Legal
Privacy policy
Last updated: 25 April 2026
Chiefpa ("we", "us") provides an AI-assisted customer-conversation platform for service businesses. This policy explains what data we handle, how it's stored, who it's shared with, and how to ask for it to be deleted. It applies to two audiences: tenants (the businesses that use Chiefpa) and the end customers whose messages flow through it.
Who controls what
For each tenant's data, the tenant is the data controller — they own the relationship with their customers and decide what gets recorded. Chiefpa is the data processor — we run the software, store the data, and delete it on request. If you're an end customer who messaged a service business that uses Chiefpa and you have questions about your data, you can email us directly at privacy@chiefpa.com or contact the business itself; both routes lead to the same outcome.
What we collect
From end customers (when they message a tenant via a channel Chiefpa is connected to):
- The content of messages sent and received.
- Channel identifiers — phone numbers in E.164 format, email addresses, Messenger Page-Scoped IDs (PSIDs), Instagram-Scoped IDs (IGSIDs), Telegram user IDs, the IP address of inbound web submissions.
- Sender display names where the channel surfaces them.
- Timestamps of each message and event.
From tenants (the operators):
- Account information needed to log in and operate the dashboard.
- Notes, contact records, calendar events, and other entries the tenant adds to their internal wiki.
- Approve / edit / reject actions taken on AI drafts (used to learn the tenant's reply style).
- Connection credentials for messaging channels (e.g. Meta Page access tokens). These are encrypted at rest.
- Operational telemetry: dashboard logins, channel-connect events, message send/receive counts.
From the demo lead form on this site: name, email, years in business, an estimated annual-revenue band, and self-declared industry. Used to route the visitor to the most relevant demo and follow up.
What we don't collect
- We don't run third-party advertising or social-media tracking pixels on end-customer-facing surfaces. (Pixels may run on this marketing site once enabled — see "Marketing-site analytics" below.)
- We don't read messages on channels a tenant hasn't explicitly connected.
- We don't sell data. Ever.
How we store it
- Each tenant runs in an isolated software container on a Cloudflare-fronted virtual private server hosted in Singapore. Their data does not commingle with any other tenant's data.
- Primary storage is a per-tenant SQLite database holding messages, contacts, calendar events, approvals, and audit events.
- Each tenant also has a private GitHub repository under our
chiefpa-tenant-dataorganisation, which holds their markdown wiki and nightly SQLite snapshots. This is our backup mechanism. - Channel access tokens (Meta Page tokens, etc.) are encrypted at rest with a per-tenant Fernet symmetric key. The key is generated at provisioning and lives only in that tenant's container environment.
- Communication between the visitor's browser and our servers is encrypted in transit (HTTPS only).
Who we share it with
To deliver the service, customer message content is shared with the following sub-processors:
- Anthropic — to generate AI drafts. Anthropic processes messages under their published privacy and data-handling commitments and does not use API content to train models by default. See anthropic.com/privacy.
- Meta Platforms — for messages sent or received via Messenger and Instagram. See Meta's privacy policy.
- WhatsApp (a Meta service) — for messages on WhatsApp. Same policy reference.
- Telegram — for messages on Telegram, where connected. See Telegram's privacy policy.
- GitHub — to store nightly backups (wiki + database dump) in private repositories. See GitHub's privacy statement.
- Cloudflare — as our edge network and DNS provider; sees request metadata but not message bodies on inbound webhooks (those are decrypted at our origin). See Cloudflare's privacy policy.
We do not share data with advertisers, data brokers, or any party not listed above. We do not let one tenant see another tenant's data.
How long we keep it
- While a tenant's account is active, their data is retained.
- If a tenant cancels, we retain the data for a 30-day grace period during which they can request a full export. After that, primary data is deleted from our servers and the GitHub backup repository is removed.
- Backup snapshots that pre-date deletion are rotated out within a further 30 days.
- An anonymised audit log entry recording the fact of deletion is retained for an additional 90 days for accountability. It contains no message content.
Your rights
If you're an end customer:
- Request a copy of the data Chiefpa holds about you.
- Request correction of inaccurate data.
- Request deletion (see Data deletion instructions).
- Withdraw consent at any time by asking the business not to message you further.
If you're a tenant: you can access, export, or delete any data in your account through the dashboard. Cancel by emailing privacy@chiefpa.com.
How to contact us
Email privacy@chiefpa.com. We reply to data-rights requests within 7 business days.
Marketing-site analytics
This marketing site (chiefpa.com) may load Meta Pixel and Google Analytics tags to measure how visitors find us. These tags do not run inside the tenant dashboards and never see customer messages. Any pixel-collected data is governed by the respective vendor's privacy policy. The lead form's email field is not transmitted to either pixel.
Singapore PDPA & international transfers
Chiefpa is operated from Singapore and the primary servers are in Singapore. We process personal data in line with the Singapore Personal Data Protection Act (PDPA). Our sub-processors (Anthropic, Meta, GitHub, Cloudflare) operate internationally; data necessarily transits to and is processed in their regions per their terms.
Changes to this policy
Material changes — new sub-processors, new data categories, retention changes — will be reflected here with an updated date and, for tenants, a courtesy email. Continued use after a material change constitutes acceptance.
Questions or concerns? privacy@chiefpa.com.