Introduction
Chad (the “Company,” “we,” “our” or “us”) values privacy. We constantly keep taking steps to improve the protection of our user information keeping everything as per the guidelines by U.S laws.
This Privacy Policy Document (“Privacy Policy”) is created to inform users of what information we collect, the ways in which we do, what we do with that information, what information is collected by third parties when interacting with us, purchasing or trying our product, subscribing to our services, and using our websites and other digital services that link to this Privacy Policy (the “Services”).
By using our Services, you agree to this Privacy Policy along with any additional agreement we may have with you prior or after this. If a scenario arises with conflicting terms between the Privacy Policy and these said agreements, the prevailing term would be that of the said agreement.
This Privacy Policy only applies to Chad when it controls the processing of personal information for its own business purposes (such as when we receive contract information from our business clients (“Clients”) that subscribe to our Services and used for billing purposes). This Privacy Policy does not apply to information we process as a service provider or processor (i.e., not a controller) on behalf of our Clients when they use our Services. If you have questions regarding how our Clients process your information — including requests to access, correct, or delete it — please contact them directly; as their processor, we will assist the relevant Client in responding. We may anonymize personal data we process on behalf of our Clients and use the resulting anonymized data to evaluate and improve our Services; once anonymized, this data can no longer identify you and is no longer personal data. We are not responsible for the privacy or data security practices of our Clients. This Privacy Policy also does not apply to any information about current and former employees, job candidates, or contractors and agents acting in similar roles.
If you are located in the European Economic Area, the United Kingdom, or Switzerland, please also review our GDPR Policy, which describes how we comply with EU and UK data protection law.
What type of personal information do we collect?
This section describes the categories of personal information we collect. While you may not be required to provide us with your personal information to access our general public-facing website Services or review some of our content on the Service, there may be areas on our Service that require us to collect information from you, or about you or your devices used to access the Services. If you do not provide the requested personal information or prevent us from collecting certain information from your device, we may not be able to provide access or use of our Services, or such Services may not operate as intended.
Personal Contact Information
Personal information to create an account, register with us as a subscriber to our Services, to receive our newsletter, for us to manage your account, provide support, or for you to participate in webinars, events, programs, marketing, and promotional activities. This includes; your legal name, alias, postal address, email address, online identifiers (such as username and password), account or username, land and mobile phone numbers, social media identifiers (e.g., Twitter handle, Instagram name, etc.), or other similar identifiers that can be used to contact, communicate with, or identify you.
User Experience and Support Information
We collect user experience information to help us understand how our Services is accessed, used and how it performs (e.g., activity logs, device ID, browser type, network connection, and IP address). We collect purchase history, order details (items purchased, amount paid, shipping and billing addresses), and the form of payment. If you interact with our Services by contacting us, we will collect your message exchanges. If you have initiated a support inquiry or request, we collect audio, electronic, visual, and other sensory information, such as recordings of interactions with our Service, chat bots, support personnel, and sales teams (e.g., for quality assurance, training, and analysis purposes in accordance with applicable laws). This also includes inferences drawn from any of the information we collect to create a profile about you reflecting your preferences, characteristics, and behavior.
Payment Information
If you make a purchase, our payment processor will collect your payment method information, such as credit card information, back account information, and types of financial accounts.
Geolocation Information
Based on the settings of the device and browser, we collect location data such as longitude and latitude (GPS), IP address or mobile device location, and your city and state through webforms.
Usage Information
We use web tracking technologies (e.g., cookies, web beacons, pixel tags and clear GIFs) to operate the Services efficiently and to collect data related to usage of the Services. Such collected data may include the IP address of the Services you visited before and after you visited the Services, the type of browser you are using, what pages in the Services you visit and what links you clicked on, and whether you opened email communications we send to you. Some of this information may be collected using a third-party’s tracking technologies.
Cookies We Use
On our marketing website (trychad.com) we use the cookies and similar technologies listed below. Only strictly necessary cookies are set by default. Non-essential cookies — analytics and our embedded chat widget — are set only after you accept them in our cookie banner, and you can change or withdraw your choice at any time via the “Manage cookies” link in the site footer. Our booking tool (Cal.com) is different: it loads only when you click a “Book” button to schedule a meeting — a service you actively request — and is not loaded otherwise. (Your light/dark theme preference is stored in your browser’s local storage, not a cookie.)
- chad-cookie-consent — remembers whether you accepted or rejected cookies so the banner is not shown again. Strictly necessary. First-party; retained up to 12 months.
- Vercel Web Analytics & Speed Insights — aggregate, privacy-friendly measurement of site traffic and page performance. Analytics; loaded only after you accept cookies. Provided by Vercel and cookieless by default.
- Cal.com — powers appointment booking when you choose to schedule a meeting with us. Necessary for the booking you request and loaded only when you interact with a “Book” button. Third-party cookies set by Cal.com.
- Chad chat widget (Amplitude) — product analytics and session insights, including how visitors navigate and interact with the widget, for our embedded support widget. Analytics; the widget is loaded only after you accept cookies. Cookies set by Amplitude and the Chad widget.
Google User Data
When you link your Google account to Chad, we only request the data necessary to provide the features you choose to use.
What we access
- Your Google email address and basic profile information
- Email content, attachments, and associated metadata from your Gmail account
- Information related to email conversations, such as recipients, timestamps, and message context
Why we access it
- To enable Gmail integration and allow Chad to interact with your email account
- To generate drafts, replies, and other automated outputs within the Services
- To personalize and improve the functionality of our Services
We never use your Google user data for advertising purposes.
Human access to Google user data is restricted and only permitted (i) with your explicit permission, (ii) when strictly necessary for security, debugging, or support purposes, or (iii) when required to comply with applicable law.
If we change how we use Google user data, we will (1) update this Privacy Policy and (2) request your consent where required before the new use takes effect.
Retention of Google User Data
We retain Google user data only for as long as necessary to provide the Services and in accordance with this Privacy Policy.
If you disconnect your Google account or request deletion, we will delete the associated Google user data from our active systems within 30 days, and from our backups within our standard backup rotation cycle, unless retention is required for legitimate legal or operational purposes.
We do not retain Google user data or derived information in a form that identifies you after deletion.
Google Limited Use Disclosure
We use certain Google API Services (including, but not limited to, Google Sign-In) to give you the option of connecting your Google Account to Chad. When you choose to do so, we may request access to your Google email data and basic profile solely for the purposes listed in this Privacy Policy. We do not request or access any other Google user data beyond what is described here. We request the minimum scope required to implement the feature you have selected and we never “future-proof” by asking for more.
How do we collect your information?
We collect your information in a variety of ways.
Information Provided Directly by you
This includes instances when you visit our Services, subscribe or interact with our Services and Services by filling out a registration form or contacting us, when you participate in our marketing and outreach activities including surveys, contests, promotions, sweepstakes, conferences, webinars or when you otherwise use our Services.
Information Collected from Third Parties
We receive information about you from other third parties, such as service providers that help us to build and maintain our Services and that integrate their Services with ours, content providers, entities with whom we partner to sell or promote products and services, telephone and fax companies, authentication service providers, data brokers, and social media networks (including widgets related to such networks). your interactions with third-party integrated or framed third-party services (including social media networks) are governed by the privacy statements of the companies that provide them, not this Privacy Policy.
Information Collected Passively
Our Services use tracking technologies to collect information about your experience when accessing and using our Services.
Information Collected from your Employer, Coworkers, or Friends
We collect and process personal information concerning representatives (e.g., employees or contractors) of our Clients (or their representatives) and business partners (suppliers, investors and other business partners). We may also receive your name, address, phone number, and company name from a friend as part of our Referral Program.
Why do we collect your personal information?
We collect and use the information we receive or collect from you or about you for the following purposes:
- To provide, enhance, and offer our Services and integrated digital services and products we make available on our Services;
- To communicate with you at your request or as required in connection with your purchase, access or use of our Services;
- To enable interactions and use of our Services;
- To manage, authenticate, and promote the security of your account and the use of our Services;
- To create, maintain, customize, administer, and secure your account;
- To enter, manage, and fulfill our contract with you or your company;
- To process and complete your contact and support requests and send you related information, including purchase confirmations and invoices;
- To provide you with customer service and support;
- To inform you of and promote additional features, products, and services offered by us or third parties that may be of interest to you unless you have opted-out from receiving such communications or you have not consented to such communications, as required under applicable law;
- To diagnose, repair, and track service and quality issues;
- To facilitate an order, download, expiration or termination;
- To send you transactional messages, provide security alerts and updates, and to communicate with you about our practices;
- To manage and promote your invitation and participation in conferences, webinars, and event registrations we promote, sponsor or hold;
- To manage and promote your participation in our surveys, contests, promotions, and sweepstakes, if any;
- To personalize our Services for you;
- To deliver content information relevant to your interests;
- To install and configure changes and updates to programs and technologies related to interactions with us and our Services;
- To respond to your requests, complaints, and inquiries;
- To fulfill a referral request if you participate in our Referral Program or to contact you as a potential Client using your personal information received from a participant of our Referral Program;
- To evaluate or audit the usage and performance of programs and technologies related to your interactions with us;
- To record phone calls and/or video meetings for quality assurance, training, and analysis purposes;
- For credit and payment collection, accounting, and other similar business functions;
- For legal, safety, or security reasons, such as:
- To comply with legal requirements, establish, exercise or defend against legal claims, whether in court proceedings or in an administrative or out-of-court procedures;
- Protect the safety, security, and integrity of our Services and rights of those who interact with us or others;
- Review compliance with applicable terms of use, investigate fraudulent transactions, unauthorized access to our Services, content, conduct policy violations, and illegal activities (in compliance with legal obligations under applicable laws); and
- Otherwise detect, prevent, and respond to security incidents or other malicious, deceptive, fraudulent, or illegal activity; and
- In connection with corporate transactions, sales, mergers, acquisitions, reorganizations, bankruptcy, and other corporate events, such as complying with requests from a prospective or an actual purchaser interested in our companies and other assets, or in relation to a prospective or actual purchase of companies or assets by us.
When do we disclose your personal information?
We may disclose your information with the categories of recipients and for reasons described below:
Service Providers and Contractors
We share your information with third-party service providers working on our behalf, such as hosting service providers, IT providers, operating systems and platforms, internet service providers, data analytics companies, marketing providers, suppliers, professional advisors (legal and consultancy), payment processors, and those that support our business operations such as identity verification, email distribution, market research, and promotions management. We provide these companies with only the information they need to perform their services and work for us or on our behalf.
Legal and Law Enforcement
We disclose any information without further notice to you to any law enforcement or regulatory authority to the extent required by law or if, in Chad’s reasonable discretion, disclosure is reasonable to:
- Investigate, prevent, or take action regarding illegal activities, suspected fraud, and situations involving potential threats to the physical or online safety of any person;
- Enforce or apply our other agreements and to protect our rights and our property or safety of our users or third parties; or
- To establish, exercise and defend against legal claims (including by sharing data with opposing or other related parties to the proceedings and their professional advisors).
Corporate Transactions
We disclose your information to financial advisers, legal service providers, investors, and potential buyers of our business or assets related to any merger, acquisition, sale, financing, or similar transaction.
Marketing
We disclose your contact information (name, email, Service URL, etc.) to partners/sponsors/advertisers in connection with our marketing, promotional, advertisements, and other commercial communications.
To the Public
If you provide testimonials or provide feedback that you published or intended to be published on the Services or as a Client testimonial, we disclose your post and your name on our Services and marketing materials. Any information you post on our Services might be read, collected, and used by others who access this information.
With your Consent
We disclose your information to other third parties with your consent where required by law. However, we may also de-identity, anonymize, or otherwise aggregate the information in a manner that is no longer identifiable of an individual before sharing with third parties for any legally permitted purpose.
How do we protect your information?
We will take reasonable security precautions to protect the security and integrity of your personal information in accordance with this Privacy Policy and applicable law. Unfortunately, the internet is not inherently secure, and we cannot guarantee that any safeguards or security measures will be sufficient to prevent a security issue with information transmitted over the internet. Any transmission is at your own risk and your information may be disclosed to third parties in unforeseeable situations or situations that are not preventable even when commercially reasonable protections are employed, such as in the case that Chad is subject to a hacking or other attack.
You must take reasonable precautions to prevent unauthorized access to your account and personal information used to access our Services, such as by selecting and protecting passwords and/or other sign-on mechanisms appropriately, limiting access to your device used to sign-in into your account or other authenticated pages on our Services, and by turning off or logging-off from your device if you have auto-login enabled. We also recommend that you take steps to protect against unauthorized access to any devices, networks and applications connected to, or integrated with the Services.
How can you opt out of receiving marketing emails from us?
If you would like to be removed from our marketing mailing list or database, please contact us at hello@trychad.com or follow the unsubscribe directions located in the footer of our electronic marketing messages.
How can you request access to and update your personal information?
If you are located outside the EU/EEA and the UK, you can request to access or update your personal information by using the profile editing tools on the Services or by sending an email request to hello@trychad.com. Please mark your inquiries “Personal Information Access Inquiry.” We will respond to any reasonable request by a user to review or amend his or her account information. We reserve the right to verify your identity in order to process such requests.
EU/EEA & UK GDPR Representatives (Article 27)
If you are located in the EU or UK, and have questions or concerns regarding your personal data, you may contact our GDPR representative:
EU Representative:
Euverify Ltd (Ireland)
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork
T23 AT2P
Ireland
Email: gdpr@euverify.com
UK Representative:
Euverify Ltd (UK)
3rd Floor
86-90 Paul Street
London
EC2A 4NE
United Kingdom
Email: gdpr@euverify.com
To submit a Data Subject Access Request (DSAR), data deletion request, or any other GDPR-related inquiry, please use our secure portal.
This link allows you to verify our appointed representative and submit GDPR requests directly. Requests submitted through this portal are logged and tracked to ensure timely response and compliance.
These routes apply to personal data for which Chad is the controller. For personal data we process on behalf of a Client (for example, that Client’s own end-users), the Client is the controller; please direct your request to them, and we will assist them as their processor.
For more on how we process the personal data of individuals in the EU/EEA and the UK, and the rights available to you, see our GDPR Policy.
Do we transfer information to other countries?
To facilitate our global operations, we may process and store personal information both inside the United States and overseas. Be advised that we may transfer your personal information to the United States and other countries, whose laws may not provide the same protections as the laws in your country.
Where we transfer personal data from the European Economic Area, the United Kingdom, or Switzerland to the United States, we rely on the European Commission’s Standard Contractual Clauses and, once our participation in the Data Privacy Framework is confirmed, on the EU-U.S. Data Privacy Framework (and its UK Extension and the Swiss-U.S. Data Privacy Framework). See the “EU-U.S. Data Privacy Framework” section below.
EU-U.S. Data Privacy Framework
Chad Enterprises Inc. has applied to participate in the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework administered by the U.S. Department of Commerce. That application is pending review, and we are committed to processing personal data (other than human resources data) received from the European Union, the United Kingdom (and Gibraltar), and Switzerland in accordance with the applicable DPF Principles. If there is any conflict between the terms in this Privacy Policy and the DPF Principles, the Principles govern. To learn more about the Data Privacy Framework program, please visit https://www.dataprivacyframework.gov/.
Onward transfers. We may transfer personal data to third-party service providers that process it on our behalf. Consistent with the Accountability for Onward Transfer Principle, we remain responsible and liable if such providers process personal data in a manner inconsistent with the Principles, unless we prove we are not responsible for the event giving rise to the damage.
Access and choice. You may access, correct, amend, or delete personal data we hold about you, and limit its use and disclosure, as described in this Privacy Policy. If you are located in the EU/EEA, the UK, or Switzerland, you may also exercise these rights through the routes set out above.
Independent recourse. In compliance with the DPF Principles, we commit to resolve complaints about our collection or use of your personal data. Individuals in the EU, UK, or Switzerland with an unresolved complaint regarding our handling of personal data received in reliance on the Framework(s) may refer it, free of charge, to our independent U.S.-based dispute resolution provider, VeraSafe, at https://www.verasafe.com/public-resources/dispute-resolution/submit-dispute/.
Regulator. The U.S. Federal Trade Commission has jurisdiction over our compliance with the Data Privacy Framework.
Binding arbitration. Under certain conditions, you may invoke binding arbitration for complaints regarding DPF compliance not resolved by the other mechanisms described above, as described in Annex I to the DPF Principles.
Disclosure to public authorities. We may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
California privacy rights & disclosures
We do not currently respond to browser “Do Not Track” (DNT) signals or other mechanisms. Third parties may collect personal data about your online activities over time and across sites when you visit the Site or use the Service.
If you are a California resident and we disclose your personally identifiable information to third parties for such third parties’ direct marketing purposes, California’s Shine the Light Law (CA Civil Code Section 1798.83) allows you to request certain information from us about such disclosures. To make a request under the Shine the Light Law, contact us at hello@trychad.com. Please note that under California law, businesses are not required to respond to such requests more than once during any calendar year.
Children’s policy
This Privacy Policy addresses personal information we collect as a controller for our own business purposes (such as through our website, account registration, and marketing). In that capacity, we do not knowingly collect or attempt to collect any information from children under the age of 18. If you are under the age of 18, please do not submit any information on our website or our other platforms.
If you are a parent or legal guardian and think your child has given us information, please contact us so that we can delete it:
- If you are located in the EU/EEA, please contact our EU Representative (see the “EU/EEA & UK GDPR Representatives” section above).
- If you are located in the UK, please contact our UK Representative (see the “EU/EEA & UK GDPR Representatives” section above).
- All other individuals may email us at hello@trychad.com; please mark your inquiries “Children Privacy Inquiry.”
Where we process personal data on behalf of our Clients (for example, an end-user’s messages to a business that uses our Services), the Client is the controller and is responsible for obtaining any consents required to collect or share the personal data of minors. Please direct any such requests or concerns to the relevant Client.
Amendments to this Privacy Policy
We may modify or amend this Privacy Policy from time to time. If we make any material changes, as determined by us, we will notify you of these changes by modification of this Privacy Policy, which will be available for review by you on the Services. If any of such changes are unacceptable to you, you should cease interacting with us. Your continued use of our Services following the posting of such changes constitutes your acceptance of those changes.