Privacy Policy

Last updated: April 5, 2026

1. Introduction

Chronae Inc. ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use our scheduling platform ("the Service").

2. Information We Collect

Account Information

  • Name, email address, and username (provided during registration)
  • Password (stored as a bcrypt hash — we never store plain-text passwords)
  • Profile image (if provided via Google OAuth)
  • Timezone preference

Booking Data

  • Event types you create (names, descriptions, durations, locations)
  • Availability schedules (days, times, buffer settings)
  • Bookings (attendee names, emails, meeting times, notes)
  • Meeting links and locations

Integration Data

  • API keys (generated for programmatic access)
  • Webhook endpoints and delivery logs
  • Calendar connections (provider, account email, sync tokens)
  • Workflow configurations and execution logs

Usage Data

  • API request logs (endpoint, timestamp, status code)
  • Webhook delivery attempts and responses
  • Workflow execution history

3. How We Use Your Information

  • Provide the Service: Process bookings, manage availability, send notifications, and execute workflows
  • Authentication: Verify your identity and secure your account
  • Communication: Send booking confirmations, cancellation notices, reminders, and workflow-triggered emails
  • Integration: Deliver webhook events to your configured endpoints
  • Improvement: Analyze usage patterns to improve the Service

4. Data Sharing

We do not sell your personal data. We share data only in these limited circumstances:

  • Public booking pages: Your name, username, and active event types are visible on your public booking page
  • Booking attendees: When someone books with you, they provide their name and email which you can see
  • Team members: Team members can see each other's names, emails, and roles within the team
  • Webhooks: Booking data is sent to webhook endpoints you configure
  • Email provider: We use Mailtrap to send transactional emails (confirmations, workflow emails, bug reports)
  • Legal requirements: We may disclose data if required by law or legal process

5. Data Storage and Security

  • Data is stored in PostgreSQL databases hosted on PlanetScale
  • Passwords are hashed using bcrypt with a cost factor of 12
  • API keys are generated using cryptographically secure random bytes
  • Webhook secrets use HMAC-SHA256 for payload signature verification
  • All connections use SSL/TLS encryption in transit
  • Session tokens use JWT with server-side validation

6. Data Retention

We retain your data for as long as your account is active. Upon account deletion:

  • Your account, event types, bookings, and all associated data are permanently deleted within 30 days
  • Webhook logs and workflow execution history are deleted with your account
  • API keys are immediately revoked

7. Your Rights

You have the right to:

  • Access: View all your personal data through the dashboard and API
  • Correction: Update your profile information in Settings
  • Deletion: Delete your account and all associated data
  • Export: Access your data via the REST API
  • Restriction: Disable event types or deactivate your account

8. Cookies and Local Storage

We use:

  • Session cookies: Required for authentication (NextAuth.js JWT tokens)
  • Local storage: Theme preference (light/dark/system)

We do not use tracking cookies, advertising cookies, or third-party analytics.

9. Third-Party Services

  • Google OAuth: Used for optional social login (we receive your name, email, and profile image)
  • Mailtrap: Used for sending transactional emails
  • PlanetScale: Database hosting provider
  • Vercel: Application hosting provider

10. Children's Privacy

The Service is not intended for users under 16 years of age. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last updated" date at the top indicates the most recent revision.

12. Contact

If you have questions about this Privacy Policy or your data, please use the bug report feature in the application or contact us through the documentation page.