This website is owned by ChartHop, Inc., a Delaware corporation. (When we say “We” or “Our” in this document, we mean ChartHop, Inc.)
Our mission is to organize our customers' people data, by building the best org optimization software in the world.
As part of that mission, protecting our customers' private and sensitive data is especially important to us. Our business model is not based on reselling or sharing private data. We believe we win by providing a secure, trusted service and being transparent with our customers.
Website ( https://www.charthop.com) visitors
As is standard for many websites, we use tracking cookies to identify trends about the visitors on our Marketing Site. Non-personally identifying information, such as your web browser version, your IP address, and the website you clicked from, may all be stored in our logs and third-party website analytics services such as Google Analytics.
If you fill out a contact form, we will collect and retain the personally identifying information that you have provided to us, such as name, email address, and company name, together with information such as your web browser and IP address.
We use this information to understand and evaluate the success of our marketing and sales efforts, and follow up with potential customers, including via email.
ChartHop employees with a business need to see this information, primarily members of our sales and marketing teams. They will only use this information to support ChartHop customer acquisition efforts and will not share your information with third parties, except trusted vendors needed to directly support our sales and marketing programs, such as our email marketing platform.
We send emails for both marketing and transactional purposes. Our emails' footers should communicate why you received an email from us.
If it is a marketing email, you may have received it because you signed up on our website, or have used our service in the past. If the email is an invitation to join ChartHop and become an Authorized User, the email will state who sent you the invitation. If it is a transactional email, such as a notification, you should have received it because you are an Authorized User and your personal or organizational settings were set to receive that transactional email.
To unsubscribe from our emails, click the link in the footer of the email. Authorized Users can also control their email notification preferences in the interface.
Our website uses TLS (Transport Layer Security) to encrypt any communications between our website and your web browser. The data that we store is protected in networks that are encrypted, and we use a variety of security measures, including two-factor authentication, to restrict who has access to this information.
We do not share or sell identifying information with third parties except that we may store the information with specific vendors, such as our email marketing platform, who per their policies must not email you except on our behalf.
Send us an email at firstname.lastname@example.org and we will remove it.
The basic function of the Service is the secure storage, processing, and retrieval of information (“Customer Data”) that is sent to us by our Customers. This includes our Customers' human resources and organizational information, such as current and past employee rosters and management structures, and includes Personally Identifiable Information ("PII"), such as home address and birthdate, as well as organizational data such as compensation or performance review data.
Customer Data may be entered or updated individually by customers using the ChartHop user interface ("UI"), can be bulk-imported via upload in the UI, can be transferred using ChartHop's programmatic interface ("API"), or can be automatically synced from remote systems. Access to this data is strictly restricted via Customer-controlled permissions and is not shared between Customers or with other systems, except at the Customer’s explicit request.
ChartHop does not permit the use of the Service to store medical or health records, financial account numbers or credit card numbers, or any information about children under the age of 16.
We set our own (“first party”) cookies, and use your browser’s local storage and session storage features, to identify our Authorized Users, and retain certain user preferences.
We do not currently set “third party” cookies within our service. In the future, we may add some third-party product analytics tools to help us understand usage of our product and improve it.
Like many services on the internet, we automatically log all activity by Authorized Users (the “Access Log”). This activity is identifiable by user, and includes a record of the specific query that the user requested, as well as information such as IP address, web browser, timestamp. The Access Log is stored with a secure third party logging service, and the third party deletes the log after our standard retention period (currently 7 days).
A log of all changes to Customer Data made by Authorized Users (the “Change Log”) is stored in our own secure database as long as a Customer has an account, as it is a basic business requirement that Customers be able to determine who has changed what data. We delete the Change Log only when Customers terminate, or if required to by law.
The primary use of the information we store is by the Customer, or users who have been granted permissions by our Customer (“Authorized Users”), who can retrieve and analyze the data that has been stored in the user interface or using the API.
The Customer can use the UI to view reports, visualizations, and individual information on members of their organization, and can use the programmatic API to export their data to other sources.
We use Customer Data to serve and provide the platform to Customers, including understanding usage of our product and making improvements to all of the features above.
We may aggregate data from across all ChartHop customers, for example by reporting on industry benchmarks and trends. Once aggregated, this data will will never include information that identifies an individual, or an individual company.
ChartHop contains granular sensitivity controls that permit the Customer to control each type of data, and which Authorized Users can see which data.
ChartHop employees are required to sign confidentiality agreements, and do not receive general access to Customer Data beyond that required to perform their duties. If ChartHop employees request and receive permission to view non-anonymized Customer Data, they will be visible in the Customer’s list of Authorized Users in the user interface.
The exceptions are certain Engineers and Security personnel who may have production access, Data Scientists and Analysts who may do aggregate analysis on data that has been anonymized and scrubbed of PII, and similar roles that require access to perform their duties. Such access is limited and strictly controlled.
Our website uses TLS (Transport Layer Security) to encrypt any communications between our website and your web browser. The data that we store is protected behind firewalls and encrypted at rest. Access to the data is strictly controlled, and data is pseudonymized if it leaves the production environment. Passwords are stored encrypted under the current industry standard (bcrypt) -- although we recommend our Customers avoid passworded logins in favor of using two-factor authenticated Single Sign On accounts (and we require SSO for all ChartHop employees), For more information on our security measures, please contact email@example.com.
We do not share Customer Data with others, except at the explicit request of that Customer. For example, the Customer may turn on an integration with a third party such that ChartHop automatically sends data to that third party. Such integrations are turned on at the Customer’s risk, as ChartHop cannot control what happens with the data after it leaves ChartHop.
We may share anonymous, aggregated data with third parties, such as, for example, the number of total personnel records that ChartHop is managing.
Following Customer termination, we will delete all of a Customer’s identifiable data after one year, or earlier if you request it at firstname.lastname@example.org.
If you are an Authorized User of ChartHop, you can view the data in the Service itself, by visiting “My Profile”.
If you are not an Authorized User, you will need to contact our Customer, who is the Controller of the data and has the ability to retrieve your information from ChartHop.
If you want your identifying data to be deleted, you will need to contact our Customer, who is the Controller of the data and has the ability to pseudonymize or delete your information.
We will comply fully with all legal obligations, but we will notify our Customer of the request, to the extent that it is possible for us to do so.
All information collected by ChartHop may be part of that transaction and could be used by the acquiring entity. We cannot guarantee that a new owner will comply with every term in this Policy. We can state that the responsible management of Customer Data is among the most important factors in our evaluation of any potential acquirer.
We do not treat DNT requests differently from other requests, because in our opinion there is insufficient consensus on how to treat these requests for Authorized Users, and very limited consumer awareness.
Although ChartHop is a US business, ChartHop intends to comply with the European Union’s General Data Protection Regulation, for both EU citizens and non-EU citizens. Under GDPR, when it comes to our Customer Data, ChartHop is considered the Data Processor, and our Customers are the Data Controllers.
The Data Protection Officer is Ian White.