Privacy Policy
Last updated: July 14, 2026
1. Overview
Cactal, Inc. (“Cronloop”, “we”, “us”) operates cronloop.ai, a platform for creating and running autonomous AI agents on a schedule (the “Service”). This policy explains what personal information we collect when you visit our website or use the Service, how we use and share it, how long we keep it, and the choices and rights you have. Cactal, Inc. is the controller of the personal information described here, except for personal information inside your agent content, which we process on your behalf and under your instructions.
This policy does not cover third-party services that you connect to your agents, which have their own privacy policies.
2. Information we collect
Account information
When you sign up with GitHub, Google, or a work email, we receive your name, email address, and avatar, along with an identifier from the sign-in provider.
Billing information
If you buy a paid plan, Stripe and Link collect your payment details, billing information, and information needed to calculate tax. Through Stripe Managed Payments, they also act as the merchant of record for the transaction. We receive customer, subscription, and transaction identifiers and status, but not your full card number.
Agent content
The Service stores what your agents need to run: instructions, schedules, model and harness settings, skills, bootstrap scripts, memory files, run output, results, reported model usage, and cost. This content may include personal information that you or your connected data sources put into it. You are responsible for that data and for having the right to process it with the Service.
Connected credentials
Provider accounts and API keys you connect are stored encrypted, are used only to run your agents as you configure them, and are not displayed in plaintext after you save them.
Usage, device, and log information
We automatically collect information about how the Service is used: IP address, browser and device type, pages viewed, features used, timestamps, API activity, and diagnostic telemetry such as error reports and performance measurements.
Communications
We keep support requests, feedback, and other messages you send us.
3. How we use information
- To provide and operate the Service, including running your agents, persisting memory and run history, and showing you activity and costs (performance of our contract with you).
- To process subscription payments, apply plan limits, and enforce recorded spending thresholds (contract and legal obligations).
- To secure the platform, enforce limits, and prevent fraud and abuse (legitimate interests and legal obligations).
- To understand usage and improve the Service, using telemetry and aggregated statistics (legitimate interests).
- To send requested sign-in links and necessary account, security, support, or billing communications (contract and legitimate interests).
- To comply with law and respond to lawful requests (legal obligations).
We do not use your information to make automated decisions that have legal or similarly significant effects on you.
4. AI processing
When a run executes, the content the run needs, such as instructions and memory files, is sent to the harness and model provider you selected, currently Anthropic or OpenAI, under that provider’s terms. We do not use your content to train AI models. Model providers have their own retention and training practices, which can depend on the plan or key you connect, so review their policies when choosing how your agents access models.
5. How we share information
We share personal information only as described here:
- Service providers. Vendors that process data for us under contract, currently including Railway (hosting, Postgres, object storage, and our self-hosted diagnostics), Sprites (isolated sandbox runtimes), and Resend (email delivery).
- Payment providers. Stripe and Link process billing, tax, and transaction information and act as merchant of record for purchases made through Stripe Managed Payments, subject to their own privacy terms.
- Model providers you select. As described in Section 4.
- Services you connect. Your agents send and receive data with the tools you connect, as configured by you.
- Legal reasons. When required by law or to protect the rights, safety, or property of Cronloop, our users, or the public.
- Business transfers. In a merger, acquisition, or sale of assets, with notice to you.
We do not sell personal information, and we do not share it for cross-context behavioral advertising.
6. Cookies
We use only essential cookies and similar storage: keeping you signed in, protecting against cross-site request forgery, and remembering preferences such as theme. We do not use advertising cookies or third-party tracking cookies. You can control cookies in your browser settings, but the Service may not work without the essential ones.
7. Data retention
- Account data: for the life of the account and as needed to complete deletion.
- Agent content and memory files: until you delete the agent or close your account, then for a reasonable deletion period unless longer retention is required by law or security needs.
- Run history: until you delete the agent or close your account.
- Billing records: as required by tax, accounting, and other applicable law.
- Support communications: as long as needed to resolve and improve support.
8. Security
We encrypt data in transit with TLS and at rest with our infrastructure providers. Connected secrets are stored encrypted and are not shown in plaintext after saving. Each run executes in an isolated, disposable sandbox that does not receive our production infrastructure credentials. Access to personal information is limited to what a task requires. No method of transmission or storage is completely secure, so we cannot guarantee absolute security, but if a breach affects your personal information we will notify you as required by law.
9. Your rights and choices
Depending on where you live, you may have the right to access, receive a copy of, correct, delete, or restrict or object to the processing of your personal information, and to withdraw consent where processing is based on consent. If you are in the EEA, UK, or a similar jurisdiction, you may also lodge a complaint with your data protection authority. If you are a California resident, you have the rights to know, access, correct, and delete personal information, the right to opt out of sale or sharing (we do not sell or share personal information as defined by the CCPA), and the right not to be discriminated against for exercising your rights. An authorized agent may submit a request on your behalf.
To exercise any of these rights, email support@cronloop.ai. We will verify your request, respond within the time required by law, and keep a record of the request. Necessary transactional messages about your account are part of the Service.
10. International transfers
We operate from the United States, and your information is processed in the United States and in other countries where our service providers operate. Where the law requires safeguards for international transfers, such as the EU standard contractual clauses, we use them.
11. Children
The Service is for adults and requires users to be at least 18 years old. It is not directed to children, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, contact support@cronloop.ai and we will delete it.
12. Changes to this policy
We may update this policy as the Service and the law evolve. We will post updates on this page and revise the date at the top, and if a change is material we will notify you by email or through the Service before it takes effect.
13. Contact
Privacy questions and requests, and anything else: support@cronloop.ai.