This Privacy Policy explains how A2 Foundry, Inc. ("A2 Foundry," "we," "us") collects, uses, and protects your information when you use Chrona, including the web application at chronabio.ai, the Chrona Word Add-in, and the CTD Commons Viewer.
1. What We Collect
Information you provide: Email address, display name, and organization name when you create an account.
Information we collect automatically: When you use Chrona, we collect usage data including pages visited, features used, browser type, and device information. We collect this through PostHog, our analytics provider, using cookies and similar technologies.
Information we do not collect: We do not collect or store the contents of your regulatory documents on our servers. Your documents remain in your own storage environment. Structured excerpts are sent to your configured LLM provider at the time of analysis and are not retained by A2 Foundry.
2. How We Use Your Information
We use your information to:
- Operate and maintain your Chrona account
- Provide and improve Chrona's features
- Send you product updates and feature announcements (you can opt out at any time)
- Monitor service performance and fix issues
- Respond to your questions or requests
3. What We Don't Do
- We do not sell your personal information
- We do not share your information with third parties for their marketing purposes
- We do not use your information for advertising
- We do not use the content of your regulatory documents to train AI models
4. Who We Share With
We share your information only with service providers that help us operate Chrona:
| Provider | Purpose |
|---|---|
| Supabase | Authentication and database |
| Vercel | Frontend hosting |
| Railway | Backend hosting |
| PostHog | Product analytics |
These providers access your information only to perform services on our behalf and are not permitted to use it for other purposes.
We may also disclose your information if required by law, legal process, or to protect the rights or safety of A2 Foundry, our users, or others.
5. Your LLM Provider
Chrona operates on a bring-your-own-key (BYOK) model. When you configure an LLM provider, structured excerpts of your document content are sent directly to that provider using your API keys. A2 Foundry does not control how your LLM provider handles that data. You are responsible for reviewing your provider's privacy and data retention policies.
6. Cookies
We use cookies and similar technologies for session management (keeping you logged in) and analytics (understanding how Chrona is used). We do not use advertising or tracking cookies.
7. Data Retention
We retain your account information for as long as your account is active. If you close your account, we will delete your personal information within 30 days, except where we are required to retain it by law.
8. Data Security
We use industry-standard security measures to protect your information, including encrypted connections (TLS), role-based access controls, and secure hosting infrastructure. Our security practices are documented in our Data Handling & Security documentation, available to customers on request.
9. Your Rights
You may:
- Request a copy of the personal information we hold about you
- Request correction of inaccurate information
- Request deletion of your account and personal information
- Opt out of product communications at any time
To exercise any of these rights, email us at contact@a2foundry.com.
10. Children
Chrona is not intended for anyone under 18. We do not knowingly collect information from anyone under 18.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date and notify you via email or in-app notice.
12. Contact
Questions about this Privacy Policy? Reach us at contact@a2foundry.com.