disputes, protect ourselves, our users, and others, exercise our legal rights and enforce any legal terms that govern use of our Services
  • Comply with laws, regulations, and other legal process and procedures

We may combine the information we collect through the Services with information we collect automatically or receive from other sources and use such combined information in accordance with this Policy. Your browsing activity may be tracked across different websites and different devices or apps. For example, we may attempt to match your browsing activity on your mobile device with your browsing activity on your laptop. To do this our technology partners may disclose data, such as your browsing patterns, geo-location and device identifiers, and will match the information of the browser and devices that appear to be used by the same person.

We may also aggregate and/or de-identify information collected through our Services in such a way that the information cannot reasonably be linked to you or your device. We may use de-identified or aggregated data for any purpose, including for research and marketing purposes, and we may disclose such data to any third parties, including advertisers, promotional partners, sponsors, and others.

Online and Mobile App Advertising

Online Advertising. We may allow third-party advertising technologies (e.g., ad networks and ad servers such as Google’s ad services, and others) on our Services that use cookies and similar technologies to deliver relevant and targeted content and advertising to you on the Services and other websites you visit and applications you use. The ads may be based on various factors such as the content of the page you are visiting, information you provide, your searches, demographic data, and other information we collect about you. These ads may be based on your current activity or your activity over time and across other websites and online services and may be tailored to your interests.

We sometimes also associate cookies with de-identified data linked to or derived from data you have submitted to us (e.g., your email address) and disclose such information with to advertising partners and vendors in hashed, non-human-readable form to provide you with more relevant ads when you visit other websites and mobile applications.

The use of cookies or other tracking technologies that may be placed on devices you use to access our Services by non-affiliated third parties is governed by the privacy policies of those third parties. If you are interested in more information about tailored browser advertising and how you can generally control cookies from being put on your devices to deliver tailored advertising, you may visit the Network Advertising Initiative's Consumer Opt-Out link or the Digital Advertising Alliance’s Consumer Opt-Out link to opt out of receiving tailored advertising from companies that participate in those programs. To opt out of Google Analytics for display advertising or customize Google display network ads, visit the Google Ads Settings page. For Mobile Applications, you can use the DAA App Opt-Out Tool and the NAI App Opt-Out Tool.

For additional ways to opt out of targeted advertising activities under applicable law, see the “Your Rights and Choices” section below.

Please note that these opt-outs apply per browser and per device, so you will have to opt out for each device—and each browser on each device—through which you access our Services. In addition, the opt-outs do not apply to advertisements in mobile applications. See the “Mobile App Advertising” section below to learn how to opt out of mobile app advertising.

Mobile App Advertising. You may also receive tailored in-app advertisements when using our Mobile App or other mobile apps. We may use third-party service providers to deliver ads on mobile apps or for mobile app analytics.  Each operating system (iOS for Apple phones, Android for Android devices, and Windows for Microsoft devices) provides its own instructions on how to prevent the delivery of tailored in-application advertisements. Because we do not control how the applicable platform operator allows you to control receiving personalized in-application advertisements, you should review the support materials and/or the device settings for the respective operating systems for information on opting out of tailored in-application advertisements.

Please note that Do Not Track is a different privacy mechanism than the user “preference signal” referenced in the “Your Rights and Choices” section below, which is a browser-based control that indicates whether you would like to opt out of processing of your information for certain purposes, such as the “sale” of your information or the disclosure of your information for targeted advertising purposes, under applicable laws.

How We Disclose Information We Collect

We and our service providers disclose the information we collect from and about you for the following business and operational purposes:

  • Order Recipients. If you are not the recipient of an order you place, we may disclose your information to the order recipient to the extent we communicate with them with respect to the order.
  • Service Providers. We provide access to or disclose your information to third parties that perform services on our behalf, such as billing, payment processing, advertising, web and other analytics, data storage and processing, customer support, delivery services, security, fraud prevention, and other services.
  • Affiliates. We provide access to or disclose your information to our affiliates for the purposes described in this Policy.
  • For Legal Reasons or the Protection of Us and Others. We will disclose the information we collect about you if required by law or legal process or if we believe in good faith that disclosure is reasonably necessary to: (i) enforce our Terms of Use, this Policy, or other contracts with you, including investigation of potential violations thereof; (ii) respond to claims that any content violates the rights of third parties; and/or (iii) protect the rights, property or personal safety of Shake Shack, users of our Services, and/or others. This includes exchanging information with other companies and organizations for fraud protection, spam/malware prevention, and similar purposes.
  • Business Transfers. In the event of sale (of some or all of our assets), transfer, merger, reorganization, dissolution, or similar transaction involving our business (including in contemplation of such transactions), your information may be among the transferred business assets. If such transfer is subject to any mandatory restrictions under applicable laws, we will comply with those restrictions.
  • Other Unaffiliated Third Parties. We may also disclose your information to other unaffiliated third parties such as the following:
    • Third party parties we collaborate with in connection with integration, co-marketing and certain other coordinated efforts.
    • Third parties whose offers we believe you may value.
  • Your Consent. If you consent to our disclosure of your information, we will disclose your information consistent with your consent.

Your Rights and Choices

In addition to the other rights and choices described in this Policy, you have these rights and choices regarding your information:

Rights Regarding Your Information. Depending on your jurisdiction, you may have the right to make certain requests regarding your “personal information” or “personal data” and (as such terms are defined under applicable law, and collectively referred to herein as “personal information”). Specifically, you may have the right to ask us to:

  • Inform you about the categories of personal information we collect or disclose about you; the categories of sources of such information; the business or commercial purpose for collecting your personal information; and the categories of third parties with whom we disclose personal information.
  • Provide you access to and/or a copy of certain personal information we hold about you.
  • Correct or update personal information we hold about you.
  • Delete certain personal information we have about you.
  • Provide you with information about the financial incentives that we offer to you, if any.
  • Opt you out of the processing of your personal information for purposes of profiling in furtherance of decisions that produce legal or similarly significant effects, if applicable.

You may also have the right to opt out of “sales” of your information and “sharing/use of your information for targeted advertising” as described below.

As provided in applicable law, you also have the right to not be discriminated against for exercising your rights. Please note that certain information may be exempt from such requests under applicable law. For example, we need to retain certain information in order to provide our services to you. We also need to take reasonable steps to verify your identity before responding to a request, which may include, at a minimum, depending on the sensitivity of the information you are requesting and the type of request you are making, verifying your name and email address. Depending on your jurisdiction, you may be permitted to designate an authorized agent to submit certain requests on your behalf. In order for an authorized agent to be verified, you must provide the authorized agent with signed, written permission to make such requests or a power of attorney. We may also follow up with you to verify your identity before processing the authorized agent’s request. If you would like further information regarding your legal rights or would like to exercise any of them, please visit this link, email us at [email protected], or call us at (888) 914 – 9661, pin number 512807.

Depending on applicable law, you may have the right to appeal our decision to deny your request, if applicable. If we deny your request, we will provide you with information on how to appeal the decision, if applicable, in our communications with you. To exercise such an appeal right, emails us as [email protected].

Marketing Communications. You can unsubscribe from our marketing emails via the unsubscribe link provided in the emails or by emailing us at [email protected]. If you receive an unwanted SMS or text message from us, you may reply STOP to opt out of receiving future messages. Please note that it may take us some time, consistent with our legal obligations, to process your request. Even if you opt out from receiving marketing messages from us, you will continue to receive administrative messages from us, such as order confirmations, updates to our policies and practices, or other communications regarding our relationship or transactions with you. We will not disclose mobile phone numbers collected solely through our SMS text programs to unaffiliated third parties for their marketing purposes.

Mobile Devices. We may send you push notifications through our Mobile App. You may at any time opt out from receiving these types of communications by changing the settings on your mobile device. If you granted us permission to collect your precise GPS location information and you no longer wish for us and our service providers to collect and use such information, you may disable the location features on your device through the device’s operating system settings. Please note that if you disable such features, you may not be able to access or receive some or all of the services, content, and/or features made available via the Services.

Notice of Right to Opt Out of Sales of Personal Information and Processing/Sharing of Personal Information for Targeted Advertising Purposes. Depending on your jurisdiction, you may also have the right to opt out of “sales” of your information and “sharing/use of your information for targeted advertising.”

As explained in the “How We Disclose Information We Collect” section above, we sometimes disclose information to unaffiliated third parties we collaborate with or that provide offers that we think may be of value to you. This disclosure of information may be considered a “sale” under applicable laws.

We also provide personal information to third-party advertising providers for targeted advertising purposes, so that we can provide you with more relevant and tailored ads regarding our services, or use analytics partners to assist us in analyzing use of our services and our user/customer base. The disclosure of your personal information to these third-parties to assist us in providing these services may be considered a “sale” of personal information under applicable law, or, the processing/sharing of personal information for targeted advertising purposes.

If you would like to opt out of our online disclosure such as through cookie and pixel technology of your personal information for purposes that could be considered “sales” for those third parties' own commercial purposes, or “sharing” for purposes of targeted advertising, please click here . You can also submit a request to opt out of our offline disclosures of information that are subject to applicable opt out rights by visiting this link. Depending on your jurisdiction, you may be permitted to designate an authorized agent to submit such requests on your behalf. Please note that we do not knowingly sell the personal information of minors under 16 years of age without legally-required affirmative authorization.

Please note that if you have a legally-recognized browser-based opt out preference signal turned on via your device browser, we recognize such preference in accordance with applicable law.

Notice of Financial IncentivesWe may offer opportunities to receive certain benefits, such as discounts, promotional entries, or other similar incentives, which may require the provision of personal information, such as answering surveys or providing additional feedback or information (including in response to our posts on Shake Shack social media pages). Such opportunities could be considered a financial incentive under applicable law (each, an “Incentive Program”). Your participation in Incentive Programs is purely voluntary. When you participate in an Incentive Program, you agree to the terms of that Incentive Program, and may revoke your participation depending on the Incentive Program. The monetary value of the reward, discount, or incentive is a reasonable approximation of the monetary value of participation in the Incentive Program. We have arrived at this estimate based on consideration of multiple factors, including the following: (1) revenue generated by Shake Shack in connection with the Incentive Program; (2) expenses incurred by Shake Shack in operating the Incentive Program; and (3) improvement of products and services based on information obtained through the Incentive Program.

How We Protect Your Information

Shake Shack uses technical, physical, and administrative security measures to reduce the risk of loss, misuse, unauthorized access, disclosure, or modification of your information.  However, no method of transmission over the internet and no means of electronic or physical storage is absolutely secure.  As a result, we recommend that you help us keep your information safe by taking reasonable steps such as keeping your passwords private, changing them from time to time, and not disclosing personal data in places that can be accessed publicly. By using our Services, you acknowledge and accept that we cannot guarantee the security of your information transmitted to, through, or on our Services, and that any such transmission is at your own risk.

Links to Other Sites

The Services may contain links to a third-party website, plug-in, feature, or service. If you choose to use these sites or features, please note that we do not have control over the third parties that operate these websites and services and are not responsible for their content or privacy practices. We encourage you to read their privacy policies before using their websites or services or giving them your information.  

Children’s Privacy

The Services are not directed to children under 13 years old and we do not knowingly collect or maintain personal information from children under the age of 13. If we nevertheless discover that the Services have received personally identifiable information (as defined by the United States Children’s Online Privacy Protection Act) in violation of applicable law, we will promptly take steps to delete such information and terminate the child’s account. If you believe that we may have personal information from a person under 13, please contact us via our Contact Us page.

California Privacy

This section supplements our Policy with additional information for California residents about our information collection and use practices as required by the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CCPA”). In this section, the terms “personal information” and “sensitive personal information” have the meaning set forth in the CCPA. 

The following chart provides information about our practices in the 12 months leading up to the effective date of this Policy in relation to the categories of personal information that we collected from California residents generally – including the categories sensitive personal information (precise location information and health information) – the purposes for which we use the information, and the categories of third parties to whom we disclose the information for business purposes.

Categories of information collected (see “The Information We Collect” section above for additional information)

Purpose of use

Categories of third parties to whom we disclose the information for business and operational purposes (See “How We Disclose the Information We Collect” section above for additional information)

Identifiers 


such as name, address, phone number and email address; and information about your browser or device such as your IP address and device IDs

  • Process orders
  • Provide the Services and customer service
  • Verify and authenticate your information, account, and interactions with us
  • Communicate with you
  • Personalize your experience and customize the Services
  • Manage health and safety in our physical locations
  • Understand your interests and engage in research, analysis, and reports
  • Our marketing and advertising purposes
  • Bug detection and error reporting
  • Security, fraud, and legal compliance
  • Food recipients
  • Service providers
  • Advertising partners and advertisers
  • Affiliates
  • Entities for legal and security purposes
  • Entities for sales or transfer of business or assets
  • Others with your consent

Customer service information 


such as questions and other messages you address to us directly through in-person or online forms, by email, over the phone, or by post; and summaries or voice recordings of your interactions with customer service

  • Process orders
  • Provide the Services and customer service
  • Communicate with you
  • Improve the Services
  • Bug detection and error reporting
  • Security, fraud, and legal compliance
  • Service providers
  • Affiliates
  • Entities for legal and security purposes
  • Entities for sales or transfer of business or assets
  • Others with your consent

Financial information 


such as credit card information stored by our payment processors on our behalf

  • Process orders
  • Communicate with you
  • Verify and authenticate your information, account, and interactions with us
  • Provide the Services and customer service
  • Bug detection and error reporting
  • Security, fraud, and legal compliance
  • Third party payment processors
  • Entities for legal and security purposes

Transactional information 


such as information about your transactions with us or related to your attendance at events or programs

  • Process orders
  • Communicate with you
  • Provide the Services and customer service
  • Improve the Services
  • Understand your interests and engage in research, analysis, and reports
  • Our marketing and advertising purposes
  • Bug detection and error reporting
  • Security, fraud, and legal compliance
  • Food recipients
  • Service providers
  • Advertising partners and advertisers
  • Affiliates
  • Entities for legal and security purposes
  • Entities for sales or transfer of business or assets
  • Others with your consent

User-generated content 


such as any user-generated content you voluntarily decide to provide through the Services, or other information you provide in connection with an order or your account

  • Process orders
  • Communicate with you
  • Provide the Services and customer service
  • Improve the Services
  • Understand your interests and engage in research, analysis, and reports
  • Our marketing and advertising purposes
  • Bug detection and error reporting
  • Security, fraud, and legal compliance
  • Service providers
  • Advertising partners and advertisers
  • Affiliates
  • Entities for legal and security purposes
  • Entities for sales or transfer of business or assets
  •  
  • Others with your consent

Survey, research, feedback, or sweepstakes information

 

such as information you provide in response to a survey or sweepstakes on in relation to the Services

  • Communicate with you
  • Provide the Services and customer service
  • Improve the Services
  • Understand your interests and engage in research, analysis, and reports
  • Bug detection and error reporting
  • Security, fraud, and legal compliance
  • Service providers
  • Advertising partners and advertisers
  • Affiliates
  • Entities for legal and security purposes
  • Entities for sales or transfer of business or assets
  • Others with your consent

Business information

 

such as information pertaining to your employer, your engagement with us, and means of contacting you

  • Communicate with you
  • Provide the Services and customer service
  • Improve the Services
  • Bug detection and error reporting
  • Security, fraud, and legal compliance
  • Service providers
  • Affiliates
  • Entities for legal and security purposes
  • Entities for sales or transfer of business or assets
  • Others with your consent

Internet network and device activity data 


such as browsing information and usage information

  • Provide the Services and customer service
  • Personalize your experience and customize the Services
  • Improve the Services
  • Understand your interests and engage in research, analysis, and reports
  • Our marketing and advertising purposes
  • Bug detection and error reporting
  • Security, fraud, and legal compliance
  • Service providers
  • Advertising partners and advertisers
  • Affiliates
  • Entities for legal and security purposes
  • Entities for sales or transfer of business or assets
  • Others with your consent

Audio or visual information

 

such as CCTV footage, as well as other information related to the security of our premises, collected  if you visit one of our physical locations or attend an off-site event or program, or audio recordings if you call our customer service phone number.

  • Provide the Services and customer service
  • Personalize your experience and customize the Services
  • Improve the Services
  • Understand your interests and engage in research, analysis, and reports
  • Bug detection and error reporting
  • Security, fraud, and legal compliance
  • Service providers
  • Affiliates
  • Entities for legal and security purposes
  • Entities for sales or transfer of business or assets
  • Others with your consent

Geolocation information 


Such as your approximate location based on IP address, or precise location with your consent

  • Process orders
  • Provide the Services and customer service
  • Personalize your experience and customize the Services
  • Improve the Services
  • Understand your interests and engage in research, analysis, and reports
  • Our marketing and advertising purposes
  • Bug detection and error reporting
  • Security, fraud, and legal compliance
  • Service providers
  • Advertising partners and advertisers
  • Affiliates
  • Entities for legal and security purposes
  • Entities for sales or transfer of business or assets
  • Others with your consent

Information about others

 

such as if you submit information about others, for instance in relation to an order or a referral program

  • Process orders
  • Communicate with you and others
  • Provide the Services and customer service
  • Improve the Services
  • Understand your interests and engage in research, analysis, and reports
  • Our marketing and advertising purposes
  • Bug detection and error reporting
  • Security, fraud, and legal compliance
  • Service providers
  • Advertising partners and advertisers
  • Affiliates
  • Entities for legal and security purposes
  • Entities for sales or transfer of business or assets
  • Others with your consent

Health information

 

such as data we collect from account holders or guests as we deem appropriate to provide a safe space for them and our employees in response to public health guidance and mandates from government authorities

  • Process orders
  • Communicate with you and others
  • Provide the Services and customer service
  • Improve the Services
  • Security, fraud, and legal compliance
  • Service providers
  • Affiliates
  • Entities for legal and security purposes
  • Entities for sales or transfer of business or assets
  • Others with your consent

Other information 


Any other information that you provide in the course of using the Services

  • Purposes of use will depend on the additional information you provide
  • Disclosure will depend on the additional information you provide

 

Sale and Sharing of Personal Information. As explained in the “How We Disclose Information We Collect” section above, we sometimes disclose information to unaffiliated third parties we collaborate with or that provide offers that we think may be of value to you. This disclosure of information may be considered a “sale” under the CCPA. We also provide personal information to third-party advertising providers for targeted advertising purposes, so that we can provide you with more relevant and tailored ads regarding our services, or use analytics partners to assist us in analyzing use of our services and our user/customer base. The disclose of your personal information to these third parties to assist us in providing these services may be considered a “sale” of personal information under the CCPA, or, the “sharing” of your personal information for purposes of “cross-context behavioral advertising.”

The following chart lists the categories of personal information we have sold or shared over the last 12 months and the categories of third parties to which we have sold or shared:

Category of Personal Information

Categories of Third Parties to Which we Have “Sold” this PI

Categories of Third Parties to Which we Have “Shared” this PI

Identifiers 

Advertising partners and advertisers;

Advertising partners and advertisers

Transactional information 

Advertising partners and advertisers;

Advertising partners and advertisers

User-generated content 

Advertising partners and advertisers;

Advertising partners and advertisers

Survey, research, or sweepstakes information

Advertising partners and advertisers;

Advertising partners and advertisers

Information about others

Advertising partners and advertisers;

Advertising partners and advertisers

Internet network and device activity data 

Advertising partners and advertisers;

Advertising partners and advertisers

 

If you would like to opt out of our online disclosure such as through cookie and pixel technology of your personal information for purposes that could be considered “sales” for those third parties' own commercial purposes, or “sharing” for purposes of targeted advertising, please click here . You can also submit a request to opt out of our offline disclosures of information that are subject to applicable opt out rights by visiting this link. Please note that we do not knowingly sell the personal information of minors under 16 years of age without legally-required affirmative authorization.

Please note that if you have a legally-recognized browser-based opt out preference signal turned on via your device browser, we recognize such preference in accordance with applicable law.

“Shine the Light” Disclosure. You can exercise your rights under the California “Shine the Light” law – which gives you the right to opt out of the sharing of certain categories of personal information (as defined in the Shine the Light law) with third parties for their own direct marketing purposes – by emailing us at [email protected].

Notice Concerning Do Not Track. Do Not Track (“DNT”) is a privacy preference that is available in certain web browsers. We are committed to providing you with meaningful choices about the information collected on our website for third party purposes, which is why we describe a variety of opt-out mechanisms above. However, we do not currently recognize or respond to browser-initiated DNT signals. Learn more about Do Not Track.  Please note that Do Not Track is a different privacy mechanism than the user “preference signal” referenced in the “Your Rights and Choices” section below, which is a browser-based control that indicates whether you would like to opt out of processing of your information for certain purposes, such as the “sale” of your information or the disclosure of your information for targeted advertising purposes, under applicable laws.

Retention. We retain your information as necessary to provide the Services and to fulfill the transactions you have requested, and for other necessary purposes such as complying with our legal obligations, resolving disputes, enforcing our agreements, and for fraud prevention and related security purposes. In determining how long to retain information, we consider the amount, nature and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of the information, the purposes for which we process the information, applicable legal requirements, and our legitimate interests. For example, we retain your email address as an authentication credential (where applicable) as long as you have an account with us and an additional period of time after that for our legitimate interests and for our fraud and legal compliance purposes.  If you opt out of email marketing, we maintain your email on our suppression list for an extended time to comply with your request. We may delete or de-identify your information sooner if we receive a verifiable deletion request, subject to exemptions under applicable law. We may retain cached or archived copies of your information.

International Users

Please note that Shake Shack is located in the United States and provides the Services, and processes your data, in the United States. In addition, Shake Shack may subcontract the processing of your data to, or otherwise disclose your data to, service providers and trusted business partners in countries other than your country of residence, including the United States, in accordance with applicable law. Such third parties may be engaged in, among other things, the provision of our Services to you, the processing of transactions, and/or the provision of support services. By providing us with your information, you acknowledge any such transfer, storage, or use.

Changes to This Privacy Policy

This Policy went into effect, and was last revised, on the dates noted at the top of this webpage.  We may update this Policy from time to time in our sole discretion. You can know if the Policy has changed since the last time you reviewed it by checking the “Last Updated” date at the top of this webpage. We encourage you to look for updates and changes to this Policy periodically. If we make a material change to this Policy, we will endeavor to notify you through the Services, by email, and/or by other legally permissible communication as required by applicable law. Your continued use of the Services after any changes to this Policy are in effect constitutes your acceptance of revisions to the Policy.

Contact Us

We welcome your questions, comments, and concerns about privacy.  You can contact Shake Shack Customer Service online at https://www.shakeshack.com/contact/; by email at [email protected]; or by postal mail at Shake Shack Enterprises, LLC, 225 Varick Street, Suite 301, New York, NY 10014, Attn: Hospitality Team.

Our privacy practices have changed in order to enhance guest security. To provide the best online user experience, Shake Shack uses website cookies for performance analytics and remarketing. We use your browser location, where authorized, to help you locate your nearest Shake Shack location. By continuing to browse this website, you accept the use of cookies and your browser location according to the Shake Shack Privacy Policy.