TimeFlow
Legal

Privacy Policy

We build TimeFlow with privacy in mind. This policy explains what we collect, why we collect it, and how you stay in control of your data.

Last Updated: January 20, 2026

TimeFlow mascot

1. Introduction

TimeFlow ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI scheduling assistant service.

2. Information We Collect

2.1 Account Information

When you sign up with Google OAuth, we collect:

  • Email address
  • Google account ID
  • Profile information (name, profile picture)

2.2 Calendar Data

With your permission, we access:

  • Google Calendar events (title, time, duration, attendees)
  • Calendar metadata (timezone, default calendar)
  • We create new events for scheduled tasks

2.3 Email Data (Optional)

If you enable email categorization:

  • Gmail message metadata (sender, subject, date)
  • We DO NOT store full email content
  • Category labels sync back to Gmail

2.4 Usage Data

  • Task creation and scheduling activity
  • AI assistant conversation logs (for improvement)
  • Feature usage analytics (anonymized)

3. How We Use Your Information

  • Provide Services: Schedule tasks, categorize emails, manage habits
  • Improve AI: Train our AI assistant to give better recommendations
  • Support: Respond to your questions and troubleshoot issues
  • Security: Detect and prevent fraud or abuse
  • Analytics: Understand how users interact with TimeFlow (anonymized)

4. Data Security

We take security seriously:

  • Encryption: Google OAuth refresh tokens are encrypted at rest using AES-256-GCM
  • HTTPS: All data in transit uses TLS encryption
  • Access Control: Only authorized personnel can access production data
  • Regular Audits: We conduct security reviews before major releases

5. Data Sharing

We do not sell your data. We share information only in these cases:

  • Service Providers: Cloud hosting (Render, Supabase), AI services (OpenAI) under strict contracts
  • Legal Requirements: If required by law or to protect rights and safety
  • Business Transfers: In the event of a merger or acquisition (with notice to you)

6. Your Rights

You have the right to:

  • Access: Request a copy of your data
  • Delete: Request deletion of your account and data
  • Correct: Update inaccurate information
  • Revoke: Revoke Google Calendar/Gmail access at any time
  • Export: Download your tasks and calendar data

Contact privacy@timeflow.app to exercise these rights.

7. Third-Party Services

TimeFlow integrates with:

8. Data Retention

We retain your data as long as your account is active. After account deletion:

  • Personal data deleted within 30 days
  • Anonymized analytics retained for product improvement
  • Backups purged within 90 days

9. Children's Privacy

TimeFlow is not intended for users under 13. We do not knowingly collect data from children. If you believe we have collected data from a child, contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy. We'll notify you via email or app notification for significant changes. Continued use after changes constitutes acceptance.

11. Contact Us

Questions about this Privacy Policy? Contact us at:

Email: privacy@timeflow.app
Address: [To be added - company registered address]