Privacy Policy

ChiefOS uses AI systems to analyze submitted records, categorize transactions, extract data from receipts, generate summaries, and answer questions about your business activity.

These systems process your Customer Data as part of the Service. AI-generated outputs are informational only and may contain inaccuracies. You remain responsible for reviewing important financial or operational decisions.

We do not use individually identifiable Customer Data to train third-party AI models without your consent. Aggregated and de-identified data may be used to improve our own systems (see Section 4).

ChiefOS may create aggregated, anonymized, or de-identified datasets derived from platform activity. This section explains how that data is generated, protected, and used.

What we collect for analytics purposes. As part of normal operation of the Service, ChiefOS records which products from supplier catalogs you select or quote during job costing and purchasing workflows, the quantities involved, the general region your account is associated with (province/state level), and the timing and frequency of those selections. This activity data is collected regardless of whether you complete a purchase.

How we aggregate and anonymize it. Raw quoting activity is processed through an aggregation pipeline that: (a) strips all tenant-identifying fields (tenant_id, owner_id, user_id, job IDs, business names); (b) groups data by product, region, and time period; and (c) suppresses any data point that does not represent activity from at least five (5) distinct business accounts (k-anonymity threshold). The result is statistical market intelligence — demand counts, trend lines, and regional breakdowns — with no path back to any individual business.

What we share with suppliers. ChiefOS may provide Aggregated Analytics to suppliers participating in our Supplier Portal, including as a paid feature. Suppliers receive only: product-level demand counts, regional demand distributions (province/state level or coarser), seasonal trend data, and category comparison data. Suppliers never receive your business name, tenant ID, specific job details, financial data, employee information, or any data that could identify you.

What we never share. We never sell, rent, or disclose your individual Customer Data — financial records, job details, crew information, Ask Chief conversations, receipts, or documents — to any supplier or third party for commercial purposes.

Your opt-out right. You may opt out of having your quoting activity included in Aggregated Analytics shared with suppliers via our contact form or by writing to privacy@usechiefos.com. We will action your request within 30 days. Opting out does not affect your access to the Service.

These datasets cannot reasonably be used to reconstruct individual customer records and may also be used internally to improve platform reliability, develop new features, conduct research, and refine machine learning systems.

We do not sell personal information. We share information only when necessary to operate the Service or comply with legal obligations.

All service providers are bound by data processing agreements and are permitted to use your information only as needed to provide their services to us.

We may disclose information if required to do so by law, court order, or lawful request from a government authority, or where we believe disclosure is necessary to protect the rights, property, or safety of ChiefOS, our users, or the public.

If ChiefOS is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.

Our website and portal use cookies and similar technologies to support authentication, remember your preferences, and understand how users navigate the platform.

Most browsers allow you to control cookies through browser settings. Disabling essential cookies may prevent certain features from working.

No method of transmission over the internet or electronic storage is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security.

We may send you product updates, tips, and relevant offers by email. You can opt out of marketing communications at any time by:

Opting out of marketing emails will not affect transactional messages related to your account or subscription (e.g., receipts, security alerts, or support responses).

The Service is intended for use by adults and is not directed at children under 18 years of age. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected such information, please contact us at privacy@usechiefos.comand we will delete it promptly.

Subject to applicable law, you have the following rights regarding your personal information:

To exercise any of these rights, contact us at privacy@usechiefos.com. We will respond within 30 days. We may need to verify your identity before processing your request.

California Residents (CCPA/CPRA). If you are a California resident, you have the following additional rights: (1) the right to know what personal information we collect, use, disclose, and sell; (2) the right to delete personal information we have collected, subject to certain exceptions; (3) the right to opt out of the sale or sharing of your personal information; (4) the right to correct inaccurate personal information; and (5) the right to limit the use of sensitive personal information. ChiefOS does not sell personal information as defined under CCPA. The Aggregated Analytics described in Section 4 do not constitute a "sale" or "sharing" of personal information because the data is anonymized below the threshold of personal information before it is shared. To exercise any of these rights, contact privacy@usechiefos.com.

Other US State Privacy Rights. Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), and other states with comprehensive privacy laws have similar rights to access, correct, delete, and opt out of certain processing. ChiefOS honors these rights regardless of which US state you reside in. Contact privacy@usechiefos.com to exercise any of these rights.

In the event of a data breach that poses a real risk of significant harm to individuals, we will notify affected users and, where required by law, the relevant privacy commissioner. Notification will be provided without unreasonable delay and will include:

ChiefOS is a Canadian company (Ontario) and your data may be processed in Canada, the United States, and other jurisdictions where our infrastructure providers operate. For users in Canada, transfers to the US are subject to applicable legal orders in that jurisdiction. For users in the US, data processed in Canada is subject to Canadian privacy law (PIPEDA). We apply contractual and technical safeguards — including data processing agreements with all subprocessors — to protect your data regardless of where it is processed.

Where data is transferred internationally, we take reasonable steps to ensure appropriate protections are in place consistent with PIPEDA and, for US users, applicable state privacy laws.

We use cookies on the public ChiefOS website and inside the portal. Strictly necessary cookies (login session, bot prevention, your consent choice itself) are always on. Analytics, marketing, and preference cookies are optional and require your consent.

For full details on every category, the third parties involved (Supabase, Cloudflare, Plausible, Vercel, Stripe, Postmark), retention periods, and how to change your choices at any time, see our Cookie Policy. You can also re-open the consent banner from the “Cookie preferences” link in the site footer.

We may update this Privacy Policy as the Service evolves or legal requirements change. We will notify you of material changes by email or by posting a notice in the platform before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.

For privacy questions, access requests, or complaints, contact our privacy team via our contact form or write to:

If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca.