Privacy Policy

Last updated: March 2026

1. Data Controller

OpenCronAPI operates opencronapi.com and related services. For GDPR purposes, we are the data controller responsible for your personal data.

Contact: privacy@opencronapi.com

2. What We Collect

We collect only the data necessary to provide our service:

Account data

  • Email address (required for account creation and notifications)
  • Name and company name (optional, used for billing and support)
  • Password (stored as a bcrypt hash — we cannot read your password)
  • Timezone preference

Job configuration data

  • Target URLs you configure for your cron jobs
  • HTTP method, headers, and request body you specify
  • Schedule configuration (interval, cron expression, timezone)
  • We do not read, analyze, or store the content returned by your endpoints beyond a 1000-character preview for debugging purposes.

Execution metadata

  • HTTP status codes and response times for each job execution
  • Error messages when executions fail
  • Timestamps of scheduled, started, and completed executions
  • IP address of the execution node (not your IP)

Technical data

  • IP address of your browser/client (for security, rate limiting, and abuse prevention)
  • API request logs (endpoint, method, timestamp) for usage tracking and billing

Payment data

  • We store your Stripe customer ID and subscription ID to manage billing.
  • We never store card numbers or payment details — all payment processing is handled by Stripe.

3. How We Use Your Data

  • Service delivery: executing your scheduled jobs, storing execution history, sending failure notifications
  • Account management: authentication, password resets, email verification
  • Billing: plan management, usage tracking, invoicing via Stripe
  • Security: detecting abuse, rate limiting, fraud prevention
  • Communications: transactional emails (execution alerts, billing notices) — no marketing without consent

4. Data Retention

We retain your data for the following periods:

  • Execution logs: according to your plan (7 days on Free, up to unlimited on Enterprise)
  • Account data: retained while your account is active, deleted within 30 days of account deletion
  • API access logs: retained for 90 days for security purposes
  • Billing records: retained for 7 years to comply with tax and accounting obligations

5. Third-Party Services

We use the following third-party processors:

  • Stripe — payment processing. Stripe Privacy Policy
  • Server infrastructure providers — our nodes run on VPS providers globally. Data is processed within the EU and international regions depending on which node executes your job.

We do not sell your data to third parties. We do not use advertising networks or tracking pixels.

6. Cookies

We use only essential, session-based cookies required for authentication and security (CSRF protection). We do not use tracking cookies, analytics cookies, or third-party cookies.

  • Session cookie: maintains your login state while you use the console. Expires when you close your browser or log out.

7. Your Rights (GDPR)

If you are located in the European Union or European Economic Area, you have the following rights:

  • Access: request a copy of your personal data
  • Rectification: correct inaccurate data
  • Erasure: request deletion of your account and all associated data
  • Portability: receive your data in a machine-readable format (JSON)
  • Restriction: request that we limit processing of your data
  • Objection: object to processing based on legitimate interests

To exercise any of these rights, email privacy@opencronapi.com. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority.

8. Data Security

We take security seriously:

  • All data is transmitted over HTTPS (TLS)
  • Passwords are hashed with bcrypt
  • API keys are 64-character cryptographically random tokens
  • Internal APIs are protected by node-specific tokens
  • CSRF protection on all state-changing operations

9. International Data Transfers

Your data may be processed by our execution nodes outside the EU. Where this occurs, we ensure appropriate safeguards are in place in compliance with GDPR Chapter V requirements.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you by email of material changes at least 14 days before they take effect. The latest version is always available at opencronapi.com/privacy.

11. Contact

For privacy-related questions or to exercise your rights, contact us at:

privacy@opencronapi.com

Terms of Service → Contact Us