Effective Date:
12 / 24 / 2025

Introduction

Welcome to GetChief.com ("Company," "we," "our," "us"). Your privacy is important to us, and we are committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, GetChief.com (the "Website").

Information We Collect

We collect several types of information from and about users of our Website, including:
  • Personal Information: Information that identifies you personally, such as your name, email address, phone number, company name, and billing details when you register or subscribe to our services.
  • Usage Data: Information about how you interact with our Website, including IP address, browser type, pages visited, and referring website.
  • Cookies and Tracking Technologies: We use cookies, web beacons, and other tracking technologies to collect information about your browsing activity.

How We Use Your Information

We use the information we collect to:
  • Provide, operate, and maintain our Website and services.
  • Improve user experience by analyzing usage trends and feedback.
  • Process transactions and manage your account.
  • Communicate with you, including sending updates, promotional offers, and support responses.
  • Comply with legal obligations and enforce our terms.

How We Share Your Information

We do not sell your personal information. However, we may share your information in the following situations:
  • Service Providers: With third-party vendors who help us operate our business (e.g., payment processors, hosting providers, analytics services).
  • Legal Compliance: If required by law, regulation, or legal process.
  • Business Transfers: In connection with a merger, sale, or transfer of assets.

Data Security

We take reasonable measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. However, no data transmission over the internet is 100% secure.

Privacy Policy

Effective Date: April 2026 | Last Updated: April 2026

Chief, Inc. and its affiliated entities ("Chief," "we," "us," or "our") are committed to protecting your personal information. This Privacy Notice ("Notice") explains how we collect, use, share, and protect personal data relating to identifiable individuals ("Personal Data") and describes your rights and choices.

Chief, Inc. is the data controller for Personal Data processed under this Notice. Our Data Protection Officer can be reached at po@getchief.com.

Legal Basis (GDPR) Where EU/UK/Swiss data protection law applies, all processing described in this Notice is grounded in one or more of the following legal bases: performance of a contract (Art. 6(1)(b) GDPR); compliance with a legal obligation (Art. 6(1)(c)); legitimate interests (Art. 6(1)(f)); or consent (Art. 6(1)(a)). The applicable legal basis for each processing activity is identified in the relevant sections below.

1. SCOPE OF THIS NOTICE

This Notice applies to Personal Data collected through Chief's websites ("Sites"), the Chief platform and Services, events, and other interactions with Chief (such as email correspondence). It does not apply to linked third-party websites, which are governed by their own privacy notices.

This Notice is integrated into the Chief Subscription Services Agreement (https://getchief.com/terms-of-service/). By using the Sites or Services, you acknowledge you have read this Notice.

Note If you are an EU, UK, or Swiss resident, additional rights apply under GDPR and equivalent national legislation. See Section 7 for your full rights.

2. PERSONAL DATA WE COLLECT

2.1 Data You Provide Directly

  • Account and contact information: name, job title, work email, employer name, work telephone, work address
  • Financial/billing data: name, billing address, credit card or bank account details (for purchases)
  • Communications: feedback, survey responses, support case content, call/video recordings
  • Event data: attendance details, image, voice recordings at Chief events

2.2 Data We Collect Automatically

  • Device and usage data: device type, device ID, IP address, browser type, language, cookie identifiers, page visits, feature usage, timestamps
  • Location data: approximate location derived from IP address, GPS, Bluetooth, Wi-Fi, or cell tower data

2.3 Data from Third Parties

  • From vendors (e.g., analytics tools, data enrichment providers) and Chief partners for customer success, support, and renewal purposes
  • From social media platforms when you interact with Chief's social pages

2.4 Integration and Operational Data

When you connect third-party platforms to Chief (such as your CRM, Google Calendar, or other tools), Chief and its integration partner Nango (see Section 5) will access the data within those platforms that is necessary to deliver the Services. This may include:

  • Google Calendar: event titles, times, attendees, and descriptions — accessed solely to support operational workflows as described in the Documentation
  • CRM data: contacts, opportunity records, account data, pipeline data
  • Other platforms you authorize: data types vary by platform and are disclosed at the time of connection

Data Minimization Chief accesses only the minimum data necessary from connected platforms to deliver the specific functionality requested. Google Calendar data is accessed exclusively for operational workflow support and is not used for advertising, profiling, or any purpose beyond the Services.

2.5 Sensitive Personal Data

Chief does not intentionally collect sensitive categories of Personal Data (e.g., health data, racial or ethnic origin, political opinions, religious beliefs, biometric data, or financial account credentials). If you believe sensitive data has been submitted, please contact DPO@GetChief.com immediately. Where processing of sensitive data is legally required, Chief will obtain explicit consent and implement heightened protections.

3. HOW WE USE PERSONAL DATA

The table below sets out Chief's processing activities, purposes, and applicable legal bases. Where consent is the legal basis, you have the right to withdraw it at any time without affecting prior processing.

Purpose Data Used Legal Basis (GDPR)
Providing and operating the Services Account info, operational data, integration data Contract (Art. 6(1)(b)); Legitimate interests
Billing and payment processing Financial/billing data Contract (Art. 6(1)(b)); Legal obligation
Improving Services (aggregated analytics) Usage data, interactions (anonymized where possible) Legitimate interests (Art. 6(1)(f))
Marketing communications Contact info, preferences Consent (Art. 6(1)(a)) or Legitimate interests; opt-out available
Customer support and communications Account info, support case content Contract (Art. 6(1)(b)); Legitimate interests
Security, fraud prevention, legal compliance Account info, usage logs, IP addresses Legal obligation (Art. 6(1)(c)); Legitimate interests
Call/video recording (quality assurance) Voice/video data Legitimate interests; Consent where legally required
Event administration Attendance info, contact info Contract; Legitimate interests
AI-powered features (see Section 4) Operational data, promp

3.1 Automated Decision-Making and Profiling

Chief may use automated processing to generate insights and recommendations from your operational data. Where such processing constitutes automated decision-making with legal or similarly significant effects under GDPR Article 22 or applicable US state laws, you have the right to: (i) request human review of the decision; (ii) express your viewpoint; and (iii) contest the decision. To exercise this right, contact po@getchief.com.

4. ARTIFICIAL INTELLIGENCE AND YOUR DATA

4.1 How AI Works in Chief

Chief's AI features help you understand your data across connected platforms. Chief takes your questions, contextualizes them against your operational data, and provides best-fit answers and insights. Not every question will have an answer. Your use of AI features may also help improve Chief's products as described below.

4.2 AI Subprocessor: Anthropic Claude API

Chief's AI features are powered by the Anthropic Claude API. When you interact with Chief's AI tools, relevant portions of your operational data and prompts are transmitted to Anthropic solely to generate a response to your query.

  • Anthropic acts as a subprocessor on Chief's behalf under a Data Processing Agreement
  • Anthropic is contractually prohibited from using your data to train its models
  • Anthropic does not retain query content beyond the completion of the API request
  • For more information, see Anthropic's privacy policy at: https://www.anthropic.com/privacy

Data Minimization Chief transmits only the minimum operational data necessary to respond to your specific query. Chief does not transmit unnecessary personal identifiers to the Anthropic API.

4.3 What Chief AI Is and Is Not

Chief AI is: a tool to help you understand and act on your own operational data; a contextual search and insight engine operating on data you have authorized.

Chief AI is not: a content creation tool; a source of competitive intelligence about other Chief customers; an expert on your specific business — you remain the decision-maker.

4.4 Use of Prompts and Outputs

Prompts, queries, and inputs you provide to Chief's AI tools, as well as the outputs generated, may be used to improve Chief's products and services. Where applicable law requires consent for this purpose, Chief will seek your consent separately. You may object to this use by contacting po@getchief.com.

5. SHARING PERSONAL DATA

5.1 Who We Share With

Chief may share Personal Data in the following circumstances:

  • Within the Chief group of companies, for the purposes described in this Notice
  • With authorized vendors, contractors, and professional advisers acting as processors or service providers (subject to confidentiality and data protection obligations)
  • With event participants, organizers, or sponsors as disclosed at registration
  • As required by law: court orders, subpoenas, regulatory requests, national security requirements
  • In connection with a merger, acquisition, or sale of assets (with advance notice where feasible)

Chief does not sell or rent Personal Data to third parties.

5.2 Integration Partner: Nango

Chief uses Nango as its integration platform to facilitate authorized connections between the Chief platform and third-party data sources (including CRM systems, Google Calendar, and other tools you connect). In this capacity:

  • Nango acts as a subprocessor under a Data Processing Agreement with Chief
  • Nango accesses only the data necessary to establish and maintain your authorized integrations
  • Nango is bound by confidentiality and data protection obligations consistent with this Notice and applicable law
  • Nango does not use your data for its own purposes beyond providing the integration service

For more information about Nango's data practices, see: https://www.nango.dev/privacy

5.3 Subprocessor List

A current list of Chief's subprocessors (including Anthropic and Nango) is available upon written request to po@getchief.com. Chief will notify customers of material subprocessor changes with at least 30 days' advance notice where required by applicable law or contract.

6. COOKIES AND SIMILAR TECHNOLOGIES

Chief uses cookies and similar technologies on its Sites. The following categories apply:

  • Strictly Necessary: Required for the Sites to function. Cannot be disabled.
  • Functional: Remember preferences, improve experience (e.g., language settings, form pre-population).
  • Performance/Analytics: Aggregate usage analytics via third-party tools. Based on legitimate interests or consent.
  • Advertising: Set by advertising partners to build interest profiles. Based on consent.

You may manage cookie preferences through your browser settings or our cookie consent tool. Disabling certain cookies may limit functionality. For more information, visit https://www.aboutcookies.org.

Chief may also use pixels, web beacons, and similar technologies in emails and on Sites to measure engagement.

GDPR / US State Law Where required by law (e.g., ePrivacy Directive, CCPA/CPRA), Chief will obtain your consent before placing non-essential cookies. You may withdraw consent at any time through your cookie preferences.

7. YOUR PRIVACY RIGHTS

Depending on your jurisdiction, you may have the following rights regarding your Personal Data. Chief will respond to verified requests within the timeframes required by applicable law (generally 30–45 days, with extensions where permitted).

Right Applies Under Description
Access / Know GDPR Art. 15; CCPA §1798.110; VCDPA; CPA; CTDPA Request a copy of Personal Data we hold about you and information about how it is processed
Correction / Rectification GDPR Art. 16; CCPA §1798.106; VCDPA; CPA; CTDPA Request correction of inaccurate or incomplete Personal Data
Deletion / Erasure GDPR Art. 17; CCPA §1798.105; VCDPA; CPA; CTDPA Request deletion of your Personal Data, subject to legal retention obligations
Portability GDPR Art. 20; CCPA §1798.100(d); VCDPA; CPA Receive your Personal Data in a structured, commonly used, machine-readable format
Restriction of Processing GDPR Art. 18 Request that we limit how we process your Personal Data in certain circumstances
Object to Processing GDPR Art. 21; VCDPA; CPA; CTDPA Object to processing based on legitimate interests or for direct marketing purposes
Opt Out of Sale / Sharing CCPA/CPRA §1798.120; VCDPA; CPA; CTDPA Opt out of the sale or sharing of your Personal Data for cross-context behavioral advertising (Chief does not sell Personal Data)
Opt Out of Profiling VCDPA §59.1-578; CPA; CTDPA; GDPR Art. 22 Opt out of profiling in furtherance of decisions that produce legal or similarly significant effects
Withdraw Consent GDPR Art. 7(3); applicable state laws Withdraw consent at any time where processing is based on consent, without affecting prior processing
Non-Discrimination CCPA §1798.125 You will not receive discriminatory treatment for exercising your privacy rights
Appeal VCDPA §59.1-579; CPA; CTDPA Appeal our decision regarding a rights request within 60 days of receiving our response

7.1 How to Exercise Your Rights

Submit requests to: po@getchief.com or by mail to Chief, Inc., Attn: Privacy-Legal, 1881 W. Traverse Pkwy, Suite E440, Lehi, UT 84043.

Chief will verify your identity before processing rights requests. We will not require you to create an account solely to submit a request. You may designate an authorized agent to submit requests on your behalf; we may require written authorization.

For appeals: If we deny your request, you will receive a written explanation. You may appeal by responding to that explanation. If your appeal is denied, US residents may contact their state Attorney General's office. EU/UK residents may lodge a complaint with their supervisory authority.

8. DATA RETENTION

Chief retains Personal Data for as long as necessary to fulfill the purposes described in this Notice, unless a longer period is required or permitted by law. The following schedule provides guidance on typical retention periods:

Data Type Retention Period Basis / Notes
Account and contact data Duration of subscription + 3 years Contract performance; legal claims limitation period
Billing and financial records 7 years from transaction Tax and accounting legal obligations (IRS, state law)
Marketing contact data Until opt-out or 3 years of inactivity Legitimate interests; consent-based marketing
Support and communications 3 years from case closure Legitimate interests; quality assurance
Usage and analytics data (aggregated) Up to 5 years Legitimate interests; product improvement
Call / video recordings 1 year from recording date Legitimate interests; quality assurance
AI inference data (prompts/outputs) Not retained beyond response completion Data minimization principle; subprocessor contractual terms
Google Calendar / integration data Not stored by Chief beyond active session; fetched on demand Data minimization; purpose limitation
Employee/event data Duration of relationship + 1 year Legal obligations; legitimate interests

Important The AI inference data and Google Calendar/integration data retention statements above reflect Chief's current architecture. If this changes, this Notice will be updated and customers notified.

9. INTERNATIONAL DATA TRANSFERS

Chief is headquartered in the United States. If you are located in the European Union, United Kingdom, European Economic Area, or Switzerland, your Personal Data may be transferred to and processed in the United States or other countries that may not provide the same level of data protection as your home country.

Chief relies on the following safeguards for international transfers:

  • Standard Contractual Clauses (SCCs): For transfers from the EU/EEA/UK to the US, Chief relies on the European Commission's Standard Contractual Clauses (2021) and the UK International Data Transfer Addendum where applicable
  • Adequacy Decisions: Where the European Commission has issued an adequacy decision for the recipient country, Chief may rely on that decision
  • Binding Corporate Rules and other safeguards may be relied upon for intra-group transfers

For more information about the transfer mechanisms applicable to your data, or to request a copy of the relevant SCCs, contact DPO@GetChief.com.

UK Addendum For transfers from the United Kingdom, Chief uses the UK International Data Transfer Addendum to the EU SCCs (issued by the ICO) as the applicable transfer mechanism.

10. DO NOT SELL OR SHARE MY PERSONAL INFORMATION

Chief does not sell your Personal Data to third parties, and does not share Personal Data for cross-context behavioral advertising purposes as defined under the CCPA/CPRA.

California residents have the right to opt out of any future sale or sharing of their Personal Data at any time. To exercise this right, contact: po@getchief.com with the subject line "Do Not Sell or Share My Personal Information."

Chief will not discriminate against you for exercising this right. You will not receive a different level of service, different pricing, or any penalty for opting out.

CPRA Update Under the California Privacy Rights Act (effective January 1, 2023), Chief does not engage in profiling using sensitive personal information, and does not use or disclose sensitive personal information beyond the purposes permitted under CCPA/CPRA §1798.121.

11. SECURITY OF PERSONAL DATA

Chief implements appropriate technical and organizational measures to protect Personal Data against unauthorized access, disclosure, alteration, or destruction. These measures include:

  • Encryption of data in transit (TLS) and at rest
  • Access controls and authentication requirements for systems handling Personal Data
  • Regular security assessments and employee training
  • Vendor security vetting and contractual data protection obligations
  • Incident response procedures, including breach notification protocols

No method of electronic transmission or storage is completely secure. While Chief takes reasonable precautions, we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials.

In the event of a data breach affecting your Personal Data, Chief will notify you and applicable regulatory authorities as required by applicable law (including GDPR Art. 33-34 within 72 hours where required, and applicable US state breach notification laws).

12. CHILDREN'S PRIVACY

Chief's Services are designed for use by business professionals and are not directed at children. Chief does not knowingly collect Personal Data from children under the age of 13 (the threshold under the US Children's Online Privacy Protection Act, "COPPA"). Chief also does not knowingly contact children under 13 for marketing purposes.

If you believe a child under 13 has provided Personal Data to Chief, please contact DPO@GetChief.com and we will delete the information promptly.

Note Users in jurisdictions where a higher age threshold applies (e.g., GDPR Article 8 sets age 16 in some EU member states) may have additional protections. Chief does not knowingly process Personal Data from minors under any applicable threshold.

13. CONTACT AND COMPLAINTS

For questions, concerns, or to exercise your rights under this Notice:

  • Email: po@getchief.com
  • Mail: Chief, Inc., Attn: Privacy-Legal, 1881 W. Traverse Pkwy, Suite E440, Lehi, UT 84043

EU/UK residents may also lodge a complaint with their local data protection supervisory authority. A list of EU supervisory authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

UK residents may contact the Information Commissioner's Office (ICO): https://ico.org.uk

Chief strives to resolve all complaints promptly. We ask that you contact us in the first instance so that we may address your concern directly.

14. CHANGES TO THIS NOTICE

Chief reserves the right to update this Notice at any time. Material changes will be communicated to you by email or prominent notice on the Chief platform at least 30 days before taking effect (or such longer period as required by applicable law). Non-material changes will be effective upon posting.

The "Last Updated" date at the top of this Notice reflects the most recent revision. Continued use of the Services after the effective date of changes constitutes acceptance of the updated Notice.

Last updated: April 2026