Privacy Policy
Last updated: 19 June 2026
This is the privacy policy for Kronoscript (the "Service" — the Kronoscript web app at kronoscript.com and the Kronoscript apps for iOS and Android), operated by Kronoscript LLC, a Washington single-member limited liability company ("we", "us"). It describes what we collect, why, and the choices you have. Plain language, no dark patterns. If anything here is unclear, email info@kronoscript.net.
1. What we collect
- Account information — username, email, password (stored as a salted hash, never in clear text), and optional profile fields (first/last name, birth date, place of birth, current location, gender, nationalities, profile photo, profile card background). You choose which of these are visible to whom.
- Content you create — life-event posts (text, dates, locations, optional music links), photos and videos you attach, comments, reactions, and connection requests. This is the data the Service is built to store for you.
- Connection graph — who you're connected to and at what tier (Acquaintance, Friend, Family). Used to determine post visibility.
- Activity timestamps — last login / last seen, used to power the "active friends" sidebar. Logged-in users can opt out of online-status broadcasting in settings.
- Subscription & billing status — if you subscribe to a paid plan, we store your current plan and a billing reference from our payment processor (Stripe). We never see or store your card number or full payment details — Stripe handles those directly.
- Technical logs — request paths, user agent, IP address (transient), and error stack traces. Used for security, debugging, and abuse prevention. We do not run analytics trackers, advertising SDKs, or fingerprinting libraries.
- Cookies — a session cookie for sign-in, an antiforgery cookie for form security, and a small client-side preference (theme, dismissed onboarding) stored in your browser's localStorage. No third-party cookies.
- Voice / video / dictation you record in the app — when you tap the in-app recorder to capture a voice memo, video clip, or dictated paragraph, the recording is uploaded to our storage and (for dictation/transcription) sent to our AI partner to convert to text. You always initiate these recordings explicitly; we don't listen passively.
- Photos you submit for AI restoration — only when you tap "Restore with AI" on one of your photos. The image is sent to our AI image partner, restored, and the restored copy is added alongside the original.
- Mobile push tokens — when you install the Kronoscript app on iOS or Android and grant notification permission, the device's push token is stored so we can deliver chat, comment, and reaction notifications. You can disable push at any time in the OS settings or in the app's Notifications screen.
2. What we do not collect
- No advertising identifiers, IDFA, or AAID.
- No precise GPS location. "Location" on a post is whatever free-form text you type.
- No contact list, calendar, or device address book access.
- No microphone, camera, or photo library access without your explicit selection of a file.
- No biometric data, health data, or financial data.
- No analytics SDKs (Google Analytics, Mixpanel, Segment, etc.).
3. How we use it
- To run the Service: render your timeline, deliver your posts to the people you choose, send password-reset emails, and back up your content.
- To keep your account secure: detecting brute-force login attempts, locking accounts after repeated failures, validating session tokens.
- To respond to you when you contact us.
We do not use your content to train AI models, sell to data brokers, or target advertising. That's the model — funded by optional subscriptions and tips, ad-free, your data is yours. If any of that ever changes, we'll update this policy and tell you before the change takes effect, so you can decide whether to stay.
4. Third parties we share with
We use a small number of vendors to operate the Service. We share only the minimum data each vendor needs:
- Microsoft Azure — application hosting and PostgreSQL database. Your data lives on their servers.
- Microsoft Azure Translator — when you click "Translate" on a post, the post body and comments are sent to Azure Translator and the translated text is cached in our database. We disable Microsoft's content logging on translation requests.
- Azure AI (OpenAI on Azure) — when you use AI Ideas, AI Polish, Dictate, or voice transcription, the text or audio you submit is sent to Azure's OpenAI service. Azure's enterprise terms apply: your content is not used to train OpenAI's or Microsoft's models, and is not retained beyond the request lifetime by the AI service.
- Replicate — when you tap "Restore with AI" on one of your photos, the image is sent to Replicate's hosted model for restoration. The restored copy is returned to us and saved alongside your original. Replicate's terms prohibit using submitted images for model training.
- SendGrid (Twilio) — sends transactional emails (password reset, invitations). Click and open tracking are disabled on our outgoing email; the email content is not retained beyond what SendGrid keeps for delivery diagnostics.
- Stripe — processes paid-plan subscriptions. When you subscribe, your payment details go directly to Stripe; we receive only your subscription status and a billing reference, never your card number. Stripe's privacy policy applies to the payment data they hold.
- Firebase Cloud Messaging (Google) — for the iOS and Android apps only, we use Firebase Cloud Messaging to deliver push notifications. Your device's push token is stored on Firebase's servers so notifications can be routed to your device. The notification payload is the minimum text needed to render the alert; no post body content is sent through FCM.
- Ko-fi — if you click the "Tip" link, you leave our Service for ko-fi.com. We do not see your payment information; Ko-fi's privacy policy applies on their site.
We do not sell, rent, or trade personal data with anyone.
5. Visibility of your content
Each post you publish has a visibility setting you choose: Public, Acquaintances, Friends, Family, or Private (only you). The Service enforces these on the server. Public posts may also surface in the discovery feed of users who aren't connected to you. You can edit any post's visibility at any time; older saved versions remain bound by the most recent visibility setting.
6. How long we keep your data
Your account data lives on our servers for as long as your account exists. When you delete a post, both the live row and the version history are removed. When you delete your account (see Section 7), all your posts, comments, reactions, connection records, profile data, uploads, and translation cache are permanently removed within 30 days. Some operational logs (security events, error traces) may persist for up to 90 days for incident investigation, then auto-expire.
7. Your rights
- Access & export — at any time, "Export My Story" in your user menu downloads a copy of your posts as a document.
- Correction — you can edit any post, comment, or profile field yourself.
- Deletion — you can delete individual posts and comments at any time. To delete your entire account, open Settings → Account & blocked users → Delete your account. Two paths are available: a self-service flow (we email you a 6-digit code; entering it completes the deletion immediately) or an admin-handled request (use this if you can't access your email; an admin processes it within a few days). Both options are in your Settings.
- Portability — the export is a standard document format (currently .docx) that you can take to any other tool.
- Object / restrict — if you're in the EU/UK or California, you have additional rights under GDPR/CCPA. Email us and we'll honor them.
8. Children
The Service is not intended for users under the age of 13 (or under 16 in the EU/UK). We do not knowingly collect data from children. If you believe a minor has registered, email us and we'll remove the account.
9. Security
Passwords are stored as salted hashes (ASP.NET Core Identity's default scheme). Connections to the Service are encrypted in transit (HTTPS). Database access is restricted to the application service principal. We do not use SMS or email as a primary auth factor; password reset links expire in 24 hours. No system is perfectly secure — if you discover a vulnerability, please email us before disclosing it publicly.
10. Changes to this policy
If we make material changes, we'll update the date at the top and, where reasonable, surface a notice on next sign-in. Continued use after a change means you accept the updated policy.
11. Data deletion — quick path
To delete your account and all associated data: open Settings → Account & blocked users → Delete your account on the web app or in either mobile app. Confirmation is sent to your registered email as a 6-digit code; entering it completes deletion immediately. If you cannot access your email, the same screen offers an admin-handled request that an administrator processes within a few business days. Once complete, all your posts, comments, reactions, media uploads, connection records, profile data, and translation cache are permanently removed within 30 days.
12. Contact
Email: info@kronoscript.net
Phone: +1 (425) 381-1962
Mailing address (data controller):
Kronoscript LLC
522 W Riverside Ave, Ste N
Spokane, WA 99201
United States
This document is provided in good faith but is not legal advice. Where required by law, your local consumer-protection authority is the final arbiter.