Privacy Policy — Chronalife

Effective date: March 30, 2026
Last updated: March 30, 2026

This Privacy Policy describes how Andrew Wade ("we", "us", or "our") collects, uses, discloses, and protects information in connection with Chronalife—the life-simulation game and related websites, mobile applications, and online services (collectively, the "Service"). The Service is operated by Andrew Wade as an individual; there is no LLC or other company behind Chronalife at this time.

By using the Service, you agree to this Privacy Policy. If you do not agree, do not use the Service.

1. Who we are

For EU/UK users, you may also provide an EU/UK representative and/or data protection officer if required by law.

2. Scope

This policy applies to:

• Our native apps (e.g. Apple iOS, Google Android) distributed under identifiers such as com.weflyhq.chrona;
• Our web experience when offered (e.g. static or SPA builds);
• Backend and sync features provided through our servers and third-party processors described below.

It does not govern third-party sites or services that we link to or that you use outside the Service (for example, your email provider or app store account).

3. Information we collect

We collect information in the following categories. Exact fields depend on which features you enable and how you use the Service.

3.1 Account and authentication

When you create or use an account (where available), Clerk authentication and Clerk Billing may process:

• Email address and authentication factors (e.g. email verification, passwords where used);
• Session tokens and security-related metadata;
• Billing and subscription status when you purchase Chronalife Plus or add-ons (processed by Clerk Billing).

We link your game playerId to your account identifier where you sign in, to enable sync, entitlements, and support.

3.2 Gameplay, saves, and sync state

To operate cloud sync, backups, leaderboards, and related features we store game-derived data on our backend (e.g. Convex), including but not limited to:

• Identifiers: internal playerId, lifeId, slotId, device/session identifiers where used;
• Character and world snapshots (e.g. name, country/city placeholders, difficulty settings);
• Economy summaries for leaderboard or analytics (e.g. net worth, cash, debt, portfolio values, character display name, country);
• Life events, asset sync deltas, lottery participation, fame/social-sim metadata, and other simulation records;
• Operational telemetry tied to gameplay systems (e.g. timing and success flags for event rolls), separate from crash analytics unless combined in support tickets.

Local play: Much of the simulation runs on your device. Save data may be stored locally (e.g. SQLite / device storage) in addition to any cloud copy.

3.3 Cloud save backups (paid feature)

If you subscribe to a tier that includes cloud saves, we store compressed backups of your save data in chunked form on our servers. These blobs are opaque to us at the application layer (gzip-compressed JSON from the client) but are still personal data because they can contain your in-game choices and any text you entered in-game.

3.4 Push notifications

If you opt in on a supported device, we may collect and store a push token (via Expo push services or platform equivalents) associated with your playerId to deliver notifications (e.g. lottery or activity reminders).

3.5 Bug reports and support

When you submit an in-app bug report, we may collect:

• Title, description, category, severity, reproduction steps;
• Route/screen name, app version, platform, OS version, device model;
• Optional screenshot and optional debug snapshot (trimmed game-state excerpts designed not to include auth tokens—but may still include character, finances, career, and other simulation summaries).

3.6 AI-assisted features

Certain features send text prompts and context to Cerebras (hosted large language model inference) when a server-side API key is configured in our build. Uses include (non-exhaustively): chat-style interactions (e.g. dating/relationship/social flows), quizzes, narrative helpers, and catalog naming. Do not submit secrets, government IDs, health diagnoses, or other sensitive real-world information in free-text fields.

3.7 Automatic / technical data

We and our vendors may process:

• IP address, approximate location derived from IP, user-agent, timestamps;
• Device type, OS, app version;
• Diagnostic logs on servers.

We do not rely on a dedicated mobile analytics SDK in the current open-source tree; if we add analytics (e.g. product analytics or crash reporting), we will update this policy and, where required, consent or settings screens.

4. How we use information

We use information to:

• Provide, maintain, and improve the Service;
• Authenticate users, enforce entitlements (Chronalife Plus, cloud saves, sandbox/time-machine tiers), and prevent abuse;
• Sync game state, run server-mirrored logic where applicable, and restore backups;
• Send transactional or optional push notifications you have enabled;
• Debug, secure, and operate our infrastructure;
• Comply with law and respond to lawful requests;
• Communicate with you about the Service.

We do not sell your personal information in the conventional sense of selling lists to data brokers. We do use subprocessors (see Section 7) who process data on our behalf.

5. Legal bases (EEA/UK, if applicable)

If GDPR/UK GDPR applies, we rely on one or more of:

• Contract (providing the Service you request);
• Legitimate interests (security, fraud prevention, product improvement, internal analytics), balanced against your rights;
• Consent (e.g. marketing emails, non-essential cookies on web, optional push);
• Legal obligation.

6. Sharing and disclosure

We may share information with:

• Service providers listed in Section 7, under contractual safeguards;
• App stores (Apple, Google) for distributing the apps and platform rules that apply to those builds;
• Clerk for accounts, email verification, and subscription billing (Chronalife Plus);
• Authorities when required by law or to protect rights, safety, and security;
• Corporate transactions (merger, acquisition, restructuring), with notice where required.

We may disclose aggregated or de-identified information.

7. Subprocessors and third-party services

The Service is built on multiple vendors. Their own privacy policies govern their practices:

Links are provided for convenience; verify current URLs before publication.

8. International transfers

If you access the Service from outside the country where our servers or subprocessors are located, your information may be transferred internationally. Where required, we implement appropriate safeguards (e.g. Standard Contractual Clauses).

9. Retention

We retain information as long as needed to provide the Service, comply with law, resolve disputes, and enforce agreements. Examples:

• Account data: until you delete your account or we delete inactive accounts per policy;
• Cloud saves: until you delete them, delete your account, or we remove them per storage policy;
• Bug reports: for a defined support window unless a longer period is needed for security/legal reasons;
• Tokens: rotated or purged per security policy.

Specific retention schedules should be finalized with operations and counsel.

10. Security

We use reasonable administrative, technical, and organizational measures (encryption in transit, access controls, hashed refresh tokens, chunked uploads with integrity checks) appropriate to the risk. No method of storage or transmission is 100% secure.

11. Your rights and choices

Depending on jurisdiction, you may have rights to access, correct, delete, port, restrict, or object to processing of personal data, and to withdraw consent where processing is consent-based.

• Clerk / account: use in-app account screens or Clerk-hosted profile flows to manage email and security settings where available.
• Push: disable in system settings or revoke permission in-app where offered.
• Requests: email [email protected] with sufficient detail for us to verify you.

California residents (CPRA): you may have rights to know, delete, and correct personal information, and to limit use of sensitive personal information if applicable. We do not sell or share personal information for cross-context behavioral advertising as defined in CPRA unless we disclose otherwise and offer opt-out.

12. Children

The Service is not directed at children under 13 (or the age required in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have, contact us and we will delete it.

13. Changes

We may update this Privacy Policy. We will post the new version with a revised Effective date and, where required, provide additional notice. Continued use after the effective date constitutes acceptance unless law requires explicit consent.

14. Contact

Andrew Wade
Individual operator of Chronalife (not an LLC or separate company)
United States
Email: [email protected]

Appendix — Product-specific disclosures (Chronalife)