Privacy & cookies

This Privacy & Cookie Policy (the “Policy”) describes how Cene Technologies Ltd (“Recron”, “we”, “us”) collects, uses, and protects personal data when you visit recron.ai or use the Recron application. By using Recron, you consent to processing of your personal data as described in this Policy.

For questions about this Policy or to exercise your rights, email our Data Protection Lead at privacy@recron.ai.

Cene Technologies Ltd is the data controller for personal data collected through this website and the Recron application. Our registered address is 66 Paul Street, London, EC2A 4NA. Company number: 16512788.

For data we process on your behalf as a Recron user — your prompts, your Cron configurations, the AI-generated outputs from your runs — we act as a data processor and you are the controller. We process that data only to deliver the service and as described in section 5 below.

We collect the following categories of personal data, depending on how you interact with Recron:

We do not collect any ‘special category’ or sensitive personal data, personal data relating to children under 18, or data relating to criminal convictions.

Under UK GDPR, we process your personal data on the following lawful bases:

• Contract — to provide Recron under our Terms of Service: account management, running your Crons, processing payments, sending operational emails (run results, billing receipts, password resets).
• Legitimate interests — to improve the service, secure our infrastructure against abuse, respond to enquiries, and communicate operational changes. We balance these interests against your rights and freedoms.
• Consent — for marketing communications and any optional analytics cookies. You can withdraw consent at any time.
• Legal obligation — to comply with tax law, anti-fraud requirements, court orders, and other legal duties.

We do not use Customer Content to train AI models. Your prompts and Cron outputs are used only to operate the service for you.

To deliver Recron we engage the following third-party sub-processors, all under written data-processing terms:

A current list of sub-processors will be maintained on this page. We will notify subscribers by email of any material change at least 30 days in advance.

Some of our sub-processors are located outside the UK and EEA, principally in the United States. Where personal data is transferred internationally we rely on appropriate safeguards including:

• UK International Data Transfer Agreement (IDTA);
• Standard Contractual Clauses approved by the European Commission;
• Adequacy decisions where the recipient country has been deemed adequate by the UK or EU.

• Account data — for the lifetime of your account plus 12 months after closure for accounting and legal purposes.
• Customer Content (Cron config + prompts) — for the lifetime of the Cron. Deleted within 30 days of Cron deletion.
• Run data & outputs — retained while your account is active so you can review history. Deleted within 30 days of account closure.
• Billing & invoice records — 7 years after the end of the financial year in which the transaction occurred (UK tax law).
• Server logs — typically 30 days, longer where a log is implicated in an active security investigation.
• Marketing data — until you unsubscribe, plus 12 months thereafter.
• Website analytics — up to 12 months in aggregate form (Vercel Web Analytics).

You have the following rights in relation to your personal data:

• Right of access — request a copy of the personal data we hold about you (a Subject Access Request).
• Right to rectification — correct inaccurate or incomplete data.
• Right to erasure — request deletion in certain circumstances (also known as ‘the right to be forgotten’).
• Right to restrict processing — limit how we use your data while a query is resolved.
• Right to data portability — receive a structured, machine-readable export of your data.
• Right to object — object to processing based on legitimate interests or to direct marketing.
• Rights related to automated decision-making — not be subject to decisions based solely on automated processing that produce legal or similarly significant effects. Recron does not engage in such automated decision-making.
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, email privacy@recron.ai. We will respond within one month and may extend by up to two further months for complex requests. We may need to verify your identity before disclosing personal data.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection: ico.org.uk.

To request a copy of the personal data we hold about you (a Subject Access Request, or “SAR”):

• Email privacy@recron.ai with the subject line “Subject Access Request”, or
• Write to us at 66 Paul Street, London, EC2A 4NA.

There is no fee for a SAR unless your request is ‘manifestly unfounded or excessive’, in which case we may charge a reasonable fee or refuse the request. We will respond within one month (extendable by up to two months for complex requests).

We implement appropriate technical and organisational measures to protect personal data, including:

• TLS encryption in transit for all traffic to and from Recron;
• Encryption at rest for the production database (Neon Postgres);
• Two-factor authentication available on every account;
• Role-based access controls limiting which staff can view production data;
• Webhook signature verification on all third-party callbacks;
• Idempotent payment processing and out-of-order event protection;
• Regular dependency updates and security patching.

No transmission over the internet is completely secure. While we take strong measures to protect your data, we cannot guarantee absolute security and any transmission is at your own risk.

We do not sell or rent your personal data. We share data only:

• With sub-processors as described in section 6, under written data protection terms;
• Where required by law, court order, or to comply with regulatory obligations;
• To enforce our Terms of Service, investigate fraud or security issues, or protect the rights and safety of Recron, our users, or others;
• With professional advisers (lawyers, accountants, auditors) under duties of confidentiality;
• In connection with a merger, acquisition, or sale of business assets, in which case we will notify subscribers in advance.

Depending on your location, you may have additional privacy rights under local law.

EEA, Switzerland & UK residents. Your rights under GDPR and UK GDPR are described in section 9. You have the right to lodge a complaint with your local supervisory authority.

California residents (CCPA / CPRA). You have the rights to know, delete, correct, opt out of sale or sharing, and non-discrimination. We do not sell or share personal information for cross-context behavioural advertising. To exercise rights, email privacy@recron.ai with subject “California Privacy Request”.

Other US states. Residents of Virginia, Colorado, Connecticut, Utah, and other US states with comprehensive privacy laws may have similar rights. To exercise applicable rights, email us at the address above.

We may update this Policy from time to time. The ‘Last updated’ date at the top of the page reflects the most recent revision. Material changes will be communicated by email or in-app notice at least 30 days before they take effect.

Cookies are small text files placed on your device when you visit a website. They help websites remember your preferences and operate features that depend on persistent state across requests.

Recron is a privacy-focused product. We do not run third-party tracking cookies. The first-party cookies and local-storage items we use are limited to what’s required to operate the service:

Vercel Web Analytics — used on recron.ai and the Recron application — is cookie-less. It collects anonymous, aggregated data (page views, web vitals, country-level region) and does not track individual users.

You can manage or delete cookies through your browser settings. Note that disabling strictly necessary cookies will prevent you from signing in to Recron.

• Chrome: support.google.com/chrome
• Firefox: support.mozilla.org
• Safari: support.apple.com/safari
• Edge: support.microsoft.com/edge

We may update this Cookie Policy to reflect changes in technology, regulation, or our business practices. Updates will be reflected by a new ‘Last updated’ date at the top of this page.

For questions about cookies or anything else in this Policy, email privacy@recron.ai.