1. Information We Collect
Cronic collects information you provide when you create an account and use our service. We are committed to collecting only what is necessary to deliver our AI-powered newsletter curation platform.
Account Information
- Email address
- Password (stored as a secure hash — we never store your plaintext password)
Content Data
- Newsletter emails you forward to or receive through our service
- Reading preferences and bookmarks
Payment Information
Payment processing is handled entirely by Stripe. We never store your credit card number, CVC, or full billing details on our servers. Stripe may share limited information (e.g., last four digits, card brand) for display in your account.
Automatically Collected Data
- Page view analytics (via PostHog)
- Error and performance data (via Sentry, including masked session replays for debugging)
- Theme preference (stored in your browser's localStorage)
2. How We Use Your Information
- Provide, operate, and maintain the Cronic service
- Process and curate your newsletter content using AI
- Process payments and manage subscriptions via Stripe
- Monitor and fix errors to improve service reliability
- Understand page-level usage to improve the product
- Communicate with you about your account
- Comply with legal obligations
3. Third-Party Services
We share data with the following third-party services, each for a specific purpose:
- Stripe — Payment processing. Stripe receives your payment details directly and is subject to the Stripe Privacy Policy.
- Sentry — Error monitoring and masked session replay for debugging. Sentry receives technical error data and anonymized interaction data.
- PostHog — Page view analytics. PostHog receives anonymized usage data to help us understand how pages are used.
We do not sell, rent, or trade your personal information to any third party.
4. Cookies and Local Storage
We use a small number of cookies and browser storage, detailed in our Cookie Policy:
- Authentication cookies (httpOnly, secure) — access token (7-day expiry) and refresh token (30-day expiry)
- Theme preference — stored in localStorage (not a cookie)
We do not use marketing cookies or cookie consent banners because we do not run any advertising or marketing trackers.
5. Data Security
- Passwords are hashed using industry-standard algorithms
- Authentication uses httpOnly, secure cookies to prevent XSS attacks
- All connections use HTTPS/TLS encryption in transit
- Access to production systems is restricted on a need-to-know basis
6. Data Retention
We retain your data for as long as your account is active. When you delete your account, we delete your personal data, except where retention is required by law (e.g., financial records).
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access your personal data
- Correct inaccurate information
- Delete your account and associated data
- Export your data in a portable format
- Object to certain processing of your data
To exercise any of these rights, contact us at the email below.
8. Children's Privacy
Cronic is not intended for children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us so we can delete it.
9. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via email or a notice on our website.
10. Contact Us
If you have questions about this privacy policy, contact us at:
- Email: privacy@cronic.app