Privacy Policy
Effective: April 4, 2026 · Last updated: May 12, 2026
Chronary ("we", "us", "our") operates the Chronary API, console, and related services (collectively, the "Service"). This Privacy Policy explains what data we collect, why we collect it, and how we protect it.
1. Data We Collect
Account data
When you sign up, we collect your email address and a hashed password. We use this to authenticate you and manage your account.
API and calendar data
When you use the Service, we store the data you send through the API: agent profiles, calendars, events, webhook configurations, and iCal subscription URLs. Sensitive fields — including the credentials we use to access your external calendar feeds — receive an additional layer of encryption beyond storage-level.
API keys
API keys are stored as irreversible one-way hashes. We cannot retrieve your full API key after creation — it is shown to you once at generation time and never again.
Usage and log data
We collect request metadata (IP addresses, timestamps, request paths, response status codes, User-Agent, and the SDK client identifier) for rate limiting, abuse detection, traffic attribution across our SDKs, and service reliability. Logs are retained for 30 days.
2. How We Use Your Data
- Provide the Service — store and serve your calendars, events, and agent data.
- Enforce limits — track API usage against your plan's quotas.
- Maintain security — detect abuse, enforce rate limits, investigate incidents.
- Communicate — send transactional emails (account verification, security alerts). We do not send marketing emails without your consent.
3. Data Sharing
We do not sell, rent, or trade your personal data. We share data only with the categories of infrastructure providers necessary to operate the Service:
- Edge compute and CDN provider — hosting, content delivery, and DDoS protection
- Managed database provider — primary data storage
- Managed observability provider — logging and uptime monitoring
- Managed transactional email provider — verification and security notifications
Each provider processes data under their own privacy policies and data processing agreements. We may also disclose data if required by law or to protect the rights and safety of our users.
4. Data Retention
Your account and API data are retained as long as your account is active. If you delete your account from the console, we delete org-owned data such as agents, calendars, events, webhooks, iCal feeds, API keys, and configuration records. We may retain minimized legal, security, billing, or audit records where required by law or necessary to protect the Service. Log data is retained for up to 30 days.
5. Your Rights
You may:
- Access your data via the API and console at any time.
- Delete your agents, calendars, events, and webhooks through the API.
- Export your account data as a JSON file from the console, and export calendar data via iCal feeds.
- Close your account from the console. Account deletion removes org-owned data, subject to the legal, security, billing, and audit retention exceptions described above.
If you are in the EU/EEA, you have additional rights under GDPR including the right to rectification, restriction of processing, and data portability. Contact us to exercise these rights.
6. Security
Your data is encrypted in transit and at rest, with an additional layer of encryption applied to particularly sensitive fields. API keys are stored only as one-way hashes. Webhooks are cryptographically signed so your endpoint can verify the payload came from Chronary. Our full security commitments are described on our Security page.
7. Cookies
The Chronary API does not use cookies. The console uses a session cookie strictly for authentication — no tracking or analytics cookies are used.
8. Changes to This Policy
We may update this policy as the Service evolves. Material changes will be communicated via email or a notice on the console. Continued use of the Service after changes constitutes acceptance.
9. Contact
For privacy questions or to exercise your rights, contact us at [email protected].