DRAFT — This privacy policy is provided for informational purposes and has not been reviewed by legal counsel. We recommend obtaining independent legal review before relying on this document.
Privacy Policy
Last Updated: March 2026
ChronoForge ("we," "our," or "us") operates the ChronoForge Pulse platform, an AI-powered sales forecasting and supply chain planning service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform. Please read this policy carefully. By accessing or using ChronoForge Pulse, you agree to the practices described herein.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
Email address (required for authentication)
Password (stored securely via Supabase Auth; we never store plaintext passwords)
Full name (optional, if provided in your profile)
1.2 Uploaded Business Data
To provide forecasting and analysis, you may upload business data including:
Sales data files (CSV, JSON, or Excel formats)
Forecast configuration parameters
Supply chain configuration data (products, lead times, costs, demand forecasts)
1.3 Chat Messages & Interactions
When you interact with the Pulse AI Agent, we store:
Messages you send and responses generated by the AI
Files attached to chat conversations
Selected filters and configuration choices (region, category, visualization mode)
1.4 Technical & Usage Data
We automatically collect limited technical data to operate and protect the service:
IP addresses (used for rate limiting and abuse prevention)
Authentication tokens (JWT stored in your browser's localStorage; no cookies are used for auth)
General request metadata (timestamps, endpoint accessed, response status codes)
We do not use any third-party analytics SDKs (such as Google Analytics, Mixpanel, or similar tracking services).
2. How We Use Your Information
We use the information we collect to:
Authenticate your identity and manage your account
Perform supply chain planning, including MPS, MRP, and lot-sizing analysis
Power the RAG (Retrieval-Augmented Generation) pipeline for contextually relevant AI responses
Store and retrieve your chat history so you can reference past conversations
Enforce rate limits and protect against abuse
Improve the accuracy and reliability of our models and service
3. Data Processing & Third-Party Services
To generate AI-powered responses, portions of your data (including chat messages, uploaded data context, and query content) may be sent to the following third-party large language model (LLM) providers for processing:
Provider
Purpose
Privacy Policy
Anthropic (Claude)
Primary LLM for chat responses, analysis, and explanation generation
Important notes about third-party data processing:
Data is sent to these providers only when generating AI responses to your queries
Each provider processes data according to their own privacy policy and data retention practices
We use API-level access (not consumer-facing products), which typically provides stronger data protections
Text embeddings for the knowledge base can be generated locally using a sentence-transformer model, without sending data to any third party
Infrastructure Provider
Our backend database and authentication services are hosted on Supabase, which uses Amazon Web Services (AWS) infrastructure. Your data is stored in PostgreSQL databases managed by Supabase.
4. Data Storage & Security
We take reasonable measures to protect your data:
Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS/HTTPS
Authentication: Account access is protected by Supabase Auth with secure password hashing (bcrypt)
Token-based sessions: We use JWT tokens stored in localStorage rather than cookies, reducing certain cross-site attack vectors
Rate limiting: API endpoints are rate-limited to prevent abuse and protect service availability
Database security: Data is stored in Supabase-managed PostgreSQL with row-level security policies
While we implement industry-standard security measures, no method of electronic storage or transmission over the internet is 100% secure. We cannot guarantee absolute security of your data.
5. Data Retention
We retain your data as follows:
Account data: Retained for as long as your account is active. Upon account deletion, your data will be removed within 30 days
Uploaded business data: Retained for as long as your account is active and the associated knowledge base exists. You may delete uploaded datasets at any time through the platform interface
Chat history: Retained for as long as your account is active. You may request deletion of your chat history at any time
Technical logs: Server logs containing IP addresses and request metadata are retained for up to 90 days for security and operational purposes
6. Your Rights
You have the following rights regarding your personal data:
Access: You may request a copy of the personal data we hold about you
Correction: You may request that we correct inaccurate or incomplete data
Deletion: You may request that we delete your account and all associated data
Export: You may request an export of your data in a machine-readable format
Restriction: You may request that we limit the processing of your data in certain circumstances
Objection: You may object to the processing of your data for certain purposes
To exercise any of these rights, please contact us at the email address listed in the Contact Us section below. We will respond to your request within 30 days.
7. Children's Privacy
ChronoForge Pulse is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we will take steps to remove that information from our servers promptly.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately so we can take appropriate action.
8. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
Update the "Last Updated" date at the top of this page
Provide notice through the platform interface where appropriate
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of ChronoForge Pulse after changes are posted constitutes your acceptance of the revised policy.
9. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: