Privacy Policy

1. Data We Collect

We collect the following types of data when you use CronAlert:

• Account information — your name, email address, and authentication credentials. If you sign in with Google or GitHub, we receive your profile information from those providers.
• Monitor configuration — the URLs you configure for monitoring, check intervals, expected status codes, and any keywords or headers you specify.
• Check results — HTTP response status codes, response times, headers, and error messages from each check we perform against your monitored URLs.
• Alert channel configuration — email addresses, Slack/Discord webhook URLs, and other notification endpoint details you provide.
• Payment information — billing details are collected and processed by Stripe. We do not store your credit card number, CVC, or full card details on our servers. We receive a limited set of billing metadata from Stripe (e.g., last four digits, card brand, billing address).
• Usage data — basic analytics about how you interact with the Service, including pages visited, features used, and session duration.

2. How We Use Your Data

We use the data we collect to:

• Provide the core monitoring service — executing checks, recording results, and delivering alerts.
• Manage your account, including authentication and authorization.
• Process payments and manage your subscription.
• Send transactional emails such as alert notifications, billing receipts, and account security notices.
• Improve the Service based on usage patterns and feedback.
• Prevent abuse, fraud, and violations of our Terms of Service.

We do not sell your personal data to third parties. We do not use your data for advertising or marketing purposes beyond occasional product updates, which you can opt out of.

3. Data Storage and Security

Your data is stored on Cloudflare's infrastructure, including Cloudflare D1 (our primary database) and Cloudflare Workers KV for caching. Data is encrypted at rest and in transit.

We implement industry-standard security measures including:

• TLS encryption for all connections to and from the Service.
• Encrypted database storage via Cloudflare D1.
• Secure session management with HTTP-only cookies.
• Support for two-factor authentication (TOTP) and passkeys for account security.
• Passwords are hashed using modern, secure algorithms — we never store plaintext passwords.

4. Third-Party Services

We use the following third-party services to operate CronAlert:

• Cloudflare — hosting, database (D1), DNS, and CDN. Cloudflare Privacy Policy
• Stripe — payment processing and subscription management. Stripe Privacy Policy
• Mailgun — transactional email delivery for alerts and account notifications. Mailgun Privacy Policy
• Google — OAuth authentication (if you choose to sign in with Google). Google Privacy Policy
• GitHub — OAuth authentication (if you choose to sign in with GitHub). GitHub Privacy Statement

Each third-party service processes data in accordance with their own privacy policies. We only share the minimum data necessary for each service to function.

5. Cookies

CronAlert uses a minimal set of cookies, strictly for functional purposes:

• Session cookie — an HTTP-only, secure cookie used to maintain your authenticated session. This is essential for the Service to function.
• CSRF token — a cookie used to prevent cross-site request forgery attacks.

We do not use tracking cookies, advertising cookies, or any third-party analytics cookies. We do not participate in cross-site tracking.

6. Data Retention

We retain your data for as long as necessary to provide the Service:

• Check results — retained according to your plan's retention limit: 7 days (Free), 30 days (Pro), 90 days (Team), or 1 year (Business). Results older than your plan's retention period are automatically deleted.
• Account data — retained for as long as your account is active. When you delete your account, we delete your personal data within 30 days.
• Billing records — retained as required by applicable tax and financial regulations, typically for 7 years after the transaction.
• Server logs — retained for up to 30 days for debugging and security purposes, then automatically deleted.

7. Your Rights

You have the following rights regarding your data:

• Access and export — you can view and export your monitoring data, check results, and account information from your account settings.
• Correction — you can update your account information at any time through the settings page.
• Deletion — you can delete your account and all associated data from the settings page. Account deletion is permanent and cannot be undone.
• Portability — you can export your data in standard formats (JSON, CSV) from the settings page.

To exercise any of these rights, visit your account settings or contact us at [email protected].

8. GDPR Compliance

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the following additional provisions apply:

• Legal basis — we process your data based on: (a) your consent when you create an account, (b) contractual necessity to provide the Service, (c) our legitimate interests in operating and improving the Service, and (d) legal obligations such as tax reporting.
• Right to erasure — you can request deletion of your personal data at any time by deleting your account or contacting us. We will process erasure requests within 30 days.
• Data portability — you can export your data in machine-readable formats from your account settings.
• Right to object — you can object to processing based on legitimate interests by contacting us. We will cease processing unless we have compelling legitimate grounds.
• Data transfers — your data may be processed in the United States and other countries where Cloudflare operates. We rely on Cloudflare's data processing agreements and standard contractual clauses for international transfers.
• Supervisory authority — you have the right to lodge a complaint with your local data protection authority.

9. Children's Privacy

CronAlert is not intended for use by children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has created an account, please contact us at [email protected] and we will promptly delete the account and associated data.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via the email address associated with your account at least 14 days before the changes take effect.

The "Effective date" at the top of this page indicates when the policy was last updated. We encourage you to review this page periodically.

11. Contact

If you have questions about this Privacy Policy or how we handle your data, please contact us at [email protected].