How we look after your story.
Chronicle holds something unusually personal – the story of your life, in your own words. This notice explains, in plain language, what we collect, why we collect it, who handles it on our behalf, how long we keep it, and the rights you have over it at every point.
The short version is at the top. The detail is below. If anything is unclear, write to dpo@withchronicle.ai and a person will answer.
At a glance
- Who we are. Chronicle AI Ltd, a private company based in England and Wales. We are the controller for the information you share with us.
- What we collect. The account details you give us, the interview answers you give the app, the drafts we produce from them, and a small amount of technical information so the service works.
- Why. To turn your conversations into a written memoir. Some of what you tell us is health, belief, or relationship information – we treat that as special category data and only process it with your explicit consent.
- Who else sees it. A small set of service providers we use to run Chronicle – described below. We name the AI provider directly because it's the one most people want to know about; we describe the others by category and will name any of them on request. Nobody else, ever. We do not sell or share your story.
- Where it goes. Mostly the UK and EU. Our AI drafting partner, Anthropic, is based in the United States. That transfer is covered by an approved mechanism explained below.
- How long. Each type of data has its own retention period. You can ask us to delete your digital data at any time.
- Your rights. You have the full set of UK GDPR rights. There is one practical limit you should know about: once you print a copy of your memoir and give it to someone, we cannot retrieve it.
1. Who we are
Chronicle is a service operated by Chronicle AI Ltd, a private limited company registered in England and Wales. For the purposes of UK data protection law, Chronicle AI Ltd is the data controller for the personal information you give us through this service.
You can write to us at dpo@withchronicle.ai about anything in this notice, including to exercise the rights set out below. The same address reaches our Data Protection Officer.
2. What we collect
We collect four kinds of information:
Account information
Your name, email address, a password (held only as a one-way hash – we never see the plain text), and the answers you give when you set up a two-factor login.
The story you tell us
Interview transcripts, the drafts we generate from them, the chapter structure you choose, the topics you tell us are off-limits, the editorial through-lines you agree on, and any notes or edits you make to a draft. This is the heart of the service. Some of it will be special category data – information about your health, your beliefs, your relationships, your political opinions, your ethnic background, or other deeply personal matters. We only process that information with your explicit consent (see section 3).
Information about people you mention
Your story will naturally include other people – family, friends, colleagues. We handle that information carefully. See section 4 for the detail.
Technical information
Standard server logs (the date and time you signed in, the type of device and browser, basic error information) so we can keep the service running and investigate problems if they happen. We do not use this information to profile you or to target advertising.
3. Why we use it
We use the information you give us to deliver the service you have asked us to deliver: to guide you through interview sessions, to draft chapters of your memoir from those sessions, to let you edit and finalise the result, and to keep the service available, secure and accountable.
UK data protection law requires us to set out a lawful basis for each processing activity. Ours are:
| What we do | Why we are allowed to (lawful basis) |
|---|---|
| Running your account and delivering the memoir service | Article 6(1)(b) UK GDPR – necessary for performance of our contract with you. |
| Processing any special category data you share about yourself | Article 9(2)(a) UK GDPR – your explicit consent, given at signup and recorded in our consent register. |
| AI drafting of chapters using your interview content | Article 6(1)(b) – contract. The AI provider acts as our processor. |
| Information about other people that appears incidentally in your memoir | Article 6(1)(f) – legitimate interests in helping you record your life story, balanced against the rights of those individuals; supported by the literary exemption (DPA 2018, Sch. 2, Pt 5, Para. 26) where it applies. |
| Sending you transactional emails about your account | Article 6(1)(b) – contract. |
| Keeping billing records, when applicable | Article 6(1)(c) – legal obligation (UK tax and accounting rules). |
| Investigating misuse, fraud or security incidents | Article 6(1)(f) – legitimate interests in keeping Chronicle secure for everyone. |
About explicit consent for special category data
When you create your account, we ask you to give explicit consent to our processing of any special category data you share while telling your story. That consent is recorded in our consent register alongside the version of this privacy notice you saw at the time. You can withdraw it at any time (see section 8); withdrawal does not affect the lawfulness of processing carried out before you withdraw.
4. People mentioned in your story
A memoir is, by its nature, about more than one person. The people you talk about – family members, friends, colleagues – may also be identifiable from your story, and some of what you say may be special category data about them too.
We rely on three things together to process that information lawfully:
- Our legitimate interests in helping you preserve and share your life story, balanced against the privacy rights of the people you mention. We have written that balancing exercise into a Legitimate Interests Assessment which we will share with the Information Commissioner's Office on request.
- The literary exemption in the Data Protection Act 2018 (Schedule 2, Part 5, paragraph 26), which applies to material processed with a view to publication of literary works in the public interest. A memoir for family distribution falls within this. We have documented our reasonable belief in the literary and public-interest purpose, and we apply that belief case by case.
- Your own confirmation, given when you start your first interview, that you understand other people may appear in your story and that you are responsible for ensuring it is appropriate for you to share what you share. This is not a waiver of anyone else's rights – it is a record of your understanding that those rights exist.
If a person mentioned in a memoir contacts us and asks us to remove information about them, we take that request seriously. We consider it against the literary exemption case by case, and we log our decision. Where the exemption does not apply, we will action the request.
5. Service providers we use
We use a small number of carefully chosen providers to run Chronicle. Each one acts as a processor – they handle data on our written instructions only, under a contract that meets UK GDPR Article 28 requirements.
| Provider | What they do for us | Where |
|---|---|---|
| Anthropic PBC | AI drafting via the Claude API. Bound by a written Data Processing Agreement and prohibited from using your data to train its models. | United States – transfer protected by Standard Contractual Clauses (see section 6). |
| Database and authentication provider | Holds your account, your interview transcripts and your drafts. Operates under a written Data Processing Agreement with strict role-based access controls. | European Union. |
| Application hosting provider | Serves the Chronicle web app to your browser. Static assets are cached globally; memoir content is not. | European Union. |
| Transactional email provider | Delivers the account and story-related emails we send you. | European Union. |
| Product analytics provider (PostHog) | Records anonymous, event-level usage data – which screens are visited and which features are used – so we can improve the product. Configured to never capture story content, transcripts, names, or anything you type into the app. Session recording and automatic event capture are disabled. No cookies or local storage are set. Bound by a written Data Processing Agreement. | European Union (PostHog EU Cloud). Requests are routed via a managed Cloudflare proxy on a Chronicle-owned subdomain – described in the next row and in section 6. |
| Edge proxy infrastructure (Cloudflare) | Routes analytics requests from your browser to our analytics provider via a Chronicle-owned subdomain. Because Cloudflare terminates the secure connection between your browser and our proxy, it is in the data path for the same event-level metadata our analytics provider receives – your IP address, your device and browser type, and the names of events such as 'page viewed' or 'export started'. It does not see story content, transcripts, names, or anything you type into Chronicle, because we never send that information to our analytics provider in the first place. This layer exists so analytics keeps working for users on networks or browsers that block direct connections to analytics services. | Global edge network (United States parent). Covered by the additional safeguards described in section 6. |
| Payment processor (from public launch) | Handles payment information directly. Beta is free; this provider is not yet active. When it is, we never see your full card number. | European Union and United States – the provider operates under its own approved transfer mechanism. |
| Print-on-demand partner (from public launch) | Printing and posting physical books, where you order one. The partner receives only the content you have finalised for print, plus the delivery address. | To be confirmed before any print order is processed. |
We name our AI provider directly because it's the one most people want to know about. The others are described by category here – if you'd like to know exactly which provider sits behind each one, write to dpo@withchronicle.ai and we'll tell you. We keep the full list internally and make it available to the Information Commissioner's Office on request.
We do not sell, rent, share or otherwise disclose your information to anyone else. We will only ever release information to a third party if we are legally required to (for example, in response to a court order) or if you have asked us to do so (for example, by using a share link to send a draft to a family member).
6. Transfers outside the UK
Most of your data is held in the UK or the European Economic Area by our hosting and email providers. There is one transfer outside that area you should know about.
When Chronicle drafts a chapter of your memoir using artificial intelligence, it sends the relevant parts of your interview content to Anthropic's Claude API. Anthropic is based in the United States. The transfer is protected by the Standard Contractual Clauses (Module 2, controller-to-processor) incorporated into our written Data Processing Agreement with Anthropic, including the UK jurisdictional addendum required for transfers from the UK. Anthropic is contractually prohibited from using your data to train its models.
Before we began transferring data to Anthropic, we completed a Transfer Risk Assessment focused on the protections that apply to special category biographical data in the United States. The assessment, and our underlying Data Processing Agreement, are available to the Information Commissioner's Office on request.
There is a second, narrower transfer to disclose. To keep our product analytics working for users whose browsers or networks block connections to analytics services, we route analytics requests through Cloudflare, an infrastructure provider headquartered in the United States. Cloudflare is in the path for the same event-level metadata our analytics provider receives – IP address, device and browser type, and the names of events such as "page viewed" or "export started". It is not in the path for story content, transcripts, names, or any of the information you type into Chronicle, because none of that is sent to our analytics provider in the first place. The transfer is covered by the UK International Data Transfer Addendum to the EU Standard Contractual Clauses, incorporated into our written agreement with our analytics provider.
7. How long we keep things
We hold each category of information only for as long as we need it for the purpose it was collected, and no longer.
| Information | How long we keep it |
|---|---|
| Account information (name, email, hashed password) | For as long as your account is active. Deleted within 30 days of account closure. |
| Interview transcripts | Held while you are actively using the service. Deleted 12 months after a memoir is marked complete, unless you ask us to keep them. |
| AI processing logs (the request and response data sent to and from Anthropic) | Deleted within 30 days of each session. |
| Drafts and chapter versions | Held while you are working on the memoir. Deleted on final memoir delivery unless you ask us to keep them. |
| Final memoir (digital copy on your account) | For as long as your account is active. You control export and deletion at any time. |
| Consent records (what you consented to and when) | Retained for as long as we may need to demonstrate consent, in a pseudonymised form not linked to memoir content. |
| Billing records (where applicable) | Six years from the end of the tax year, as required by UK tax law. |
| Server and security logs | 30 days, unless retained longer to investigate a specific incident. |
If you stop using Chronicle
We do not want to hold a life story that nobody is looking at any more. If a storyteller's account has had no activity for six months, we email the person who set the account up to ask whether they would like to keep it active. If we do not hear back within thirty days, we delete the story data. A single click in the dashboard keeps the account active and stops the clock.
8. Your rights
Under UK GDPR you have the following rights. To exercise any of them, write to dpo@withchronicle.ai or use the self-service controls in your account settings. We respond within one calendar month and we do not charge for any of these requests except in rare cases where a request is manifestly unfounded or excessive.
- Access (Article 15). Ask us for a copy of the information we hold about you, plus a description of what we do with it.
- Rectification (Article 16). Ask us to correct information that is inaccurate or incomplete.
- Erasure (Article 17). Ask us to delete your data. We will, subject to the practical limit on printed copies in section 9 and any narrow legal retention obligations (for example, billing records).
- Restriction (Article 18). Ask us to pause processing while a dispute is sorted out.
- Portability (Article 20). Ask us for a copy of your data in a machine-readable format, or ask us to send it directly to another service.
- Object (Article 21). Object to processing we are doing on the basis of legitimate interests, including any processing of third-party information in your memoir.
- Withdraw consent (Article 7(3)). Withdraw the explicit consent you gave for special category data processing, whenever you like. Withdrawal does not affect the lawfulness of anything we did before you withdrew.
- Not be subject to automated decisions (Article 22). We do not take any automated decisions about you that produce legal or similarly significant effects. The AI we use is a writing assistant, not a decision-maker.
- Complain to the Information Commissioner's Office. If you are unhappy with how we have handled your data, you can complain to the UK's data protection regulator at any time. We would rather you came to us first, but it is your right.
ICO – Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. ico.org.uk/make-a-complaint. Helpline 0303 123 1113.
How withdrawal works in practice
You can begin a withdrawal in your account at any time. We will ask you, gently, why – the answer helps us improve, but you do not have to give one. We will offer the chance to export a copy first if you would like. Once you confirm, we delete your story data within thirty days, send you a confirmation email, and sign you out. If you change your mind during that thirty-day window, reply to the confirmation email and we can stop the deletion.
9. Printed copies
There is one practical limit on the right to erasure that we want to be honest about. Once you print a memoir and a book has been delivered – to you, to a family member, to anyone – we have no way of recalling that physical copy. If you later ask us to erase your digital data, we will, but the printed copies remain wherever you sent them. We ask you to acknowledge this each time you generate a printable export, so that the limitation is in front of you at the moment it becomes relevant rather than buried in a notice.
10. How we keep it secure
We take security seriously because the information you give us is unusually personal. Our core measures are:
- Memoir content, transcripts, drafts and account data are encrypted at rest using AES-256.
- All connections between your browser, our service and our providers use TLS 1.3.
- Chronicle staff cannot read your memoir content by default. The small number of people with administrative access cannot view your content without authentication, two-factor verification, and an audit log entry that records who viewed what, when, and why.
- Two-factor authentication is mandatory for every member of staff with administrative access. It is optional but encouraged for users.
- Database credentials and API keys are stored in a managed secrets service and rotated regularly. They are never embedded in code.
- We carry out independent security testing before launch and at least annually thereafter. Critical and high findings are resolved before any deployment that touches user data.
- We have a written breach response plan. If we ever discover a personal data breach that is likely to risk people's rights and freedoms, we notify the Information Commissioner's Office within 72 hours of becoming aware, and we notify affected users without undue delay where the risk is high.
11. Cookies
Chronicle uses cookies only for things that are strictly necessary to run the service – keeping you signed in, remembering which session you are working on, and protecting against abuse. We do not use cookies for advertising. We do not use third-party analytics that place tracking cookies on your browser. If we ever change this, we will ask for your consent first and update this notice.
We do use a privacy-preserving product analytics tool to understand which parts of the service are useful and which need work. It runs without cookies or local storage, captures only anonymous event-level data (which screens are visited, which features are used), and never records the contents of your story. The provider is named in section 5.
12. Children
Chronicle is intended for adults. We do not knowingly collect information from anyone under 18. If you believe a child has given us information, please write to us and we will delete it. Memoirs may mention childhoods – yours, or other people's – which is a different matter and is covered in section 4.
13. Changes to this notice
We review this notice at least once a year, and whenever we make a material change to how we process information. If a change affects your rights or how your data is handled, we will tell you directly (by email) and, where the law requires it, ask for fresh consent. We do not bury significant changes in a generic update.
The version and date of this notice are at the bottom of the page.
14. Contacting us
For anything privacy-related, write to dpo@withchronicle.ai. That inbox is monitored by our Data Protection Officer and is the right route for access requests, erasure requests, complaints, or general questions about this notice.
For everything else, including help using the product, charlie@withchronicle.ai will reach us.