Privacy Policy

Last updated: February 2026

Your Data Is Yours

✓We never use your data to train AI models. Your conversations, journal entries, documents, and generated content are never sent to any AI provider for training or fine-tuning purposes.
✓AI APIs do not retain your data. We use OpenAI, DeepSeek, Anthropic, and other providers exclusively through their API endpoints with zero data retention. These providers do not use API inputs/outputs for training.
✓We never sell, share, or monetize your personal data. Your data exists solely to provide you with the service you paid for.
✓Content Library requires explicit opt-in. The only circumstance where your content may be visible to other users is if you explicitly publish it to the Content Library. This is always an active, deliberate choice — never automatic.

1. Information We Collect

When you create an account, we collect your email address and display name. When you use our services, we collect usage data including timelines created, events generated, messages sent, and feature interactions.

If you provide your own API keys (BYOK), these are encrypted with AES-256-GCM before storage and are never shared with third parties. We never log or read your API keys in plaintext after encryption.

Content you create — including conversations, journal entries, documents, personas, memory facts, timelines, books, and worlds — is stored in your account and is accessible only to you unless you explicitly choose to share it.

2. How We Use Your Information

We use your information exclusively to:

Provide and operate the Chronostates service
Process your subscription and billing
Send essential service-related communications (e.g., password resets)
Enforce our terms of service
Monitor aggregate usage for capacity planning (never individual content)

We do not use your content for any other purpose. We do not analyze, mine, profile, or sell your conversations, creative writing, journal entries, or any other content you create on the platform.

3. AI Providers and Data Processing

To generate content (events, narratives, book chapters, chat responses, transcriptions), we send your prompts and relevant context to third-party AI providers through their API endpoints. These providers include OpenAI, DeepSeek, Anthropic, and others.

Critical guarantees about AI provider data handling:

No training on your data. All providers we use have explicit policies that API data is not used for model training. We only use API-tier access, never consumer-tier access where training opt-outs may differ.
No persistent storage by providers. API inputs and outputs are not retained by providers beyond the duration needed to process your request (typically seconds). We do not enable any provider logging features.
No personal data shared. We never send your email, name, payment information, or account details to AI providers. Only the content necessary to generate a response is transmitted.

4. Content Library and Sharing

The Content Library allows users to browse and read publicly shared timelines and worlds created by other users. Your content is never added to the Content Library without your explicit action.

To share content in the Content Library, you must:

Actively navigate to the publish/share feature
Confirm your intent to make the specific content public
Understand that published content will be visible to all Chronostates users

You may unpublish or remove your content from the Content Library at any time. Conversations, journal entries, memory, personas, and documents are never eligible for the Content Library — only timelines and worlds can be shared.

5. Data Storage and Security

Your data is stored securely using Supabase with row-level security (RLS) policies that ensure only you can access your data. API keys are encrypted at rest with AES-256-GCM. All data transmission uses HTTPS/TLS encryption.

We follow industry-standard security practices including regular security reviews, principle of least privilege for internal access, and secure credential management.

6. Data Export and Deletion

Your data is portable. You can export all of your data at any time using the Export feature, including conversations, journal entries, documents, and memory facts.

You may request complete deletion of your account and all associated data at any time by contacting us. When you delete your account, all data is permanently removed from our systems within 30 days, including any backups.

7. Cookies and Analytics

We use essential cookies for authentication and session management. We do not use third-party tracking cookies, advertising cookies, or invasive analytics. We may collect anonymous, aggregated usage statistics to improve the service.

8. Changes to This Policy

We will notify you of any material changes to this privacy policy via email and/or a prominent notice within the service. The "Last updated" date at the top reflects when this policy was most recently revised.

9. Contact

For privacy-related inquiries, data export requests, or account deletion requests, contact us at chronostates@gmail.com.