GDPR Compliance

Last updated: 07/03/2026

CronBeacon is designed from the ground up to be GDPR compliant (General Data Protection Regulation). All data is hosted in France and never leaves the European Union.

1. Processing Register

CronBeacon processes the following data:

Data Type	Legal Basis	Retention Period
User account (name, email)	Contract performance	Contract duration + 30 days
Billing (company name, VAT, SIRET)	Legal obligation	10 years (legal obligation)
Monitoring (job_key, timestamps, durations)	Contract performance	Per plan (30d / 6mo / 18mo)
Technical logs (IP, user-agent)	Legitimate interest	12 months

2. Your Rights

Right of access — Obtain a copy of all your personal data
Right of rectification — Correct inaccurate or incomplete data
Right to erasure — Request the deletion of your data
Right to portability — Receive your data in a structured, readable format (JSON or CSV)
Right to object — Object to the processing of your data

3. Data Transfers

No data transfers outside the European Union. Our sub-processors (OVHcloud, AWS SES eu-west-3) are all based in France and GDPR compliant.

4. Security Measures

TLS 1.3 encryption in transit. Passwords hashed (bcrypt). API tokens stored as SHA-256. Data isolation per tenant. Restricted server access. Access logging.

5. Breach Notification

In the event of a personal data breach, CronBeacon commits to notifying the CNIL within 72 hours and affected individuals as soon as possible, in accordance with Articles 33 and 34 of the GDPR.

6. Cookies

CronBeacon only uses a technical session cookie strictly necessary for the service (exempt from consent under the ePrivacy Directive). No tracking, analytics, or advertising cookies.

Data Protection Officer

To exercise your rights or for any GDPR-related question: contact us — Response time: 30 days maximum.