The fine print, made readable.
Everything covering how we handle your data, our service commitments, and the agreements between you and ChronoForge Pulse, Inc.
Privacy policy
ChronoForge Pulse, Inc. ("ChronoForge," "we," "us") provides forecasting, planning and analytics software. This policy explains what we collect, how we use it, and the choices you have.
1. Data we collect
1.1 Account data
- Email address, name and authentication identifiers (via Supabase).
- Workspace and role assignments.
- Billing details handled by Stripe — we never store full card numbers.
1.2 Operational data you upload
- Sales scenarios, ERP exports, BOMs, financial models and analyst notes you ingest into the knowledge base.
- Chat transcripts and feedback you submit via the AI agent.
- Files you attach to a chat session (CSV, XLSX, JSON).
1.3 Usage telemetry
- Endpoint hit counts, latency, response sizes and error rates — kept in aggregate to operate the service.
- Browser, OS and viewport so we can debug rendering issues.
2. How we use it
- To deliver forecasts, retrieval-augmented answers, and supply-chain plans you request.
- To embed and index your scenarios for vector search.
- To invoice your subscription and prevent abuse.
- To improve the product. We do not use customer data to train third-party foundation models.
3. Sub-processors
We rely on a small set of vetted infrastructure providers. The current list is published in the Data Processing Addendum.
4. Retention
Knowledge-base content is retained for the life of the workspace. You can delete individual scenarios or the entire workspace at any time. Backups roll off after 35 days.
5. Your rights
If you are based in the EEA, UK, or California, you may request access, correction, export or deletion of personal data at privacy@chronoforge.io. We respond within 30 days.
6. Contact
Privacy questions: privacy@chronoforge.io · Postal: ChronoForge Pulse, Inc., legal department.
Terms of service
1. Acceptance
By creating a workspace or using the API you agree to these terms. If you are accepting on behalf of an organization, you represent you have authority to bind that organization.
2. The service
ChronoForge Pulse provides ensemble forecasting, RAG-grounded analysis, supply-chain optimization (MPS, MRP, lot sizing) and workforce analytics, accessed through a hosted web app and REST API.
3. Your account
- You are responsible for keeping API keys and credentials confidential.
- You will not attempt to reverse-engineer the service or use it to build a competing product.
- Each Starter seat may be used by one named individual.
4. Plans, billing & cancellation
Paid plans renew monthly. You can cancel at any time from your billing portal — access continues until the end of the paid period. Refunds are issued for material outages exceeding the SLA in Security & reliability.
5. Acceptable use
See the Acceptable use tab.
6. Warranties & liability
Forecasts are statistical estimates. Pulse is a decision-support tool, not a guarantee of outcomes. To the maximum extent permitted by law our liability is capped at fees paid in the prior 12 months.
7. Changes
We may update these terms with 30 days' notice for material changes. Continued use after the effective date means you accept the new terms.
Security & reliability
Compliance
- SOC 2 Type II — annual audit.
- GDPR & CCPA aligned; DPA available on request.
- HIPAA-ready BAA available on Pro plans.
Encryption
- TLS 1.3 in transit. AES-256-GCM at rest in Postgres and object storage.
- Per-workspace encryption envelopes, rotated quarterly.
- Secrets stored in a managed KMS with hardware-backed master keys.
Access control
- Role-based access (admin, client, beta-tester) enforced server-side.
- Supabase JWT auth with optional SSO (SAML, OIDC) on Pro and Enterprise.
- All admin endpoints require role assertion plus rate limiting.
Reliability
- 99.9% monthly availability target on Pro and above.
- Daily encrypted backups, 35-day retention, restore tested monthly.
- Multi-region failover for the production API.
Vulnerability disclosure
Please report security findings to security@chronoforge.io. We acknowledge within one business day and aim to remediate critical issues within 7 days.
Data Processing Addendum
1. Roles
For data you submit to ChronoForge Pulse, you are the controller and we are the processor. We process personal data only on your documented instructions.
2. Sub-processors
- Supabase — primary data store and authentication.
- AWS / Vercel — application hosting.
- Stripe — billing.
- Resend — transactional email.
- Anthropic / OpenAI / Google — LLM inference, only when you configure those providers.
We will give 30 days' notice before adding a new sub-processor. You may object in writing.
3. International transfers
Where we transfer EEA personal data outside the EEA we rely on the Standard Contractual Clauses (2021/914) and supplementary measures.
4. Security obligations
See Security & reliability. Our technical and organizational measures are incorporated by reference into this DPA.
5. Sub-processor list & signed DPA
Email legal@chronoforge.io to request a counter-signed DPA and the current list with addresses.
Cookies & tracking
What we use
- Strictly necessary — session token, CSRF token, cookie-consent state. Cannot be disabled.
- Functional — theme preference, last opened workspace.
- Analytics — first-party page-view counters. Off by default for EU visitors until opt-in.
Third parties
We do not run third-party advertising tags. Stripe sets cookies on the billing portal pages it serves directly.
Manage your preferences
Open the cookie consent banner at any time by clicking "Cookie preferences" in the footer of any page.
Acceptable use
You agree not to use ChronoForge Pulse to:
- Upload data you do not have rights to process.
- Generate content that is unlawful, infringing, or that targets a person with harassment.
- Attempt to bypass rate limits, authentication, or sub-processor agreements.
- Probe, scan or test the vulnerability of the service without prior written consent.
- Use the service for high-risk decisions (medical, criminal-justice, fully autonomous safety systems) without an independent human-in-the-loop.
Violations may result in suspension. Material violations result in termination.
Questions? legal@chronoforge.io