PRIVACY POLICY

Effective Date: June 16, 2026

The website www.thechronicceo.co and the Flodesk-hosted opt-in pages, landing pages, checkout pages, and email subscription experiences operated by The Chronic CEO, LLC (collectively, the "Website") and their content are owned by The Chronic CEO, LLC ("Company," "we," or "us"). The term "you" refers to the user and/or viewer of this Website, who agrees to and acknowledges being bound by the following terms of this Privacy Policy, and any information that you contribute or provide to Company is subject to the terms of this Privacy Policy.

The purpose of this Privacy Policy is to inform you how we collect, use, process, and distribute your personal information as defined within the terms of this Privacy Policy. We will not use or share your information with anyone except as described in this Privacy Policy. The use of information collected through our Website shall be limited to the purposes under this Privacy Policy, and also our Terms of Use, where applicable.

Use of any personal information or contribution that you provide to us, or which is collected by us on or through our Website or its content, is governed by this Privacy Policy. By using our Website or its content, you consent to this Privacy Policy, whether or not you have read it.

INFORMATION WE COLLECT

Personal information collected includes that which you provide voluntarily by "opting in" to receive a free resource through a Flodesk-hosted opt-in form, subscribing to our email list or newsletter through Flodesk, purchasing a product or service through a Flodesk-hosted checkout page, or contacting us, as well as all information automatically collected from you based upon your activity on our Website.

Personal information we collect may include, but is not limited to, the following: name(s), email address(es), telephone number, billing information, physical address(es), credit card or payment method information, and any responses you provide on opt-in forms, intake forms, or surveys ("Personal Information" and "Personal Data").

Personal information collected is given to us voluntarily and, as such, you are giving us consent to use, collect, and process such personal information. If you choose not to provide us with certain Personal Data, you may not be able to participate in or access certain aspects of our Website, products, or content.

AUTOMATIC DATA COLLECTION AND COOKIES

Company may also collect personal information through Automatic Data Collection Technology such as the standard "cookies" feature of available web browsers and the tracking technology embedded in Flodesk pages and emails. Company does not set any personally identifiable information in cookies, nor do we employ any data-capture mechanisms on our Website other than cookies and standard email and page analytics. We may use both session cookies and persistent cookies.

It is your election to choose whether to accept, decline, or disable cookies through your own web browser's settings. However, disabling this function may diminish your experience on our Website, and some features may not work as intended. Our Website does not respond to Do Not Track signals sent by your browser.

Flodesk-hosted pages and emails include standard analytics that record opens, clicks, form submissions, page views, and conversion events. We use these analytics to improve our content, measure interest in our offers, and ensure you receive information relevant to you.

We may also collect data about how you use the Website, your browsing actions or patterns, computer equipment, IP address, internet connection, and other similar choices you make, including via Google Analytics and Facebook Pixels, in order to obtain statistical data, improve our website and offerings, and ensure you receive information relevant to you. If we utilize this technology, we will use them in compliance with all policies of these third-party companies. We may receive personal data from third parties including Google, social media platforms, search engines, Flodesk, Stripe, PayPal, and other third-party payment processing companies.

MEDICAL DISCLAIMER

While we may collect personal information (such as your name, email, or payment details) to provide our services, we do not collect or store any medical records or protected health information (PHI) as defined under HIPAA.

Any wellness, health, or chronic illness discussions, examples, or resources shared on this site are for general informational purposes only and are not intended as medical advice. If you voluntarily share health-related information with us (such as mentioning a diagnosis in a contact form, opt-in form, or survey), you do so at your own discretion, and that information will be treated like any other personal data under this Privacy Policy.

You are solely responsible for your health choices, and we encourage you to consult a licensed healthcare provider for any medical concerns.

ANONYMOUS DATA

Anonymous data is data that cannot be used to identify a specific individual. Company may aggregate and anonymize Personal Information for analytical, marketing, and operational purposes. Once anonymized, that data is no longer treated as Personal Information under this Privacy Policy.

ETHICAL AI USAGE

This section describes how The Chronic CEO uses AI tools in connection with our Website, Service, and products, and how that use intersects with the personal information we collect. This is the public-facing version of our internal Ethical AI Usage Policy and is also available at thechronicceo.co/ethical-ai-policy.

Purpose

Running a business with chronic illness, disability, and neurodivergence means working with constraints that most business frameworks ignore. AI tools are part of how The Chronic CEO stays operational without burning out the person running it.

AI is also a tool that can replicate bias, produce inaccurate information, and cut corners in ways that harm people. Using it carelessly creates harm that quality control alone cannot catch. This policy exists to be honest about how we use AI, what protections we apply, and how your data is handled in that context.

Core Principles

People first, tools second. AI does not make decisions about clients, program participants, or anyone's access to support. Those decisions involve humans, and the person most impacted always has the right to ask questions and get real answers.

Transparency over optics. If AI meaningfully contributed to a piece of content, a resource, or a deliverable, that is disclosed on request. Our goal is to be honest about how the business actually works.

Human oversight on everything. AI drafts; humans edit, review, and take responsibility for what goes out. That applies to social content, client resources, course materials, sprint curriculum, and anything else produced under The Chronic CEO's name.

Consent before data. Client information, private details, and sensitive materials are not put into AI tools without explicit consent. The detailed framework is below.

Bias correction. AI outputs reflect the data they were trained on, which means they can and do replicate bias. Content is reviewed with that in mind and corrected before it is published, sent, or delivered.

Efficiency as ethics. Token usage matters. Inefficient AI use wastes energy and water at the data center level. We treat efficient prompting and reuse of context as environmental practice, alongside its productivity benefits.

Acceptable Use

AI is used at The Chronic CEO for:

• Drafting and refining written content (social, email, course materials, templates, sales pages)
• Supporting operational systems and internal workflow organization
• Reducing administrative load so human time and energy can go toward client-facing work
• Generating outlines, frameworks, or first drafts that are then substantially edited and reviewed by a human
• Accessibility-supporting tasks such as caption drafts and alt-text drafts, with human review before use
• Analyzing client feedback, public testimonials, and aggregate data to refine messaging

Prohibited Use

AI is not used at The Chronic CEO:

• To produce content that mimics, appropriates, or misrepresents the voices, experiences, or creative work of disabled or chronically ill people
• To generate deceptive, manipulative, or discriminatory content
• To provide medical, legal, financial, or clinical advice to clients or in public-facing content
• To pressure, persuade, or manufacture urgency in sales or marketing materials
• To make decisions about client access, eligibility, or participation in any program or offer
• In any way that contradicts the values, consent standards, or client agreements of the business

Data and Privacy Framework

The framework for what data goes into AI tools:

Identifiable client data (a name plus details that point to a specific person) stays out of AI tools unless there is explicit, written consent for AI use specifically, not general permission to share.

Anonymous testimonials and anonymized client data may be used in AI tools. The person cannot be traced, so privacy stays intact.

Public information, including public testimonials with names attached, may be used in AI tools. It is already on the public internet and already exists in the training data of major language models. Using public information in AI tools is not a new exposure.

Service provider work (contractors, collaborators, and coaches we hire) requires explicit consent upfront. Standard practice is to get consent to use recordings, transcripts, and shared documents in AI tools, then create a written agreement on what the data will and will not be used for going forward.

Intake forms, session notes, and private client communications are never put into AI tools.

Disclosure and Transparency

When asked: If anyone asks whether AI contributed to a piece of content, the answer is honest and direct. No deflection.

When proactively useful: Some deliverables (sprint curriculum, education resources, AI tools and chatbots) include AI disclosure as standard because that is the point of the offer. Other content does not carry a disclosure tag unless the question has come up.

Public advocacy: The Chronic CEO is publicly vocal about ethical AI, which means disclosing AI use openly when asked, talking publicly about how AI is and is not used in the business, advocating for environmentally-responsible AI infrastructure, calling out the placement of data centers in marginalized communities for cost reasons, sharing consent practices with service providers as a working example, and encouraging clients, collaborators, and community members to develop and publish their own AI policies.

Accountability and Reporting

Concerns about AI usage in connection with The Chronic CEO can be submitted through the contact form at thechronicceo.co or by emailing [email protected]. Reports are handled with care and responded to without dismissiveness or retaliation.

Review Cycle

This Ethical AI Usage section is reviewed regularly and updated as new AI tools enter the workflow, as consent practices evolve, or as industry standards shift. The most recent effective date is listed at the top of this Privacy Policy.

Connection to Other Documents

This Ethical AI Usage section works alongside:

• The full Ethical AI Usage Policy at thechronicceo.co/ethical-ai-policy
• Our Terms and Conditions
• Client agreements, service provider agreements, and contractor consent agreements

These documents stay in sync as the policy evolves.

GDPR COMPLIANCE

Company ensures compliance with the European Union's General Data Protection Regulation ("GDPR") and confirms that we have lawful grounds for processing the information we collect from you. Should you provide personal information via our contact form, opt-in form, or send any other form of electronic communication, we will process your data based upon our legitimate interest to respond to user or customer inquiries. If you elect to receive communication from us by "opting in" and provide us with your name and email address in exchange for a free resource, training, eBook, webinar, or electronic deliverable, or if you purchase from us any courses, programs, sprints, eBooks, or coaching packages, we will process your data for the purpose it was collected based on your affirmative consent to do so, and may periodically send you additional email marketing based upon our legitimate interest in marketing to those that have shown an interest in our products or services. We may also give you the option to be added to our email list in order to receive our newsletter, information about our products and services, and other information we believe may be of interest to you based upon your decision to opt-in to one or more of our free resources, and will obtain your consent to do so. You may withdraw consent at any time by contacting us at [email protected] and requesting your information be edited, updated, or deleted. We do not collect any sensitive data, nor any information regarding criminal offenses or convictions.

LGPD COMPLIANCE

Company ensures compliance with Brazil's Lei Geral de Proteção de Dados Pessoais ("LGPD") and confirms that we have lawful grounds for processing the information we collect from you. Company has an assigned Controller, Operator, and Officer who oversees Company's data processing. The lawful basis for processing your data is the same as described in the GDPR Compliance section above. Should you request confirmation of the existence of your personal data in our database, you may send a request to [email protected] to do the following:

• Confirm the existence of data
• Access such data
• Correct incomplete, inaccurate, or outdated data
• Anonymize, block, or eliminate unnecessary, excessive, or treated data in discrepancy with the provisions of this law
• Data portability to another service provider or product, upon express request and observance of commercial and industrial secrets, in accordance with the regulations of the controlling body and the national authority regulations
• Eliminate personal data processed with the consent of the holder, except in the cases provided for in Article 16 of the law
• Information on any public and private entities with which the Company's Controller has made shared use of data
• Information on the possibility of not providing consent and on the consequences of refusal
• Revoke or withdraw consent at any time

HOW INFORMATION IS STORED AND SHARED

Your Personal Information is stored within the systems we use to operate the business, including Flodesk (email list, opt-in forms, checkout pages, and digital product delivery), Stripe and other payment processors (transaction processing), Notion and Google Workspace (internal records), and other vendors that support our operations. Each of these vendors maintains its own security practices and data processing terms, which apply to the information stored within their platforms.

We do not sell, rent, or trade your Personal Information to any third party for their own marketing purposes. We may share information with service providers that help us operate the business (email delivery, payment processing, analytics, hosting, contractor support), with our legal and accounting advisors when reasonably necessary, and when required by law, subpoena, or court order.

PASSWORD PROTECTION

You are responsible for maintaining the confidentiality of any password, login credential, or account access information used in connection with our Service. You agree to notify us immediately if you suspect any unauthorized use of your account or any breach of security.

SECURITY AND INFORMATION PROTECTION

We take reasonable precautions to protect your Personal Information from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. That said, no method of transmission over the internet or method of electronic storage is fully secure, and we cannot guarantee absolute security. By using our Website, you acknowledge this inherent risk.

YOUR RIGHTS

Company does not participate in spam and shall always provide you an option to opt out of our communications. We have taken the necessary steps to ensure that we are compliant with the CAN-SPAM Act of 2003 by never sending out misleading information. We will not sell, rent, or share your email address.

At all times, Company acknowledges that you have the right to edit, update, or delete your personal information from our database. You may click "unsubscribe" at the bottom of any email Company sends to you or contact Company at [email protected].

You have the right to request information concerning how your data is being used, request which personal information and data we currently have and use, correct or edit any data which is no longer accurate, unlawful, or no longer needed, withdraw consent to the processing of your personal information, lodge a complaint should you feel your personal information is being used unlawfully, or restrict or object to how the data is being used. Should you wish to receive such information, please contact Company at [email protected].

THIRD-PARTY WEBSITES

Our Website and Service contain links to third-party websites, services, and resources, including but not limited to Flodesk, Stripe, Affirm, Afterpay, Google, social media platforms, and any other vendors referenced in our marketing materials. We are not responsible for the privacy practices or content of these third-party sites. We encourage you to review the privacy policies of any third-party website or service before providing them with your personal information.

COPPA COMPLIANCE

Our Website is intended for users 18 years of age and older. We do not knowingly collect personal information from children under 13 years of age, as defined by the Children's Online Privacy Protection Act ("COPPA"). If we become aware that we have inadvertently collected personal information from a child under 13, we will take steps to delete that information as soon as possible. If you believe we may have collected information from a child under 13, please contact us at [email protected].

NOTIFICATION OF CHANGES

We reserve the right to modify or update this Privacy Policy at any time. Any changes will be posted on this page with an updated effective date. Your continued use of the Website or Service after any change to this Privacy Policy constitutes your acceptance of the revised policy. We encourage you to review this Privacy Policy periodically.

CONTACT

If you have questions or concerns about this Privacy Policy or how your personal information is handled, please contact us at [email protected].