Privacy Policy

Effective Date: January 01, 2025

1. Introduction
Cronos Consulting Group, Inc. (“Company,” “we,” “our,” or “us”) operates Huddle (Patent Pending), a SaaS product that integrates with Smartsheet. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use Huddle (the “Service”). This policy consolidates our cookie policy and addresses compliance with GDPR, CCPA, and other relevant data protection laws.

2. Data We Collect
We collect the following types of data:

  • Personal Data: Information that identifies or relates to an individual, such as name, email address, contact details, and authentication credentials (via Firebase Auth).
  • Usage Data: Information about how you interact with Huddle, including log data, IP addresses, browser types, and device information.
  • Schema-Level Data: Metadata from Smartsheet integrations, including:
    • Sheet structure and configuration
    • Version history metadata
    • Integration settings and configurations
    • API authentication tokens (encrypted)
  • Technical Data:
    • API usage statistics
    • Performance metrics
    • Error logs
    • Authentication records
  • Cookies and Tracking Technologies: As detailed in Section 7.

3. How We Use Your Data
We process data to:

  • Provide, maintain, and improve Huddle.
  • Authenticate users via Firebase.
  • Monitor security and prevent fraud.
  • Communicate with you about updates, services, and support.
  • Comply with legal obligations.

4. Legal Basis for Processing (GDPR Compliance)
Our data processing is based on:

  • Consent: Where applicable, especially for cookies.
  • Contractual Necessity: To fulfill our obligations under service agreements.
  • Legal Obligations: For compliance with applicable laws.
  • Legitimate Interests: For security, service improvement, and fraud prevention.

5. Data Sharing and Disclosure
We do not sell personal data. We may share data with:

5.1 Service Providers:
We use the following third-party services:

  • AWS (Amazon Web Services):
    • Purpose: Infrastructure hosting
    • Data stored: Encrypted application data, logs, and backup data
  • Google Cloud:
    • Purpose: Backend services
    • Data stored: Encrypted processing data, application services data
  • Firebase:
    • Purpose: Authentication
    • Data stored: User credentials and session data
  • Smartsheet API:
    • Purpose: Integration and data synchronization
    • Data accessed: Schema-level configuration data

6. Data Security
We implement strong security measures, including:

  • Encryption in transit and at rest.
  • Multi-factor authentication (MFA) for production environments.
  • Regular security testing using Snyk.

6.1 Data Breach Response
In the event of a data breach, we will:

  • Notify affected users within 72 hours of discovery
  • Provide detailed information about:
    • Nature of the breach
    • Types of data affected
    • Steps taken to address the breach
    • Recommendations for user actions

7. Cookies and Tracking Technologies
Huddle uses cookies and similar technologies to:

  • Authenticate sessions.
  • Improve user experience.
  • Analyze usage patterns.

Types of Cookies:

  • Essential Cookies: Necessary for the Service to function.
  • Performance Cookies: Help us understand how users interact with Huddle.
  • Functionality Cookies: Enhance user experience.

Cookie Management:
You can manage cookie preferences through your browser settings. For detailed instructions, visit [insert link to browser-specific guidance].

8. Data Processing Agreement (DPA)
For enterprise clients, our DPA defines:

  • Roles (Controller vs. Processor)
  • Data security measures
  • Data transfer protocols, especially for international transfers under GDPR.

9. User Rights
Depending on your jurisdiction, you may have rights to:

  • Access, correct, or delete your personal data.
  • Object to or restrict data processing.
  • Data portability.
  • Withdraw consent at any time (where consent is the basis for processing).

9.1 GDPR Rights Response Timeline:

  • Access Requests: Within 30 days
  • Deletion Requests: Within 30 days
  • Rectification: Within 15 days
  • Data Portability: Within 30 days
  • Extensions: +60 days if request is complex

9.2 California Resident Rights (CCPA):

Under the CCPA, California residents have the right to:

  • Request disclosure of personal information collected
  • Request deletion of personal information
  • Opt-out of the sale of personal information
  • Non-discrimination for exercising these rights

Response Timeline: 45 days (with possible 45-day extension)

10. Data Retention
We retain personal data as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations, and enforce agreements.

  • Active Account Data: Retained while account is active
  • Deleted Account Data: Removed within 30 days
  • Backup Data: Retained for 90 days
  • Usage Logs: Retained for 12 months
  • API Tokens: Deleted immediately upon account termination

11. International Data Transfers
We process data in the United States. For international transfers, we rely on appropriate safeguards, such as Standard Contractual Clauses (SCCs).

12. Changes to This Privacy Policy
We may update this policy periodically. Changes will be posted on this page with an updated effective date.

13. Contact Us
Cronos Consulting Group, Inc.
7851 Mission Center Court, STE 108, San Diego, CA 92108
Email: legal@cronoscg.com / support@letshuddle.ai

14. Children’s Privacy

If we discover we have collected such data, we will delete it

Huddle is not intended for users under 18

We do not knowingly collect data from users under 18