Privacy Policy

Chilcy ("we", "us", or "our") is the principal entity responsible for the processing of your personal data in compliance with the prevailing data privacy regulations, including Article 4(7) of the GDPR.

For any inquiries regarding the handling of your personal data, please reach out to us via email at hello@chilcy.com.

Chilcy may engage external service providers, such as cloud infrastructure vendors, to support the delivery of our platform and services. These providers are meticulously selected and officially engaged to process data solely on behalf of Chilcy, in line with written agreements compliant with Article 28 of the GDPR.

We do not share customer information, including conversation data, email and mobile phone numbers, with third parties or affiliates for marketing or promotional purposes.

Any sharing of personal data with subcontractors or service providers is strictly limited to supporting customer service operations and delivering our core services. Subcontractors are contractually bound to use such data only for the specific purposes outlined in their service agreements and are prohibited from using it for their own marketing or other unrelated purposes.

Any opt-in data, consent records, and related preferences you provide are retained solely by Chilcy and are not shared with external parties. Your consent choices are used exclusively to manage your communication preferences and service experience with Chilcy.

There may be occasions where we transfer personal data outside the EU/EEA. For countries lacking an adequacy decision by the European Commission as per Article 45 GDPR, we ensure the transfer is underpinned by appropriate safeguards conforming to Article 46 GDPR.

We will block or delete personal data when the original purpose for its processing ceases to exist. Personal data provided for account creation will be preserved for as long as your account remains active. Once the data is no longer essential for its specified purpose, we shall proceed to eliminate or anonymize it. We are bound to retain data where there is a legal requirement, such as for tax or accounting purposes.

Chilcy abstains from any form of automated decision-making processes or profiling activities.

Chilcy does not design its platform for the interaction of children under the age of 13, nor does it knowingly collect or process their personal data. If you are under 13, please refrain from providing any personal information on our platform. Should we discover that we have inadvertently collected data from a child under 13 without parental consent, we will take steps to eliminate that information promptly.

If you have concerns, please contact us at hello@chilcy.com. In California, minors under 16 years of age have additional protections regarding data collection and sales.

Chilcy offers an optional integration with Intuit QuickBooks Online. When you connect your QuickBooks account, you authorise Chilcy to access the following data via Intuit's OAuth 2.0 authorisation framework:

• Profit & Loss reports (income, expenses, and net profit by period)
• Balance Sheet data (assets, liabilities, and equity)
• Company name and QuickBooks company identifier

This data is accessed solely to generate your KPI dashboards and AI-powered reports. We do not sell, share, or use your QuickBooks financial data for any purpose other than delivering the Chilcy service to you.

QuickBooks OAuth access tokens and refresh tokens are encrypted and stored securely in our database. Access tokens expire after one hour and are automatically refreshed using your refresh token (valid for 100 days). We never store your QuickBooks password.

You may disconnect your QuickBooks account at any time from the Integrations page within Chilcy. Upon disconnection, all stored tokens and QuickBooks-synced data will be permanently deleted from our systems. You can also revoke access directly from your Intuit account at accounts.intuit.com.

Chilcy's use of data obtained via Intuit APIs complies with the Intuit Developer Terms of Service and applicable data use policies. Chilcy is not affiliated with or endorsed by Intuit Inc.

Chilcy offers an optional integration with Stripe. When you connect your Stripe account, you provide a restricted Stripe API key that Chilcy uses to retrieve your charge and payment data for the purpose of calculating revenue KPIs.

Stripe data accessed includes transaction amounts, dates, and currency. We do not access card numbers, customer PII stored in Stripe, or any data beyond what is needed to compute your revenue metrics.

Your Stripe API key is stored encrypted at rest. You may disconnect Stripe at any time from the Integrations page, which will delete your key and all Stripe-synced data from Chilcy immediately. Chilcy is not affiliated with or endorsed by Stripe, Inc.

Each visit to the Chilcy platform results in the automatic collection and processing of specific personal data, including:

• IP address
• Browser type, version, and language
• Operating system
• Date and time of access
• Pages or features accessed and volume of data transferred
• Referrer URL

We process this information based on Chilcy's legitimate interests as per Article 6(1)(f) of the GDPR, primarily to provide and secure our platform.

Upon registration, we process personal information such as your email address, name, and company details to deliver services and confirm your identity. Payment details are processed as part of initiating and managing our contractual relationship, following Article 6(1)(b) GDPR. We share your data with third-party cloud services and payment providers as part of service delivery.

When using Chilcy's KPI dashboard and AI reporting services, all customer data — including uploaded files, database connections, and generated reports — is encrypted in transit and stored in encrypted databases on Railway cloud infrastructure.

When you hold a direct contractual agreement with us, we process your personal data on the legal basis of contractual necessity, as outlined in Article 6(1)(b) of the GDPR. If Chilcy's services are employed by your employer or another third party, we serve as the processor under Article 4(8) of the GDPR.

For functional purposes, our platform employs cookies and related automatic data collection technologies to ensure optimal functionality. These cookies are non-intrusive and do not track or store identifiable personal information beyond what is necessary for platform operation.

Session cookies are designed to automatically delete upon the closure of your browser. Visitors may disable cookies within their browser settings, though this may affect platform functionality.

Data files uploaded to Chilcy and database connections configured within the platform are used solely to power your KPI dashboards and AI-generated reports. This data is not shared with any third parties beyond what is necessary to provide core functionality. You retain complete control and can delete your data at any time from within the platform.