Privacy Policy

1. Who We Are

Chora ("we", "us", "our") is an ambient intelligence service operated by withChora. We can be reached at hello@withchora.com.

2. What We Collect

We collect only the information needed to run the service:

• Account information: Your email address, used to communicate with you and manage your account.
• Profile & preferences: Information you provide to personalize your experience (e.g. household, language, timezone, goals). Used exclusively to tailor the service to you.
• Interaction signals: How you respond to suggestions (accept, swap, ignore) — used to refine future recommendations. This is how Chora learns over time.
• Billing information: Processed securely by Stripe. We never store your card details.
• Usage analytics: Anonymized data about how the app is used, collected only with your explicit cookie consent.

3. How We Use Your Information

Your information is used strictly to operate and improve Chora:

• Generate and deliver personalized suggestions tailored to your profile
• Learn from your interactions to improve future recommendations
• Manage your subscription and process payments
• Send transactional emails (account updates, subscription notices, important alerts)
• Improve the service through aggregated, anonymized usage analysis

5. Third-Party Services

We use a small number of trusted third-party services to operate Chora. Each processes only the data strictly necessary for their function:

• Supabase — Authentication and database hosting. Stores your account, preferences, and interaction history.
• Stripe — Payment processing. Handles all billing data in a PCI-DSS compliant environment. We never store card details.
• Resend — Transactional email delivery. Receives your email address solely to deliver communications from Chora.
• AI model providers — Used to generate personalized suggestions. Only anonymized preference data is sent — no personal identifiers (name, email) are included in AI requests.
• Google Analytics — Usage analytics, loaded only after you accept cookies. Data is anonymized and used solely to understand how the app is used in aggregate.

6. Cookies

Chora uses cookies solely for authentication (keeping you logged in) and, with your explicit consent, for anonymized usage analytics. We do not use advertising cookies or tracking pixels. You can withdraw your consent at any time via the cookie banner.

7. Data Retention

We retain your data for as long as your account is active. If you delete your account, we permanently delete your personal data within 30 days. Anonymized, aggregated data may be retained indefinitely as it cannot be linked back to you.

8. Your Rights (GDPR)

If you are located in the European Economic Area, you have the following rights regarding your personal data:

• Right to Access: Request a copy of all personal data we hold about you.
• Right to Rectification: Correct inaccurate or incomplete data via your account settings.
• Right to Erasure: Delete your account and all associated personal data permanently.
• Right to Portability: Export your data in a machine-readable format.
• Right to Object: Object to processing based on legitimate interests.

To exercise any of these rights, contact us at hello@withchora.com. We will respond within 30 days.

9. Security

We use industry-standard security measures: encrypted connections (HTTPS/TLS), secure authentication, and strict access controls. No payment data is stored on our servers — Stripe handles all financial data in a PCI-DSS compliant environment.

10. Changes to This Policy

If we make material changes to this policy, we will notify you by email before they take effect. Continued use of Chora after that date constitutes acceptance of the updated policy.

11. Contact

Questions about this policy? We are happy to help. hello@withchora.com