Privacy Policy — Chronicle

01

Introduction

Welcome to Chronicle ("we," "our," or "us"). Chronicle is committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, including when you connect via third-party OAuth providers such as Google and Meta.

By accessing or using Chronicle, you agree to the practices described in this policy. If you do not agree, please discontinue use of our services. We may update this policy periodically and will notify you of material changes.

Core Principle: Chronicle collects only what is necessary to deliver our service. We do not sell your personal data — ever.

02

Data We Collect

We collect information through your direct interactions with Chronicle and through authorized third-party connections.

Category	Examples	Source
Personal Identifiers	Name, email address, profile photo	You / OAuth provider
Account Data	Username, preferences, settings	Created on registration
OAuth Tokens	Access/refresh tokens from Google or Meta	Google / Meta OAuth
Social Content	Posts, pages, insights (with your permission)	Meta Graph API / Google APIs
Usage Data	Features used, clicks, session duration	Collected automatically
Device Data	IP address, browser type, OS	Collected automatically
Billing Data	Billing address, card last 4 digits	You / payment processor

03

How We Use Your Data

Chronicle uses data to provide, maintain, and improve our services:

Authenticating your identity and managing your account
Powering Chronicle features that connect to your Google and Meta accounts
Processing transactions and sending billing communications
Providing customer support and responding to inquiries
Analyzing usage to improve product performance and UX
Sending product updates and security notices
Sending marketing emails where you have opted in (unsubscribe any time)
Complying with legal obligations and preventing fraud

We do not use OAuth-obtained data (from Google or Meta) for advertising or to train machine learning models without your explicit consent.

04

Google & Meta OAuth Integration

Chronicle integrates with Google and Meta via OAuth 2.0 to enable certain platform features. By connecting your accounts, you authorize Chronicle to access specific data on your behalf as described below.

Google OAuth — Data Accessed

When you connect your Google account, Chronicle may access:

Basic profile information (name, email, profile photo)
Google account identifiers for authentication purposes
Any additional scopes explicitly disclosed and consented to during the OAuth flow

Chronicle's use of data received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data for serving ads, profiling, or any purpose not disclosed in this policy.

Meta OAuth — Data Accessed

When you connect your Meta (Facebook/Instagram) account, Chronicle may access:

Basic profile information (name, email, profile picture)
Pages and Business Accounts you manage (with your permission)
Insights and analytics for Pages you administer
Content publishing capabilities (only where explicitly granted)

Data accessed via Meta's Graph API is used solely to power Chronicle features you have enabled. We comply with Meta's Platform Terms and Developer Policies. We do not share Meta user data with third parties outside of what is required to operate our service.

Revoking Access: You may disconnect your Google or Meta account from Chronicle at any time via Settings → Connected Accounts. You can also revoke Chronicle's permissions directly from your Google Account settings or Meta's Apps & Websites settings. Upon revocation, Chronicle will delete your stored OAuth tokens within 30 days.

Provider	Scopes Requested	Purpose
Google	openid, profile, email	Authentication & account creation
Google	Additional scopes (disclosed at consent)	Feature-specific use
Meta	public_profile, email	Authentication & account creation
Meta	pages_read_engagement, pages_manage_posts	Page management features
Meta	instagram_basic, instagram_content_publish	Instagram integration (if enabled)

05

Data Sharing & Disclosure

Chronicle does not sell, trade, or rent your personal data. We share data only in the following limited circumstances:

Service Providers — Trusted vendors for hosting, analytics, payment processing, and email delivery, bound by data processing agreements
API Providers — Google and Meta as required to facilitate OAuth features you have enabled
Business Transfers — In connection with a merger, acquisition, or sale of all or part of our assets
Legal Requirements — When required by applicable law, court order, or government authority
Protection of Rights — To protect Chronicle's rights, property, or safety, or that of our users

06

Cookies & Tracking Technologies

Chronicle uses cookies and similar technologies to maintain sessions, understand usage, and improve our platform.

Type	Purpose	Duration
Essential	Authentication, session management	Session
Functional	User preferences, language, connected accounts state	1 year
Analytics	Usage patterns, performance monitoring	2 years
Marketing	Ad performance measurement (consent required)	90 days

You may manage cookie preferences via your browser settings or our in-app cookie controls. Disabling essential cookies will impact platform functionality.

07

Data Retention

We retain personal data only as long as needed for the purposes described in this policy or as required by law. Account data is held for the active life of your account plus 30 days following deletion. Transaction records are kept for up to 7 years for compliance. OAuth tokens are deleted within 30 days of disconnection or account deletion.

08

Your Rights

Depending on your jurisdiction (including GDPR, CCPA, and similar frameworks), you may have rights to:

Access — Request a copy of the personal data Chronicle holds about you
Rectification — Correct inaccurate or incomplete information
Erasure — Request deletion of your personal data
Portability — Receive your data in a machine-readable format
Objection — Object to certain processing activities
Restrict Processing — Request limitations on how we use your data
Withdraw Consent — Revoke consent at any time without affecting prior lawful processing

To exercise your rights, contact us at privacy@chroniclemc.com. We will respond within 30 days, or within the timeframe required by applicable law.

09

Security

Chronicle employs industry-standard security controls including TLS encryption in transit, AES-256 encryption at rest, role-based access controls, OAuth token encryption, and regular third-party security audits. OAuth tokens are stored encrypted and never exposed in logs or client-side code.

While we take all reasonable precautions, no system is completely impenetrable. In the event of a data breach affecting your rights, we will notify you as required by applicable law.

10

Children's Privacy

Chronicle is not directed to individuals under 13 (or 16 in the EEA). We do not knowingly collect data from children. If you believe a child has connected an account to Chronicle, please contact us immediately and we will delete the data promptly.

11

Contact Us

For questions, requests, or concerns about this Privacy Policy or our data practices, please reach out:

CompanyChronicle, Inc.

Privacy Emailprivacy@chroniclemc.com

General Supportsupport@chroniclemc.com

Response TimeWithin 30 days