Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Sep. 28, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	Cybersecurity Risk Management and Strategy The Company maintains a comprehensive information security program that is designed to identify, protect against, detect, and respond to, and manage cybersecurity threats. The program contains security measures that include, but are not limited to, the following: security policies and procedures; physical and environmental protections; monitoring processes and systems; asset management; risk assessments; a vulnerability management and remediation program; and maintenance of a third-party risk management program. Our Information Security Policy provides guidance on the requirements necessary to ensure the security of the Company’s data, systems, and networks. It applies to all individuals who access IT resources or data processed by the Company. We use commercially reasonable efforts to follow industry standards and best practices, including the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework, for our IT Security Incident Response Plan. Our technology structures undergo an annual assessment to evaluate risk using the NIST Cybersecurity Framework. Our IT Security Incident Response Plan defines a cybersecurity incident and outlines the roles, responsibilities, and procedures for us to respond effectively. Having a structured plan enables a rapid response, effective recovery, clear communication and coordinated action to major security incidents. Our plan allows us to reduce recovery time and cost and to also maintain business continuity. Our IT Application Security Program includes reviews and assessments of security vulnerabilities and remediation. We use commercially reasonable efforts to update security systems regularly to protect against known vulnerabilities. We plan to perform vulnerability scans at least quarterly and penetration testing annually as well as after any significant infrastructure or application modification. Whitebox and blackbox security testing and manual penetration testing is performed to monitor security controls and defenses. All employees and third-party contractors with access to the Company’s IT infrastructure must annually acknowledge that they have read and understand the IT User Acceptance Policy. Employees and contractors must also complete information security awareness training upon initial hire and annually thereafter. We have measures in place to protect the confidentiality, integrity and availability of franchise and customer information. Most personally identifiable information (“PII”) handled by our restaurants is associated with payment cards, which are protected by an EMV chip reader that encrypts and tokenizes customer data, so it passes through our networks without retaining any personal information. We do not store any credit or debit card information from customers. All information is processed through a third-party firm. To maintain the safety and security of our customers’ private payment information, we follow the Payment Card Industry Data Security Standard (“PCI DSS”) to ensure our processes and systems are well equipped for proper data protection. Employees and third-party contractors with access to the Company’s cardholder data environment (“CDE”) or systems used to support the CDE, complete annual PCI awareness training. The Company’s corporate restaurant employees also receive periodic security training on devices that capture payment card data. In addition, the Company engages third parties to assist in assessing, identifying, and remediating material risks from cybersecurity threats. Our key cybersecurity controls applied to financial business processes and supporting information systems are regularly tested and audited by third-party service providers, which we retain to help identify vulnerabilities in our systems and to help maintain compliance to standards and regulatory requirements.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	The Company maintains a comprehensive information security program that is designed to identify, protect against, detect, and respond to, and manage cybersecurity threats. The program contains security measures that include, but are not limited to, the following: security policies and procedures; physical and environmental protections; monitoring processes and systems; asset management; risk assessments; a vulnerability management and remediation program; and maintenance of a third-party risk management program.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Board of Directors Oversight [Text Block]	Our Board of Directors has charged the Audit Committee with oversight of the Company's identification, assessment, and management of cybersecurity and data privacy risks. As part of its oversight of our enterprise risk management program, the Audit Committee periodically reviews and prioritizes key risks facing our Company, including cybersecurity risk. Our Chief Information Security Officer (“CISO”) and Chief Technology Officer (“CTO”) manage our network operations and software development across corporate and franchise locations. The Board of Directors receives regular updates from the CISO and CTO regarding our cybersecurity program and actions taken to manage cybersecurity risk, which include risk identification and management strategies, consumer data protection, security programs, ongoing risk mitigation activities and results of third-party assessments and testing.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	Our Board of Directors has charged the Audit Committee with oversight of the Company's identification, assessment, and management of cybersecurity and data privacy risks.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	The Board of Directors receives regular updates from the CISO and CTO regarding our cybersecurity program and actions taken to manage cybersecurity risk, which include risk identification and management strategies, consumer data protection, security programs, ongoing risk mitigation activities and results of third-party assessments and testing.
Cybersecurity Risk Role of Management [Text Block]	Our Chief Information Security Officer (“CISO”) and Chief Technology Officer (“CTO”) manage our network operations and software development across corporate and franchise locations. The Board of Directors receives regular updates from the CISO and CTO regarding our cybersecurity program and actions taken to manage cybersecurity risk, which include risk identification and management strategies, consumer data protection, security programs, ongoing risk mitigation activities and results of third-party assessments and testing.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	Our Board of Directors has charged the Audit Committee with oversight of the Company's identification, assessment, and management of cybersecurity and data privacy risks. As part of its oversight of our enterprise risk management program, the Audit Committee periodically reviews and prioritizes key risks facing our Company, including cybersecurity risk. Our Chief Information Security Officer (“CISO”) and Chief Technology Officer (“CTO”) manage our network operations and software development across corporate and franchise locations. The Board of Directors receives regular updates from the CISO and CTO regarding our cybersecurity program and actions taken to manage cybersecurity risk, which include risk identification and management strategies, consumer data protection, security programs, ongoing risk mitigation activities and results of third-party assessments and testing.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	The Board of Directors receives regular updates from the CISO and CTO regarding our cybersecurity program and actions taken to manage cybersecurity risk, which include risk identification and management strategies, consumer data protection, security programs, ongoing risk mitigation activities and results of third-party assessments and testing.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Sep. 28, 2025

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Cybersecurity Risk Management and Strategy

The Company maintains a comprehensive information security program that is designed to identify, protect against, detect, and respond to, and manage cybersecurity threats. The program contains security measures that include, but are not limited to, the following: security policies and procedures; physical and environmental protections; monitoring processes and systems; asset management; risk assessments; a vulnerability management and remediation program; and maintenance of a third-party risk management program.

Our Information Security Policy provides guidance on the requirements necessary to ensure the security of the Company’s data, systems, and networks. It applies to all individuals who access IT resources or data processed by the Company. We use commercially reasonable efforts to follow industry standards and best practices, including the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework, for our IT Security Incident Response Plan.

Our technology structures undergo an annual assessment to evaluate risk using the NIST Cybersecurity Framework. Our IT Security Incident Response Plan defines a cybersecurity incident and outlines the roles, responsibilities, and procedures for us to respond effectively. Having a structured plan enables a rapid response, effective recovery, clear communication and coordinated action to major security incidents. Our plan allows us to reduce recovery time and cost and to also maintain business continuity.

Our IT Application Security Program includes reviews and assessments of security vulnerabilities and remediation. We use commercially reasonable efforts to update security systems regularly to protect against known vulnerabilities. We plan to perform vulnerability scans at least quarterly and penetration testing annually as well as after any significant infrastructure or application modification. Whitebox and blackbox security testing and manual penetration testing is performed to monitor security controls and defenses.

All employees and third-party contractors with access to the Company’s IT infrastructure must annually acknowledge that they have read and understand the IT User Acceptance Policy. Employees and contractors must also complete information security awareness training upon initial hire and annually thereafter.

We have measures in place to protect the confidentiality, integrity and availability of franchise and customer information. Most personally identifiable information (“PII”) handled by our restaurants is associated with payment cards, which are protected by an EMV chip reader that encrypts and tokenizes customer data, so it passes through our networks without retaining any personal information. We do not store any credit or debit card information from customers. All information is processed through a third-party firm. To maintain the safety and security of our customers’ private payment information, we follow the Payment Card Industry Data Security Standard (“PCI DSS”) to ensure our processes and systems are well equipped for proper data protection. Employees and third-party contractors with access to the Company’s cardholder data environment (“CDE”) or systems used to support the CDE, complete annual PCI awareness training. The Company’s corporate restaurant employees also receive periodic security training on devices that capture payment card data.

In addition, the Company engages third parties to assist in assessing, identifying, and remediating material risks from cybersecurity threats. Our key cybersecurity controls applied to financial business processes and supporting information systems are regularly tested and audited by third-party service providers, which we retain to help identify vulnerabilities in our systems and to help maintain compliance to standards and regulatory requirements.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Board of Directors Oversight [Text Block]

Our Board of Directors has charged the Audit Committee with oversight of the Company's identification, assessment, and management of cybersecurity and data privacy risks. As part of its oversight of our enterprise risk management program, the Audit Committee periodically reviews and prioritizes key risks facing our Company, including cybersecurity risk. Our Chief Information Security Officer (“CISO”) and Chief Technology Officer (“CTO”) manage our network operations and software development across corporate and franchise locations. The Board of Directors receives regular updates from the CISO and CTO regarding our cybersecurity program and actions taken to manage cybersecurity risk, which include risk identification and management strategies, consumer data protection, security programs, ongoing risk mitigation activities and results of third-party assessments and testing.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

Our Board of Directors has charged the Audit Committee with oversight of the Company's identification, assessment, and management of cybersecurity and data privacy risks.

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

The Board of Directors receives regular updates from the CISO and CTO regarding our cybersecurity program and actions taken to manage cybersecurity risk, which include risk identification and management strategies, consumer data protection, security programs, ongoing risk mitigation activities and results of third-party assessments and testing.

Cybersecurity Risk Role of Management [Text Block]

Our Chief Information Security Officer (“CISO”) and Chief Technology Officer (“CTO”) manage our network operations and software development across corporate and franchise locations. The Board of Directors receives regular updates from the CISO and CTO regarding our cybersecurity program and actions taken to manage cybersecurity risk, which include risk identification and management strategies, consumer data protection, security programs, ongoing risk mitigation activities and results of third-party assessments and testing.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true