Privacy Policy

Privacy Policy

1. Data Accessed

When you choose to connect an email account, the application may request the following: 1.1 Google Gmail a) Gmail API Read-only (https://www.googleapis.com/auth/gmail.readonly) b) IMAP with XOAUTH2 (https://mail.google.com/) 1.2 Outlook / Microsoft 365 a) Microsoft Graph API Mail Read (Mail.Read) 1.3 Generic IMAP a) Read-only mailbox access using user-provided credentials (username/password or OAuth 2.0 where supported). Other data we may access: 1.4 License key and related activation events. 1.5 Information you include in support communications. 1.6 Purchaser details visible within Whop (email, city-level location, linked platform identifiers). We do not collect or receive customer content processed by the bot beyond what is accessed locally on your device. Payment details are handled entirely by Whop.

2. Data Usage

2.1 Email access is used only on the user’s device to fetch the user’s own messages in order to extract one-time codes (OTPs) or other information the user chooses to automate. 2.2 OAuth tokens are obtained and used locally. They are never transmitted to our servers. 2.3 No email content is uploaded to us or stored centrally. 2.4 License and purchaser data are used for license administration and support. 2.5 Aggregate, non-identifying telemetry is used for reliability monitoring and product improvement.

3. Data Sharing

3.1 We do not share Gmail, Outlook, or IMAP user data with third parties. 3.2 Whop acts as an independent controller for purchases. We may view purchaser details visible in Whop for license verification and support. 3.3 We may use operational service providers (e.g., hosting infrastructure) under appropriate data protection terms, with access limited to what is necessary. 3.4 We do not sell personal data.

4. Data Storage & Protection

4.1 OAuth tokens and mailbox content remain only on the end-user’s device. They are never uploaded to our servers. 4.2 License and support records are stored in secure systems with encrypted transport and strict access controls. 4.3 We apply data minimization, least-privilege administration, and continuous review of technical and organizational safeguards.

5. Data Retention & Deletion

5.1 Email data: processed locally only at runtime, not retained by us. 5.2 License records: kept for the duration of the license and a limited period thereafter for fraud prevention, auditing, and compliance, then deleted or minimized. 5.3 Telemetry: retained only in aggregate or non-identifying form. 5.4 Purchaser details: remain in Whop; not systematically imported into our systems. You may request deletion of personal data we control (such as license records or support communications) by contacting us at support@cronos.bot.

6. Roles and Responsibility

Cronos Bot is the independent controller for the limited personal data described in this Policy. Whop acts as an independent controller for purchases under its own privacy notice.

7. Legal Bases (EU/UK GDPR)

7.1 Service delivery and license administration: contract performance; legitimate interests (security, anti-abuse). 7.2 Support and communications: contract performance; legitimate interests (customer service). 7.3 Reliability and diagnostics (aggregate telemetry only): legitimate interests. 7.4 Compliance and protection: legal obligations and legitimate interests. Where required, we rely on consent. Users may object to processing based on legitimate interests.

8. Disclosures and Recipients

8.1 Whop: for payment and purchaser account management. 8.2 Operational providers: only where engaged, under strict contractual limits. We do not sell personal data and do not share data for cross-context behavioral advertising.

9. International Transfers

Where transfers outside the EU/EEA/UK occur, we use appropriate safeguards such as Standard Contractual Clauses with supplementary measures as needed.

10. Individual Rights

Depending on jurisdiction, you may have rights to request access, rectification, erasure, restriction, portability, and objection to processing, and to withdraw consent. 10.1 California residents may have additional rights under state law. Requests may be sent to support@cronos.bot.

11. Children

The Service is not directed to individuals under 16. We do not knowingly collect data from them.

12. Website

Our informational website does not use cookies or advertising pixels. Standard transient technical logs may be processed by the hosting provider for secure delivery.

13. Automated Decision-Making

We do not use automated decision-making that produces legal or similarly significant effects, and we do not profile users.

14. Changes

We may update this Privacy Policy to reflect operational, legal, or regulatory changes. The effective date above will be updated. Continued use of the Service after a change takes effect constitutes acknowledgment of the updated Policy.

15. Contact

Questions or requests may be sent to support@cronos.bot.

Do you need to contact us about these Policies? Contact us by email.