Privacy Policy

Last updated: March 30, 2026

At Cronos, we take your privacy seriously. This policy explains what personal data we collect, why we collect it, how we use it, and what rights you have. We process personal data only for the purposes described here and in accordance with applicable law.

1.Who We Are

The data controller responsible for your personal data is:

SuddenDev FZE

Marsa Dubai, Dubai Marina

Dubai, United Arab Emirates

issue@cronos.nexus

For questions about this policy or to exercise your rights, contact us at the address above.

2.What Data We Collect

2.1 Account & Identity Data

When you create an account or sign in, we collect:

  • Name and email address
  • Phone number (optional, for booking notifications)
  • Address as option to save your home location
  • Authentication identifiers
  • Profile preferences and settings

2.2 Business Data

If you operate a business on Cronos, we additionally collect:

  • Business name, address, and contact details
  • Team member information (names, email addresses, roles)
  • Products, services, pricing, and availability configurations
  • Operational data including orders, bookings, invoices, and fulfillment records
  • Payment account details (handled by Stripe/PayPal — we do not store card numbers)
  • Integration credentials for third-party services you connect

2.3 Consumer Activity Data

When you use Cronos as a consumer (booking products or services), we collect:

  • Order and booking history
  • Subscription and loyalty program activity
  • Event attendance and calendar data
  • Payment transaction records (amount, date, status — not card details)
  • Communications with businesses through the platform

2.4 Usage & Technical Data

When you use the platform, we automatically collect:

  • IP address and approximate location
  • Browser type and device information
  • Pages visited and features used
  • Session timestamps and duration
  • Error logs and performance metrics

This data is used to operate, secure, and improve the platform. We do not use it for behavioral advertising.

2.5 AI Interaction Data

When you interact with the Sky AI agent, we process the content of your messages and the context of your business operations (products, availability, bookings) to generate responses. Conversation logs are retained to support continuity and improve accuracy. We do not use your conversation data to train general AI models.

3.How We Use Your Data

We use your personal data only for the following purposes:

  • Service delivery — Processing bookings, orders, payments, and fulfillment
  • Account management — Authentication, access control, and account settings
  • Communications — Booking confirmations, reminders, and service notifications
  • Platform operations — Security monitoring, fraud prevention, and technical support
  • Legal obligations — Invoicing, tax records, and compliance requirements
  • Service improvement — Aggregated analytics to understand platform usage and fix issues

We do not sell your personal data to third parties. We do not use your data for targeted advertising.

4.Legal Basis for Processing

We process your data under the following legal bases:

  • Contract performance — Processing necessary to deliver the service you’ve subscribed to
  • Legitimate interests — Security, fraud prevention, and service improvement
  • Legal obligation — Compliance with applicable laws (tax, invoicing, data retention)
  • Consent — Where we explicitly ask for it (e.g., marketing communications)

5.Data Sharing

5.1 Service Providers

We share data with trusted third-party processors who help us operate the platform. All processors are contractually bound to protect your data and use it only for the purposes we specify:

  • Stripe / PayPal — Payment processing
  • Channex — Channel management for accommodation businesses
  • Jitsi — Video communications
  • DHL — Shipping and logistics
  • Tutanota — Encrypted email delivery
  • Nebius — AI model provider for agent functionality (data is not used to train models)
  • Railway — Hosting, database, and CDN services

5.2 Business-to-Consumer Sharing

When you make a booking with a business on Cronos, we share relevant information (name, contact details, booking details) with that business to fulfill your order. The business becomes an independent data controller for how they use that information.

5.3 Legal Disclosures

We may disclose your data if required by law, court order, or regulatory authority, or if necessary to protect the rights, property, or safety of Cronos, our users, or the public.

6.Data Retention

We retain your data for as long as necessary to provide the service and meet legal obligations:

  • Active account data — Retained for the duration of your account
  • Transaction records — Retained for 7 years for tax and accounting compliance
  • AI conversation logs — Retained for 12 months, then deleted
  • Technical/usage logs — Retained for 90 days
  • Deleted account data — Purged within 30 days of deletion request, except where retention is legally required

7.Your Rights

Depending on your location and applicable law, you may have the following rights regarding your personal data:

  • Access — Request a copy of the personal data we hold about you
  • Rectification — Request correction of inaccurate or incomplete data
  • Erasure — Request deletion of your data (“right to be forgotten”), subject to legal retention requirements
  • Portability — Receive your data in a structured, machine-readable format
  • Restriction — Request that we limit how we process your data
  • Objection — Object to processing based on legitimate interests
  • Withdraw consent — Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at issue@cronos.nexus. We will respond within 30 days. We may need to verify your identity before processing the request.

8.Cookies & Tracking

We use the following types of cookies and local storage:

  • Essential cookies — Session management, authentication, and security (required for the platform to function)
  • Preference storage — Saving your UI settings (theme, active business, language) in localStorage
  • Analytics — Aggregated, anonymized usage statistics to improve the platform

We do not use advertising or tracking cookies. We do not share browsing data with ad networks.

9.Security

We implement industry-standard security measures to protect your data:

  • Encryption in transit (TLS) and at rest
  • Role-based access controls limiting who can access your data
  • Regular security reviews and dependency audits
  • Two-factor authentication (2FA) support for accounts
  • PCI-compliant payment processing via third-party processors

In the event of a data breach that poses a risk to your rights or freedoms, we will notify affected users and relevant authorities as required by law.

10.International Data Transfers

SuddenDev FZE is based in Dubai, UAE. Your data may be processed by our service providers in other countries, including within the EU/EEA and the United States. Where data is transferred outside your jurisdiction, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses for EU data transfers).

11.Children's Privacy

The Cronos platform is not directed at children under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.

12.Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page and notify active users by email or in-app notification.

Continued use of the Service after changes constitutes acceptance of the updated policy.

← Back to HomeTerms & Conditions →