Privacy Policy
Last Updated: December 10, 2025
1. Introduction
This Privacy Policy explains how Galvn Labs LLC ("we," "us," or "our"), operating the Cronacl platform, collects, uses, discloses, transfers, and safeguards your information when you use our AI platform and related services (collectively, the "Services"). Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the platform.
Our Philosophy: Cronacl operates on a "Bring Your Own" model. You bring your own AI provider API keys, your own integrations, and your own data. We act as a platform that orchestrates these services on your behalf while storing minimal data ourselves.
We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the "Last Updated" date of this Privacy Policy. Any changes or modifications will be effective immediately upon posting the updated Privacy Policy on our platform.
2. Information We Collect
2.1 Account Information
We collect minimal information necessary to provide our Services:
- Name and email address
- Profile information (bio, job title, industry)
- Timezone preferences
- Authentication credentials (securely hashed)
2.2 Usage Information
When you access our platform, we may automatically collect:
- Session information (IP address, browser type)
- Feature usage patterns
- Chat conversation metadata (not content when using BYOK)
- Error logs for troubleshooting
2.3 Billing Information
If you subscribe to our Services, we collect billing information through our payment processor (Stripe). We do not store your complete credit card information on our servers.
3. Bring Your Own Key (BYOK)
3.1 Your AI Provider Keys
Cronacl supports a Bring Your Own Key model where you provide your own API keys for AI providers such as:
- OpenAI
- Anthropic
- Google Vertex AI
- Amazon Bedrock
- Groq
- xAI
- Azure OpenAI
3.2 Key Storage and Security
When you provide your API keys:
- Keys are encrypted at rest using industry-standard encryption
- Keys are only used to make API calls on your behalf
- We never share your keys with third parties
- You can delete your keys at any time from your settings
3.3 Data Flow with BYOK
When using BYOK, your prompts and AI responses flow directly between our platform and your chosen AI provider using your credentials. We do not retain copies of your AI conversations beyond what is necessary for the immediate session, unless you explicitly enable conversation history.
4. Third-Party Integrations
4.1 Your Connected Services
You can connect your own accounts from various services including:
- Google Workspace (Drive, Calendar, Gmail, Docs, Sheets)
- Microsoft 365 (Outlook, Teams, OneDrive)
- Slack, Notion, GitHub, Linear
- Salesforce, HubSpot, Zendesk
- Databases (PostgreSQL, MySQL, MongoDB, and more)
4.2 Integration Data Handling
When you connect integrations:
- OAuth connections: We store access tokens securely to maintain your connection. Your data remains with the original provider.
- Database connections: Connection credentials are encrypted. We query your databases on-demand and do not copy or store your database contents.
- API keys: Stored encrypted and used only for authorized requests.
4.3 Data Stays With You
Your data from integrations remains in your original accounts. Cronacl acts as a bridge to help you interact with your data through AI, but we do not create permanent copies of your integration data unless you explicitly upload documents to our knowledge base.
4.4 Google User Data
When you connect your Google account to our Services, we may access:
- Google account profile information
- Google Calendar data
- Google Drive files and metadata
- Gmail data
- Google Docs, Sheets, and Slides
This data is accessed in real-time to fulfill your requests and is not permanently stored on our servers.
5. Use of Your Information
5.1 Platform Operations
We use your information to:
- Provide and maintain our Services
- Authenticate your sessions
- Process your AI requests through your configured providers
- Connect to your integrations as authorized
- Process billing and subscriptions
5.2 Service Improvement
We use aggregated, anonymized usage data to improve platform performance and user experience. We do not use your personal content, AI conversations, or integration data for model training or improvement purposes.
5.3 Communication
We may use your email address to send you service-related notices, security alerts, and support communications.
6. Data Storage and Security
6.1 What We Store
- Account information and preferences
- Encrypted API keys and integration credentials
- Workspace and organization metadata
- Documents you explicitly upload to our knowledge base
- Custom agents and their configurations
- Chat history (if enabled by you)
6.2 What We Don't Store
- Your integration data (emails, files, calendar events) - this stays with your providers
- Database contents - we query on-demand only
- AI conversation content when using BYOK (unless you enable history)
- Your AI provider's raw API responses
6.3 Security Measures
We implement appropriate technical and organizational security measures, including:
- Encryption at rest and in transit
- Secure credential storage
- Access controls and authentication
- Regular security assessments
- Incident response procedures
8. Your Rights and Choices
8.1 Access and Control
You have full control over your data:
- View and update your profile information
- Add or remove API keys at any time
- Connect or disconnect integrations
- Delete uploaded documents
- Export your data
- Delete your account entirely
8.2 Integration Revocation
You can revoke access to any connected integration at any time through your account settings. You can also revoke access directly from the provider (e.g., Google Account permissions).
8.3 Data Deletion
When you delete your account, we will delete your personal information, API keys, and uploaded content within 30 days, except where retention is required for legal compliance.
9. Data Retention
We retain your account information for as long as your account is active. You can configure data retention preferences in your privacy settings.
Chat history and conversation data can be automatically deleted based on your retention preferences (configurable from 30 days to indefinite).
After account deletion, we remove your data within 30 days, except for anonymized analytics data and any information we are legally required to retain.
10. Children's Privacy
Our Services are not intended for use by children under the age of 16, and we do not knowingly collect personal information from children under 16. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information.
11. Contact Information
If you have questions or concerns about this Privacy Policy, please contact us at:
Galvn Labs LLC
5830 East 2nd Street, STE 7000 #30307
Casper, WY 82609
Email: privacy@cronacl.com
12. Google API Services User Data Policy Compliance
Cronacl's use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.
We access, use, store, and share Google user data according to the following principles:
- We only request access to the Google user data that is necessary for the functionality you have requested
- We access your Google data in real-time to fulfill your requests, without creating permanent copies
- We do not sell Google user data or use it for advertising purposes
- We do not use Google user data for AI model training
- You can revoke Google access at any time through your Cronacl settings or Google Account permissions