Privacy Policy - CronDoctor

1. What We Collect

CronDoctor collects the following data when you use our service:

Account information: Email address, name, and hashed password.
Job configurations: Job names, cron expressions, schedule settings, and tags you create.
Ping data: Exit codes, execution duration, stderr/stdout output (truncated to 10KB/5KB), signal type, IP address, and user agent sent with each ping.
Payment information: Processed and stored by Stripe. We do not store credit card numbers.
Usage data: Alert history, diagnosis results, and plan tier.
Support communications: Subject lines and message content from support tickets you create.

2. How We Use Your Data

To provide the monitoring service: detecting missed pings, classifying severity, and sending alerts.
To generate AI-powered root cause diagnoses for failed jobs.
To process payments and manage your subscription.
To send transactional emails (alerts, account notifications).
To improve the service (aggregate, anonymized usage patterns).

3. Third-Party Services

We share data with the following third-party services, only as needed to operate CronDoctor:

Stripe — Payment processing. Receives your email and payment details. Stripe Privacy Policy
OpenAI — AI diagnosis. Receives monitor name, exit codes, stderr/stdout snippets, and schedule information. No personally identifiable information is sent. CronDoctor uses the OpenAI API (not the consumer ChatGPT product). Per OpenAI's API data usage policy, data sent via the API is not used to train OpenAI models and is retained for a maximum of 30 days for abuse monitoring before being deleted. OpenAI Privacy Policy
Resend — Email delivery. Receives recipient email addresses and alert content. Resend Privacy Policy
Vercel — Hosting and infrastructure. Vercel Privacy Policy
Supabase — Database hosting. All data is stored in a Supabase-managed PostgreSQL database, encrypted at rest. Supabase Privacy Policy
PostHog — Product analytics across the application. For unauthenticated visitors, PostHog tracks anonymous pageview events without setting cookies or collecting personally identifiable information. For authenticated users, PostHog creates identified profiles with your email, plan tier, account creation date, and monitor count. PostHog uses localStorage (not cookies) for session persistence and tracks user interactions — including feature usage, navigation, and errors — to help us improve the product. Data is stored in the US. PostHog Privacy Policy

4. Data Retention

Ping and alert history is retained based on your plan tier:

Free: 7 days
Starter: 30 days
Pro: 90 days

Account information is retained until you delete your account. Upon deletion, all associated data (jobs, pings, alerts, diagnoses) is permanently removed within 30 days.

5. Data Security

Passwords are hashed with bcrypt. Sessions are stored in the database with automatic expiry. All data is transmitted over HTTPS. The database is encrypted at rest. We follow the principle of least privilege for all service integrations.

6. Admin Access

For support and troubleshooting purposes, authorized administrators may temporarily access your account via support access. This requires you to opt in from your settings page, and you can revoke it at any time. All admin actions, including support access sessions, are logged and auditable for security purposes.

7. International Data Transfers

CronDoctor is operated from the United States. If you are accessing the service from outside the US, your data will be transferred to and processed in the United States by CronDoctor and our third-party service providers:

OpenAI (United States) — AI diagnosis processing
Stripe (United States) — Payment processing
Vercel (United States, with global edge network) — Application hosting
Supabase (United States, AWS us-east-1) — Database hosting
Resend (United States) — Email delivery
PostHog (United States) — Product analytics (anonymous for visitors, identified for authenticated users)

For users in the European Economic Area (EEA), United Kingdom, or other jurisdictions with data transfer restrictions, we rely on the following safeguards:

Standard Contractual Clauses (SCCs) — We maintain Data Processing Agreements with our key sub-processors that include EU-approved Standard Contractual Clauses for cross-border data transfers.
Data minimization — We only transfer the minimum data necessary for each service to function. For example, OpenAI receives only job-relevant technical data (monitor name, exit codes, error output) — never personal information like email addresses or payment details.
Encryption in transit and at rest — All data is transmitted over HTTPS/TLS and stored encrypted at rest.

The legal basis for processing your data is legitimate interest (providing the monitoring service you signed up for) and contract performance (fulfilling our service agreement with you).

8. Your Rights

You have the right to:

Access your data — view all monitors, pings, and alerts in your dashboard.
Delete your account and all associated data.
Export your data — contact us for a full data export.
Correct inaccurate information via the settings page.

If you are located in the European Economic Area (EEA), you have additional rights under GDPR including the right to data portability, the right to restrict processing, and the right to lodge a complaint with a supervisory authority.

9. Cookies

CronDoctor uses a single essential cookie (crondoctor_session) for authentication. PostHog does not set cookies but uses localStorage for session tracking. For authenticated users, PostHog creates identified profiles with your email and plan information to help us understand product usage patterns. We do not use tracking cookies or third-party advertising cookies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact

For privacy-related questions or requests, contact us at privacy@crondoctor.com.