Privacy Policy

Last updated: October 1, 2025

Effective Date: October 1, 2025 Last Updated: October 1, 2025

Chiri, Inc. ("Chiri," "Company," "we," "our," or "us") provides the Chiri Brain platform and related services, including our website, hosted application, APIs, agents, orchestration tools, and related software and services (collectively, the "Services").

This Privacy Policy explains how we collect, use, disclose, and otherwise process Personal Data in connection with the Services.

Capitalized terms not defined in this Privacy Policy have the meanings given in our Online Terms of Service or other applicable agreement with you. For example, "Customer Data," "Personal Data," "Platform," "Services," and "Third-Party Models" have the meanings used in those documents.

1. Scope

This Privacy Policy applies to Personal Data we process when you:

  • visit our website;
  • create an account or use the Platform;
  • subscribe to paid or trial Services;
  • interact with us for support, sales, or marketing;
  • attend an event, request a demo, or otherwise communicate with us; or
  • act as an Authorized User, billing contact, administrator, or representative of a customer or prospective customer.

This Privacy Policy does not apply to the extent we process Customer Data on behalf of a customer as a processor or service provider under a Data Processing Addendum ("DPA") or similar agreement. In those situations, the customer controls how that Customer Data is used, and we process it on the customer's instructions.

2. Our Role

Depending on the context, Chiri may act as either:

  • a controller (or "business," under certain U.S. state privacy laws) for Personal Data relating to website visitors, leads, account holders, administrators, billing contacts, and our own business operations; or
  • a processor (or "service provider" / "contractor") when we process Customer Data on behalf of a customer under the customer's instructions.

If you use the Services through an organization, that organization may be the controller of your Customer Data. In that case, please direct privacy questions about Customer Data to your organization first.

3. Personal Data We Collect

3.1 Information you provide directly

Depending on how you interact with us, we may collect:

  • Account and profile information, such as your name, work email address, password or authentication credentials, company name, workspace name, job title, and profile settings.
  • Billing and commercial information, such as billing contact details, subscription plan, seat count, credits, purchase history, invoices, tax-related information, and limited payment-related metadata. Payment card details are generally processed by our payment processor and not stored by Chiri, except for limited confirmation details such as payment status, card brand, expiration month/year, and last four digits where available.
  • Customer Data and user content, such as prompts, inputs, uploaded files, documents, messages, outputs, task configurations, workflows, Task Personas, execution history, and related content submitted to the Platform.
  • Communications, such as information you provide when you contact sales, support, or legal, respond to surveys, request a demo, attend webinars, or otherwise communicate with us.
  • Workspace administration data, such as administrator assignments, seat management actions, billing changes, permission settings, and notices or instructions submitted by team administrators.

3.2 Information we collect automatically

When you use our website or Services, we may automatically collect:

  • Device and network information, such as IP address, browser type, device type, operating system, language, approximate geolocation derived from IP, and identifiers associated with your browser or device.
  • Usage information, such as pages viewed, session activity, clicks, referring URLs, timestamps, feature usage, log data, crash reports, and diagnostics.
  • Authentication and security information, such as login events, failed login attempts, session identifiers, fraud and abuse signals, and audit logs.
  • Execution and operational logs, such as Execution Traces, model-routing records, API usage, tool usage, job history, and similar operational telemetry generated by use of the Platform.
  • Cookie and similar technology data, as described in our Cookie Notice.

3.3 Information we receive from other sources

We may receive Personal Data from:

  • your employer or organization, if it provisions your account;
  • identity providers and single sign-on providers;
  • payment processors;
  • business partners, referral sources, and event sponsors;
  • support, CRM, analytics, and communications vendors;
  • third-party integrations you connect to the Platform; and
  • publicly available sources, such as company websites or professional networking profiles, where permitted by law.

4. How We Use Personal Data

We use Personal Data for the following purposes:

  • to provide, operate, maintain, and secure the Services;
  • to create and manage accounts, authenticate users, and administer workspaces;
  • to process subscriptions, payments, renewals, tax obligations, invoices, and account administration;
  • to provide customer support, troubleshooting, onboarding, and training;
  • to process Customer Data and generate outputs at the direction of our customers and users;
  • to monitor performance, improve reliability, develop features, and conduct product analytics;
  • to detect, investigate, prevent, and respond to fraud, abuse, unauthorized access, security incidents, and other harmful or illegal activity;
  • to communicate with you about the Services, updates, support matters, invoices, security notices, and legal or contractual notices;
  • to send marketing communications where permitted by law and subject to your preferences;
  • to comply with legal obligations and enforce our agreements; and
  • to establish, exercise, or defend legal claims.

5. AI- and Platform-Specific Processing

Because Chiri is an AI platform, some of the Personal Data we process may be included in prompts, uploaded files, workflow configurations, outputs, or Execution Traces.

5.1 Customer Data

If you or your organization submit Customer Data to the Platform, we process that Customer Data to provide the Services, operate the Platform for the relevant customer's benefit, provide support, maintain security, and perform other activities described in the applicable agreement and DPA.

5.2 Model providers and integrations

To provide the Services, we may route prompts, files, or other inputs to third-party service providers, including Third-Party Models or infrastructure providers, where necessary to perform requested functionality. We require service providers acting on our behalf to process data subject to contractual restrictions.

5.3 No generalized model training without express consent

Unless we expressly state otherwise in writing and obtain any required consent, we do not use Customer Data to train generalized AI or foundation models.

5.4 Aggregated and deidentified data

We may generate and use aggregated or deidentified usage data to operate, analyze, improve, and optimize the Services, provided that such data does not reasonably identify you or your organization.

6. Legal Bases for Processing (EEA, UK, and Similar Jurisdictions)

Where required by applicable law, we rely on one or more of the following legal bases:

  • Performance of a contract: to provide the Services, process payments, manage subscriptions, authenticate users, and respond to requests made in connection with the Services.
  • Legitimate interests: to secure, maintain, improve, analyze, and market the Services; manage business relationships; prevent fraud and misuse; and defend legal claims, provided those interests are not overridden by your rights.
  • Consent: where required, such as for certain cookies or certain marketing communications.
  • Compliance with legal obligations: to comply with tax, accounting, law enforcement, export, sanctions, or other legal requirements.
  • Vital interests or public interest: where applicable under law.

If we rely on consent, you may withdraw it at any time, although withdrawal will not affect processing that has already occurred.

7. How We Disclose Personal Data

We may disclose Personal Data to the following categories of recipients:

  • Service providers and subprocessors that support hosting, infrastructure, authentication, payment processing, analytics, communications, support, security, and other business operations;
  • Third-Party Model providers and integration partners, where needed to provide requested features;
  • Workspace administrators and account owners, who may be able to access account, billing, usage, and certain content associated with users in their workspace;
  • Affiliates and corporate group entities, where relevant for internal administration and support;
  • Professional advisers, such as lawyers, accountants, auditors, insurers, and financing sources;
  • Government authorities, regulators, courts, and law enforcement, where required by law or where necessary to protect rights, safety, and security; and
  • Parties to a corporate transaction, such as a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets.

We do not disclose Personal Data to third parties for their own independent marketing purposes except as described in this Privacy Policy or with your consent.

8. Cookies and Similar Technologies

We use cookies and similar technologies for strictly necessary functions and, depending on your settings and location, for analytics, as described in our Cookie Notice.

Where required by law, we obtain consent before placing or reading non-essential cookies or similar technologies.

9. International Transfers

Chiri is based in the United States, and the Services are generally hosted and processed in the United States unless otherwise agreed in writing.

If you access the Services from outside the United States, your Personal Data may be transferred to and processed in countries that may not provide the same level of protection as your home jurisdiction. Where required by law, we implement appropriate safeguards for international transfers, such as contractual commitments or other recognized transfer mechanisms.

10. Retention

We retain Personal Data for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements.

Unless a different period is required by law, contract, or a documented customer instruction, our default retention approach is:

  • account information: for the life of the account and a reasonable period thereafter;
  • active Customer Data: for the duration of the subscription or service relationship;
  • deleted or closed account data: deleted or anonymized within a reasonable period after account closure or verified deletion request, subject to backups and legal retention;
  • support communications: retained for a reasonable support and recordkeeping period;
  • security and audit logs: retained for at least 12 months where operationally required;
  • billing, tax, and transaction records: retained as long as required for tax, accounting, and financial compliance;
  • backup copies: retained on a rolling basis for disaster recovery and deleted in the ordinary course.

Where we process Customer Data on behalf of a customer, retention and deletion are also subject to the customer agreement, DPA, and customer instructions.

11. Security

We use technical, organizational, and administrative safeguards designed to protect Personal Data, including access controls, encryption in transit, encryption at rest where appropriate, logging, monitoring, and security review processes.

No method of transmission over the internet or method of storage is completely secure, and we cannot guarantee absolute security.

12. Your Privacy Rights

Depending on where you live and the context in which we process your Personal Data, you may have the right to:

  • know whether we process your Personal Data;
  • access or obtain a copy of your Personal Data;
  • correct inaccurate Personal Data;
  • delete Personal Data;
  • restrict certain processing;
  • object to certain processing;
  • receive Personal Data in a portable format;
  • withdraw consent where processing is based on consent;
  • opt out of certain uses, such as marketing communications;
  • opt out of sale, sharing, targeted advertising, profiling, or certain automated decision-making, where applicable; and
  • appeal a denial of a privacy request where required by applicable law.

12.1 How to exercise rights

You may submit privacy requests by contacting us at support@chiri.ai.

We may need to verify your identity before processing certain requests. You may also designate an authorized agent where permitted by law.

If we process your Personal Data as a processor or service provider on behalf of a customer, we may direct your request to that customer.

12.2 Marketing communications

You can unsubscribe from marketing emails at any time using the unsubscribe link in the message or by contacting us using the details below. We may still send transactional or service-related communications.

12.3 Complaints

If you are in the EEA, UK, or another jurisdiction with a supervisory authority, you may have the right to lodge a complaint with your local data protection regulator.

13. Additional U.S. State Privacy Disclosures

This section provides supplemental disclosures for residents of California and other U.S. states with applicable privacy laws.

13.1 Categories of Personal Data we collect

In the preceding 12 months, depending on how you interact with the Services, we may have collected the following categories of Personal Data:

  • identifiers and contact information;
  • commercial and billing information;
  • internet or electronic network activity information;
  • device, log, and usage information;
  • geolocation information derived from IP address;
  • professional or employment-related information;
  • account credentials and authentication information;
  • Customer Data and communications content; and
  • in limited cases, other information you choose to provide to us.

13.2 Sources

We collect Personal Data from:

  • you directly;
  • your organization or workspace administrator;
  • your devices and browser;
  • service providers and subprocessors;
  • payment processors, identity providers, and integrations; and
  • business partners and publicly available sources where permitted.

13.3 Purposes

We collect and use Personal Data for the purposes described in Section 4 above.

13.4 Disclosure

We disclose Personal Data to the categories of recipients described in Section 7 above.

13.5 Sale, sharing, and targeted advertising

Chiri does not sell Personal Data for money and does not share Personal Data for cross-context behavioral advertising.

If Chiri later enables advertising or retargeting technologies that qualify as "sharing," "sale," or "targeted advertising" under applicable law, this Privacy Policy and our cookie tools will be updated before those technologies go live.

13.6 Sensitive personal information

Chiri does not intentionally collect or use sensitive personal information to infer characteristics about individuals.

Because the Platform is configurable, customers or users may choose to submit sensitive information as part of Customer Data. In that case, we process such data only to provide the Services and in accordance with the applicable customer agreement, DPA, customer instructions, and applicable law.

13.7 Non-discrimination

We will not discriminate against you for exercising your privacy rights, except as permitted by law.

14. Children's Privacy

The Services are intended for business users and are not directed to children under 16. We do not knowingly collect Personal Data directly from children under 16 for our own purposes. If you believe a child has provided Personal Data to us in violation of this section, please contact us.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated version here and update the "Last Updated" date. Where required by law, we will provide additional notice.

16. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us at:

Chiri, Inc. 8735 Dunwoody Place Ste N Atlanta, GA 30350 Email: support@chiri.ai