Privacy Policy
Data protection information according to GDPR and German TDDDG. Last updated: June 2, 2026
Your privacy at Chronova
We collect only the data necessary to deliver developer analytics, keep Chronova secure, and comply with legal obligations. This page explains the details in clear language.
Data Controller
Responsible entity for GDPR compliance
Niklas Schäffer
NX Solutions UG (haftungsbeschränkt)
Schadowstraße 49, 40212 Düsseldorf, Germany
Chronova is a product of NX Solutions UG (haftungsbeschränkt), Germany.
Categories of Data
Information we process when you use Chronova
Account Data
Username, email address, hashed password, API key.
Coding Activity Data
Project identifiers, file names, programming languages, editor/IDE metadata, operating system details, and time spent coding submitted via WakaTime-compatible plugins.
Technical & Log Data
IP address, browser type, OS version, device details, and request timestamps for security, abuse prevention, and service optimisation.
Usage Data
Coding time patterns, activity frequency, language and project distributions.
API Usage Data
Endpoint calls, rate limit tracking, request metadata.
Integration Data (GitHub/WakaTime)
OAuth tokens, repository metadata, commit hashes, synced coding activity.
Purpose & Legal Basis
Why we process personal data
- Providing core Chronova functionality, dashboards, and analytics.
- Maintaining secure authentication, session management, and API access.
- Ensuring platform integrity, preventing abuse, and troubleshooting incidents.
- Complying with statutory retention duties and regulatory requirements.
Sub-processors & Third Parties
Service providers we work with
Hetzner Online GmbH
Germany — Infrastructure / Hosting
Stripe, Inc.
USA — Payment processing
Google Analytics
Ireland/USA — Anonymized usage analytics (when configured)
GitHub, Inc.
USA — API integration (optional, user-initiated)
WakaTime LLC
USA — API compatibility layer. No data transfer to WakaTime; client sends heartbeats directly.
Storage & Retention
Where data lives and how long we keep it
Chronova stores data in EU-based data centres with encrypted-at-rest PostgreSQL databases.
We maintain the following retention periods for different data categories:
- Account Data: Retained for the duration of the account. Upon account deletion, data enters a 30-day recovery period before permanent deletion.
- Coding Activity Data: Retained for the duration of the account; available for export before deletion
- Technical/Log Data: Up to 90 days, then anonymized or deleted
- API Usage Data: Up to 90 days, then aggregated or deleted
- Integration Data (GitHub/WakaTime): Retained while integration is active; deleted upon deauthorization
- Backups: Purged within 30 days
- Inactive Accounts: Accounts inactive for more than 24 months may be permanently deleted. Users receive 30-day and 7-day warning emails before deletion.
✓ Retention periods are automatically enforced
Data deletion and retention policies are carried out by scheduled background processes — not just policy promises.
Legal archiving obligations may require longer retention for specific categories. Access is restricted to authorized personnel following the least-privilege principle.
Cookies & Local Storage
Minimal tracking footprint
Essential cookies only
Session, CSRF, and authentication cookies are required to operate Chronova. When configured, we may use Google Analytics for anonymized usage analytics to help improve the service.
Chronova does not utilize tracking pixels or behavioural profiling. Google Analytics data is anonymized and processed in compliance with GDPR.
Automated Decisions & Profiling
How we use your data for analytics
Chronova aggregates coding activity for analytics dashboards, including language distributions, time tracking, and productivity metrics.
We do not make automated decisions that produce legal effects concerning you.
Our analytics are for informational purposes only and are based on your own coding activity data. No profiling is used for decisions about individuals.
Aggregated analytics are provided for your benefit to help you understand your coding patterns and productivity.
Data Processing Agreement (DPA)
For business and enterprise customers
For business and enterprise customers, we offer a Data Processing Agreement (DPA) in accordance with Article 28 GDPR.
The DPA governs the processing of personal data on behalf of the controller and includes provisions for data security, sub-processor management, and audit rights.
To request a DPA, contact us atlegal@nx-solutions.de
Your Rights
Control over your personal data
There is no automated decision-making that produces legal effects. You have the right not to be subject to decisions based solely on automated processing (Art. 22 GDPR).
To exercise these rights, contact us atlegal@nx-solutions.de
Our supervisory authority is: Die Landesbeauftragte für den Datenschutz und die Informationsfreiheit Nordrhein-Westfalen
WakaTime compatibility disclaimer
Chronova offers optional WakaTime API compatibility. WakaTime® is a trademark of WakaTime LLC. Chronova is not affiliated with or endorsed by WakaTime LLC; compatibility is provided solely for plugin interoperability.
Security & compliance
Chronova employs encryption at rest and in transit, role-based access control, and continuous monitoring to safeguard your data. We continuously review our policies to remain compliant with GDPR and other applicable regulations.