CronySoft NVR — Privacy Policy

Last updated: May 2026

This Privacy Policy explains what information CronySoft collects when you use the CronySoft NVR product and the app.cronynvr.com cloud portal (the "Service"), how we use it, who we share it with, and the choices you have.

1. Who controls your data

You are the controller of the video your cameras capture. CronySoft acts as a data processor for the cloud-portal features (account login, dashboards, alert delivery, optional cloud backup).

2. Information we collect

From you, when you create an account

• Name, business name, email address, password (stored hashed; never in plain text).
• Optional phone number (only if you opt in to SMS two-factor authentication).
• Billing information you provide for paid subscriptions (handled by our payment processor — we do not store full card numbers).

From the NVR at your site

• Hardware fingerprint (machine ID + primary network MAC + CPU model hash) so the box can authenticate to the cloud.
• Operational telemetry: CPU%, RAM%, disk-free %, camera count, agent version, last-heartbeat timestamp. No video bytes.
• Camera metadata you enter: camera name, zone, manufacturer/model.
• Encrypted credential blobs for your cameras (we store the ciphertext only; the decryption key never leaves the NVR).

From your browser

• IP address, browser user-agent string, sign-in timestamps — used for the security audit log on your account.
• A session cookie / token to keep you signed in.

Recordings

Video and audio captured by your cameras stay on the NVR at your site. CronySoft does not upload, view, retain, or analyse your recordings unless:

• You explicitly enable cloud backup (paid tier), in which case footage is uploaded to encrypted cloud storage under your account.
• You explicitly request remote access — the recording is then streamed on-demand through an encrypted tunnel for the duration of the session. No copy is retained server-side.
• You download a clip — the clip transits our infrastructure encrypted in flight; we do not keep a copy after download completes.

3. How we use information

• To provide, maintain and secure the Service.
• To authenticate you and prevent unauthorised access to your account.
• To deliver operational alerts (camera offline, NVR offline, storage low) to you.
• To support you when you contact us.
• To bill you for paid features.
• To comply with legal obligations.

We do not sell your data. We do not use your recordings to train AI models. We do not share your recordings with third parties except as required by lawful process described below.

4. Who we share information with

• Service providers we use to operate the Service — payment processor (e.g. Stripe), transactional email (e.g. SendGrid), SMS gateway for 2FA (e.g. Twilio), cloud infrastructure (e.g. Microsoft Azure / AWS). Each is bound by confidentiality and processes data only on our instructions.
• Law enforcement / legal process — we will disclose account information when required by a valid subpoena, court order, or other legal process, after reasonable review. We will not disclose your recordings unless they are lawfully compelled (we don't normally have your recordings to begin with — see §2).
• Business transfers — if CronySoft is acquired or merged, your information may be transferred to the successor entity, subject to this Privacy Policy.

5. Security

• Passwords are hashed with bcrypt before storage; we never see your plaintext password.
• Camera credentials live encrypted on your NVR; the cloud holds only the ciphertext (we cannot decrypt them).
• All cloud traffic is TLS-encrypted in transit.
• Account access events (sign-in, sign-out, failed attempts) are logged so you can audit them.
• We strongly recommend you enable SMS two-factor authentication on the account.

No system is perfect. If we discover a breach affecting your data we will notify you promptly and in accordance with applicable breach-notification laws.

6. Retention

• Account profile data — retained while your account is active.
• Operational telemetry (CPU/RAM/disk) — rolled up; raw rows kept ~90 days.
• Audit log of sign-ins and config changes — 365 days (configurable per deployment).
• Recordings — controlled entirely by you via the retention setting in Store Settings.
• Backups — retained per the cloud-backup plan you subscribe to.

On account deletion (see §8) we delete account profile data within 30 days. Anonymised aggregate metrics (e.g. "this many NVRs were online in March") may be retained indefinitely.

7. Your rights

Depending on where you live you may have the right to:

• Access the personal information we hold about you.
• Correct inaccurate personal information.
• Delete your account and associated personal information.
• Object to or restrict certain processing.
• Port your data to another service.
• Withdraw consent for SMS 2FA at any time.

Email privacy@aliumtech.com to exercise any of these rights. We will respond within 30 days.

8. Account deletion

You may delete your account at any time from Account Settings. Deletion removes your profile, sign-in credentials, audit log (after the legal retention window), and any cloud-backed-up recordings. Recordings still on your physical NVR are not affected by account deletion — that footage stays on the drive at your site.

9. Cookies and tracking

We use a small number of first-party cookies/local-storage entries needed to sign you in and remember your preferences (last selected store, grid layout per camera count). We do not use third-party advertising trackers, pixels, or session replay tools.

10. Children

The Service is not intended for use by children under 16. We do not knowingly collect personal information from children.

11. International transfers

CronySoft is headquartered in the jurisdiction stated on our website. If you access the Service from another country, your information may be transferred to and processed in our home jurisdiction. Where required, we use standard contractual clauses or equivalent safeguards.

12. Changes to this policy

Material changes will be announced via the portal and/or by email at least 30 days before taking effect. Continued use after the effective date constitutes acceptance.

13. Contact

Privacy questions: privacy@aliumtech.com
Support: support@aliumtech.com

---

← Back to sign in · Terms & Conditions