Privacy Policy

Last updated: April 18, 2025

Introduction

Your privacy is important to us. This policy explains what personal data we collect, why we collect it, the legal basis for processing it, and who we share it with.

Information We Collect

We collect the following categories of data:

Account data — name and email address, required to create and manage your account.
Time tracking data — hours logged, projects, and team assignments that you or your administrators enter into the service.
Usage data — pages visited and features used, collected automatically via Google Analytics to help us understand and improve the product.
Technical data — error reports and performance traces collected automatically to detect and fix issues.

Legal Basis for Processing

We process your data on the following legal bases:

Contract — account data and time tracking data are processed to fulfil the subscription agreement.
Legitimate interest — usage data and technical data are processed to maintain service quality and improve the product. These interests are balanced against your privacy rights and involve only aggregated or anonymised signals where possible.

Cookies and Analytics

We use Google Analytics 4 to understand how the service is used. Google Analytics sets a _ga cookie in your browser to distinguish visitors. We collect page paths (with numeric IDs removed) and a company identifier. For Kronflow support staff accounts, a user identifier is also collected. No advertising or cross-site tracking is enabled. You can opt out using the Google Analytics opt-out browser add-on.

Data Processors and Third Parties

We use the following sub-processors to deliver and operate the service. Each operates under its own privacy and data protection commitments:

Google Analytics (Privacy Policy) — usage analytics.
Sentry (Privacy Policy) — error tracking and performance monitoring.
Better Stack / Logtail (Privacy Policy) — log aggregation.

We do not sell your data or share it with third parties for advertising purposes.

Data Retention

Account and time tracking data is retained for as long as your account is active. If you close your account, your data is deleted within 90 days unless we are required by law to retain it longer. Usage and technical data collected by our processors is retained according to their own retention policies (typically 14–26 months for analytics data).

International Transfers

Some of our sub-processors (Google, Sentry, Better Stack) may process data outside the European Economic Area. Where this occurs, transfers are covered by Standard Contractual Clauses or equivalent safeguards approved by the European Commission.

Security

We implement technical and organisational measures to protect your data, including encrypted connections (TLS), access controls, and regular security reviews.

Your Rights

Under GDPR you have the right to access, correct, or delete your personal data, to restrict or object to processing, and to data portability. To exercise any of these rights, contact us at support@kronflow.com. You also have the right to lodge a complaint with your national data protection authority.

Contact

For any questions about this policy, contact us at support@kronflow.com.