Privacy Policy
This Privacy Policy explains how Chartered Strategy (a DBA of Canvas Ethos LLC, a Florida limited liability company) collects, uses, discloses, and protects information from visitors to charteredstrategy.com (the "Site") and from clients of Chartered Strategy (the "Service"). By using the Site or the Service, you consent to the practices described here.
1. What personal information do we collect?
We collect personal information only when you choose to provide it. This includes:
- Your name and email address when you subscribe to our newsletter or contact us
- Information you provide on the Discovery Call intake form (spend volume, card history, travel goals, business or personal context)
- Engagement-related information shared during client work (card portfolio details, redemption preferences, billing information)
- Any other information you voluntarily provide via email or other communication
We do not require visitors to provide personal information to browse the Site. We do not knowingly request or collect Social Security numbers, full credit card account numbers, or other sensitive credential information through the Site.
2. When do we collect information?
We collect information when you:
- Subscribe to The Chartered Letter newsletter
- Submit the Discovery Call form or Apply form
- Email us, message us, or otherwise contact us
- Engage Chartered Strategy as a client
- Visit the Site (automated technical information described below)
3. How do we use your information?
We use your information to:
- Respond to your inquiries and provide the Service
- Send newsletter content and engagement communications you have requested or that are necessary to deliver the Service
- Build, maintain, and improve the Site and the Service
- Comply with legal obligations
- Detect, prevent, and address technical or security issues
We do not sell, rent, or trade personal information to third parties. We do not use your client portfolio information for any purpose other than providing the Service to you.
4. How do we protect information?
We use commercially reasonable safeguards to protect personal information against unauthorized access, alteration, disclosure, or destruction. This includes encryption in transit (HTTPS), encrypted storage for client engagement records, and access controls limiting who can view your information.
No method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security but commit to industry-standard practices appropriate to a small advisory firm.
5. Cookies and tracking technologies
The Site may use cookies and similar technologies to remember your preferences, understand how the Site is used, and deliver relevant content. Categories include:
- Essential cookies required for the Site to function
- Analytics cookies (e.g., Google Analytics) that help us understand aggregate Site usage
- Advertising or affiliate-tracking cookies set by third-party affiliate networks when you click affiliate links
You can disable cookies in your browser settings. Disabling some cookies may affect Site functionality.
6. Third-party disclosure
We do not sell, trade, or otherwise transfer personally identifiable information to outside parties except as follows:
- To service providers (e.g., email/newsletter platforms, hosting providers, payment processors) who operate the Site or the Service on our behalf under confidentiality obligations
- To comply with applicable law, regulation, subpoena, or government request
- To protect the rights, property, or safety of Chartered Strategy, our clients, or others
- In connection with a sale, merger, or transfer of business assets, in which case we will provide notice before personal information is transferred and becomes subject to a different privacy policy
7. Third-party links
The Site contains affiliate links and other links to third-party sites operated by credit card issuers, affiliate networks (such as Bankrate, CardRatings, CJ Affiliate, and Impact), and other independent parties. Once you leave the Site, this Privacy Policy no longer applies. We are not responsible for the content or privacy practices of third-party sites.
8. Google Analytics
We may use Google Analytics to understand aggregate Site usage. Google Analytics collects information such as how often users visit the Site, what pages they visit, and what other sites they used prior to coming to the Site. We use this information only to improve the Site. Google's ability to use and share this information is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. You may opt out of Google Analytics by installing the Google Analytics opt-out browser add-on.
9. California Online Privacy Protection Act (CalOPPA)
We comply with CalOPPA. As required:
- Visitors can browse the Site anonymously without providing personal information
- This Privacy Policy is accessible from every page of the Site via a clearly labeled link
- Users will be notified of material changes to this Privacy Policy via the "Last updated" date at the top of this page
- Users may request a change to their personal information by emailing [email protected]
10. California Consumer Privacy Act (CCPA) rights
If you are a California resident, you have the following rights regarding your personal information:
- Right to know what personal information we collect, use, and disclose
- Right to request deletion of your personal information (subject to legal exceptions)
- Right to opt out of the sale or sharing of your personal information (we do not sell or share personal information for cross-context behavioral advertising)
- Right to non-discrimination for exercising your CCPA rights
To exercise these rights, email [email protected]. We will verify your identity before processing the request and respond within the timeframes required by law.
11. Other US state privacy rights
Residents of Virginia (under the VCDPA), Colorado (under the CPA), Connecticut (under the CTDPA), Utah (under the UCPA), Texas (under the TDPSA), Oregon (under the OCPA), and other states with comprehensive consumer privacy laws have substantially similar rights to those described under the CCPA: the right to access, correct, delete, and obtain a portable copy of personal information, and the right to opt out of targeted advertising, sale of personal data, and certain profiling activities. To exercise any of these rights, email [email protected]. We will verify your residency and identity before processing the request and respond within the timeframes required by the applicable law. We do not engage in the sale of personal data, targeted advertising based on cross-context behavioral profiling, or profiling for decisions that produce legal or similarly significant effects.
12. General Data Protection Regulation (GDPR)
If you are located in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR), UK GDPR, or the Swiss Federal Act on Data Protection (FADP) may apply to our processing of your personal data. Our legal bases for processing are: (a) consent, where you have opted in to a newsletter or submitted a form; (b) contract, where processing is necessary to deliver the Service; (c) legitimate interest, for ordinary site analytics and security; and (d) legal obligation where applicable. You have the right to access, rectify, erase, restrict, port, or object to the processing of your personal data. You also have the right to lodge a complaint with your local supervisory authority. To exercise these rights, email [email protected]. We do not transfer personal data outside the United States as part of normal operations; if such a transfer becomes necessary, we will rely on appropriate safeguards as required by GDPR.
13. Data retention
We retain personal information for as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Specifically: newsletter contact information is retained until you unsubscribe; Discovery Call intake form data is retained for 24 months after the inquiry unless an engagement begins; active client engagement records are retained for the duration of the engagement plus 7 years thereafter (consistent with typical business and tax recordkeeping requirements); and aggregate, non-identifiable analytics data may be retained indefinitely. You may request earlier deletion under the rights described above, subject to legal recordkeeping exceptions.
14. Do Not Track signals
Some browsers offer a "Do Not Track" (DNT) signal. There is no consistent industry standard for how to interpret DNT signals. We do not currently respond to DNT signals.
15. Children's Online Privacy Protection Act (COPPA)
The Site and the Service are not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete that information promptly.
16. Fair Information Practices
In the event of a data breach affecting your personal information, we will notify affected users by email within 7 business days of confirming the breach, where reasonably possible, and will cooperate with the appropriate regulatory authorities.
17. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised "Last updated" date. Material changes will be communicated via newsletter or in-Site notice where reasonable.
18. Contacting us
Questions about this Privacy Policy or requests to exercise your privacy rights can be sent to:
Email: [email protected]
Chartered Strategy, a DBA of Canvas Ethos LLC (Florida)