Is Chroma safe with your data?
Chroma
Partial disclosure · low confidence
Chroma earns a C (61/100) because it discloses its data practices only in part.
#92
of 177 apps ranked
61
score · Data platform avg 63
-2
vs category average
Chroma transparently maintains a sub-processor list with DPA obligations and shares recipient categories, but fails to disclose input training practices, offers no deletion rights to US users, and lacks named security standards.
What Chroma's privacy policy says about your data
Sub-processor Transparency
Policy maintains a current sub-processor list at trychroma.com/subprocessors with Data Processing Addendum obligations.
Silent on Training Data
Policy does not disclose whether user inputs are used to train models or offer opt-out mechanisms.
US Users Lack Deletion Rights
Data access, deletion, portability, and correction rights are offered only to EEA and UK users, not US-default users.
Weak Retention and Security
Retention periods rely on vague as-long-as-necessary language with broad exceptions, deletion timelines lack specificity, and security controls lack named standards.
The area-by-area breakdown for Chroma is being prepared and will appear after its next scoring pass on the current rubric. The summary and highlights above reflect the latest assessment.
Details
- Category
- Data platform
- Modalities
- text
- Processes biometrics
- No
- Policy last updated
- 2024-10-02
- Region scored
- Global / US-default
- Assessed
- 2026-06-20
Each grade reflects our analysis of what an app states in its public privacy policy and terms as of the assessment date. It measures the transparency of those documents, not the company's actual data practices, security, or compliance. Grades are our opinion, offered for general information. Full disclaimer.