← Chief of Staff AI

Legal

Privacy Policy

Effective: April 7, 2026 · Last updated: April 7, 2026

1. Who We Are

Chief of Staff AI ("CoS AI") is operated by Ghosson Al Khaled. This policy explains how we collect, use, and protect your information when you use our Service at chiefofstaffai.ai. Contact: privacy@chiefofstaffai.ai

2. Information We Collect

We collect: (a) Account information — name, email address, and profile data from your Google or Microsoft account when you sign in via OAuth; (b) Payment information — processed and stored securely by Stripe; we never see or store your full card number; (c) Usage data — your calendar events, emails you connect, documents you upload, and messages you send to the AI; (d) Technical data — IP address, browser type, device identifiers, and usage logs for security and performance purposes.

3. How We Use Your Information

We use your information to: provide and personalise the Service; generate your morning briefs and AI responses; send transactional emails (access details, billing notices); improve the Service; comply with legal obligations. We do not use your business data to train general AI models that benefit other users.

4. What We Do NOT Do

We do not sell your data to anyone. Ever. We do not share your data with other users. We do not use your conversations to train AI models. You can request full data deletion at any time by emailing privacy@chiefofstaffai.ai.

5. Third-Party Services

We share data with: Stripe (payment processing); Anthropic (AI inference — your prompts are processed by Claude; see Anthropic's privacy policy); Google (Calendar and Gmail integration, subject to Google's API Services User Data Policy); Resend (transactional email). Each third party is contractually bound to protect your data and use it only to provide their service to us.

6. Data Retention

We retain your data for as long as your account is active. If you cancel, we delete your personal data within 90 days, except where we are required to retain it by law (e.g. billing records for tax purposes, retained for 7 years).

7. Security

Your conversations are encrypted at rest with AES-256-GCM (banking standard). We use TLS for data in transit, encrypted storage for OAuth tokens, and access controls. Access by the company is logged and audited. Your data is never used for AI training without your explicit consent. No system is perfectly secure; we will notify you promptly in the event of a breach affecting your data.

8. Your Rights

You have the right to: access the personal data we hold about you; correct inaccurate data; request deletion of your data; export your data in a portable format; withdraw consent at any time. To exercise any of these rights, email privacy@chiefofstaffai.ai. We will respond within 30 days.

9. Cookies

We use session cookies required for authentication. We do not use advertising cookies or tracking pixels.

10. Children

The Service is not directed to individuals under 18. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this policy. We will notify you of material changes by email or in-app notice at least 14 days before they take effect.

12. Contact

For privacy questions or data requests: privacy@chiefofstaffai.ai