Privacy Policy

How we collect, use, and protect your data.

Last updated: March 2026

1. Who We Are

Chronica ("we", "us") is a people analytics platform that helps growing teams understand their workforce through data-driven insights, engagement surveys, AI-powered recommendations, and comprehensive HR management tools.

Our platform is available at hrchronica.com.

Contact: contact@hrchronica.com

2. What Data We Collect

Account Data

When you create an account, we collect:

  • Name, email address, and password (hashed) during registration
  • Company name, size, and country during setup

Employee Data (uploaded by your organization)

Your organization may upload and manage the following employee information:

  • Names, email addresses, phone numbers, and addresses
  • Job titles, departments, managers, start and end dates
  • Salaries, contract types, and identification numbers (DNI/NIE/DPI)
  • Emergency contacts
  • Date of birth, gender, and nationality

In this context, your organization is the data controller and Chronica is the data processor. We process this data only as instructed by your organization to deliver platform features.

Platform Usage Data

As employees and administrators use the platform, the following data is generated:

  • Product usage data generated through your use of Chronica features

Website Visitor Data

On our public-facing pages (landing page, pricing, this page), we collect:

  • Pages visited, browser type, and device information (via LinkedIn Insight Tag and Google Analytics)
  • IP address (not stored long-term)

3. Why We Collect It

  • To provide our HR analytics and people management platform
  • To process your account registration and authentication
  • To enable your organization to manage employee data, surveys, assessments, payroll, and learning
  • To send transactional emails (invitations, password resets, assignment notifications, payslip notifications)
  • To improve our platform and fix issues
  • To comply with applicable labor laws

4. How We Use It

  • Your organization's data is only accessible to authorized users within your organization (multi-tenant isolation)
  • We use Stripe for payment processing — we never store credit card details
  • We use Resend for transactional email delivery
  • We use the LinkedIn Insight Tag on our public website pages (not inside the app) for anonymous visitor analytics
We do not sell, rent, or share your personal data with third parties for marketing purposes.

We do not use your employee data to train AI models.

AI features (Ask Chronica, course generation) process your data in-session only via Anthropic's API, which does not retain inputs.

5. Data Storage and Security

All data is hosted on dedicated infrastructure on servers located within the European Union. We employ:

  • HTTPS/TLS encryption for all data in transit
  • Passwords hashed using industry-standard algorithms (bcrypt)
  • Multi-tenant architecture ensuring strict data isolation between organizations
  • Role-based access control limiting data visibility within your organization
  • Firewall protection and intrusion prevention
  • Regular security audits and vulnerability assessments

For full details, see our Security page.

6. Your Rights (GDPR)

If you are in the European Economic Area, you have the right to:

Access

Request a copy of the personal data we hold about you.

Rectification

Request correction of inaccurate personal data.

Erasure

Request deletion of your personal data.

Portability

Receive your data in a structured, machine-readable format.

Restriction

Request we limit processing of your data.

Objection

Object to processing based on legitimate interest.

You may also withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact contact@hrchronica.com. We respond to all requests within 30 days.

7. Data Retention

Scenario Retention
Account data Retained while your account is active, deleted within 30 days of account closure
Employee data Retained while your organization's subscription is active, deleted within 30 days of subscription termination
Website analytics Anonymized, retained for up to 12 months
Backups Purged within 7 days of data deletion

8. Cookies and Tracking

Cookie / Tag Type Purpose
auth_token Essential Session management and authentication
Google Analytics (GA4) Analytics Anonymous website usage statistics
LinkedIn Insight Tag Analytics Anonymous visitor analytics on public pages only

We do not use advertising cookies inside the application.

You can disable cookies in your browser settings. You can also opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

9. Third-Party Services

We use the following third-party services to operate the platform:

Service Purpose Privacy Policy
Anthropic (Claude) AI features anthropic.com/privacy
Stripe Payment processing stripe.com/privacy
Resend Transactional email resend.com/legal/privacy-policy
Hetzner Hosting hetzner.com/legal/privacy-policy
LinkedIn Website analytics (public pages only) linkedin.com/legal/privacy-policy

10. Changes to This Policy

We may update this policy from time to time. We will notify active users of significant changes via email. The "Last updated" date at the top reflects the most recent revision.

11. Contact

For questions about this policy or your data:

Email: contact@hrchronica.com