Privacy Policy
Last updated: 2026-05-20
This policy explains what claude-scheduler (“we”, “us”) collects, why, and what your choices are. It applies to cronforclaude.com and any associated API. Operator contact: [email protected] (Hong Kong SAR).
1. What we collect
1.1 Account data
When you sign up: email, display name, and a scrypt-hashed password (we never store your password in cleartext). If you sign in with Google or GitHub, we additionally store the provider account id and (optionally) the profile email and avatar URL returned by the provider.
1.2 Organisation data
Organisation name, URL slug, plan id, Stripe customer/subscription identifiers, and memberships (which users belong to which org and their role).
1.3 Scheduler data
Projects, schedules (including the prompt text you supply), runners (name, tags, last-seen timestamp), and jobs (status, exit code, duration, stdout, stderr, stream-json events, token counts and cost). Prompts are stored in cleartext so you can review them in the dashboard; we do not redact or transform them.
1.4 Integration secrets
Telegram bot token and chat id (per organisation), runner tokens (stored as one-way SHA-256 hashes — we cannot recover the original token after you create it), API keys (also stored as one-way hashes).
1.5 Billing data
We do not store full card numbers. Stripe processes payments and returns to us only a customer id, subscription id, subscription status, current-period end, and the price id you purchased. Receipt emails are sent by Stripe.
1.6 Operational telemetry
Standard web access logs (IP address, user agent, timestamps, requested URL, response status) retained for up to 30 days for security and abuse investigation. Application errors may be sent to Sentry if configured; error context excludes prompt and output text. Aggregate product analytics may be sent to PostHog if configured; analytics events exclude personally identifying content beyond a stable anonymous user id.
1.7 Audit log
We record an internal audit row each time a member of your organisation creates, edits, or deletes a project, schedule, runner, member, API key, or settings row. This includes the actor user id, organisation id, action name, and source IP. The audit log is visible only to the organisation it belongs to.
2. Why we use it
- Provide the Service — store schedules, fire cron, route jobs to runners, record results, show you the dashboard.
- Authenticate and authorise — verify it's you, scope every database query to your organisation.
- Bill correctly — track jobs per month, schedules created, runners used, against your plan.
- Send transactional emails — password reset, email verification, invitation, important account notices.
- Detect abuse — rate-limit signups and sign-ins, investigate suspicious activity.
- Improve the Service — aggregate, non-identifying usage trends.
We do not sell personal data, share it with advertisers, or use Customer Data to train models.
3. Inference traffic — where Anthropic fits in
Your prompts are stored on our database, but they are also executed by claude -p on a runner you control. The runner sends the prompt to Anthropic's API using your Anthropic credentials. We are not in that path. Anthropic's processing of prompts is governed by your separate agreement with Anthropic; see their Privacy Policy.
4. Sub-processors
We use a small set of well-known providers to operate the Service:
| Sub-processor | Purpose | Location |
|---|---|---|
| Google Cloud (host) | Compute, network, and Postgres hosting via Coolify | Asia (us-east1 / asia-east2 region) |
| Cloudflare | DNS, CDN, TLS termination, DDoS protection | Global (anycast) |
| Stripe | Subscription billing and tax calculation | USA / global |
| Resend | Transactional email delivery | USA |
| Sentry (optional) | Error monitoring; enabled if DSN is configured | USA |
| PostHog (optional) | Product analytics; enabled if API key is configured | USA |
5. Data retention
- Job history: 7 days (Free), 30 days (Pro), or 90 days (Team), then auto-deleted by the cron tick reaper. Organisation-level per-schedule retention is configurable in settings.
- Audit log: kept indefinitely while the organisation exists.
- Account and organisation data: retained until you delete your account or terminate your subscription, then deleted within 30 days (some operational logs and backups may persist for up to 35 days due to backup snapshot rotation).
- Billing records: kept for the period required by tax law in our jurisdiction (currently 7 years).
6. Your rights
Subject to your local law, you have the right to access, correct, delete, port, or restrict the processing of your personal data, and to object to processing or withdraw consent (where consent is the legal basis).
To exercise these rights:
- Access / portability: email [email protected] from the address on file; we will return a JSON export within 30 days.
- Correction: edit your profile or organisation directly from the Settings page; for items you can't edit, email us.
- Deletion: email us to delete your account; we will confirm and complete deletion within 30 days.
7. Cookies and tracking
We use a small set of cookies, all first-party:
better-auth.session_token— sign-in session (HTTP-only, secure, SameSite=Lax). Required to keep you signed in.__Secure-better-auth.session_token— production secure variant of the above.
We do not use third-party advertising cookies. If PostHog analytics is enabled in a given deployment, it sets a first-party cookie to group page views into sessions; this can be disabled in your browser without breaking the Service.
8. Security
TLS for all traffic. Passwords are hashed with scrypt (via Better Auth). Runner tokens and API keys are stored only as one-way SHA-256 hashes — once you create one, even we can't recover the plaintext, which is why the UI shows it only once. Per-tenant database scoping is enforced at every API endpoint. Daily database snapshots are retained for 14 days.
9. International transfers
Our hosting is in Asia, and several sub-processors (Stripe, Resend, Sentry, PostHog) are in the United States. If you are in a jurisdiction with cross-border transfer requirements (e.g. the EU or UK), by using the Service you consent to your data being transferred to and processed in those locations.
10. Children
The Service is not directed to children under 18. We do not knowingly collect personal data from anyone under 18. If you become aware that a child has provided us with personal data, contact us and we will delete it.
11. Changes to this policy
We may update this policy from time to time. Material changes will be announced via email and an in-product banner at least 14 days before they take effect.
12. Contact
Questions, requests, or complaints: [email protected].