Where your family lives in our system.

Where your data lives.

Your photos, chapters, and family details live in Supabase, a US-based managed database service operated on Amazon Web Services infrastructure. Everything is encrypted at rest using AES-256 and encrypted in transit using TLS 1.3.

The Chronicles itself runs on Vercel. Photos are stored in Supabase’s object storage and accessed through signed URLs that expire automatically — so even if a link leaks, it stops working within hours.

Who can access your data.

You and the family members you invite, by design. Anyone else, only by tightly scoped exception:

Your family co-authors (up to five on the Family plan) can read and write chapters in your Chronicle. You can revoke their access at any time from your account settings.

Our administrative tools let us see metadata — chapter titles, dates, page counts — when we are investigating a support request you have raised. We do not read your chapter content unless you explicitly ask us to look at something specific. We do not browse customer data for fun, for product research, or for any reason that is not directly serving a support ticket you opened.

Our infrastructure providers (Supabase, Vercel, AWS) have operational staff who can technically access encrypted data at rest. They are bound by SOC 2 controls and audited annually. They cannot read your content in plaintext.

Nobody else. Not advertisers. Not data brokers. Not other Chronicle members. Not researchers. Not AI training datasets. Not government requests without legal process. Not your extended family unless you explicitly invited them.

AI training: we don’t.

This is the question we hear most. The short answer: your photos and stories never enter any training dataset, ours or anyone else’s.

The Chronicles uses Anthropic’s Claude API to draft narrative chapters. Per Anthropic’s commercial terms, API inputs and outputs are not used to train their models. Your photos and your prompts are processed for the duration of the inference call, and that is the end of their journey through any AI infrastructure.

The AI that writes your chapters has learned from books, public literature, and history. It has not learned from your family. It never will.

What we collect, and what we don’t.

We collect what we need to give you a working Chronicle, and not more.

What we collect: your email address and a hashed password (or OAuth identity); your family name and the names you tell us about; photos you upload; text you write; chapters our AI generates from those inputs; anonymized usage analytics (aggregates, never content) to help us understand which features are useful.

What we do not collect: credit card numbers (handled entirely by Stripe — we never see them); passwords in plaintext (we store only a one-way bcrypt hash); your browsing history outside The Chronicles; photos from your camera roll you did not explicitly upload; your location beyond what an uploaded photo already contains in its EXIF metadata.

How to leave with everything.

You can export your full Chronicle as a PDF at any time from your account settings — whether your subscription is active, cancelled, or you are on the free plan. There is no “hostage scenario” where leaving means losing your stories.

To delete your account: settings → delete account. We will:

• Delete your chapters, photos, and family records from production within 30 days.
• Purge them from encrypted backups within 90 days.
• Retain anonymized billing records for 7 years to satisfy US tax requirements — these contain no content, no photos, no names beyond what tax law requires.

Your data really does go away. There is no “soft delete” that leaves a copy quietly in our database.

Companies that touch your data.

These are the third-party services we use to make The Chronicles work. Each one only sees the slice of data it needs.

We will update this list when subprocessors are added or removed.

If something goes wrong.

We have not had a security incident. If one ever happens, here is what we owe you:

Within 72 hours of confirmation, we will notify every affected user directly by email — with the same urgency we would want as customers ourselves. The notice will explain what happened, what data was involved, and what you should do next.

A public incident report describing the cause, timeline, and remediation will be published. We will keep it up even years later. Hiding a breach does not make it go away — it just costs trust twice.

We will stay in communication until the matter is resolved, regulators are satisfied, and you are confident the issue has been closed out.

Government and legal requests.

We require valid legal process — a subpoena, court order, or search warrant — for any data request from law enforcement or government. We will challenge requests we believe are overbroad, unconstitutional, or contrary to the spirit of these promises.

Where legally permitted, we will notify the affected user before complying with any request, so they have an opportunity to seek their own counsel.

To date, we have received zero government requests for customer data. The first time we do, you will read about it in an annual transparency report.

Questions.

Email me directly: kevin@thechronicles.life. I read everything. I’ll get back to you within one business day, usually sooner.

If you would prefer something more formal, our Privacy Policy and Terms of Service are the legal versions of the commitments above.

Your family’s trust is the entire product. Everything else is in service of that.