STOE/Chronicle
Legal

Privacy Policy

Effective date: April 3, 2026

1. Overview

STOE, Inc. ("STOE", "we", "us") operates the Chronicle platform ("Service"). This Privacy Policy describes how we collect, use, and protect information from users and organizations that access Chronicle via stoe-ai.com and associated subdomains.

2. Information We Collect

Account information. When you request access or create an account, we collect your name, work email address, and company name.

Usage data. We collect metadata about how the Chronicle platform is used — request counts, API call patterns, latency data — to operate and improve the Service.

Decision metadata. Chronicle processes AI decision records on behalf of your organization. This data is governed by your data processing agreement, not this policy.

Evidence blobs. Decision evidence is encrypted client-side on your infrastructure before reaching our systems. We do not have access to the plaintext content of evidence records.

3. How We Use Information

We use collected information to:

  • Operate, maintain, and improve the Chronicle platform
  • Authenticate users and enforce tenant isolation
  • Respond to support requests and communicate about the Service
  • Monitor for abuse, security incidents, and compliance obligations
  • Send product updates if you have opted in

We do not sell personal information. We do not use personal data for advertising.

4. Data Residency and Security

The Chronicle enforcement runtime operates on your infrastructure. AI decision evidence is encrypted on your systems before transit. STOE's cloud platform stores encrypted blobs and metadata only.

In-transit data is protected by TLS 1.3. At-rest data is encrypted at the storage layer. Access to production systems is restricted by role and audited.

5. Retention

Account information is retained while your organization has an active Chronicle subscription and for 90 days following termination. Decision records are retained per the terms of your enterprise agreement. You may request deletion at any time by contacting us.

6. Third-Party Processors

We use a limited number of trusted sub-processors (infrastructure, authentication, payments). A current list is available to enterprise customers on request. We ensure sub-processors meet equivalent data protection standards.

7. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or restrict processing of your personal data. To exercise these rights, contact us at privacy@stoe-ai.com.

8. Changes to This Policy

We may update this policy as the Service evolves. Material changes will be communicated via email or in-product notice at least 14 days before taking effect.

9. Contact

STOE, Inc.
privacy@stoe-ai.com