Privacy policy
Draft for Japan market readiness and due diligence (DD). Align with APPI before launch.
Categories: account data from Google OAuth (email, name, profile image), technical logs (IP, user agent, cookies), and service usage metadata tied to your account. Purposes: authentication, fraud prevention, support, and operating The Chronicle audit trail. Cross-border transfers: Google LLC in the United States processes OAuth tokens and profile attributes when you choose Google sign-in — we document this at signup and rely on your explicit consent plus Google's data processing terms. Retention: while your account is active and as required by law afterward. Rights: you may request access, correction, export, or deletion subject to legal retention exceptions — contact the privacy channel listed once operations publish it. Security: TLS in transit, encrypted storage for secrets, least-privilege access, and masked operational logs.