Privacy Policy
Effective Date: July 5, 2025
Last Updated: December 30, 2025
Welcome to our Privacy Policy. Your privacy is critically important to us.
Company Information
Chronicle is operated by Lightware Consulting, Lda, a company registered in Portugal.
Registered Address: Rua Alferes Barrilaro Ruas, Nº1, 6ºD. 1800-006 Lisboa, Portugal
For any privacy-related inquiries, please contact us at support@chronicle.chat.
What This Policy Covers
This Privacy Policy describes how Chronicle ("we", "us", or "our") collects, uses, processes, and protects your personal information when you use our voice journaling application and related services. This policy applies to all our services, including our mobile applications, website, and any other services we may offer.
We have adopted this privacy policy to explain what information may be collected, how we use this information, and under what circumstances we may disclose information to third parties. This policy applies only to information we collect through our services.
Information We Collect
We collect the following types of information:
Personal Information
- Account Information: Name, email address, and authentication details provided through Auth0
- Voice Recordings: Audio recordings you create through our application for journaling purposes
- Transcripts: Text transcriptions of your voice recordings processed using OpenAI's services
- Journal Content: Your processed journal memories, including AI-generated summaries and insights
- Usage Data: Information about how you interact with our application, including features used and session duration
- Subscription Data: Payment information, subscription status, and billing history processed through Google Play Store or Apple App Store
Technical Information
- Device Information: Device type, operating system, app version, and unique device identifiers
- Advertising ID: Google Advertising ID (Android) or Identifier for Advertisers/IDFA (iOS) for analytics and install attribution purposes. Users can opt out of personalized advertising through device settings.
- Network Information: IP address, network provider, and connection type
- Performance Data: App crashes, performance metrics, error logs, and user identifiers for debugging purposes
- Analytics Data: App usage statistics and user behavior patterns (anonymized)
How We Use Your Information
We use your information for the following purposes:
- Service Delivery: To provide voice journaling services, including transcription and AI-powered insights
- Account Management: To create and manage your account, process authentication, and handle subscriptions
- Communication: To send important service updates, respond to support requests, and deliver subscription-related communications
- Marketing (Optional): To send promotional emails about new features and tips, only if you explicitly opt-in during registration or in your account settings
- Service Improvement: To analyze usage patterns, improve our AI algorithms, and develop new features
- Security: To detect and prevent fraud, abuse, and security incidents
- Legal Compliance: To comply with legal obligations and respond to lawful requests
Legal Basis for Processing (GDPR)
We process your personal information based on the following legal grounds:
Processing Activities Summary
| Data Type | Purpose | Legal Basis |
|---|---|---|
| Voice Recordings | Transcription & AI Analysis | Contract Performance |
| Account Information | Authentication & Account Management | Contract Performance |
| Usage Data | Service Improvement & Analytics | Legitimate Interests |
| Marketing Communications | Promotional Emails | Consent (Opt-in) |
| Error Logs & User IDs | App Stability & Bug Fixing | Legitimate Interests |
| Analytics Data & User IDs | Product Analytics & User Experience | Legitimate Interests |
| Advertising ID & Install Attribution | Marketing Performance & Attribution | Legitimate Interests |
- Contract Performance: Processing necessary to provide our services under our Terms of Service
- Legitimate Interests: Service improvement, security, and business operations
- Consent: Where you have explicitly consented to specific processing activities
- Legal Obligation: Where required by applicable laws and regulations
Third-Party Services
We work with the following third-party services to deliver our application:
- OpenAI: Processes your voice recordings for transcription and AI-powered insights. Data is processed according to OpenAI's privacy policy and data processing agreements.
- Auth0: Handles user authentication and account management. Data is processed and stored in Europe (Dublin, Ireland).
- Cloudflare: Provides infrastructure services including data storage and file storage. Data is stored in Western Europe.
- Sentry.io: Collects error logs, crash reports, and user identifiers to help us improve app stability and debug issues. This includes technical error data and user IDs to correlate errors with specific accounts, but does not include voice recordings or journal content.
- PostHog: Provides privacy-focused analytics to understand app usage patterns. This includes user identifiers, usage metadata, and behavioral analytics, but does not include voice recordings or journal content. Data is used solely for product improvement.
- Google Play/Apple App Store: Handles subscription payments and app distribution according to their respective privacy policies.
Data Storage and Security
We implement industry-standard security measures to protect your information:
- Encryption: All data is encrypted in transit using TLS and at rest using AES-256 encryption
- Access Controls: Like all cloud-based services, a small number of authorized engineers can technically access infrastructure to operate the service. This access is governed by strict internal controls, role-based permissions, audit logs, and confidentiality agreements. Your memories are never read casually — access exists solely to keep the service running, resolve technical issues, and comply with legal obligations.
- Data Centers: Your data is stored in secure data centers located in the European Union
- Regular Security Audits: We conduct regular security assessments and monitor for threats
- Data Breach Response: In the event of a data breach affecting your personal information, we will notify you within 72 hours via email or through the app
International Data Transfers
Your data is primarily stored and processed within the European Union. When we transfer data to third-party services outside the EU (such as OpenAI), we ensure adequate safeguards are in place through data processing agreements and appropriate transfer mechanisms.
Data Retention
We retain your data according to the following schedule (measured from account deletion request):
- Voice Recordings & Transcripts: Deleted within 24 hours of account deletion request
- Journal Entries: Deleted within 24 hours of account deletion request
- Account Information: Deleted within 24 hours of account deletion request
- Usage Data: Anonymized and retained for up to 2 years for service improvement
- Support Communications: Retained for 3 years to provide ongoing support
- Subscription Data: Retained per app store requirements (Google Play/Apple) and tax obligations (up to 7 years)
Your Rights
Under applicable privacy laws, you have the following rights:
- Access: Request a copy of your personal data
- Rectification: Request correction of inaccurate data
- Erasure: Request deletion of your data ("right to be forgotten")
- Portability: Request your data in a machine-readable format (provided as a ZIP file containing JSON and Markdown files)
- Restriction: Request limitation of processing in certain circumstances
- Objection: Object to processing based on legitimate interests
- Withdraw Consent: Withdraw consent where processing is based on consent
Children's Privacy
Chronicle is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are between 13 and 18 years old, you may only use Chronicle with parental or guardian consent. If we discover we have collected information from a child under 13, we will delete it immediately.
Marketing Communications
Opt-in Required: We will only send you marketing emails if you explicitly opt-in during account registration or through your account settings.
Easy Opt-out: You can unsubscribe from marketing emails at any time by:
- Clicking the "unsubscribe" link in any marketing email
- Updating your preferences in your Chronicle account settings
- Contacting us at support@chronicle.chat
Note: Even if you opt-out of marketing emails, you will still receive important service updates and transactional communications related to your account and subscription.
Cookies and Tracking
We use essential cookies and similar technologies to:
- Maintain your authentication session
- Remember your preferences and settings
- Ensure security and prevent fraud
- Analyze app performance and usage (with your consent)
Cookie Consent: We use a cookie consent system that allows you to choose which types of cookies you want to accept. Essential cookies are always enabled as they are necessary for the website to function properly.
Analytics Cookies: We use PostHog for privacy-focused analytics, but only after you have given explicit consent. These cookies help us understand how users interact with our website to improve the user experience.
You can control cookie preferences through your browser settings or by visiting our Cookie Preferences page. Disabling certain cookies may affect website functionality.
Information Sharing
We do not sell, trade, or rent your personal information to third parties. We only share your information in the following limited circumstances:
- Service Providers: With third-party services (OpenAI, Auth0, Cloudflare) necessary to provide our services
- Legal Requirements: When required by law, legal process, or to protect our rights
- Business Transfer: In connection with a merger, acquisition, or sale of assets (with notice to users)
- Consent: When you have explicitly consented to sharing
Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes, we will:
- Update the "Last Updated" date at the top of this policy
- Notify you through the app or via email for material changes
- Provide at least 30 days' notice before material changes take effect
Your continued use of Chronicle after changes become effective constitutes acceptance of the updated policy.
Contact Us
For any questions about this Privacy Policy, to exercise your rights, or to report privacy concerns, please contact us:
- Email: support@chronicle.chat
- Company: Lightware Consulting, Lda
- Response Time: We aim to respond to all privacy inquiries within 30 days
Data Protection Officer: If you have concerns about how we handle your data, you may contact the Portuguese Data Protection Authority (CNPD) at cnpd.pt or your local data protection authority.