System Integrity
User Sovereignty

The ChronoFlow Privacy Protocol

"Your time is yours. Your data is yours. Our protocol is built on the non-negotiable principle of absolute user sovereignty."

Security Operations Team
Encryption & Protocol Division
Last Audit May 28, 2024

Executive Summary of Sovereignty

At ChronoFlow, we don't just "collect" data; we facilitate your interaction with your own chronological history.

  • No Account Required: Most features work entirely without personal identification.
  • Local-First Storage: Your calculations stay on your device whenever possible.
  • E2E Encryption: Any data synced with our systems is protected by military-grade standards.
  • Zero-Knowledge AI: Your inputs to our AI flows are processed and immediately discarded.

1. Data Architecture & Collection

The ChronoFlow High-Precision Engine is built on a "Privacy by Design" framework. We distinguish between three types of data:

Volatile Chronological Data (VCD)

This includes the specific dates of birth or "from/to" dates you input into the calculator.

Processing: Local-Only / LocalStorage

VCD is never transmitted to our servers unless you explicitly trigger an AI insight flow, at which point it is handled under our Zero-Knowledge protocol.

Inference Input Data (IID)

When you request a "Fun Fact" or "AI Insight," your age metrics (years, months, days) are passed to our Genkit backend.

Processing: Stateless Serverless Function

IID is used as a prompt variable for Google Gemini 1.5 Flash. It is not used for model training and is purged upon completion of the generation task.

System Telemetry

We collect anonymous technical logs to ensure the stability of the high-precision engine.

Processing: Anonymized Aggregation

Includes browser version, screen resolution (e.g., detecting the 5-8 inch range for layout optimization), and error reports.

2. The Genkit & LLM Privacy Layer

Integrating Generative AI into a personal utility requires extreme care. Our Genkit architecture ensures that your personal chronological milestones are treated with the highest level of confidentiality.

The Zero-Storage Policy: Our backend "Flows" are stateless. This means that once the AI has generated your age-related fact, the context is cleared. There is no persistent memory of your birth date on the AI server.

Enterprise-Grade AI Safety

We leverage Google's Generative AI safety settings to prevent the processing of sensitive or prohibited content. Your inputs are filtered locally before reaching the inference engine, providing a dual-layer of protection.

3. Cookies and Persistent Memory

ChronoFlow uses minimal persistent storage. We utilize the following mechanisms:

  1. LocalStorage: We store your last entered dates and theme preferences locally in your browser. This allows for a "fast resume" experience. We never access this data remotely.
  2. Session Cookies: Temporary tokens used to manage your connection to our high-precision engine services during a single visit.
  3. Essential Analytics: We use lightweight, privacy-focused analytics to understand how users interact with our Blog Hub and Calculator. We do not use cross-site tracking or invasive fingerprinting.

4. Global Compliance Standards

While our engine operates globally, we adhere to the strictest regional privacy regulations as our baseline:

GDPR (EU)

General Data Protection Regulation

EU citizens have the right to access, rectify, or erase any data we might hold. Since we focus on local-first storage, your primary mechanism for data erasure is simply clearing your browser cache.

CCPA (USA)

California Consumer Privacy Act

California residents have the right to know what personal data is being collected and to opt-out of its sale. ChronoFlow NEVER sells data. We are a utility, not a data broker.

5. Data Retention & Purging

Because we do not require account creation for standard use, we do not maintain a permanent user database for non-authenticated users.

  • In-App Data: Retained in your browser's LocalStorage until you clear it.

  • Server Logs: Automatically purged every 30 days.

  • AI Context: Discarded immediately after the API response is sent to your device.

6. Security Infrastructure

The ChronoFlow engine is hosted on a secure, distributed cloud infrastructure. We implement:

  • Transport Layer Security (TLS): All data in transit is encrypted via HTTPS.
  • DDoS Protection: Multi-layered defense systems to ensure 99.9% availability of the precision engine.
  • Regular Audits: Our Security Operations Team performs weekly protocol audits to identify and mitigate potential vulnerabilities.

Critical Alert: Third-Party Links

Our Blog Hub contains links to external resources and social platforms. Once you exit the ChronoFlow domain, our Privacy Protocol no longer applies. We encourage you to review the privacy policies of any external site you visit.

7. Your Rights & Redress

You are the master of your chronological destiny. You have the right to:

  1. Request Transparency: Inquire about any data we process.
  2. Demand Deletion: Ask us to remove any server logs associated with your IP address.
  3. Limit Processing: Disable AI features if you prefer not to use our Genkit infrastructure.
  4. Data Portability: Use our "Copy Results" feature to export your chronological data for your own records.

Closing Statement on Trust

In a digital landscape dominated by data exploitation, ChronoFlow stands as a bastion of precision and privacy. We believe that a utility app should be a tool that serves the user, not a net that captures their identity. This protocol is our bond to you.