Contacts & Privacy Officer

Who to contact at Cheerfully about privacy, security, and abuse — and the named individual accountable for our compliance program.

Effective: May 11, 2026

Last Updated:May 11, 2026 — added EU / UK Article 27 representative section.

1.Designated Privacy Officer

Under the Personal Information Protection and Electronic Documents Act (Canada — PIPEDA Schedule 1 §4.1) and Quebec Law 25, we designate an individual accountable for Cheerfully’s compliance with applicable privacy laws.

Name: Aaron Fischer
Title: Founder & Privacy Officer, Cheerfully
Email: admin@cheerfully.ai
Mail: Cheerfully
Oak Creek, WI 53154
United States

The Privacy Officer is responsible for receiving and responding to privacy complaints, supervising our data-subject-rights workflow (/privacy/rights-request), and acting as the point of contact with privacy regulators.

2.Role-based contact addresses

The four addresses below are the canonical contact aliases used in our privacy notice (/privacy), our sub-processor disclosure (/legal/sub-processors), and our RFC 9116 security disclosure files at/.well-known/security.txton every Cheerfully host (cheerfully.ai, dashboard.cheerfully.ai, widget.cheerfully.ai, api.cheerfully.ai).

Mailbox aliasing

During the initial rollout, all four aliases route to admin@cheerfully.ai. You may write to any of the role addresses below; replies will come from the Cheerfully team within the SLA noted for each role. The aliases become independent mailboxes as our operations team grows; you do not need to change anything on your side when that happens.

A.Privacy inquiries

privacy@cheerfully.ai — general privacy questions, complaints about our handling of your personal information, and follow-ups on data-subject-rights requests already submitted via /privacy/rights-request.

Target response time: 5 business days for acknowledgement; up to 30 days for substantive response (45 days under most US state laws, with a permitted extension of another 45 days when the request is complex; 30 days under GDPR Art. 12(3) and PIPEDA).

B.Data Protection Officer (EU / UK)

dpo@cheerfully.ai — correspondence from EU / UK data-protection supervisory authorities, GDPR Art. 27 representative correspondence (when designated), and DPA / SCC requests from B2B partners.

Target response time: 2 business days for regulator correspondence; 5 business days for B2B DPA requests.

C.Security disclosures

security@cheerfully.ai — vulnerability reports from security researchers. This is the address published in our /.well-known/security.txt files on every Cheerfully host (RFC 9116 compliant).

Target acknowledgement: 2 business days. We do not currently operate a paid bug bounty program; good-faith research conducted without data exfiltration or service disruption is welcomed and will receive a public acknowledgement (with permission) once remediated.

D.Abuse reports

abuse@cheerfully.ai — reports of accounts using Cheerfully to send spam, phishing, harassment, copyright-infringing content, or content depicting harm to a minor. CSAM reports should also be sent to NCMEC atreport.cybertip.org; we will cooperate with law enforcement on any CSAM tip we receive.

Target response time: same business day for harm-in-progress reports; 2 business days otherwise.

3.Postal address

For postal correspondence, including regulator notices:

Cheerfully
Attn: Privacy Officer (Aaron Fischer)
Oak Creek, WI 53154
United States

4.EU / UK Article 27 Representative

Under GDPR Article 27 and UK GDPR §27, non-EU / non-UK controllers offering goods or services to EU / UK data subjects are required to designate an in-region representative authorised to receive correspondence from data subjects and supervisory authorities.

Designation in progress

The engagement of an in-region representative service is targeted to complete by June 10, 2026. The designated representative’s name, email, and postal address will appear in this section once the contract is finalised. The representative’s appointment will also be reflected in the privacy policy contact section.

In the interim, EU and UK data subjects may direct GDPR / UK GDPR rights requests (Art. 15 access, Art. 17 erasure, Art. 20 portability, Art. 21 objection, Art. 22 automated-decision- making review) to:

dpo@cheerfully.ai — routed to admin@cheerfully.ai today; see the mailbox-aliasing callout in §2.
The verified rights-request form at /privacy/rights-request.

We respond directly to GDPR / UK GDPR rights requests as the controller within the 30-day default response window of Art. 12(3), with the permitted Art. 12(3) two-month extension only where the request is complex. The interim direct-controller contact route does not waive your right to lodge a complaint with your local supervisory authority (Art. 77).

5.See also

Privacy Policy — the categories of personal information we process and your rights.
Privacy Rights Request — the verified intake form for access / deletion / portability / correction / opt-out / sensitive-PI limit requests.
Privacy Preferences — per-category consent controls (analytics, functional, marketing) and the “Do Not Sell or Share” surface.
Sub-Processors — the third-party service providers Cheerfully uses.