TCF Compliance
Statement Last updated: 25 Nov 2025

1. Introduction
Chalice AI Ltd ("Chalice", "we", "us", or "our") is committed to adhering to the principles and requirements of the Transparency and Consent Framework (TCF) of the Interactive Advertising Bureau (IAB) Europe. This statement provides transparency regarding our data processing practices within Chalice, as detailed in our Privacy Policy.

2. Public Attestation of Compliance
Chalice declares its compliance with TCF Policies, including: Adherence to data processing purposes and legal bases. Consent management practices. Transparency obligations for end-users and Clients. Key practices include:

3. Transparency and Consent
End-users receive clear and accessible information regarding: Data processing purposes. Categories of data collected. Data recipients. Clients are responsible for obtaining and communicating consent to Chalice as required under applicable laws and TCF guidelines.

4. Legal Basis for Processing
Chalice processes data only under legitimate legal bases, including consent and legitimate interest, as defined under privacy laws and TCF. Clients are responsible for obtaining valid consent for all data processing purposes.

5. Consent Management
A robust consent management system records and manages end-user consent status. Data processing activities are aligned with consent preferences and TCF Policies. If consent is not obtained, Clients must implement the DNT Feature, preventing identifier creation by setting the DNT flag ('Consent: dnt = true') in cookies.

6. Data Minimisation and Security
Chalice implements data minimisation measures. Data is encrypted in transit and at rest using industry-standard cryptography.

7. Data Subject Rights
Chalice upholds rights provided under GDPR, CCPA, and other regulations, including: Access Rectification Deletion Objection to processing Clients are responsible for facilitating these rights; Chalice cooperates as necessary.

8. Data Profiling and Retention
Chalice does not create, maintain, or monetise user profiles and does not collect or store any data on users devices.

9. Data Transfers and International Compliance
Chalice does not transfer any personal data to international destinations. Compliance with applicable privacy laws is maintained at all times.

10. Public Access to Compliance Information
Our public TCF compliance attestation can be accessed here: https://www.chalice.ai/tcf-compliance For inquiries, data subject rights requests, or TCF compliance concerns, contact: privacy@chalice.ai

11. Updates to this Statement
Chalice reserves the right to update this TCF Compliance Statement to reflect: Changes in TCF requirements. Updates to privacy laws. Changes in data processing practices.