Security

Last Updated: November 30, 2025

We take security seriously. Here's what we do to protect your data and keep CronMonitor secure.

Data Protection

Encrypted Connections

All communication with CronMonitor uses HTTPS with TLS encryption. Your data is encrypted in transit between your servers and our service.

Password Security

• Passwords are hashed using bcrypt - we never store them in plain text
• We enforce minimum password requirements
• Failed login attempts are limited to prevent brute-force attacks

API Keys

• Generate and revoke API keys anytime from your dashboard
• API keys are stored securely and never logged
• Rate limiting protects against abuse

Infrastructure

Hosting

CronMonitor is hosted on reliable cloud infrastructure with:

• Automatic security updates
• Regular backups (daily)
• DDoS protection via Cloudflare
• 99.9% uptime SLA

Application Security

We follow standard security practices:

• Protection against SQL injection (we use parameterized queries)
• CSRF token protection on all forms
• Input validation and sanitization
• Regular dependency updates to patch known vulnerabilities

Data Privacy

What We Store

• Your email and account information
• Monitor configurations (URLs, schedules, alert settings)
• Execution logs according to your plan's retention period
• Payment information (handled securely by Stripe - we don't store card details)

What We Don't Store

• Your cron job payloads or response bodies (unless you explicitly enable logging)
• Passwords in plain text
• Credit card information (handled by Stripe)

Data Retention

Monitoring data is kept according to your plan:

• Free: 7 days
• Hobby: 30 days
• Pro: 90 days
• Business: 365 days

After this period, data is automatically deleted.

GDPR Compliance

We're fully compliant with GDPR. You can:

• Export all your data
• Delete your account and all associated data
• Update your information anytime

Backups

We perform automated daily backups of all data. Backups are:

• Encrypted and stored securely
• Tested regularly to ensure they work
• Kept for 30 days

Your Responsibilities

Security is a shared responsibility. Here's what you should do:

✅ Do This

• Use a strong, unique password
• Keep your API keys secret (never commit them to public repos)
• Use HTTPS for your monitoring endpoints when possible
• Review your monitors and alerts periodically
• Contact us immediately if you notice suspicious activity

❌ Avoid This

• Sharing your login credentials
• Using the same password on multiple sites
• Exposing API keys in client-side code
• Ignoring security notifications

Reporting Security Issues

Found a security vulnerability? We appreciate responsible disclosure.

Contact: [email protected]

Please include:

• Description of the vulnerability
• Steps to reproduce
• Potential impact

We'll respond within 48 hours and keep you updated on our progress.

Third-Party Services

We use a minimal set of trusted services:

• Stripe for payment processing (PCI compliant)
• Cloudflare for DDoS protection and CDN
• Email delivery service for notifications

All third-party services are carefully vetted and have appropriate data processing agreements in place.

Questions?

If you have questions about our security practices:

• Email: [email protected]
• We typically respond within 24 hours

Note: We're a small team doing our best to keep CronMonitor secure. If you have suggestions for improvements, we'd love to hear them!