Your family's memories belong to your family.

When you create an account, we store your email address and a securely hashed password. We do not collect your name, phone number, or any other personal identifying information unless you choose to provide it.

When you build your chronicle, we store the content you create: your family's name, the chapter narratives we generate together, and the photos you upload. Photos may contain embedded EXIF metadata — including the date and GPS location a photo was taken — which we read to help organize your chapters by time and place.

Photos are uploaded to a private storage bucket. They are never publicly accessible by URL. Every time a photo is displayed — in your dashboard, a chapter, or a shared gift link — it is served via a short-lived signed URL that expires after one hour. No one else can access your photos without that time-limited link.

We do not use your photos for training AI models. We do not share them with third parties outside the services listed below.

When you generate a chapter, we send your photos and any context you provide (location, people present, what was happening) to an AI language model provider to produce the narrative text. This is the core of how Chronicle works.

We use providers with zero-data-retention policies for API requests — meaning the content you submit for generation is not stored or used for model training on their end. The generated narrative is stored in your Chronicle account and is only visible to you.

If you share a chapter via a gift link, anyone with that link can read that chapter and its photos during the link's validity period. You control whether a link is active and can revoke it at any time from your dashboard.

Gift link visitors are not tracked, do not require an account, and their visits are not associated with any personal profile.

Chronicle is built on the following infrastructure providers:

• Supabase — database, authentication, and file storage. Your data is stored in their infrastructure under their security and compliance standards.
• Vercel — application hosting and edge delivery.
• AI provider — used only during narrative generation, with no persistent storage of your content.

We do not sell your data. We do not use it for advertising. We do not share it with any party beyond what's necessary to operate Chronicle.

You can delete your account at any time. When you do, we permanently remove your family data, chapters, and photos from our systems. Deletion is irreversible.

If you want a copy of your data, or have any questions about what we hold, email us and we'll respond within a reasonable time.

Chronicle uses a session cookie to keep you signed in. We do not use third-party tracking cookies, analytics pixels, or advertising trackers. We do not fingerprint your browser or device.

If we make material changes to how we handle your data, we'll notify you by email before those changes take effect. The date at the top of this page reflects the most recent update.

Questions about this policy or your data? Reach us at privacy@chronicle.family. We're a small team and we read every message.