CronCanary DocsPricingOpen app

Privacy Policy

Last updated: 30 June 2026

This Privacy Policy explains what personal data CronCanary (the "Service") collects, why, how long we keep it, and the rights you have over it. We aim to collect only what the Service needs to function.

1. Data we collect

2. How we use it

We use this data solely to: operate monitoring and deliver alerts; show you your ping history; authenticate you and keep your session; enforce rate limits and plan limits; process payments; prevent abuse; and communicate service-related notices. The legal bases (GDPR) are performance of our contract with you and our legitimate interest in operating and securing the Service.

3. What we do NOT do

We do not sell your personal data. We do not use your data for advertising. We do not share it with third parties except the processors listed below or where required by law.

4. Cookies

We use a single first-party, HttpOnly session cookie to keep you signed in. We do not use third-party tracking or advertising cookies.

5. Sub-processors

6. Data retention

Account and configuration data are kept while your account is active. Ping logs are retained according to your plan's retention window (30 days on Free, 90 days on Solo, 365 days on Pro), after which older pings are automatically pruned. Rate-limit counters expire automatically within hours. When you delete your account, associated data is removed within a reasonable period, except where we must retain limited records for legal or accounting purposes.

7. Your rights

Depending on your jurisdiction (including the EU/UK under GDPR and California under CCPA/CPRA), you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. You can update your email and delete checks/channels in the app, or contact us to exercise any of these rights. You also have the right to lodge a complaint with your local data-protection authority.

8. Security

Passwords are hashed with PBKDF2-HMAC-SHA256. Sessions use opaque tokens stored only as hashes. Traffic is served over HTTPS. User-supplied alert URLs are validated to block requests to private and internal network addresses. No system is perfectly secure, but we take reasonable measures to protect your data.

9. Children

The Service is not directed to children under 16, and we do not knowingly collect their data.

10. Changes

We may update this policy; the "Last updated" date reflects the latest version. Material changes will be communicated in the app where appropriate.

11. Contact

Privacy questions or data requests: [email protected].


See also our Terms of Service.