Legal
Data Processing Agreement (DPA)
Last updated: March 8, 2026
This Data Processing Agreement explains how ChiefOS processes customer data on behalf of users of the Service.
Roles
When using ChiefOS, the customer acts as the data controller and ChiefOS acts as the data processor for customer-submitted data.
Scope of processing
ChiefOS processes customer data only as necessary to provide and maintain the Service.
Processing activities may include:
- storing submitted records
- organizing financial and operational information
- generating analytics and summaries
- system reliability and monitoring
Security measures
- encrypted data transmission
- role-based access controls
- tenant data isolation
- infrastructure security monitoring
Subprocessors
ChiefOS uses trusted infrastructure providers including:
- Supabase (database and authentication)
- Vercel (hosting infrastructure)
- Stripe (billing)
- Twilio (messaging infrastructure)
Data retention and deletion
Customer data is retained only for the duration of the customer’s account unless required for legal or operational purposes.
Customers may request deletion of their account and associated workspace data.
International transfers
Data may be processed in multiple jurisdictions depending on the infrastructure providers used to operate the Service.