GDPR Compliance
Last updated: 07/03/2026
CronBeacon is designed from the ground up to be GDPR compliant (General Data Protection Regulation). All data is hosted in France and never leaves the European Union.
1. Processing Register
CronBeacon processes the following data:
| Data Type | Legal Basis | Retention Period |
|---|---|---|
| User account (name, email) | Contract performance | Contract duration + 30 days |
| Billing (company name, VAT, SIRET) | Legal obligation | 10 years (legal obligation) |
| Monitoring (job_key, timestamps, durations) | Contract performance | Per plan (30d / 6mo / 18mo) |
| Technical logs (IP, user-agent) | Legitimate interest | 12 months |
2. Your Rights
- Right of access — Obtain a copy of all your personal data
- Right of rectification — Correct inaccurate or incomplete data
- Right to erasure — Request the deletion of your data
- Right to portability — Receive your data in a structured, readable format (JSON or CSV)
- Right to object — Object to the processing of your data
3. Data Transfers
No data transfers outside the European Union. Our sub-processors (OVHcloud, AWS SES eu-west-3) are all based in France and GDPR compliant.
4. Security Measures
TLS 1.3 encryption in transit. Passwords hashed (bcrypt). API tokens stored as SHA-256. Data isolation per tenant. Restricted server access. Access logging.
5. Breach Notification
In the event of a personal data breach, CronBeacon commits to notifying the CNIL within 72 hours and affected individuals as soon as possible, in accordance with Articles 33 and 34 of the GDPR.
6. Cookies
CronBeacon only uses a technical session cookie strictly necessary for the service (exempt from consent under the ePrivacy Directive). No tracking, analytics, or advertising cookies.
Data Protection Officer
To exercise your rights or for any GDPR-related question: contact us — Response time: 30 days maximum.