Last updated: April 5, 2026
KronosPay LLC ("Kronos," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, share, and safeguard your data when you use the Kronos mobile application, website, and related services. By using Kronos, you consent to the practices described in this policy. This notice is provided in compliance with the Gramm-Leach-Bliley Act (GLBA), the California Consumer Privacy Act (CCPA/CPRA), and other applicable federal and state privacy regulations.
Personal Information: When you create an account, we collect your full name, email address, phone number, date of birth, Social Security Number (for KYC verification), and mailing address.
Financial Information: We collect banking details (account and routing numbers), transaction history, direct deposit information, and linked debit/credit card details to facilitate our services. Debit card data is processed and stored in compliance with Payment Card Industry Data Security Standards (PCI DSS).
Gig Platform Data: If you connect gig platform accounts (Uber, DoorDash, Lyft, Instacart, and others), we collect earnings data, work history, and payout schedules to provide earnings tracking and advance eligibility.
Biometric Data: If you enable biometric authentication (Face ID, Touch ID, or fingerprint), your biometric data is processed locally on your device by your operating system. Kronos does not collect, store, or transmit raw biometric data to our servers. We only receive a confirmation of successful biometric verification from your device.
Device & Usage Data: We automatically collect device type, operating system, IP address, app usage patterns, session duration, and crash reports to improve our services and detect fraud.
We use your information to: provide, operate, and maintain our banking, advance, crypto, and savings services; verify your identity and comply with KYC/AML regulations; process transactions and send notifications; calculate advance eligibility and subscription billing; detect, prevent, and investigate fraudulent or unauthorized activity; communicate important account updates and promotional offers; perform automated risk assessments for advance eligibility and fraud prevention; and improve our products through aggregated analytics.
Kronos uses automated systems to make certain decisions that may affect your account, including: advance eligibility and limit calculations (based on deposit history and account activity), fraud risk scoring (based on transaction patterns and device data), and account risk assessments. You have the right to request an explanation of any automated decision that significantly affects your account. To request a review, contact support@getkronos.io.
As a financial services provider, KronosPay LLC is subject to the GLBA. We collect nonpublic personal information (NPI) about you from account applications, transaction history, and third-party sources. We do not disclose NPI to non-affiliated third parties except as permitted by law, including: to process your transactions, to protect against fraud, to comply with legal requirements, and with service providers who are contractually obligated to keep your information confidential. You may opt out of certain information-sharing practices by contacting privacy@getkronos.io.
We do not sell your personal information. We share data only in the following circumstances: with FDIC-insured banking partners who hold your deposits; with payment processors and card networks (Visa, Mastercard) to facilitate transactions; with identity verification providers (for KYC/AML compliance); with blockchain infrastructure providers (Tatum) for wallet and key management; with cryptocurrency exchange API providers to facilitate trades; with cloud infrastructure providers (for hosting and data storage); with email service providers (for transactional and account communications); with law enforcement or regulators when required by law, subpoena, or legal process; and with analytics providers (using aggregated, de-identified data only). All third-party service providers are bound by data processing agreements that require them to protect your information and use it only for the purposes we specify.
We implement industry-leading security measures to protect your data, including: 256-bit SSL/TLS encryption for all data in transit and at rest; biometric and two-factor authentication; real-time transaction fraud monitoring; SOC 2-compliant cloud infrastructure; PCI DSS compliance for payment card data; regular third-party security audits and penetration testing; role-based access controls for internal data access; and encrypted database backups with geographic redundancy.
In the event of a data breach that compromises your personal information, we will notify affected users via email and in-app notification within 72 hours of confirming the breach, or as otherwise required by applicable state law. The notification will include: the nature of the breach, the types of data affected, the steps we are taking to address it, and recommended actions you can take to protect yourself. We will also notify applicable state attorneys general and regulatory authorities as required by law. Where appropriate, we will offer complimentary credit monitoring services to affected users.
We retain your personal information for as long as your account is active and for a period of five (5) years after account closure to comply with BSA/AML financial record-keeping regulations. Transaction records may be retained for up to seven (7) years as required by applicable tax and financial reporting laws. You may request deletion of your account data at any time, subject to regulatory retention requirements, by contacting privacy@getkronos.io.
Depending on your jurisdiction, you have the following rights regarding your personal data:
All Users: Right to access your data, correct inaccuracies, opt out of marketing communications, and request a portable copy of your information.
California Residents (CCPA/CPRA): Right to know what personal information is collected and disclosed; right to delete your data; right to correct inaccurate data; right to opt out of the sale or sharing of personal information (note: Kronos does not sell your data); right to limit the use of sensitive personal information; and right to non-discrimination for exercising your rights. To exercise your CCPA rights, contact privacy@getkronos.io or call our privacy line. We will respond within 45 days.
Virginia Residents (VCDPA): Right to access, correct, delete, and obtain a portable copy of your data; right to opt out of targeted advertising, profiling, and sale of personal data.
Colorado Residents (CPA): Right to access, correct, delete, and port your data; right to opt out of targeted advertising, sale of data, and profiling that produces legal effects.
Connecticut Residents (CTDPA): Right to access, correct, delete, and port your data; right to opt out of targeted advertising, sale of data, and profiling.
To exercise any of these rights, email privacy@getkronos.io with your request. We will verify your identity and respond within the timeframes required by applicable law.
Our website currently does not respond to "Do Not Track" (DNT) browser signals, as there is no industry-standard protocol for DNT compliance. However, you can control tracking through your cookie preferences and browser settings as described in our Cookie Policy.
Our website uses cookies and similar technologies to remember your preferences, analyze traffic, and improve your experience. You can manage cookie preferences through your browser settings. For detailed information about the cookies we use, their purposes, and how to control them, see our Cookie Policy.
The Kronos app and website may contain links to third-party websites, services, or applications that are not owned or controlled by KronosPay LLC. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites or services.
We strongly advise you to read the terms and privacy policies of any third-party website you visit. KronosPay LLC shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any third-party content, goods, or services.
Kronos is not intended for individuals under the age of 18. We do not knowingly collect personal information from minors. If we discover that a minor has created an account, we will promptly delete the account and associated data. If you believe a minor has provided us with personal information, contact privacy@getkronos.io.
We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 30 days before taking effect. Continued use of Kronos after updates constitutes acceptance of the revised policy. Prior versions of this policy are available upon request.
For privacy-related questions, data access requests, or concerns, contact our privacy team at privacy@getkronos.io. For general support, reach us at support@getkronos.io. To report fraud or unauthorized activity, email reportfraud@getkronos.io.