Our role depends on the data
For customer workspace data, Chronexa usually acts as a processor. For our website, accounts, billing, security and support, Alcaeus Services OÜ may act as controller.
Privacy & data protection
How Chronexa protects personal data
This Privacy Notice explains how Chronexa, owned and operated by Alcaeus Services OÜ, processes personal data when you visit our website, contact us, create an account, use the Chronexa workspace, or interact with our support, billing and security processes.
GDPR-aware
Business workspace data
Security-first operation
Clear user rights
Last updated
8 May 2026
Legal owner and service provider
Alcaeus Services OÜ
Privacy contact
support@alc-srv.eu
Your organisation controls workspace use
Your employer or organisation decides who may use Chronexa, what data is entered, how roles are assigned and how internal records are used.
We protect the platform
We use technical, organisational and access controls designed to protect Chronexa, prevent abuse and maintain availability, confidentiality and integrity.
You keep privacy rights
You may have rights to access, correct, erase, restrict, object, transfer data or complain to a supervisory authority, subject to legal limits.
1. Scope of this Privacy Notice
This notice applies to Chronexa websites, sign-in and sign-up flows, contact forms, trial and subscription flows, billing administration, customer support, security monitoring and the Chronexa application workspace.
Chronexa is a business-to-business SaaS platform. Most workspace data is entered by, or on behalf of, a customer organisation. This may include employee, contractor, project, time-tracking, holiday, message, role, CRM and operational records.
This Privacy Notice does not replace a customer agreement, data processing agreement, order form, employment policy or internal company privacy notice. Where a signed agreement applies, that agreement controls the commercial relationship and the allocation of responsibilities for customer workspace data.
2. Controller and processor roles
For account administration, public website operation, billing, fraud prevention, service communication, support handling and platform security, Alcaeus Services OÜ may decide why and how certain personal data is processed and may act as data controller.
For personal data that a customer organisation enters into the Chronexa workspace, Chronexa normally acts as a data processor. In that case, we process the data on the customer’s documented instructions, unless EU or Member State law requires otherwise.
When Alcaeus Services OÜ is controller
We decide the purposes and means for limited processing such as website operation, account setup, billing, legal compliance, security, diagnostics and direct support communication.
When Chronexa is processor
The customer organisation decides how workspace data is used, who has access, which records are created and how long data should remain available under the customer agreement.
3. Personal data we may process
The exact data depends on how Chronexa is configured and used by your organisation. We aim to collect only what is necessary for the service, security, support, billing and legal purposes described below.
Account and profile data
Name, business email address, preferred language, avatar, user status, company membership, department, position, access role, permissions and profile settings.
Authentication and security data
Passwordless sign-in codes, session cookies, IP address, user agent, device and browser information, security logs, audit events and abuse-prevention signals.
Workspace and operational data
Time entries, task descriptions, project references, CRM records, holiday requests, messages, uploaded files, internal comments, approvals, status changes and related timestamps.
Billing and company administration
Company name, billing contact details, country, VAT or tax information, subscription plan, payment status, invoices, payment provider references and transaction metadata. Chronexa does not need to store full card details.
Support and communication data
Contact form messages, emails, support requests, diagnostic details, attachments you choose to provide and records of our communication with you or your organisation.
Technical website and service data
Server logs, error traces, performance data, consent choices, strictly necessary cookies and similar technical information needed to operate, protect and improve the service.
Chronexa is not designed for special categories of personal data such as health data, biometric data, political opinions, religion, trade union membership or criminal offence data unless this is expressly agreed in writing and supported by a valid legal basis. Customers and users should not enter unnecessary sensitive information into free-text fields, messages, files or task descriptions.
4. Why we process data and legal bases
Where Alcaeus Services OÜ acts as controller, we rely on one or more legal bases under GDPR depending on the context.
Contract and pre-contract steps
To create accounts, provide Chronexa, manage subscriptions, deliver requested support, process sign-ups and perform our agreement with a customer or prospective customer.
Legitimate interests
To secure the platform, prevent misuse, diagnose issues, improve reliability, communicate service updates, manage business records and protect our legal and commercial interests.
Legal obligations
To comply with tax, accounting, security, regulatory, court, audit and other legal requirements that apply to Alcaeus Services OÜ.
Consent
For optional activities where consent is required, such as certain non-essential cookies, marketing preferences or optional communications. Consent can be withdrawn where applicable.
5. Cookies, sessions and technical logs
Chronexa uses cookies and similar technologies that are necessary to provide sign-in, security, language selection, session management, fraud prevention and core application functionality.
Where we use non-essential analytics, tracking or marketing cookies, we will request consent where legally required and provide a way to manage choices. Blocking necessary cookies may prevent parts of Chronexa from working correctly.
Technical logs may include IP address, timestamps, requested URLs, browser information, errors and security events. We use these logs to maintain availability, investigate incidents, detect abuse and improve service reliability.
6. Customer workspace content
Customer workspace content belongs to the customer organisation or is controlled by that organisation. Customer administrators may access, export, correct, delete, restrict or manage user data depending on their role, permissions, subscription and the customer agreement.
Chronexa does not sell customer workspace data and does not use customer workspace content to train public AI models. We may use aggregated or anonymised information for diagnostics, statistics, security, capacity planning and product improvement where individuals are not identified.
7. Sharing personal data
We do not sell personal data. We share personal data only where necessary to provide Chronexa, comply with law, protect the service, manage payments, deliver support, or fulfil a customer agreement.
Where service providers process personal data for us, we use contractual, technical and organisational controls designed to protect the data and limit processing to authorised purposes.
Hosting, infrastructure, storage and database providers
Email delivery, authentication, monitoring and support providers
Payment, subscription, tax, accounting and invoicing providers
Authorities, auditors, insurers, advisers or courts where legally required or necessary to protect rights
8. International transfers
Chronexa is designed for European business use. Where possible, we prefer processing and hosting arrangements within the European Economic Area or with providers offering appropriate data protection safeguards.
If personal data is transferred outside the EEA, we use appropriate safeguards where required, such as adequacy decisions, standard contractual clauses, contractual commitments, technical controls or other lawful transfer mechanisms.
9. Retention
We keep personal data only for as long as reasonably necessary for the purposes described in this notice, the customer agreement, legal obligations, accounting and tax rules, security, dispute resolution, backups and business continuity.
Customer workspace data is usually retained for the duration of the customer subscription and any agreed post-termination period. Some records may remain in backups, logs, audit trails, invoices or legal archives for a limited period where deletion is not immediately possible or legally appropriate.
10. Security
We apply technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration and disclosure. Security measures are reviewed and improved as the service evolves.
No online service can be guaranteed to be completely secure. Customers and users must also protect their accounts, devices, browsers, email inboxes, administrator roles and access permissions.
Role-based access and company-level separation
Passwordless authentication and session protection
Logging, monitoring and incident investigation
Backups, availability controls and controlled access to production systems
11. Customer responsibilities
Customer organisations are responsible for ensuring they have a lawful basis for entering, viewing and managing personal data in Chronexa, including employee monitoring, time tracking, holiday approvals, CRM records, messages and uploaded files.
Customers must configure roles carefully, invite only authorised users, remove access when no longer needed, avoid unnecessary sensitive data, respond to internal privacy requests and ensure their own users receive any privacy notices required by law.
12. Your privacy rights
Depending on the situation and applicable law, you may have the following rights in relation to your personal data.
Access your personal data
Correct inaccurate or incomplete data
Request deletion where legally available
Restrict certain processing
Receive portable data where applicable
Object to certain processing
Withdraw consent where consent is used
Complain to a data protection authority
If your data is part of a customer workspace, we may need to refer your request to the customer organisation because they are normally the controller for that data. We will support the customer as required by our agreement and applicable law.
We may need to verify your identity before acting on a request. We aim to respond within the period required by applicable data protection law, unless an extension or exception is available.
13. Limits, exceptions and business protection
Privacy rights are not absolute. We may refuse, limit or delay a request where permitted by law, including where data is needed for legal claims, compliance, tax, accounting, security, fraud prevention, contractual obligations, freedom of expression, protection of others, or where a request is manifestly unfounded or excessive.
We may also preserve evidence, logs, invoices, audit trails and security records where reasonably necessary to protect Chronexa, Alcaeus Services OÜ, customers, users or third parties. Nothing in this notice limits rights, remedies, defences or obligations available under applicable law or contract.
14. Children
Chronexa is a business service and is not intended for children. Customer organisations must not invite or enter data about minors unless they have a valid legal basis and the processing is appropriate for the service.
15. Changes to this notice
We may update this Privacy Notice to reflect changes in Chronexa, our legal obligations, security practices or business operations. The updated version will be published on this page with a revised date. Material changes may also be communicated through the service or by email where appropriate.
Legal company details
Chronexa is owned and operated by the following legal entity.
Legal company name
Alcaeus Services OÜ
Registration number
16284577
VAT ID
EE102399350
Registered address
Sepapaja tn 6
15551 Tallinn
Harju maakond
Estonia
16. Contact us
For privacy questions, requests or concerns related to Chronexa, contact us using the email address below. If your request relates to workspace data controlled by your organisation, please also contact your employer or organisation administrator.
support@alc-srv.eu