Legal
Privacy Policy
Last updated: June 4, 2026
Introduction
Chron (“Chron,” “we,” “us,” or “our”) is a product of CometCoreLabs. We provide a white-label booking platform that lets service businesses accept appointments through their own branded experience. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website or use our services (collectively, the “Service”).
By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.
Information We Collect
We collect information you provide directly, information collected automatically, and information from third parties.
Account information: name, email address, business name, billing details, and any profile information you submit.
Booking data: services, staff schedules, appointment details, and customer-facing booking pages that you configure.
Client data: information submitted by your clients when they book through your branded page, including name, email, phone, and any custom form responses.
Usage data: log data, device identifiers, IP address, browser type, referring URLs, and pages visited.
Cookies and similar technologies: we use cookies to keep you signed in, remember preferences, and measure usage. You can control cookies through your browser settings.
How We Use Information
We use the information we collect to:
- Provide, operate, and improve the Service
- Process bookings, payments, and customer communications
- Authenticate users and secure accounts
- Send transactional emails (booking confirmations, receipts)
- Send product updates and marketing where permitted (you can unsubscribe at any time)
- Detect, prevent, and investigate fraud or abuse
- Comply with legal obligations
Sharing and Disclosure
We do not sell personal information. We share information only as described below:
Service providers: we use vetted third parties for hosting, analytics, payments, email delivery, and customer support. These providers process data on our behalf under contract.
Business customers: if your client books through a Chron-powered page, their booking data is shared with the corresponding business so the appointment can be fulfilled.
Legal requirements: we may disclose information to comply with law, respond to lawful requests, or protect our rights, users, or the public.
Business transfers: if Chron is involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction.
Google User Data and the Google Calendar API
Chron integrates with Google Calendar so that bookings created in Chron can be synced to the calendar of the business owner or staff member who accepts them. This section explains how we access, use, store, share, and protect Google user data in compliance with the Google API Services User Data Policy, including the Limited Use requirements.
Limited Use disclosure.Chron’s use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements.
What we access. When you choose to connect your Google Calendar, Chron requests the OAuth scope https://www.googleapis.com/auth/calendar. With your authorization, Chron may:
- Read calendar events to check availability and avoid double-bookings
- Create calendar events when a client books an appointment through your Chron-powered page
- Update calendar events when a booking is rescheduled or its details change
- Delete calendar events when a booking is cancelled
How we use it. Google user data is used only to provide the calendar-sync features that you see and use inside the Chron product. We do not use Google user data for any purpose other than the user-facing features described above and in this Privacy Policy.
What we do not do. Chron does not, and will not:
- Transfer or sell Google user data to third parties such as advertising platforms, data brokers, or any other information resellers
- Use Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising
- Use Google user data to develop, improve, or train generalized artificial intelligence or machine learning models. Limited processing strictly necessary to provide the user-facing calendar-sync features described above is the only use of Google user data
- Allow humans to read Google user data, except (a) with your explicit consent for specific data, (b) when necessary for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) when the data has been aggregated and anonymized for internal operations
Storage and security. OAuth refresh and access tokens issued by Google are stored encrypted on Chron servers and used only to make calendar API calls on your behalf. Data in transit is protected with TLS. We follow industry-standard administrative, technical, and physical safeguards to protect Google user data against unauthorized or unlawful access, use, destruction, loss, alteration, or disclosure.
Sharing. We do not share Google user data with third parties except (a) with sub-processors that host or operate the Chron infrastructure under contractual confidentiality obligations and only to the extent strictly necessary to provide the integration, (b) when required by law, or (c) with your explicit consent.
Retention. We retain Google calendar data and associated tokens only for as long as your Google Calendar connection is active. When you disconnect Google Calendar or delete your Chron account, we revoke our access and delete the associated tokens and cached event identifiers. Backups containing this data are purged on a rolling 30-day schedule.
How to revoke access.You can disconnect Google Calendar from Chron at any time from your dashboard. You can also revoke Chron’s access directly from your Google account at myaccount.google.com/permissions. Revoking access stops Chron from making further calendar API calls on your behalf; previously created calendar events remain on your calendar until you remove them.
Questions or data requests. To request access, correction, export, or deletion of Google user data Chron holds about you, email hello@chron.com.
Data Retention
We retain personal information for as long as necessary to provide the Service, meet legal obligations, resolve disputes, and enforce our agreements. When information is no longer needed, we delete or anonymize it.
Security
We use administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. No method of transmission over the internet is fully secure, however, and we cannot guarantee absolute security.
Your Rights
Depending on where you live, you may have rights to access, correct, delete, or port your personal information, or to object to or restrict certain processing. You can exercise these rights by emailing hello@chron.com. We will respond within the timeframes required by applicable law.
If you are a client of a business that uses Chron, please contact that business directly for requests about your booking data. We will assist them as the data processor.
International Transfers
Chron is operated from the United States. If you access the Service from outside the U.S., your information may be transferred to, stored, and processed in the U.S. or other countries where our providers operate. We use appropriate safeguards for international transfers where required.
Children
The Service is not directed to children under 13 (or under 16 in the EEA/UK), and we do not knowingly collect personal information from them. If you believe a child has provided us information, please contact us so we can delete it.
Changes to This Policy
We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the most recent revision. Material changes will be notified through the Service or by email.
Contact Us
Questions about this Privacy Policy? Email hello@chron.com or visit our contact page.