Privacy Policy

Last updated: May 2026

1. Introduction

Chezie Inc. ("we," "us," "our," or "Company") is committed to protecting your privacy and ensuring you have a positive experience on our website and while using our services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information.

Important Note: This is our standard privacy policy. For customers with signed service agreements, we maintain individual Data Protection Addendums and Privacy Supplements that may contain more detailed, customized provisions. In the event of any conflict between this policy and a signed agreement, the signed agreement will prevail.

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Services.

2. Information We Collect

2.1 Information You Provide Directly

Account Registration:

  • Name, email address, phone number
  • Company/organization name and address
  • Job title and department
  • Authentication credentials (username, password)
  • Billing and payment information

Service Usage:

  • Employee data you upload to manage your ERGs (names, emails, departments, roles, office locations)
  • ERG configuration and settings
  • Communications within the platform (messages, posts, comments)
  • Support requests and correspondence
  • Any other information you voluntarily provide

Website Interaction:

  • Contact form submissions
  • Inquiry emails
  • Comments or feedback

2.2 Information Collected Automatically

Usage Data:

  • Pages visited and time spent on each page
  • Links clicked
  • Referral source (how you arrived at our site)
  • Browser type and version
  • Device type and operating system
  • IP address and general geographic location
  • Search queries within the platform

Cookies and Tracking:

  • Session cookies (to keep you logged in)
  • Preference cookies (to remember your settings)
  • Analytics cookies (to understand how you use our Services)

2.3 Information from Third Parties

We may receive information about you from:

  • Your organization's HR or IT systems (if you authorize integration)
  • Third-party identity providers (if you use SSO)
  • Calendar or video conferencing platforms (if you authorize integration)
  • Payment processors (transaction information only)

2.4 Sensitive Personal Data

If your organization's ERG program involves diversity initiatives, we may process sensitive data such as:

  • Race, ethnicity, or national origin
  • Religious or philosophical beliefs
  • Gender identity or sexual orientation
  • Health or medical information
  • Other categories as defined by GDPR or local privacy laws

We process this data only with explicit consent from your organization and only to provide the Services as directed. We do not use sensitive personal data for any purpose other than as instructed by your organization.

3. How We Use Your Information

3.1 To Provide the Services

  • Create and manage your account
  • Deliver the Chezie platform and its features
  • Process integrations (HRIS, SSO, calendar, video chat)
  • Enable communication within ERGs
  • Send service announcements and updates
  • Provide technical support

3.2 To Improve and Develop

  • Analyze usage patterns to improve the platform
  • Identify trends and troubleshoot issues
  • Develop new features and enhancements
  • Conduct security and performance monitoring
  • De-identify data for aggregate analytics and business insights

3.3 To Communicate

  • Respond to your inquiries and support requests
  • Send billing and payment notices
  • Provide updates about changes to our Services or Terms
  • Send promotional materials (only if you opt in; you can unsubscribe anytime)

3.4 For Legal and Security

  • Comply with applicable laws and regulations
  • Enforce our Terms of Use and other agreements
  • Protect against fraud, security threats, or unauthorized access
  • Respond to legal requests (subpoenas, warrants, etc.)
  • Establish, exercise, or defend legal claims

3.5 What We Do NOT Do

  • We do not sell your personal data or your customers' personal data to third parties.
  • We do not use personal data for marketing purposes without your consent.
  • We do not use sensitive personal data for profiling, automated decision-making, or analytics without explicit authorization.
  • We do not share data with unaffiliated third parties except as described in Section 4.

4. How We Share Your Information

4.1 Service Providers

We may share information with vendors and service providers who help us operate the platform, including:

  • Cloud hosting providers (for data storage and processing)
  • Payment processors (for billing)
  • Analytics providers (for aggregate usage insights)
  • Customer support tools
  • Security and compliance service providers

All service providers are bound by confidentiality agreements and are required to process data only as instructed by us.

4.2 Authorized Integrations

If you authorize integrations with third-party services (HRIS systems, SSO providers, calendar platforms, video chat tools), we will share the necessary data to enable those integrations. You control which integrations are active; you can revoke access at any time.

4.3 Legal Requirements

We may disclose your information if required by law, regulation, or legal process (subpoena, court order, government request), but we will:

  • Notify you promptly (unless legally prohibited)
  • Provide you with at least 48 hours' notice before disclosure
  • Cooperate with you to seek a protective order or limit the scope of disclosure
  • Disclose only the minimum information legally required

4.4 Business Transfers

If we are involved in a merger, acquisition, bankruptcy, dissolution, reorganization, or similar transaction or proceeding, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.

4.5 With Your Consent

We will share your information with third parties if you explicitly consent. You can withdraw consent at any time.

5. Data Protection and Security

5.1 Security Measures

We implement industry-standard administrative, technical, and physical safeguards to protect your information against unauthorized access, alteration, disclosure, or destruction. These include:

  • Encryption in transit (TLS/SSL) and at rest
  • Role-based access controls
  • Regular security assessments and penetration testing
  • Employee training on data handling and privacy
  • Incident response procedures
  • Compliance with NIST and ISO 27001 frameworks

5.2 Limitations

While we use reasonable efforts to protect your data, no security system is impenetrable. We cannot guarantee absolute security. Transmission of data over the internet and storage of data on servers carries inherent risks.

5.3 Data Breach Notification

In the event of a security breach involving unauthorized access to your personal data, we will:

  • Notify you within 24 hours of discovery
  • Provide details on the scope and nature of the breach
  • Explain what we are doing to remediate and prevent recurrence
  • Cover reasonable costs of notification to affected individuals (if required by law)

6. Your Rights and Choices

6.1 Access and Portability

You have the right to request access to the personal data we hold about you and to receive it in a portable, machine-readable format. Contact us using the details in Section 11.

6.2 Correction and Deletion

You have the right to request correction of inaccurate data or deletion of data we no longer need to provide the Services. We will comply with requests unless we are legally required to retain the data.

6.3 Objection and Restriction

You may object to our processing of your data or request that we restrict processing in certain circumstances. We will honor reasonable requests, particularly for direct marketing or profiling.

6.4 Withdrawal of Consent

If we process your data based on your consent, you may withdraw that consent at any time. This does not affect the lawfulness of processing before the withdrawal.

6.5 Exercising Your Rights

To exercise any of these rights, contact us at the address in Section 11. We will respond within 30 days (or longer if permitted by law for complex requests). We may ask you to verify your identity before processing your request.

6.6 Do Not Track

Some browsers include a "Do Not Track" feature. Our website does not currently respond to DNT signals. You can manage tracking preferences through your browser settings.

7. Data Retention

7.1 How Long We Keep Your Data

Account and Service Data:

  • We retain data necessary to provide the Services for the duration of your account.
  • Upon termination or deletion of your account, we will delete your data within 30 days, unless we are legally required to retain it longer (e.g., for tax, audit, or legal compliance).

Support and Communications:

  • Support tickets and correspondence are retained for 3 years for legal and operational purposes.

Analytics and Logs:

  • Aggregated, de-identified usage data may be retained indefinitely.
  • Access logs and system logs are retained for 1 year for security purposes.

7.2 Your Data Deletion Rights

You may request deletion of your account and associated data at any time. We will comply within 30 days, except where:

  • We are legally obligated to retain the data
  • Data is necessary to complete a transaction or resolve a dispute
  • You have an outstanding balance or ongoing service obligations

8. International Data Transfers

8.1 Where We Store Data

Our servers are located in the United States. If you are located outside the U.S. (particularly in the EEA or UK), you should be aware that your data will be transferred to and processed in the United States.

8.2 GDPR and International Compliance

For data transfers from the EEA, UK, Switzerland, or other jurisdictions with data protection laws, we rely on:

  • EU Standard Contractual Clauses (for EEA/Swiss transfers)
  • UK Data Protection Addendum (for UK transfers)
  • Adequacy decisions where applicable
  • Your explicit consent where required

For customers with signed Data Protection Addendums, we maintain individual transfer agreements tailored to your jurisdiction.

8.3 Your Rights Under GDPR and Similar Laws

If you are subject to GDPR, UK GDPR, or similar data protection laws, you have additional rights as described in Section 6, plus:

  • Right to lodge a complaint with your data protection authority
  • Right to object to automated decision-making
  • Right to restrict processing

For specific details on how we comply with these laws for your organization, please refer to your signed Data Protection Addendum (DPA), or contact us to discuss your compliance requirements.

9. Third-Party Links and Services

Our website and Services may contain links to third-party websites and services that are not operated by us. This Privacy Policy does not apply to third-party services, and we are not responsible for their privacy practices.

We recommend reviewing the privacy policies of any third parties before providing them with your information. Your use of third-party services is at your own risk and subject to their terms and policies.

10. Children's Privacy

Our Services are not directed to children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If we discover we have inadvertently collected information from a child, we will delete it immediately.

If you believe we have collected information from a child, please contact us immediately using the details in Section 11.

11. Contact Us

11.1 Privacy Questions and Requests

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or want to discuss your organization's specific data handling arrangements, please contact us:

Chezie Inc.
Email: support@chezie.co
Mailing Address: 1445 Woodmont Lane Northwest, Suite 1861, Atlanta, Georgia 30318
Data Protection Inquiries: support@chezie.co

11.2 Response Time

We will respond to all inquiries and rights requests within 30 days. If we need more time (e.g., for complex requests), we will notify you.

11.3 Complaints

If you are in the EEA, UK, or Switzerland and believe we have violated your privacy rights under GDPR or similar laws, you have the right to lodge a complaint with your local data protection authority in addition to contacting us.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post updates on this page with a new "Last Updated" date.

For material changes that affect how we use or share your information, we will provide 30 days' notice and/or seek your consent as required by law.

Your continued use of our Services after changes constitutes acceptance of the updated Privacy Policy.

13. Relationship Between This Policy and Signed Agreements

13.1 Data Protection Addendum (DPA)

If you have signed a Data Protection Addendum or similar agreement with us, that agreement will prevail over this policy regarding:

  • Specific data handling procedures
  • Data transfer mechanisms and safeguards
  • Audit and compliance requirements
  • Incident notification timelines
  • Data retention and deletion procedures
  • Your jurisdiction-specific rights

13.2 Customized Privacy Supplements

For enterprise customers, we may provide a customized Privacy Supplement that details:

  • Specific categories of data processed
  • Purposes and legal bases for processing
  • Data retention schedules
  • Sub-processors and service providers
  • Organization-specific compliance obligations

If you do not have a signed agreement, this standard Privacy Policy governs your use of our Services.

14. Additional Information by Region

14.1 European Economic Area (GDPR)

Legal Basis for Processing:

  • Legitimate Interests: To provide and improve our Services, prevent fraud, and ensure security
  • Contractual Necessity: To fulfill our service obligations to you
  • Consent: For marketing communications and optional processing (e.g., analytics cookies)
  • Legal Obligation: To comply with applicable laws
  • Vital Interests: To protect your health and safety
  • Performance of Public Task: As required by law

Data Controller: Chezie Inc. [Address]

Your Rights: Access, rectification, erasure, restriction, portability, objection, and withdrawal of consent (as described in Section 6).

For detailed compliance information specific to your organization, please request our Data Protection Addendum.

14.2 California (CCPA/CPRA)

If you are a California resident, you have additional rights:

  • Right to know what personal information is collected, used, and shared
  • Right to delete personal information
  • Right to opt-out of the "sale" or sharing of personal information
  • Right to correct inaccurate information
  • Right to non-discrimination for exercising your rights

To exercise your rights, please contact us using the details in Section 11. We will verify your identity and respond within 45 days. We do not sell your personal information as defined by CCPA.

14.3 Other Jurisdictions

We comply with applicable privacy laws in all jurisdictions where we do business. If your jurisdiction has specific privacy rights (e.g., LGPD in Brazil, PIPEDA in Canada, PDPA in Singapore), we are committed to respecting those rights. Contact us to discuss your jurisdiction-specific protections.

15. Acknowledgment

This Privacy Policy is our standard privacy framework. For enterprise customers and organizations subject to specific data protection regulations, we maintain individual Data Protection Addendums and Privacy Supplements that provide tailored language and compliance measures for your jurisdiction and use case.

If you do not have a signed DPA or Privacy Supplement and believe your organization requires customized data protection terms, please contact us to discuss your specific needs.

-

Thank you for trusting Chezie with your data.