Chronos SecurityChronos Security

Website Privacy Policy

Effective date: September 12, 2025

1. Who we are

Controller: Chronos Security (Romanian NGO). Registered address: <<Registered_Address>>. Registration no.: <<CUI/Trade_Register_No>>. Privacy contact: privacy@chronos-security.ro. General contact: contact@chronos-security.ro.

2. Scope

This policy covers personal data processed when you visit Chronos Security (the "Website") and our official contact channels linked from it. For data processed in the CTF platform, see the separate CTF Privacy Policy.

3. Data we collect

  • Browsing data: IP address, user‑agent, request and error logs, timestamps, and basic device information collected by our web server and security layer.
  • Cookies: only essential cookies needed for security and site operation. We do not set analytics or marketing cookies on the Website. If this changes, we will request consent first.
  • Contact data: information you send us by email or through forms we publish (name, email, message content, attachments, and metadata).
  • Community links: if you follow links to third‑party services (e.g., Discord), those services process your data under their own policies.

4. Why we process your data (legal bases)

  • Legitimate interests (GDPR Art. 6(1)(f)): operate and secure the Website; prevent abuse; detect and investigate incidents; respond to inquiries.
  • Contract (Art. 6(1)(b)): handle your requests when you ask for information or services.
  • Legal obligation (Art. 6(1)(c)): comply with record‑keeping, tax, or law‑enforcement requests.
  • Consent (Art. 6(1)(a)): only if we later introduce non‑essential cookies or marketing emails. At present, we do not use these on the Website.

5. Cookies and similar technologies

We use only essential cookies for session management, security, and load‑balancing (e.g., CDN/WAF). No analytics or marketing cookies are set by us. Embedded third‑party content, if any, may set its own cookies under its policies. If we add non‑essential cookies in the future, we will present a consent banner before they are used.

6. Who processes your data (recipients)

We use service providers acting as processors:

  • Cloudflare for CDN/WAF and security.
  • Hosting provider (e.g., Vercel or Google Cloud) for site hosting and delivery.
  • Brevo and Google Workspace for email handling and storage.

We sign data‑processing terms with providers and require appropriate safeguards. We do not sell personal data.

7. International transfers

Some providers may process or access data outside the EEA. When transfers occur, we use EU Standard Contractual Clauses or another lawful mechanism and apply appropriate safeguards. Cloudflare may route traffic globally for security and performance. Primary hosting is provisioned in EU regions where available.

8. How long we keep your data

  • Web and security logs: up to 90 days unless needed to investigate incidents.
  • Contact emails and form submissions: up to 24 months after last interaction.
  • Legal and accounting records (if applicable): retained for the period required by law.
  • Backups: rolling 30–90 days.

9. Your rights

You may request access, rectification, erasure, restriction, portability, or objection. To exercise rights, email privacy@chronos-security.ro. We may need information to verify your identity. We reply within 30 days. You can also complain to the Romanian supervisory authority (ANSPDCP) or your local authority.

10. Children

The Website is not directed to children. If you are under 16, do not send personal data without guardian permission. We do not knowingly collect guardian details via the Website.

11. Security

We apply access control, least privilege, encryption in transit, and audit logging. We review providers and limit data to what is necessary for operation and support.

12. Changes

We may update this Policy. Material changes will be published here with a new effective date.

13. Contact

Privacy: privacy@chronos-security.ro
General: contact@chronos-security.ro