Legal
Privacy Policy
Last updated: March 18, 2026
TL;DR: We store only what's necessary to run the service. Your data stays in the EU (Frankfurt). We don't sell it. We don't use it for ads. You can request deletion at any time.
1. Who we are
Kronvex is a memory API service operated from France. Contact: hello@kronvex.io
2. Data we collect
We collect the following data when you use Kronvex:
- Account data: email address, used for authentication via Supabase Auth.
- API usage data: API call timestamps, memory counts, plan tier — used for billing and rate limiting.
- Memory content: the text content you store via the /remember endpoint. This is your data, we do not read it.
- Technical logs: anonymized request logs (IP hashed, no retention after 30 days).
3. How we use your data
- To provide and improve the Kronvex service
- To authenticate your account and enforce plan limits
- To send transactional emails (plan confirmation, API key delivery)
- To comply with legal obligations
We never sell your data. We never use it for advertising. We never train AI models on your memory content.
4. Data location & processors
All data is stored in the European Union:
- Supabase (PostgreSQL + pgvector) — Frankfurt, Germany (EU)
- Railway — backend compute, data in transit only
- Cloudflare Workers — frontend CDN, no personal data stored
- Stripe — payment processing (billing data only, not memory content)
- Resend — transactional email delivery
5. Your rights (GDPR)
Under GDPR, you have the right to:
- Access your data — email us and we'll provide a full export
- Correct inaccurate data
- Delete your data — delete memories in the dashboard, or email us for full account deletion
- Portability — export your memories via the API or dashboard CSV export
- Object to processing — contact us at hello@kronvex.io
To exercise any right, email hello@kronvex.io. We respond within 72 hours.
6. Data retention
- Memory content: retained until you delete it or close your account
- Account data: retained for the duration of your account, deleted within 30 days of account closure
- Billing data: retained as required by French tax law (10 years)
- Technical logs: 30 days maximum
7. Security
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). API keys are hashed before storage. We use Row Level Security in Supabase to ensure data isolation between accounts.
8. Cookies
We use only essential cookies for authentication (Supabase session token). No third-party tracking cookies, no advertising cookies.
9. Changes to this policy
We may update this policy. If changes are significant, we'll notify you by email. The date at the top of this page always reflects the latest version.
Questions? hello@kronvex.io