Privacy Policy

1. Who We Are

This Privacy Policy applies to NF Global LLC, a company registered in the United States of America, trading as Chatpire. References to "Chatpire", "we", "us", or "our" throughout this policy all refer to NF Global LLC.

Chatpire is a B2B cold email outreach agency. We design and execute outbound email campaigns on behalf of European B2B companies. We operate in two distinct roles under data protection law:

• As a Data Processor: When we handle personal data belonging to our clients' prospects on their behalf, our clients are the Data Controllers and we follow their documented instructions.
• As a Data Controller: When we collect personal data directly through our website — e.g. when you fill in our contact form or book a strategy call — we make our own decisions about how that data is used.

2. Scope of This Policy

This policy applies to:

• Visitors to chatpire.com
• Individuals who contact us through our website contact form
• Prospective and current clients who book a strategy call or enter a commercial relationship with Chatpire
• Any individual whose personal data we process as a Data Processor on behalf of our clients

This policy does not apply to third-party websites, products, or services that may be linked from our website. We do not knowingly collect personal data from individuals under the age of 16. Our website and services are directed exclusively at business professionals.

3. What Personal Data We Collect and Why

3.1 Data You Provide to Us Directly

When you complete our website contact form or schedule a strategy call, we collect your full name, work or personal email address, company name, and meeting times and scheduling preferences (via Calendly). We collect this data solely to respond to your enquiry and arrange a meeting. We do not use it for unsolicited marketing unless you give us explicit consent.

3.2 Data Collected Automatically

When you visit chatpire.com, our infrastructure and analytics tools automatically collect: IP address, browser type and version, operating system, pages visited and time spent, referring URL, and date and time of your visit. This is collected via Google Analytics and Webflow's built-in analytics, used to understand how our site is used and to maintain security.

3.3 Data We Process on Behalf of Clients (Data Processor Role)

When we deliver cold email outreach campaigns for our clients, we may process personal data relating to their target contacts — including business email addresses, job title, company name, and LinkedIn profile data. In this capacity:

• Our clients are the Data Controllers and determine the purpose and means of processing.
• We act solely as a Data Processor, operating under written instructions from our clients.
• We do not use this data for any purpose other than delivering the contracted service.
• We are bound by Data Processing Agreements (DPAs) with each client.

3.4 What We Do Not Collect

We do not collect or process: sensitive ("special category") personal data such as health or biometric information, financial or payment card data, or personal data from children under the age of 16.

4. Legal Bases for Processing (GDPR Article 6)

Under the EU GDPR, UK GDPR, and equivalent French data protection legislation, every processing activity must rest on a valid legal basis. The table below explains what we process, why, and the legal basis we rely on.

Where we rely on legitimate interest, we have carried out a balancing test to ensure our interests do not override the rights and freedoms of individuals. You have the right to object to processing based on legitimate interest at any time (see Section 9).

5. How We Share Your Personal Data

We do not sell your personal data. We do not share it with third parties for their own marketing purposes. We only share data in the following limited circumstances.

5.1 Third-Party Service Providers (Sub-Processors)

We use a limited number of trusted service providers to help us operate our business. Each is subject to data processing or sub-processing agreements that restrict how they may use your data:

5.2 Legal Requirements and Law Enforcement

We may disclose personal data to government bodies, law enforcement agencies, or regulators if legally required to do so, or if we believe in good faith that disclosure is necessary to comply with a legal obligation or to protect the rights or safety of Chatpire or others.

5.3 Business Transfers

If Chatpire is involved in a merger, acquisition, restructuring, or sale of all or part of its business, personal data held by us may be transferred to the acquiring entity. We will notify affected individuals and ensure appropriate protections remain in place.

6. Cookies and Analytics

6.1 What Cookies We Use

• Essential cookies: Required for the website to function correctly. These cannot be disabled.
• Analytics cookies: Used by Google Analytics to collect data about how visitors use our website. These are only set with your prior consent in the EU/UK/France.
• Form functionality cookies: Used by Webflow to process contact form submissions reliably.
• Scheduling cookies: Used by Calendly to manage booking sessions when you schedule a call.

6.2 Consent for Non-Essential Cookies

In line with EU GDPR, UK GDPR, and CNIL guidance, we obtain your prior, freely given, and informed consent before placing any non-essential cookies on your device. This is collected via a cookie consent banner when you first visit chatpire.com. You may withdraw consent at any time by adjusting your cookie settings in the banner or by clearing cookies from your browser.

6.3 Managing Cookies

You can manage or delete cookies at any time through your browser settings. Disabling analytics cookies will not affect the core functionality of our website. For more information, visit allaboutcookies.org.

7. Data Retention

We only keep personal data for as long as necessary to fulfil the purpose for which it was collected, or as required by law.

At the end of each retention period, data is securely deleted or irreversibly anonymised. If a legal claim is in progress, we may retain relevant data until the claim is resolved, after which normal retention periods apply.

8. International Data Transfers

Chatpire is based in the United States. When we collect personal data from individuals located in the EEA, the UK, or France, that data is transferred to and processed in the USA — a country that does not have a blanket adequacy decision for commercial data flows from the EU.

8.1 Safeguards We Use

• Standard Contractual Clauses (SCCs): We use the European Commission's approved SCCs (June 2021 version) in our agreements with our US-based sub-processors.
• UK International Data Transfer Agreements (IDTAs): For transfers from the UK, we rely on the UK ICO's IDTA or the UK Addendum to the EU SCCs.
• Written DPAs: All sub-processors are subject to Data Processing Agreements that incorporate the applicable transfer mechanism and GDPR Article 28 requirements.

8.2 EU-US Data Privacy Framework

Some of our US-based sub-processors (including Google) may be certified under the EU-US Data Privacy Framework (DPF), which provides an additional adequacy mechanism for EEA-to-USA transfers. You can verify a company's certification status at dataprivacyframework.gov.

9. Your Rights Under GDPR and UK GDPR

If you are located in the EEA, the UK, or France, you have the following rights in relation to your personal data. We will respond to all verified requests within one calendar month (extendable by a further two months for complex requests, with notice).

• Right of Access (Art. 15): Receive a copy of the personal data we hold about you.
• Right to Rectification (Art. 16): Ask us to correct or complete inaccurate or incomplete data.
• Right to Erasure / Right to be Forgotten (Art. 17): Ask us to delete your personal data in certain circumstances.
• Right to Restriction of Processing (Art. 18): Ask us to pause processing of your data in certain circumstances.
• Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format and transmit it to another controller.
• Right to Object (Art. 21): Object to processing based on legitimate interest or for direct marketing at any time.
• Right to Withdraw Consent (Art. 7(3)): Withdraw consent at any time without affecting the lawfulness of prior processing.
• Right Not to Be Subject to Automated Decision-Making (Art. 22): We do not make decisions about you solely based on automated processing producing legal or similarly significant effects.

To exercise any of these rights, contact us at support@chatpireteam.com. We may ask for reasonable proof of identity to protect against unauthorised requests.

These rights apply to data we process as a Data Controller. For data processed in our Data Processor role, please direct your request to the relevant client.

10. How to Lodge a Complaint

If you believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with the relevant supervisory authority — without prejudice to any other legal remedy available to you.

10.1 France and the European Union

For residents of France, the competent supervisory authority is the CNIL:

Residents of other EU member states may find their national supervisory authority at edpb.europa.eu.

10.2 United Kingdom

We would appreciate the opportunity to address your concerns before you contact a supervisory authority. Please reach out to us first at support@chatpireteam.com.

11. How We Protect Your Data

We implement appropriate technical and organisational security measures to protect personal data against unauthorised access, accidental loss, alteration, or destruction:

• Encrypted email communications (TLS/SSL) via Google Workspace
• Access controls restricting personal data to staff who need it to perform their role
• Secure password policies and multi-factor authentication for all systems containing personal data
• Regular review of sub-processors' security practices and certifications
• Documented incident response procedures to identify, contain, and report data breaches

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware, and where required notify affected individuals without undue delay.

12. Children's Privacy

Our website and services are intended solely for business professionals aged 18 and over. We do not knowingly collect or process personal data from individuals under the age of 16. If you believe we have done so inadvertently, please contact us at support@chatpireteam.com and we will delete it promptly.

13. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last Updated" date at the top of this document and post the revised policy on chatpire.com. Where required by applicable law, we will notify affected individuals by email or via a prominent notice on our website before the changes take effect.

14. Contact Us

For any questions about this Privacy Policy, to exercise your data protection rights, or for any other data-related enquiries:

We aim to acknowledge all data protection enquiries within 5 business days and to resolve requests within the statutory 30-day period under GDPR.