Overview

At Chartnote, protecting user privacy and securing personal data is a top priority. As part of our ongoing commitment to global data protection standards, we adhere to the General Data Protection Regulation (GDPR) — a comprehensive privacy law governing how personal data from individuals in the European Union (EU) and United Kingdom (UK) is collected, processed, and transferred.

This policy ensures that even when we process data outside the EU/UK, it remains protected through robust contractual and technical safeguards.

How Chartnote Ensures GDPR Compliance

1. Data Transfers Outside the EU/UK

Chartnote may store or process personal data in countries outside the EU or UK. When doing so, we take steps to ensure the data remains protected to the same standard required under GDPR.

We implement the following safeguards:

• Standard Contractual Clauses (SCCs):

  Chartnote uses European Commission-approved contractual obligations to legally safeguard data transfers outside the EU/UK.

• Adequacy Decisions:

  When available, we rely on adequacy decisions from the European Commission or UK government for countries deemed to offer an adequate level of data protection.

• Additional Measures:

  Where required, Chartnote adopts supplementary technical and organizational measures—such as encryption, access controls, and data minimization—to maintain data integrity and confidentiality.

2. Transparency and User Rights

We believe in full transparency about how data is used. When you use Chartnote’s services, you acknowledge that your data may be transferred and stored securely outside your home country.

If you have any concerns or questions about Chartnote’s data protection or transfer practices, you can contact our Privacy team at hello@chartnote.com.

3. Staff Training and Compliance

All Chartnote team members undergo GDPR and CCPA training through Vanta, our compliance partner.

These training modules cover:

• Data protection principles

• Handling personal and sensitive data

• Incident response and breach reporting

• Responsibilities under GDPR and CCPA

Completion of these trainings is mandatory for all team members to ensure compliance and awareness across the organization.

Related Policies and Resources

• Chartnote Privacy Policy

• GDPR Overview (EU Commission)

• Chartnote Trust Portal

Summary

Chartnote’s GDPR compliance framework is built around transparency, security, and accountability. Through SCCs, data protection measures, and regular staff training, we ensure all data handled by Chartnote meets the highest privacy standards—no matter where it’s processed.