Is the free plan actually useful?

Absolutely. You get unlimited time tracking, comprehensive task management (including Kanban boards), expense tracking, and up to 3 projects, 2 clients, and 3 invoices per month. It's a real tool you can grow with, not a restricted demo.

What happens when I hit a limit on the free plan?

You'll see a simple upgrade prompt. No features get locked abruptly, no data gets deleted, and your existing work stays fully accessible.

Does Cronxi work on mobile or offline?

Yes to both. Cronxi is a Progressive Web App (PWA) that you can install directly on your phone or desktop. Your data is cached locally for fast loading, and Cronxi remains usable even with spotty connectivity — changes sync automatically when your connection returns.

What do the AI features actually do?

Our AI helps eliminate manual data entry. Connect your Google Calendar (Outlook coming soon), and Cronxi can automatically suggest time entries based on your meetings. It can also polish your handwritten notes into professional, client-ready invoice descriptions. You always maintain full control to review and approve suggestions before they're saved.

Can I use Cronxi with my team?

We are actively developing a new Team tier designed for agencies and small studios (up to 5 members). It will feature centralized billing, shared team reporting, and priority support. It's coming soon!

Yes. Your data is encrypted at rest and in transit, stored on enterprise-grade cloud infrastructure. We use industry-standard OAuth 2.0 for authentication, and we never sell or share your data.

How does billing work?

We offer secure payment processing with instant receipts. There are no contracts or hidden fees, and you can cancel anytime. You also save over 20% by choosing annual billing.

Back to Home

Legal

Privacy Policy

Effective April 1, 2026

This Privacy Policy describes how Cronxi ("we," "us," or "our") collects, uses, discloses, and protects your personal data when you use our website at cronxi.com and the Cronxi application (collectively, the "Service"). By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy.

"Personal data" (also referred to as "personal information") means any information relating to an identified or identifiable natural person, as defined under applicable data protection laws including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and other applicable U.S. state privacy laws.

01Data Controller

For the purposes of applicable data protection laws, the data controller responsible for your personal data is:

Cronxi LLC

Maryland, United States

Email: privacy@cronxi.com

We have not appointed a Data Protection Officer as we do not meet the thresholds requiring one under GDPR Articles 37-39. For all privacy inquiries and data protection rights requests, please contact us at privacy@cronxi.com.

02Information We Collect

2.1 Information You Provide Directly

Account Information: When you create an account via Google Authentication, we receive your name, email address, and profile photo from your Google account.
Service Data: Data you create within the Service, including time entries, projects, clients, invoices, expenses, tasks, personal todos, notes, and related records.
Third-Party Contact Information: When you add clients to the Service, you provide their contact details (name, email address, phone number, billing and shipping addresses). When you send invoices via email, recipient email addresses (including CC and BCC) are processed to deliver the email. You are responsible for ensuring you have an appropriate legal basis to provide this information to us.
Uploaded Files: Receipts, documents, and other files you upload to the Service, such as expense receipts, client attachments, task attachments, and company logos for invoice branding. These files are stored securely in encrypted cloud storage.
Payment Information: If you subscribe to a paid plan, payment details are collected and processed by Lemon Squeezy, our third-party payment processor. We receive your subscription status, plan type, and billing cycle from Lemon Squeezy via webhooks. We do not receive or store your full credit card number or banking credentials.
Promotional Codes: If you redeem a promotional code, we store the code used and its associated discount or plan modification.
Communications: Information you provide when you contact us for support or send us feedback, including the content of your messages and any attachments.

2.2 Information Collected Automatically

Usage Data: Information about how you interact with the Service, including features used, pages visited, actions taken, and frequency of access.
Device and Technical Data: IP address, browser type and version, operating system, device type, screen resolution, timezone, language preference, and referring URLs.
Timer and Activity Data: The Service monitors mouse, keyboard, and scroll activity solely to detect idle periods and prevent accidental timer overruns. This activity data is processed locally on your device and is not transmitted to our servers. Only the resulting timer state (running, paused, stopped) and timestamps are stored.
Real-Time Sync Data: To enable cross-device functionality, the Service maintains a heartbeat signal via our real-time database infrastructure. This includes your active timer state and last-seen timestamp, used to detect stale or abandoned timers across browser tabs and devices.
Local Storage and Service Worker Data: The Service is a Progressive Web App (PWA) that uses a service worker to cache application assets for offline access. Local storage is used to persist your authentication session, theme preferences, and other application state on your device.
Push Notification Tokens: If you opt in to push notifications, we store your device notification token to deliver notifications. You can revoke this permission at any time through your browser or device settings.
Cookies and Similar Technologies: We use cookies and local storage to maintain your session, authenticate your identity, and remember your preferences. See Section 9 for more details.

2.3 Information from Third-Party Services

Google Calendar: If you connect your Google Calendar account, we access your calendar events (event title, time, location, attendees, and organizer) solely to suggest time entries for your review. We store OAuth tokens securely within your account data to maintain the connection. Our use of Google Calendar data complies with the Google API Services User Data Policy, including the Limited Use requirements. Specifically: we only use Google Calendar data to provide and improve the calendar suggestion feature; we do not transfer this data to third parties except as necessary to provide the Service; we do not use this data for advertising; and we do not allow humans to read this data except with your consent, for security purposes, or to comply with applicable law. Cronxi's use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Microsoft Outlook Calendar:If you connect your Outlook Calendar account, we access your calendar events under the same terms and limitations described above for Google Calendar, in accordance with Microsoft's applicable API terms.
Lemon Squeezy: We receive subscription lifecycle events (subscription created, updated, cancelled, payment received) via secure webhooks to manage your account status.

03How We Use Your Data

We process your personal data for the following purposes:

3.1 Service Delivery

Creating and maintaining your account and authenticating your identity.
Providing core functionality: time tracking, project and client management, task management (kanban boards, todos), invoicing, expense tracking, reporting, and data export.
Processing payments and managing your subscription status.
Sending transactional communications such as invoice emails to your clients, payment reminders, account notifications, and service alerts.
Delivering push notifications and email notifications you have opted in to receive, such as timer reminders, overdue invoice alerts, and recurring invoice notifications.
Syncing data across your devices in real time.

3.2 AI-Powered Features

Calendar Suggestions: Analyzing connected calendar events to generate suggested time entries using rule-based matching algorithms. The suggestion engine matches calendar events to your existing clients and projects based on attendee emails, event keywords, and naming patterns. You retain full control over whether to accept, modify, or dismiss any suggestion. No calendar data is sent to third-party AI services for this feature.
Text Enhancement (AI Polish):When you explicitly invoke the text polishing feature, the selected text is sent to Google's Generative AI service for processing. Only the specific text you choose to polish is transmitted — no other account data, client information, or context is included. This data is processed in accordance with Google's Cloud API terms of service and is not used by Google to train AI models.

3.3 Service Improvement and Security

Analyzing aggregated, de-identified usage patterns to improve the Service and develop new features.
Detecting, preventing, and investigating security incidents, fraud, and abuse.
Debugging and resolving technical issues.
Monitoring system performance and service availability.

3.4 Legal Compliance

Complying with applicable laws, regulations, and legal processes.
Enforcing our Terms of Service and protecting our legal rights.
Responding to lawful requests from public authorities.

04Legal Basis for Processing

EEA / UK / Switzerland

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data on the following legal bases under the GDPR:

Processing Purpose	Legal Basis
Account creation, time tracking, invoicing, expense management, task management	Performance of a contract (Art. 6(1)(b))
Payment processing and subscription management	Performance of a contract (Art. 6(1)(b))
Calendar integration and AI text polish	Consent (Art. 6(1)(a))
Push notifications and email notifications	Consent (Art. 6(1)(a))
Service improvement, analytics, and debugging	Legitimate interests (Art. 6(1)(f))
Security, fraud prevention, and abuse detection	Legitimate interests (Art. 6(1)(f))
Legal compliance and law enforcement requests	Legal obligation (Art. 6(1)(c))

Where we rely on legitimate interests, we have conducted a balancing test to ensure our interests do not override your fundamental rights and freedoms. You may request details of this assessment by contacting us.

The provision of your account information (name and email via Google Authentication) is necessary to enter into and perform our contract with you (our Terms of Service). If you do not provide this information, we will be unable to create your account or provide the Service. There is no statutory requirement to provide personal data to us. The provision of additional data (such as client details, time entries, and uploaded files) is voluntary but necessary to use the corresponding features of the Service.

05Automated Decision-Making and Profiling

The Service uses automated processing in the following areas:

Calendar Suggestion Engine: Automatically generates suggested time entries from your calendar events using rule-based matching. These suggestions are recommendations only — no time entries are created without your explicit approval.
Idle Detection and Auto-Stop: Automatically detects idle periods and may stop timers that exceed configurable thresholds. You control these thresholds in Settings.
Subscription Feature Gating: Your subscription plan determines which features are available. This is based on your plan selection, not profiling.

We do not engage in automated decision-making that produces legal effects or similarly significant effects on you as described in GDPR Article 22. No decisions about your account access, pricing, or service availability are made through solely automated means without human oversight.

07Data Storage and Security

Your data is stored on Google Cloud infrastructure located in the United States.

We implement industry-standard administrative, technical, and organizational safeguards to protect your personal data, including:

Encryption of all data in transit and at rest using industry-standard protocols.
Strict per-user data isolation — all user data is scoped to your authenticated account with database-level access controls preventing any cross-user data access.
Google OAuth 2.0 for secure identity verification.
Server-side authorization checks with Bearer token validation on all API endpoints.
Webhook signature verification for payment provider communications.
OAuth tokens for calendar integrations stored in encrypted documents within your user scope.

No method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to protect your personal data using commercially reasonable measures, we cannot guarantee absolute security. You are responsible for maintaining the security of your Google account credentials used to access the Service.

08Data Retention

We retain your personal data only as long as necessary for the purposes described in this Privacy Policy:

Active Account Data: Retained for as long as your account remains active and you continue to use the Service.
After Account Deletion: If you delete your account, we will delete or anonymize your personal data within 30 days, including all service data, uploaded files, and third-party integration tokens.
Backup Copies: Backup copies in automated systems may persist for up to 90 days after deletion before being permanently removed.
Legal Retention: We may retain certain data beyond these periods where required by applicable law (e.g., tax records, transaction logs, or data needed for legal claims). Accounting-related records may be retained for up to 7 years as required by tax law.
Aggregated Data: De-identified, aggregated data that cannot be used to identify you may be retained indefinitely for analytics and service improvement.

09Cookies and Similar Technologies

We use cookies, local storage, and similar technologies as follows:

Type	Purpose	Duration
Strictly Necessary	Authentication session, CSRF protection, security	Session / persistent
Functional	Theme preference (light/dark), timezone, last-used project, sidebar state	Persistent
Service Worker	Offline PWA functionality — caches application assets for offline access	Until cleared

We currently use only strictly necessary and functional cookies/storage. We do not use third-party advertising cookies or cross-site tracking technologies. If we introduce analytics cookies in the future, we will update this policy and, where required by law (including GDPR), obtain your prior consent before placing non-essential cookies.

You can manage cookies through your browser settings. Disabling strictly necessary cookies will prevent you from using the Service. You can clear the service worker cache and local storage through your browser's developer tools or site settings.

10"Do Not Track" Signals

Some browsers transmit "Do Not Track" (DNT) signals to websites. Because there is no universally accepted standard for how to respond to DNT signals, we do not currently respond to them. However, as described in this Privacy Policy, we do not engage in cross-site tracking or share your data with third-party advertisers.

We recognize and honor the Global Privacy Control (GPC) signal as a valid opt-out request under the CPRA and other applicable U.S. state privacy laws. If your browser transmits a GPC signal, we will treat it as a request to opt out of the sale or sharing of your personal information for that browser.

11International Data Transfers

Your personal data is primarily stored and processed in the United States. If you are located outside the United States, including in the European Economic Area (EEA), United Kingdom, or Switzerland, your data will be transferred to and processed in the United States. We ensure that such transfers are protected by appropriate safeguards, including:

EU Standard Contractual Clauses (SCCs) as approved by the European Commission.
The EU-U.S. Data Privacy Framework, where applicable.
Google Cloud's compliance certifications and data processing terms, including their commitments under the EU-U.S. Data Privacy Framework.

You may request a copy of the safeguards we rely on by contacting us at privacy@cronxi.com.

12Your Privacy Rights

12.1 Rights Under GDPR (EEA/UK/Switzerland Residents)

If you are located in the EEA, UK, or Switzerland, you have the following rights under the GDPR:

Right of Access (Art. 15): Request a copy of the personal data we hold about you and information about how it is processed.
Right to Rectification (Art. 16): Request correction of inaccurate or incomplete personal data.
Right to Erasure (Art. 17): Request deletion of your personal data where there is no compelling reason for its continued processing.
Right to Restriction (Art. 18): Request that we restrict processing of your data in certain circumstances.
Right to Data Portability (Art. 20): Receive your personal data in a structured, commonly used, machine-readable format. The Service provides built-in CSV and PDF export for time entries, invoices, and reports.
Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing purposes.
Right to Withdraw Consent (Art. 7): Where processing is based on consent (e.g., calendar integrations, notifications), you may withdraw consent at any time. This does not affect the lawfulness of processing before withdrawal. You can disconnect calendar integrations and disable notifications from the Settings page.
Right Not to Be Subject to Automated Decisions (Art. 22): You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. As described in Section 5, we do not make such decisions.

To exercise these rights, contact us at privacy@cronxi.com. We will respond within 30 days (extendable by an additional 60 days for complex requests, with prior notice). You may also delete your account and all associated data directly from the Settings page within the application.

You have the right to lodge a complaint with your local Data Protection Authority if you believe our processing of your data violates applicable law.

12.2 California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the CCPA as amended by the CPRA:

Categories of Personal Information Collected

CCPA Category	Examples	Source
Identifiers	Name, email address, account ID	Google Auth, you
Commercial information	Subscription plan, payment history, invoices	Lemon Squeezy, you
Internet / electronic activity	Usage data, IP address, browser type, device info	Automatic
Professional / employment info	Time entries, project data, client records, work descriptions	You
Sensory data	Profile photo (from Google account)	Google Auth

Your CCPA/CPRA Rights

Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected, the sources, the business purposes, and the categories of third parties with whom we share it.
Right to Delete: Request deletion of your personal information, subject to certain exceptions.
Right to Correct: Request correction of inaccurate personal information.
Right to Opt Out of Sale/Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising as defined under the CPRA.
Right to Limit Use of Sensitive Personal Information: We do not collect or process sensitive personal information as defined under the CPRA beyond what is necessary to provide the Service.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

To exercise your rights, contact us at privacy@cronxi.com. We will confirm receipt of your request within 10 business days and provide a substantive response within 45 calendar days (extendable by an additional 45 days with notice). We will verify your identity before processing your request. You may also designate an authorized agent to submit requests on your behalf. If you use an authorized agent, we may require proof of written authorization and verify your identity directly.

Financial Incentive Disclosure

We offer a free tier of the Service with limited features (up to 2 clients, 3 projects, and 3 invoices per month). Our paid plans (Pro at $9/month and Agency at $24/month) unlock additional features. The difference in service levels between free and paid plans is based on the value of the additional features provided, not on any differential treatment related to the personal information collected. The same categories of personal information are collected regardless of plan tier. You may opt out of the free plan at any time by deleting your account.

12.3 Other U.S. State Privacy Rights

If you are a resident of Virginia, Colorado, Connecticut, Texas, Oregon, Montana, or another U.S. state with a comprehensive privacy law, you may have similar rights to those described above, including the right to:

Confirm whether we are processing your personal data and access that data.
Correct inaccuracies in your personal data.
Delete your personal data.
Obtain a portable copy of your personal data.
Opt out of targeted advertising, the sale of personal data, and profiling in furtherance of decisions that produce legal or similarly significant effects (none of which we engage in).

To exercise these rights, contact us at privacy@cronxi.com. If we decline your request, you may appeal the decision by contacting us and referencing your original request. We will respond to appeals within the timeframe required by your state's law.

12.4 Nevada Residents

Nevada residents have the right to opt out of the sale of certain personal information. We do not sell your personal information as defined under Nevada Revised Statutes Chapter 603A. If you wish to submit an opt-out request, contact us at privacy@cronxi.com.

13Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33. If the breach is likely to result in a high risk to you, we will also notify you directly without undue delay (Art. 34). For U.S. residents, we will comply with applicable state breach notification laws, which may require notification within specific timeframes.

14Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have inadvertently collected personal data from a child under 16, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with personal data, please contact us at privacy@cronxi.com.

15Third-Party Links and Integrations

The Service may contain links to or integrations with third-party services, including Google Calendar, Microsoft Outlook, Google Authentication, and Lemon Squeezy. Each of these services operates under its own privacy policy, and this Privacy Policy does not apply to them. We encourage you to review the privacy policies of any third-party services you connect to or interact with through the Service. We are not responsible for the privacy practices of third-party services.

16Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will: (a) update the "Effective Date" at the top of this page; (b) post the revised policy on our website; and (c) for significant changes affecting your rights, provide notice via email to the address associated with your account or via an in-app notification at least 30 days before the changes take effect. Your continued use of the Service after the revised effective date constitutes acceptance of the updated Privacy Policy. If you do not agree with the changes, you should stop using the Service and delete your account.

17Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy Inquiriesprivacy@cronxi.com

General Supportsupport@cronxi.com

We aim to resolve all complaints directly. If you are located in the EEA, UK, or Switzerland and are not satisfied with our response, you have the right to lodge a complaint with your local Data Protection Authority. A list of EEA Data Protection Authorities is available at edpb.europa.eu.

California residents may also contact the California Attorney General at oag.ca.gov/privacy.