Privacy Policy

Krono Labs Ltd (“Krono Compliance”, “we”, “us”, or “our”) operates the Krono Compliance platform at krono-labs.com. We provide regulatory compliance tools for hardware companies.

Questions about this policy can be directed to privacy@krono-labs.com.

Account data: When you create an account (including auto-created accounts on purchase), we store your email address and a hashed password. We never store plaintext passwords.

Payment data: Payments are processed by Lemon Squeezy. We receive a payment token and your email address confirming a completed transaction. We do not store card numbers, bank details, or any raw payment instrument data.

Generated documents: Documents you generate (Declarations of Conformity, Risk Assessments, Technical Documentation) are stored for 7 days from the date of purchase, then permanently deleted. The product description and inputs you provide to generate documents are stored as part of the document record for the same period.

Uploaded files: Files you upload for text extraction (PDF, DOCX) are processed in memory for the duration of the request and are not stored on our servers.

Usage analytics: We collect anonymised aggregate data on document generation (document type, success/failure, approximate cost) to operate and improve the service. This data is not linked to your identity.

Log data: Our servers collect standard access logs (IP address, browser type, pages visited, timestamps). These are retained for up to 30 days for security and debugging purposes.

We use your data solely to:

• Provide and operate the Krono Compliance service
• Deliver generated documents to your account and via email
• Send transactional emails (document ready, generation failure, password reset)
• Detect and prevent fraud and abuse
• Comply with legal obligations

We do not use your data for advertising, profiling, or sell it to third parties.

Where the GDPR applies, we process your personal data on the following legal bases:

• Contract performance: Processing your email and payment token to deliver the service you paid for.
• Legitimate interests: Security logging, fraud prevention, and service improvement analytics.
• Legal obligation: Where required by applicable law.

We share personal data with the following third-party processors only to the extent necessary to provide the service:

• Lemon Squeezy: Payment processing. Your email address and purchase details are transmitted to Lemon Squeezy to process your transaction. We do not store card numbers or raw payment instrument data. Privacy Policy
• Resend: Transactional email delivery. Your email address is transmitted to Resend solely to deliver documents, notifications, and account credentials. Privacy Policy
• Anthropic: AI document generation. Product descriptions and inputs you provide are sent to Anthropic's API to generate document content. Anthropic's API data usage policy governs how this data is handled. Privacy Policy · Usage Policy
• Cloud infrastructure provider: Hosting and database services. Data is stored on servers within the EU/EEA where possible.

We do not share your data with any other third parties without your explicit consent, unless required by law.

• Generated documents and associated inputs: 7 days from purchase, then permanently deleted.
• Account data (email, password hash): retained while your account is active. You may request deletion at any time.
• Payment records (token, email, timestamp): retained for 7 years for financial compliance purposes.
• Server access logs: 30 days.
• Anonymised analytics: indefinitely (no personal data).

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your account and personal data
• Object to or restrict certain processing
• Receive your data in a portable format
• Lodge a complaint with your local data protection authority

To exercise any of these rights, email privacy@krono-labs.com. We will respond within 30 days.

We use strictly necessary cookies to maintain your login session (NextAuth session cookie). We do not use advertising or tracking cookies. A separate Cookie Policy is available at /cookies.

We implement appropriate technical and organisational measures to protect your data, including encrypted connections (TLS), hashed password storage (bcrypt), and access controls on all databases. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

Krono Compliance is intended for use by businesses and professionals. We do not knowingly collect personal data from individuals under 16 years of age.

We may update this policy from time to time. When we do, we will update the effective date at the top of this page. Material changes will be communicated by email to registered users.

For any privacy-related questions or requests:
Krono Labs Ltd
privacy@krono-labs.com