Privacy Policy

1. Data controller

• Company name: CRONSEC TECH S.L.
• Tax ID (CIF): B-28153742
• Address: Calle de Serrano, 41, 2nd floor B, 28001 Madrid, Spain
• Contact: hola@cronsec.com

2. What data we process and why

2.1 Waitlist

When you join the waitlist we process your email address to send you a confirmation and notify you when the service launches. The legal basis is your consent (Art. 6(1)(a) GDPR). You may withdraw consent at any time by writing to hola@cronsec.com.

2.2 Account and service delivery

To create an account and use the service we process your name, email address and billing details. The legal basis is performance of a contract (Art. 6(1)(b) GDPR) and, for billing data, compliance with a legal obligation (Art. 6(1)(c) GDPR).

2.3 Security audit

To perform the audit we need to access your server. We process the hostname or IP address and SSH username you provide. SSH credentials (password or private key) are not stored after the audit completes; they are used exclusively during the scanning session. Audit results (the report) are retained as described in section 5. The legal basis is performance of a contract (Art. 6(1)(b) GDPR).

2.4 Website analytics

Only if you accept analytics cookies, we may process aggregated browsing data (pages visited, traffic source) to improve the service. The legal basis is your consent (Art. 6(1)(a) GDPR). You can change your choice via our Cookie Policy.

3. Recipients and data processors

We share data only with the providers strictly necessary to deliver the service:

• Hetzner Cloud GmbH (Germany, EU) — Server hosting. Data stored in the EU; no additional transfer mechanism required.
• Resend Inc. (USA) — Transactional email delivery. International transfer covered by Standard Contractual Clauses (SCCs) approved by the European Commission.
• Cloudflare, Inc. (USA) — WAF protection and content delivery network (CDN). International transfer covered by Standard Contractual Clauses.
• Payment provider (USA) — Payment processing. International transfer covered by Standard Contractual Clauses.

We do not sell or share personal data with third parties for commercial purposes.

4. International transfers

Some of our processors are located outside the European Economic Area (EEA), in particular in the United States. For these transfers we use Standard Contractual Clauses adopted by the European Commission (Implementing Decision 2021/914), which provide appropriate safeguards for your data.

5. Retention period

We retain your data for as long as necessary to deliver the service and comply with applicable legal obligations (for example, tax law requires retaining billing data for a minimum of 5 years). Once data is no longer needed it is securely deleted or anonymised.

You may request deletion of your data at any time as set out in section 6.

6. Your rights

Under the GDPR you have the right to:

• Access: know what personal data we hold about you.
• Rectification: correct inaccurate or incomplete data.
• Erasure ("right to be forgotten"): request deletion of your data when, among other grounds, it is no longer necessary for the purposes for which it was collected.
• Portability: receive your data in a structured, commonly used, machine-readable format and transmit it to another controller.
• Objection: object to processing in certain circumstances, including processing for direct marketing purposes.
• Restriction: request that we restrict use of your data in the cases provided for by the GDPR.

To exercise any of these rights, write to hola@cronsec.com stating the right you wish to exercise and enclosing a copy of a valid identity document. We will respond within one month (extendable to three months in complex cases).

7. Right to lodge a complaint

If you believe that the processing of your personal data infringes applicable law, you have the right to lodge a complaint with a supervisory authority. In Spain the competent authority is the Agencia Española de Protección de Datos (AEPD) at www.aepd.es. EU residents may also contact the supervisory authority in their country of residence.

8. Changes to this policy

We may update this Privacy Policy to reflect changes in the service or applicable law. We will notify you of significant changes by email or via a prominent notice on the website. The current version is always the one published on this page.