PrivacyEffective March 27, 2026

Privacy Policy

What Chronicles collects, how it is used, and how privacy requests are handled.

This Privacy Policy explains how Chronicles collects, uses, and shares information when you use the Chronicles Service (the "Service").

  • Business name: Chronicles
  • Operated by: Norman Tauro (Sole Proprietor)
  • Location: Pune, Maharashtra, India
  • Privacy contact: support@chronicles-ai.com

1) Information We Collect

A. Information you provide

  • Account information: name, email, password (hashed), and profile details you choose to add.
  • Content: prompts, chats, uploaded datasets/files, derived outputs, and related metadata (for example: file names, sizes, timestamps, and dataset context).
  • Support communications: emails or messages you send to support.
  • Connected email delivery settings: if you enable hosted Scheduler Setup, we may store your selected sender email address, encrypted OAuth refresh tokens, encrypted SMTP credentials, sender verification status, recipient suggestions, and reusable recipient groups.

B. Information collected automatically

  • Usage data: feature usage, interaction logs, performance metrics, and audit logs (for example: scheduled runs created/executed, storage used).
  • Device and technical data: IP address, browser type, device identifiers, and approximate location derived from IP.
  • Cookies/local storage: used for login, session continuity, security, limited service analytics, and non-secret UI preferences (see "Cookies").

C. Payment information

  • Payments are processed by third-party payment processors. We typically receive limited billing details (for example: plan type, billing status, and transaction IDs) but not full card numbers.

2) How We Use Information

We use information to:

  • Provide and operate the Service (including processing your Content to generate analytics outputs).
  • Secure the Service, prevent abuse, and enforce usage limits.
  • Provide customer support and send service-related messages (for example: receipts, system notices).
  • Improve reliability and user experience (including aggregated analytics).
  • Comply with legal obligations.

If you connect Gmail for hosted Scheduler Setup, we use Google account data and the Gmail gmail.send permission only to:

  • Authenticate the connected sender identity;
  • Send Scheduler Setup verification codes and test emails from your Gmail account; and
  • Send user-configured scheduled report emails and alerts from that same Gmail account.

We do not use this Gmail permission to read your inbox, delete mail, or perform unrelated background access.

3) How We Share Information

We do not sell your personal information.

We may share information with:

  • Service providers/subprocessors that help us run the Service (for example: AWS cloud hosting, Cloudflare edge/frontend services, email delivery, payment processing, search, and AI/model infrastructure). They are permitted to process information only to provide services to us.
  • Legal and safety: if required by law, or to protect users, the public, or the Service (for example: investigating abuse, fraud, or security incidents).
  • Business transfers: if we undergo a merger, acquisition, or sale of assets, information may be transferred as part of that transaction.
Current provider examples: production service providers may include Amazon Web Services, Cloudflare, Resend, Razorpay, OpenRouter, Brave Search, and Google OAuth when enabled.

>

AI processing note: The Service may use AI systems to interpret your requests and generate outputs. Where we use third-party AI/model providers, we require them (to the extent commercially and legally feasible) to process Content only to deliver the Service and not to use it to train their public models.

3A) Google API Services Data

If you connect Gmail in hosted Scheduler Setup:

  • We request basic Google identity information (openid, email, profile) plus Gmail send permission (https://www.googleapis.com/auth/gmail.send).
  • We use that access only so the Service can send Scheduler Setup verification emails, test emails, scheduled report emails, and alerts from your connected Gmail account.
  • We store Google OAuth tokens in encrypted form and use them only for the authenticated sender account you connected.
  • You can disconnect the connected sender from Scheduler Setup, which stops future use of that authorization for scheduled sending.

Chronicles' use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google API data for advertising, we do not sell Google API data, and we do not use Google API data to train generalized AI or machine-learning models.

4) Data Retention

  • We retain account data and Content while your account is active.
  • You can delete chats/files within the Service (where available) or request deletion by contacting support@chronicles-ai.com.
  • Deleted or archived data may remain in backups, operational archives, or deletion-evidence records for a limited period before final purge.
  • We may retain limited logs and billing/security records for security, fraud prevention, dispute handling, backups, and legal compliance for a reasonable period.

5) Security

We use administrative, technical, and physical safeguards designed to protect information (for example: access controls, encryption in transit, and monitoring). No system is 100% secure; you are responsible for protecting your account credentials.

Connected sender secrets used by hosted Scheduler Setup, including OAuth refresh tokens and saved SMTP passwords, are stored encrypted at rest and are not returned to the frontend in plaintext after save.

6) Your Choices and Rights

Depending on where you live, you may have rights to:

  • Access, correct, or delete your information;
  • Object to certain processing or request restrictions; and
  • Receive a copy of certain data.

You can request help with these rights at support@chronicles-ai.com. We may need to verify your identity before acting on a privacy request.

7) Cookies

We use cookies and similar technologies for:

  • Authentication and session management;
  • Security and fraud prevention; and
  • Limited service analytics and non-secret UI preferences.

Some cookies are required for login, session continuity, and security. You can control cookies through browser settings, but some features may not work properly if essential cookies are disabled.

8) International Transfers

We may process and store information on infrastructure operated in multiple countries (for example, AWS regions). By using the Service, you consent to cross-border processing where permitted by law.

9) Children's Privacy

The Service is not directed to children. If you are under 18, do not use the Service. If we learn we collected personal data from a child, we will take steps to delete it.

10) Changes

We may update this Privacy Policy from time to time. If changes are material, we will provide notice. Continued use after the effective date means you accept the updated policy.

11) Contact

Questions or privacy requests: support@chronicles-ai.com