Calendar Data (NOT Collected)

All your calendar events, notes, and plans are stored entirely on your device. We do not have access to this data. We do not sync it to any cloud service. When you delete the app, all this data is permanently removed from your device.

Optional Feedback Data (User-Initiated Only)

If you choose to submit feedback through the in-app feedback system, we collect:

• Your feedback message
• Device operating system (e.g., "Android")
• App version (e.g., "1.0.0")
• Basic device info (browser user agent string)

This is completely optional. Feedback is only submitted when you explicitly choose to send it through the app.

What We DON'T Collect

• No personal identifiers (name, email, phone number)
• No location data
• No contact information
• No photos or media files
• No usage analytics or tracking
• No advertising identifiers
• No third-party API keys — these never leave your device

How Your API Key Is Stored

Your API key is encrypted and stored exclusively on your device using the Android Keystore system with AES-256-GCM encryption. This is the same hardware-backed secure storage used by banking and password manager apps.

• The key is encrypted before being written to device storage
• The encryption key lives inside a hardware-backed secure enclave and never leaves it
• Only the Chrone app can decrypt and read your API key
• Other apps on your device cannot access it

How Your API Key Is Used

Your API key is used solely to make requests to the provider you selected (e.g., OpenAI) directly from your device. The key is sent only to that provider's official API endpoint over an encrypted HTTPS connection — the same way any official app or website would use it.

• Your API key is never sent to Chrone's servers
• Your API key is never shared with any third party other than the provider you chose
• Chrone does not log, monitor, or have any visibility into your API usage

Requests Sent to Third-Party AI Providers

When you use a connected AI provider, your message and conversation context are sent to that provider's servers to generate a response. This is subject to that provider's own privacy policy and terms of service. We recommend reviewing their policies:

• OpenAI: openai.com/policies/privacy-policy
• Anthropic: anthropic.com/privacy
• Google Gemini: policies.google.com/privacy
• Groq: groq.com/privacy-policy

Deleting Your API Key

You can remove your API key at any time from Settings → AI. This permanently deletes the encrypted key from your device storage and the Android Keystore. Uninstalling the app also removes all stored keys.

HuggingFace (AI Model Download)

When you first use Chrone, the app downloads a ~500MB AI language model from HuggingFace (a third-party AI model hosting service). This is a one-time download initiated by you when you open the app.

No personal data is sent to HuggingFace. The download is a standard file transfer. After download, the AI model runs entirely on your device.

HuggingFace Privacy Policy: huggingface.co/privacy

Supabase (Feedback Storage)

If you submit feedback, it is stored on Supabase (a third-party database service). This allows our team to read and respond to your feedback.

Only feedback data is sent to Supabase. Your calendar data never leaves your device.

Supabase Privacy Policy: supabase.com/privacy