Introduction
Chronobill ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our time tracking and invoicing service at chronobill.app.
Chronobill is operated from the Republic of Slovenia, European Union. We comply with the General Data Protection Regulation (GDPR) and other applicable privacy laws.
Information We Collect
Account Information
When you create an account, we collect:
- •Email address
- •Name and business information (optional)
- •Password (encrypted and hashed—we cannot see your password)
Usage Data
To provide our service, we store:
- •Time entries and timer data
- •Client and project information you create
- •Invoices and invoice history
- •Smart alert preferences and dismissed notifications
- •Settings and preferences
Payment Information
Payment processing is handled by Stripe. We do not store your credit card details. Stripe collects and processes payment information according to their Privacy Policy. We receive only:
- •Confirmation of successful payments
- •Subscription status
- •Last 4 digits of your card (for your reference)
Technical Data
We automatically collect:
- •IP address (anonymized for analytics)
- •Browser type and version
- •Device type
- •Pages visited and features used
- •Referring website
How We Use Your Data
We use your information to:
- •Provide and maintain the Chronobill service
- •Send invoices to your clients on your behalf
- •Process subscription payments
- •Generate smart business alerts based on your data
- •Improve our product and user experience
- •Send important service updates and notifications
- •Provide customer support
- •Detect and prevent fraud or abuse
We do not use your data for:
- ✕Selling to third parties
- ✕Advertising or ad targeting
- ✕Training AI models
- ✕Any purpose you haven't consented to
Legal Basis for Processing (GDPR)
We process your data under the following legal bases:
- •Contract: To provide the service you signed up for
- •Legitimate Interest: To improve our service and prevent fraud
- •Consent: For optional analytics and marketing communications
- •Legal Obligation: To comply with tax and accounting requirements
Data Storage & Security
Your data is stored securely:
- •Database: Hosted on Supabase (PostgreSQL) with encryption at rest. Supabase infrastructure is hosted in the European Union (Frankfurt, Germany).
- •Transmission: All data transmitted over HTTPS/TLS 1.3
- •Access Control: Row-level security ensures you can only access your own data
- •Backups: Regular automated backups for data recovery
- •Authentication: Secure password hashing using industry-standard algorithms
Data Location & International Transfers
Your data is stored within the European Union. When we use service providers outside the EU, we ensure appropriate safeguards are in place:
- •Stripe (US): EU-US Data Privacy Framework certified
- •Resend (US): Standard Contractual Clauses in place
- •PostHog (EU option): EU-hosted instance used
Third-Party Services
We use the following third-party services:
| Service | Purpose | Privacy Policy |
|---|---|---|
| Supabase | Database and authentication | supabase.com/privacy |
| Stripe | Payment processing | stripe.com/privacy |
| Resend | Email delivery for invoices | resend.com/legal/privacy-policy |
| PostHog | Privacy-friendly analytics | posthog.com/privacy |
Each service processes data according to their own privacy policy and our data processing agreements with them.
Your Rights
Under GDPR and other privacy laws, you have the right to:
- •Access: Request a copy of all your data
- •Correction: Update incorrect or incomplete data
- •Deletion: Delete your account and all associated data ("right to be forgotten")
- •Export: Download your data in CSV/JSON format (data portability)
- •Restriction: Limit how we process your data
- •Object: Opt out of processing based on legitimate interest
- •Withdraw Consent: Remove consent for optional processing (like analytics)
To exercise these rights, contact us at privacy@chronobill.app. We will respond within 30 days.
If you believe we have violated your privacy rights, you have the right to lodge a complaint with your local data protection authority. In Slovenia, this is the Information Commissioner (Informacijski pooblaščenec) at ip-rs.si.
Cookies
Essential Cookies (Required)
- •Authentication and session management
- •Security tokens
- •Your preferences (language, timezone)
Analytics Cookies (Optional)
- •Understanding how you use Chronobill
- •Improving our product
- •Requires your consent via cookie banner
You can manage cookie preferences through our cookie consent banner, your browser settings, or your account privacy settings.
Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until you delete your account |
| Time entries & invoices | Until you delete your account |
| Payment records | 7 years after transaction (legal requirement) |
| Server logs | 90 days |
| Analytics data | 24 months |
When you delete your account:
- •Personal data is deleted within 30 days
- •Backups are purged within 90 days
- •Payment records retained as legally required
Children's Privacy
Chronobill is a business tool not intended for users under 18 years old. We do not knowingly collect information from children. If you believe a child has provided us with personal data, contact us immediately at privacy@chronobill.app.
Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes:
- •Minor changes: Updated on this page with new "Last updated" date
- •Significant changes: Email notification to all users at least 14 days before changes take effect
Your continued use of Chronobill after changes constitutes acceptance of the updated policy. If you disagree with changes, you may delete your account.
Contact Us
If you have questions about this Privacy Policy or want to exercise your privacy rights, contact us at:
Email: privacy@chronobill.app
Data Controller:
Chronobill
Republic of Slovenia, European Union
For general support, contact support@chronobill.app.