This Privacy Policy explains how Cronaut ("Cronaut", "we", "us" or "our") collects, uses and protects personal data when you visit https://cronaut.dev, create an account or use our monitoring service (the "Service").
Cronaut is operated by an independent entrepreneur (auto-entrepreneur) established in France, registered under SIREN 902 134 063, acting as the data controller for the personal data processed through the Service. You can reach us at ghassane@cronaut.dev for any question relating to this policy or your data.
We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable French law.
1. Information we collect
We only collect the data we need to provide the Service:
- Account data. Your email address and a securely hashed version of your password. We never store your password in plain text.
- Workspace data. The workspace name you choose and the team members you invite (their email addresses) so they can join your workspace.
- Monitoring configuration. The checks you set up, including target URLs, hostnames, check names, schedules and the alert destinations you configure (such as notification email addresses, Slack, Discord or webhook endpoints).
- Monitoring results. Check outcomes, response times, status codes, certificate expiry information, incidents and the history of status changes for the targets you monitor.
- Billing data. If you subscribe to a paid plan, your billing email, plan, subscription status and the customer and subscription identifiers returned by our payment processor. Card details are entered directly with our payment processor and are never stored on our systems.
- Usage data. Pseudonymous analytics events about how you interact with the Service and the marketing site (such as pages visited and actions taken), used to understand and improve the product.
- Communications. The content of messages you send us, for example by email.
2. How and why we use your data
We use personal data for the following purposes and legal bases under the GDPR:
- To provide the Service (creating your account, running your checks, sending alerts, rendering status pages). Legal basis: performance of our contract with you.
- To process payments and manage subscriptions. Legal basis: performance of our contract and compliance with legal obligations (e.g. accounting).
- To send service communications such as email verification, password resets, team invitations and outage alerts. Legal basis: performance of our contract.
- To improve and secure the Service through usage analytics, debugging and abuse prevention. Legal basis: our legitimate interest in operating and improving a reliable, secure product.
- To comply with the law and respond to lawful requests. Legal basis: compliance with legal obligations.
We do not sell your personal data, and we do not use it for third-party advertising.
3. Cookies
We use a single essential cookie to keep you signed in to your account. This cookie is
strictly necessary for the Service to function: it is set only after you log in, is
marked HttpOnly and Secure,
and is not used for advertising or cross-site tracking.
Our analytics provider may set or read identifiers to measure product usage. These are limited to identified, signed-in users and are used solely to understand and improve the Service. You can control cookies through your browser settings; disabling the essential session cookie will prevent you from signing in.
4. Sharing and subprocessors
We share personal data only with the service providers we rely on to operate Cronaut. Each acts as a processor on our behalf under appropriate data-processing terms:
| Provider | Purpose | Data | Region |
|---|---|---|---|
| Stripe | Payment processing and subscription management | Billing email, customer and subscription identifiers, payment metadata | EU / USA |
| Mailgun | Transactional and notification email delivery | Recipient email address, message content (verification links, alerts, invitations) | EU / USA |
| PostHog | Product and usage analytics | Account email, pseudonymous usage events, page and feature interactions | European Union |
| Hosting & infrastructure provider | Application hosting and data storage | All data described in this policy, stored at rest | European Union |
We may also disclose data where required by law, to protect our rights, or in connection with a merger, acquisition or sale of assets, in which case we will notify you.
5. International transfers
We host data within the European Union wherever possible. Where a provider processes data outside the European Economic Area, that transfer is covered by appropriate safeguards such as the European Commission's Standard Contractual Clauses.
6. Data retention
We keep your account and configuration data for as long as your account is active. When you delete your account, or your workspace is closed, we delete or anonymise the associated personal data within a reasonable period, except where we must retain certain records (such as billing and tax records) to comply with legal obligations. Monitoring history and aggregate metrics are retained according to your plan and then deleted or aggregated.
7. Your rights
Under the GDPR, you have the right to:
- access the personal data we hold about you;
- request correction of inaccurate data;
- request deletion of your data;
- object to or restrict certain processing;
- request a portable copy of your data;
- withdraw consent where processing is based on consent.
To exercise any of these rights, email us at ghassane@cronaut.dev. We will respond within the time limits set by law. You also have the right to lodge a complaint with your local data protection supervisory authority.
8. Security
We take reasonable technical and organisational measures to protect your data, including
password hashing, encrypted connections (HTTPS/TLS), signed and HttpOnly
session cookies, and restricted access to production systems. No method of transmission
or storage is completely secure, so we cannot guarantee absolute security.
9. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above and, for material changes, take reasonable steps to notify you. Your continued use of the Service after an update means you accept the revised policy.
10. Contact
For any question about this policy or your personal data, contact us at ghassane@cronaut.dev.