Privacy Policy
Last updated: 29 April 2026
Template notice. This is a starting template, not legal advice. Review and adapt with a qualified legal professional before going live.
This policy explains what data Cronjob ("we", "us") collects when you use the service at https://cronurl.pbrapps.co.uk, why we collect it, how long we keep it, and the rights you have under the UK GDPR and the Data Protection Act 2018.
1. Who is the data controller?
The data controller is the operator of this site. If you need to contact us about your personal data, use the contact details at the end of this page.
2. What personal data we collect
- Email address — supplied when you sign in. Used to send sign-in (magic) links and important service notices.
- Cron job configuration — the name, URL, schedule, and any headers/body you configure. These are strings you supply; do not enter personal data of others into them.
- Run logs — for each dispatched job we store the timestamp, HTTP status code, request duration, and a short snippet of the response body (up to 2 KB) so you can audit successes and failures.
- Technical data — server logs may record your IP address, user agent, and request path for security and debugging. These logs are rotated on a short schedule.
We do not ask for, and do not intentionally collect, any special-category personal data (health, religion, etc.).
3. Cookies and similar technologies
We only use cookies that are strictly necessary to run the service. We do not use analytics, advertising, or third-party tracking cookies, so no cookie consent banner is required.
| Cookie | Purpose | Lifetime |
|---|---|---|
PHPSESSID |
Server-side session used to store the CSRF token and flash messages. | Session |
cj_session |
Identifies a signed-in user after consuming a magic link. | 30 days |
cj_claim |
Links anonymous draft jobs to your account on first sign-in. | 180 days |
4. Why we process your data (lawful basis)
- Performance of a contract — we need your email and job configuration to provide the service you requested.
- Legitimate interests — keeping server logs and short run snippets for abuse prevention, debugging, and service reliability.
- Legal obligation — retaining limited records to respond to lawful requests or protect our rights.
5. Who we share data with
We keep personal data to ourselves. The following processors help us operate the service:
- Email delivery: sign-in emails are sent via an SMTP provider (currently Mailgun, operated by Sinch). Your email address and the magic-link body pass through their infrastructure.
- Hosting: the site and database are hosted on infrastructure we control; no customer data is sold or shared with advertisers.
We do not transfer personal data outside the UK/EEA unless covered by an adequacy decision or appropriate safeguards (e.g. Standard Contractual Clauses).
6. How long we keep it
- Account data: until you delete your account, plus up to 30 days in backups.
- Magic-link tokens: deleted or marked used within 30 minutes.
- Run logs: kept for up to 90 days, then purged.
- Server logs: typically 14 days, longer only if needed for incident response.
7. Your rights
Under the UK GDPR you have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request deletion ("right to be forgotten") where applicable.
- Request restriction of, or object to, processing.
- Receive your data in a portable format.
- Withdraw consent at any time (where processing is based on consent).
- Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
To exercise any of these, email us using the contact details below. We will respond within 30 days.
8. Security
Magic-link tokens are stored only as SHA-256 hashes. Session IDs are random 256-bit values. Cookies are flagged Secure, HttpOnly, and SameSite=Lax. Passwords are not used or stored. Despite our reasonable measures, no system is perfectly secure; please use a unique, secure email account.
9. Children
The service is not intended for children under 16. If you believe a child has given us personal data, contact us and we will delete it.
10. Changes to this policy
We may update this policy as the service evolves. Material changes will be communicated by email or an in-app notice before they take effect.
11. Contact
Questions or data-protection requests: please use the contact address listed on the site. We aim to reply within 5 working days.