Chrogenix
Where your time begins again
FeaturesHow it WorksPricingFAQLog InGet Started

Privacy Policy

Last updated: March 29, 2026

1. Introduction

Keysoft, LLC ("Keysoft", "Chrogenix," "we," "us," or "our") operates the Chrogenix platform at chrogenix.com (the "Service"). This Privacy Policy describes how we collect, use, store, share, and protect your personal information when you access or use our Service. By creating an account or using any part of the Service, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.

2. Information We Collect

2.1 Account Information. When you register, we collect your display name, email address, and password. If you subscribe to a paid plan, our third-party payment processor collects and processes your payment information. We store a customer reference ID but never directly store credit card numbers.

2.2 Avatar Content. To build your digital avatar, we collect content you voluntarily provide, including but not limited to: written documents, voice recordings, video recordings, photographs, biographical information, personal values, beliefs, life stories, personality traits, ethical boundaries, and catchphrases. You control exactly what content you share.

2.3 Processed Knowledge. Our system uses artificial intelligence to extract, summarize, and categorize information from your uploads into structured knowledge entries (facts, stories, traits, quotes, and preferences). These derived entries are stored alongside your original content.

2.4 Chat Messages. All messages exchanged between you and your avatar, between your trusted contacts and your avatar, and between access code visitors and your avatar are stored in our database.

2.5 Usage Data. We automatically collect information about your interactions with the Service, including pages visited, features used, session duration, browser type, operating system, IP address, and referring URLs.

2.6 Email Address for Communications. By creating an account, you consent to receive transactional emails (account confirmations, password resets, security alerts, payment receipts, new visitor notifications) and marketing communications (product updates, feature announcements, tips, and promotional offers) at the email address you provide. See Section 9 for opt-out details.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, operate, and maintain the Service, including building and refining your digital avatar
  • To process your uploads through our content extraction and knowledge distillation pipeline
  • To send your content to third-party AI model providers for the purpose of generating avatar responses, transcribing audio/video, and describing images
  • To generate synthetic voice audio using third-party voice cloning services if you opt in to voice cloning
  • To process payments and manage subscriptions through our payment processing partner
  • To send transactional emails related to your account activity, including new visitor notifications, payment receipts, security alerts, and account status changes
  • To send marketing and promotional communications about the Service
  • To monitor, detect, and prevent fraud, abuse, and security threats
  • To enforce rate limits and access controls
  • To comply with legal obligations and respond to lawful requests from public authorities
  • To improve and personalize the Service through aggregated, anonymized analytics

3.1 Lawful Basis for Processing (GDPR). If you are in the European Economic Area or the United Kingdom, our lawful bases for processing your personal data are:

  • Performance of a contract (Article 6(1)(b)) — Processing necessary to provide the Service you signed up for, including avatar creation, chat functionality, file storage, and subscription management.
  • Consent (Article 6(1)(a)) — Optional features you explicitly opt into, such as voice cloning, Telegram bot integration, and marketing communications. You may withdraw consent at any time.
  • Legitimate interests (Article 6(1)(f)) — Security monitoring, fraud prevention, rate limiting, abuse detection, and service improvement through anonymized analytics. We have assessed that these interests do not override your rights and freedoms.
  • Legal obligation (Article 6(1)(c)) — Processing required to comply with applicable laws, respond to legal requests, or fulfill regulatory obligations.
4. Data Ownership & License

4.1 Your Content. You retain full ownership of all content you upload to Chrogenix. By uploading content, you grant us a limited, non-exclusive, worldwide, royalty-free license to use, process, store, reproduce, and transmit your content solely for the purpose of providing the Service to you. This license terminates when you delete your content or account, subject to the retention periods described in Section 7.

4.2 AI-Generated Content. Responses generated by your avatar are produced by third-party AI models using your uploaded content as context. You acknowledge that AI-generated responses may not accurately represent your views, personality, or intentions. Chrogenix does not claim ownership of AI-generated avatar responses.

4.3 No Sale of Personal Data. We do not sell, rent, lease, or trade your personal information to third parties for their own marketing purposes.

5. Data Sharing & Third-Party Services

We share your data with trusted third-party service providers (sub-processors), solely for the purpose of operating the Service. Each partner is contractually obligated to protect your data through Data Processing Agreements and may only use it to perform services on our behalf in accordance with this Privacy Policy. Our current sub-processors are:

  • Anthropic — Provides the AI models that power your avatar's chat responses and image analysis. Chat messages and avatar context are sent to Anthropic's API for response generation.
  • OpenAI — Provides audio and video transcription services (Whisper). Uploaded audio and video files are sent to OpenAI for transcription only.
  • ElevenLabs — Provides voice cloning and text-to-speech services for users who opt in. Voice samples and avatar response text are sent for audio generation.
  • Stripe — Processes subscription payments and manages billing. We share your email address and a customer reference ID with Stripe. We never store your credit card details.
  • Amazon Web Services (AWS) — Provides cloud file storage (S3) for your uploads and email delivery (SES) for transactional and marketing emails.
  • Supabase — Provides our database infrastructure and user authentication services. All user data stored in our database is hosted on Supabase's infrastructure.
  • Telegram — For users who opt in to the Telegram bot integration, messages are exchanged through Telegram's platform. This is a user-initiated connection that you can disconnect at any time.

5.1 No AI Model Training. Your personal data, uploaded content, chat messages, and voice recordings are never used to train, fine-tune, or improve any third-party AI models. Our AI service providers process your data solely to generate real-time responses and are contractually prohibited from using your data for model training purposes.

5.2 Legal Disclosure. We may also disclose your information if required by law, subpoena, court order, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

6. Access Controls & Sharing

6.1 Access Models. You control who can interact with your avatar through access model settings: Private (only you and invited trusted contacts) or Public (anyone with your access code). You can change your access model at any time in Settings.

6.2 Trusted Contacts. When you invite a trusted contact, they can chat with your avatar. Your avatar's responses are generated from your uploaded content, meaning trusted contacts may receive information you shared during onboarding and through uploads.

6.3 Access Code Visitors. If your access model is set to Public, anyone with your access code can chat with your avatar without creating an account. You are responsible for controlling the distribution of your access code. You can block individual visitors or regenerate your access code to revoke all visitor access.

6.4 Visitor Notifications. When a new visitor first chats with your avatar using your access code, we send a notification email to the email address associated with your account.

6.5 Posthumous Preferences. You may configure posthumous preferences to control what happens to your avatar after your death. We will make commercially reasonable efforts to honor these preferences, subject to applicable law, verification requirements, and executor decisions.

7. Data Storage, Security & Retention

7.1 Storage. Your data is stored using industry-standard encryption at rest (AES-256) and in transit (TLS 1.2+). Uploaded files are stored in secure cloud storage with access restricted to your account through user-scoped storage keys.

7.2 Security Measures. We implement technical and organizational security measures including: multi-factor authentication (TOTP), row-level database security policies, parameterized database queries to prevent injection attacks, input validation, rate limiting, presigned upload URLs, and security headers (HSTS, X-Frame-Options, CSP). However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

7.3 Retention. We retain your data for as long as your account is active. The following retention periods apply:

  • Account and profile data — Retained while your account is active.
  • Chat messages (personal, trusted contact, access code, and Telegram) — Retained while your account is active. No automatic purge.
  • Uploaded files and processed knowledge — Retained while your account is active. You may delete individual files at any time.
  • Voice clones and TTS audio cache — Retained while your account is active. Voice clones are deleted from both our database and the third-party provider upon account deletion.
  • Payment records — Transaction references are retained while your account is active. Stripe retains payment details per their own retention policy.
  • Admin audit logs — Administrative actions are logged indefinitely for security and compliance purposes.
  • Rate limit data — Automatically purged after 60 minutes (see Section 7.4).

When you delete your account, your data enters a 7-day soft-delete recovery window during which you can restore your account. After 7 days, all data is permanently and irreversibly deleted, including database records, uploaded files, voice clones, and authentication credentials. We may retain anonymized, aggregated data that cannot be linked back to you.

7.4 Rate Limit Data. IP addresses and request timestamps are temporarily stored in our rate limiting system for abuse prevention. This data is automatically purged after 60 minutes.

8. Cookies & Tracking Technologies

We use strictly necessary cookies to operate the Service securely. These cookies are essential for authentication, security, and core functionality — they cannot be disabled without preventing you from using the Service. We do not use third-party advertising cookies, tracking pixels, or behavioral advertising technologies.

8.1 Cookies We Set. The following cookies are used by the Service:

  • Supabase authentication cookies (sb-* / supabase-*) — Maintain your login session and multi-factor authentication status. HttpOnly. Expire when the session ends or after 2 weeks of inactivity.
  • chrogenix_session_created — Records when your current session began. Used to enforce a 24-hour maximum session lifetime, after which you must sign in again. HttpOnly. Set at login.
  • chrogenix_last_activity — Records the timestamp of your most recent request. Used to enforce a 30-minute inactivity timeout — if you are inactive for more than 30 minutes, you will be signed out automatically. HttpOnly. Updated on every request.
  • chrogenix_reauth_verified — Set when you confirm your password before a sensitive action (such as changing your plan, deleting your account, or managing your executor). Valid for 5 minutes. HttpOnly.

8.2 Why No Cookie Banner. All cookies listed above are classified as "strictly necessary" under the EU ePrivacy Directive and GDPR because they are required for security and core functionality. Strictly necessary cookies do not require opt-in consent. You can control cookie settings through your browser, but disabling these cookies will prevent you from using the Service.

9. Marketing Communications & Email List

By creating a Chrogenix account, you are automatically subscribed to our email list. This includes transactional emails (which are required to operate your account) and marketing communications (product updates, feature announcements, tips, and promotional offers). You may opt out of marketing emails at any time by clicking the "unsubscribe" link at the bottom of any marketing email or by contacting us at support@chrogenix.com. You cannot opt out of transactional emails (e.g., password resets, security alerts, payment confirmations, new visitor notifications) while your account is active, as these are necessary for the operation and security of the Service.

10. Your Rights Under GDPR

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of Access — You may request a copy of the personal data we hold about you.
  • Right to Rectification — You may request correction of inaccurate or incomplete personal data.
  • Right to Erasure — You may request deletion of your personal data, subject to legal retention obligations.
  • Right to Restrict Processing — You may request that we limit how we use your data.
  • Right to Data Portability — You may request your data in a structured, machine-readable format. Our data export feature (Settings > Data Export) provides this.
  • Right to Object — You may object to processing based on legitimate interests, including direct marketing.
  • Right to Withdraw Consent — Where processing is based on consent, you may withdraw it at any time.

To exercise these rights, contact us at support@chrogenix.com. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.

11. Your Rights Under CCPA

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following rights:

  • Right to Know — You may request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to Delete — You may request deletion of personal information we have collected, subject to certain exceptions.
  • Right to Opt-Out of Sale — We do not sell your personal information. If this ever changes, we will provide a "Do Not Sell My Personal Information" link.
  • Right to Non-Discrimination — We will not discriminate against you for exercising your CCPA rights.

To exercise these rights, contact us at support@chrogenix.com or use the account deletion feature in Settings.

12. Children's Privacy

The Service is not directed to and is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will promptly delete such information. If you believe a child has provided us with personal information, please contact us at support@chrogenix.com.

13. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence, including the United States, where our servers and third-party service providers are located. By using the Service, you consent to the transfer of your data to the United States and other jurisdictions that may have different data protection laws than your home jurisdiction.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page, updating the "Last updated" date, and sending an email notification to the address associated with your account. Your continued use of the Service after the effective date of the revised Privacy Policy constitutes your acceptance of the changes.

15. Contact Us

If you have questions or concerns about this Privacy Policy, your data, or your rights, contact us at:

Keysoft, LLC
Email: support@chrogenix.com