Named accountability
Every engagement should have a clear delivery owner, agreed scope, escalation path and acceptance process. We aim to make decisions, risks and tradeoffs visible early so project confidence does not depend on guesswork.
When work moves from discovery into build or support, we confirm responsibilities in writing through a proposal, statement of work or support agreement.
Security-minded delivery
We design web, cloud and AI systems with proportionate controls for access, secrets, logging, data retention and operational recovery. Production systems should be understandable, maintainable and safe to hand over.
Client credentials, API keys and managed secrets must stay out of committed source code. Where integrations are needed, configuration should come from environment variables or managed secret stores.
Responsible AI
AI-enabled systems are built around the data sensitivity, user impact and operational risk of the use case. That can include retrieval boundaries, audit logs, human review points, model evaluation and fallback paths.
We avoid treating AI as a magic layer. The goal is useful automation with controls that clients can understand and operate.
Data protection
We collect and use personal information only where it supports a clear business purpose, such as responding to enquiries, delivering contracted services or maintaining client relationships.
Our privacy notice explains the main categories of data, purposes, sharing, retention and rights that apply when someone interacts with Chaplau.
Cooperative transition
Chaplau is building toward a member-owned cooperative model. During that transition, client work remains grounded in named delivery ownership, clear scope and practical accountability.
As the operating model matures, this page will be updated to reflect the governance commitments that matter to clients, collaborators and members.