Privacy Policy for Chronicaly / Mobile Operations Platform

Last Updated: 4/3/2026

This Privacy Policy explains how Chronicaly (“we,” “our,” or “us”) collects, uses, discloses, and protects personal information when you use our scheduling platform, website, and related services (collectively, the “Service”).

By accessing or using the Service, you consent to the practices described in this Privacy Policy.

1. Information We Collect

We collect the following categories of information to provide and improve our Service:

1.1 Account Information

  • Name

  • Email address

  • Phone number (including for MFA/SMS verification)

  • Password (securely hashed — never stored in plain text)

1.2 Organization Information

  • Company/organization name

  • Business address

  • User roles and permissions within your organization

1.3 Scheduling Data

  • Appointments, availability, and event details

  • Locations and services offered

  • Customer contact information input by you (if applicable)

1.4 Authentication & Security Data

  • MFA codes (transmitted but never stored after validation)

  • Login timestamps

  • Failed/successful login attempts

  • IP addresses used for security, auditing, and fraud prevention

1.5 Technical Information

  • Device and browser type

  • Operating system

  • Cookie identifiers and session tokens

  • Log data related to app performance and errors

1.6 Payment Information

If you subscribe to our Service, we collect:

  • Billing contact information

  • Payment transaction IDs from our payment processor

We do not store or process full credit card numbers. All payment data is handled by third-party PCI-compliant providers.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service

  • Create and manage user accounts and organizations

  • Send MFA/SMS verification codes

  • Allow users to schedule appointments and manage calendars

  • Communicate about updates, changes, and customer support

  • Improve application performance and user experience

  • Monitor and protect system security

  • Comply with legal obligations and prevent fraud

We do not sell personal information.

2.1 SMS and Text Messaging

How We Use Your Phone Number for SMS: When you opt into our Multi-Factor Authentication (MFA) feature, we use your verified mobile phone number solely to send one-time authentication codes to confirm your identity at login. Phone numbers collected for SMS authentication are used only for that purpose.

Consent: SMS messaging is entirely opt-in. You will not receive SMS messages from Chronicaly unless you have explicitly verified your phone number and enabled MFA within your account settings. Your consent to receive SMS messages is never a condition of using the Service or any part of it.

Message Frequency: You will receive one (1) SMS message per login attempt when MFA is enabled, plus one (1) SMS message during the initial phone number verification step. Message frequency is based on your login activity.

Message and Data Rates: Standard message and data rates may apply based on your mobile carrier plan.

Opt-Out: You may opt out of SMS messages at any time by disabling MFA in your user profile or by replying STOP to any SMS message you receive from us. After opting out, no further SMS messages will be sent to your number for authentication purposes.

Help: Reply HELP to any SMS message for assistance, or contact us at support@chronicaly.com.

No Sharing for Marketing: We do not sell, rent, or share your phone number with any third party for marketing or promotional purposes. Your phone number is shared only with our SMS delivery provider (Twilio) solely for the purpose of transmitting authentication codes on our behalf.

SMS Provider: We use Twilio as our SMS delivery provider. Twilio receives your phone number and message content for the sole purpose of delivering authentication codes. Twilio's privacy practices are governed by their own privacy policy at https://www.twilio.com/en-us/legal/privacy.

3. How We Share Information

We share information only when necessary:

3.1 Service Providers

We may share data with vendors who help us operate the Service, including:

  • Cloud hosting providers

  • SMS providers (e.g., Twilio)

  • Email delivery services

  • Payment processors

All vendors are contractually required to protect your data.

3.2 Organization Administrators

If you join an organization within our platform, certain information (name, email, phone number, assigned roles) is visible to that organization’s administrators.

3.3 Legal Requirements

We may disclose information if required to comply with:

  • Laws

  • Subpoenas or court orders

  • Government requests

  • Enforcement of our Terms of Service

3.4 Business Transfers

If our business is acquired or merges with another entity, user information may be transferred as part of the transaction.

4. Cookies and Tracking Technologies

We use cookies and similar tools to:

  • Maintain sessions

  • Keep you logged in

  • Analyze usage patterns

  • Improve site performance

You can disable cookies in your browser; however, some features may not work properly.

5. Data Security

We use industry-standard safeguards to protect personal information, including:

  • Encryption at rest and in transit

  • Secure password hashing

  • Role-based access control

  • Audit logging for sensitive actions

  • Regular vulnerability scanning

While no system is 100% secure, we take reasonable measures to protect your data.

6. Data Retention

We retain information only as long as necessary to:

  • Provide the Service

  • Comply with legal obligations

  • Resolve disputes

  • Enforce agreements

You may request deletion of your data at any time (see Section 9).

7. Children’s Privacy

Our Service is not intended for children under 13.
We do not knowingly collect personal information from children.

8. Your Privacy Rights

Depending on your location, you may have rights such as:

  • Accessing your data

  • Correcting inaccurate information

  • Requesting deletion

  • Restricting or objecting to certain data uses

  • Data portability

To exercise these rights, contact us at support@chronicaly.com.

We will verify your identity before processing requests.

9. Data Deletion Requests

You may close your account or request deletion of personal information by contacting us.
Certain data may be retained when required for:

  • Security

  • Legal compliance

  • Transaction records

10. International Data Transfers

If you are located outside the United States, your data may be transferred to the U.S., where our servers and service providers are located.
We use reasonable safeguards to ensure your data remains protected.

11. Changes to This Privacy Policy

We may update this Policy from time to time.
The “Last Updated” date at the top of this page indicates the latest revision.

Material changes will be communicated through:

  • Email, or

  • Notices within the Service

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Chronicaly
Email: support@chronicaly.com