Privacy Policy

Last updated: March 2026

1. Data Controller

The data controller for the purposes of the EU General Data Protection Regulation (GDPR) is:

[PLACEHOLDER: Full legal name]
[PLACEHOLDER: Street address]
Berlin, Germany
Email: privacy@thechronicler.app

2. Data We Collect

We collect the following categories of personal data:

• Account information: Email address, display name, and authentication provider (Google, Discord, or Twitch). If you sign in via OAuth, we receive a limited profile from the provider (typically email and name).
• Campaign content: Audio recordings of game sessions, transcripts generated from those recordings, and all AI-extracted data including entities, relationships, quest threads, session recaps, and highlights.
• Usage data: Pages visited, features used, session processing events, and error logs. We do not use third-party analytics trackers.
• Payment data: Subscription plan and billing status. Payment processing is handled entirely by Stripe — we do not store credit card numbers, CVVs, or bank account details on our servers.

3. How We Use Your Data

• Providing the Service: Processing audio recordings, generating transcripts, extracting entities and relationships, tracking quests, and producing session recaps and highlights.
• Billing: Managing your subscription, processing payments through Stripe, and sending billing-related communications.
• Service improvement: Analysing aggregated, anonymised usage patterns to improve the Service. We do not use your campaign content to train AI models without your explicit opt-in consent. You may opt out of anonymised analytics at any time by contacting us.
• Communication: Sending transactional emails (account verification, subscription confirmations, payment failures) and, if you opt in, product update notifications.

4. Legal Basis for Processing (GDPR Article 6)

We process your personal data on the following legal bases:

• Contract performance (Art. 6(1)(b)): Processing necessary to provide the Service you have signed up for, including audio transcription, AI extraction, and content generation.
• Legitimate interests (Art. 6(1)(f)): Maintaining service security, preventing fraud, and improving the Service based on aggregated usage data.
• Consent (Art. 6(1)(a)): Where required, such as for optional marketing communications or use of campaign content for model improvement. You may withdraw consent at any time.

5. Data Retention

• Account data: Retained while your account is active and for 30 days after account deletion to allow for recovery.
• Audio recordings: Deleted after transcription processing is complete, unless you explicitly opt to store original audio files. Processed transcripts and AI-extracted data are retained as part of your campaign.
• Billing data: Retained as required by tax and accounting regulations (typically 10 years under German law).
• Usage logs: Retained for up to 90 days for debugging and service reliability purposes.

6. Data Sharing

We share your data with the following third-party processors, solely for the purposes described:

• Supabase (database hosting and authentication) — your account data, campaign content, and transcripts are stored on Supabase infrastructure.
• OpenAI (AI processing) — transcript segments are sent to OpenAI APIs for entity extraction, relationship detection, recap generation, and other AI features. Audio is not sent to OpenAI.
• Deepgram (audio transcription) — uploaded audio recordings are sent to Deepgram for speech-to-text processing.
• Stripe (payment processing) — billing and subscription data is processed by Stripe. Stripe's privacy policy governs their handling of payment data.
• Resend (transactional email) — email addresses are shared with Resend solely for the purpose of sending service-related emails.

We do not sell your personal data to third parties. We do not share your data with advertisers.

7. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the following rights:

• Right of access (Art. 15): You may request a copy of all personal data we hold about you.
• Right to rectification (Art. 16): You may request correction of inaccurate personal data.
• Right to erasure (Art. 17): You may request deletion of your personal data (“right to be forgotten”).
• Right to data portability (Art. 20): You may request your data in a structured, machine-readable format.
• Right to object (Art. 21): You may object to processing based on legitimate interests.
• Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority. For users in Berlin, Germany, the relevant authority is the Berliner Beauftragte für Datenschutz und Informationsfreiheit.

To exercise any of these rights, contact us at privacy@thechronicler.app. We will respond within 30 days as required by the GDPR.

8. Cookies

The Chronicler uses a single session cookie for authentication purposes. This cookie is strictly necessary for the Service to function and does not require consent under GDPR Article 5(3) / ePrivacy Directive Article 5(3). We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

9. International Transfers

Your data is processed by service providers based in the United States (OpenAI, Deepgram, Stripe, Supabase). These transfers are conducted under Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring an adequate level of data protection as required by GDPR Chapter V. Where available, we utilise additional safeguards such as encryption in transit and at rest.

10. Contact / Data Subject Requests

For any questions about this Privacy Policy, or to submit a data subject access request, please contact:

Email: privacy@thechronicler.app
Postal: [PLACEHOLDER: Full postal address, Berlin, Germany]

We will acknowledge your request within 72 hours and provide a substantive response within 30 days.

11. Updates to this Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice within the Service at least 30 days before they take effect. The “Last updated” date at the top of this page reflects the most recent revision.