Back
Privacy Policy for Timelytics
Last Updated: August 2, 2025
1. INTRODUCTION
Welcome to Timelytics ("we," "us," "our," or "Company"). We are committed to protecting your privacy and ensuring you have a positive experience on our website and services. This Privacy Policy outlines how we collect, use, store, and protect your personal and non-personal information when you use our website located at https://timelytics.co (the "Website") and our time tracking services.
By accessing or using the Website and our services, you agree to the terms of this Privacy Policy. If you do not agree with the practices described in this policy, please do not use our services.
This Privacy Policy complies with:
- Swiss Federal Act on Data Protection (FADP)
- General Data Protection Regulation (GDPR) for EU users
- California Consumer Privacy Act (CCPA) for California residents
- Other applicable US privacy laws
2. INFORMATION WE COLLECT
2.1 Personal Data
We collect the following personal information from you:
Account Information:
- Name: We collect your name to personalize your experience and communicate with you effectively
- Email Address: We collect your email address for account creation, authentication, and communication
- Profile Image: We may collect your profile picture from Google authentication
Authentication Data:
- Google OAuth Tokens: We securely store access and refresh tokens to access your Google Calendar
- Session Information: We maintain session data to keep you logged in
Payment Information:
- Payment Details: We collect payment information to process your subscriptions securely
- Note: We do not store your payment information on our servers. Payments are processed by Stripe, a trusted third-party payment processor
Calendar Data:
- Google Calendar Events: We access your Google Calendar events through the Google Calendar API to provide our time tracking and statistics service
- Calendar Metadata: We store calendar names, colors, and IDs for display purposes
- Event Data: We store event details including titles, descriptions, start/end times, and locations
Our use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy (https://developers.google.com/terms/api-services-user-data-policy), including the Limited Use requirements.
User-Generated Content:
- Goals: We store goals you create for time management
- Categories: We store custom categories you create for organizing your time
- Feedback: We store feedback you submit to help improve our services
- AI Preferences: We store your AI analysis preferences (enabled/disabled) to respect your choices
2.2 Non-Personal Data
We collect the following non-personal information:
Technical Information:
- IP Address: For security and analytics purposes
- Browser Type and Version: To ensure compatibility
- Device Information: Device type, operating system, and screen resolution
- Usage Analytics: How you interact with our website and services
Cookies and Similar Technologies:
- Session Cookies: To maintain your login state (Required)
- Analytics Cookies: To understand how you use our services (Optional - requires consent)
- Preference Cookies: To remember your settings and preferences (Optional - requires consent)
3. HOW WE USE YOUR INFORMATION
3.1 Primary Uses
We use your information for the following purposes:
Service Provision:
- To provide our time tracking and analytics services
- To sync and process your Google Calendar events
- To generate time management insights and reports
- To personalize your experience and dashboard
Account Management:
- To create and maintain your account
- To authenticate your identity
- To process payments and manage subscriptions
- To communicate with you about your account
3.2 Secondary Uses
We also use your information for:
Analytics and Improvement:
- To analyze usage patterns and improve our services
- To develop new features and functionality
- To conduct research and development
AI-Powered Insights:
- To generate productivity insights, we may send aggregated and anonymized time statistics (e.g., total hours per category or goal) to OpenAI's API
- We do not send any personally identifiable information, raw calendar events, or sensitive content
- This processing is automatic and solely intended to improve the user experience
- No data is used for training purposes, and no human has access to your calendar data through OpenAI
- AI Opt-Out: You can disable AI analysis at any time through your account settings. When disabled, you will not receive AI-powered insights, and no data will be sent to OpenAI's API for analysis purposes
Communication:
- To send you important service updates
- To respond to your support requests
- To send marketing communications (with your consent)
Security and Compliance:
- To detect and prevent fraud and abuse
- To comply with legal obligations
- To enforce our terms of service
4. DATA SHARING AND THIRD-PARTY SERVICES
4.1 Third-Party Services We Use
We share data with the following third-party services:
Google Services:
- Google Calendar API: To access your calendar events
- Google OAuth: For authentication and account creation
Payment Processing:
- Stripe: To process payments and manage subscriptions
Analytics and Monitoring:
- PostHog: For analytics and user behavior tracking (requires consent)
- Vercel: For hosting and performance monitoring
Customer Support:
- Crisp: For customer support chat functionality (requires consent)
4.2 Data Sharing Policies
We do not sell, trade, or rent your personal information to third parties for marketing purposes. We only share your data:
- With your explicit consent
- To provide our services (e.g., with Google for calendar access)
- To comply with legal obligations
- To protect our rights and safety
- With service providers who help us operate our services (under strict confidentiality agreements)
We do not manually access your Google Calendar data unless you explicitly request support and grant permission for debugging purposes.
4.3 International Data Transfers
Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including:
- Standard Contractual Clauses (SCCs) for EU data transfers
- Adequacy decisions where applicable
- Other appropriate safeguards as required by law
5. DATA STORAGE AND RETENTION
5.1 Data Storage
Your data is stored securely using:
- MongoDB Atlas: For database storage
- Vercel: For application hosting
- Google Cloud: For various services
5.2 Data Retention
We retain your data for the following periods:
Account Data: Retained while your account is active and for 30 days after deletion
Calendar Events: Retained while your account is active and for 30 days after deletion
Analytics Data: Retained for up to 2 years
Payment Data: Retained as required by law (typically 7 years)
Logs and Security Data: Retained for up to 90 days
5.3 Data Deletion
You can request deletion of your data at any time by:
- Using the account deletion feature in your settings page (this permanently deletes all your data)
- Contacting us at privacy@timelytics.co
- Revoking Google Calendar access through your Google account
Complete Account Deletion: When you use the account deletion feature in your settings, we will permanently delete:
- Your account information and profile
- All your calendar events and data
- Your goals and categories
- All settings and preferences
- All associated authentication data
- Anonymize your feedback (removing personal identifiers while keeping the feedback content for service improvement)
This action is irreversible and will permanently remove all your data from our servers.
Feedback Anonymization: When you delete your account, any feedback you have provided will be anonymized rather than deleted. This means:
- Your name and email will be removed
- Your user ID will be removed
- The feedback content will be kept for service improvement
- The feedback will be marked as "Anonymous User"
- This helps us improve our services while respecting your privacy
If you revoke access to Google Calendar through your Google Account settings, we will automatically delete all related calendar and event data within 30 days.
6. YOUR RIGHTS AND CHOICES
6.1 Your Rights
Depending on your location, you have the following rights:
Access: Request a copy of your personal data
Rectification: Request correction of inaccurate data
Erasure: Request deletion of your personal data
Portability: Request transfer of your data to another service
Restriction: Request limitation of data processing
Objection: Object to certain types of processing
Withdrawal of Consent: Withdraw consent for data processing
6.2 How to Exercise Your Rights
To exercise your rights, contact us at support@mg.timelytics.co. We will respond to your request within 30 days.
6.3 Your Choices
You can control your data through:
- Account Settings: Manage your account preferences, including AI analysis settings
- AI Analysis Control: Enable or disable AI-powered insights through your settings page
- Google Account Settings: Control calendar access through your Google account
- Browser Settings: Manage cookies and tracking preferences
- Email Preferences: Control marketing communications
AI Processing Controls:
- You can opt out of AI analysis at any time through your account settings
- When AI analysis is disabled, no data is sent to OpenAI's API
- You can re-enable AI analysis at any time to receive personalized insights
- Your AI preferences are stored securely and can be changed at any time
7. DATA SECURITY
7.1 Security Measures
We implement appropriate technical and organizational measures to protect your data:
- Encryption in Transit: All data is encrypted using HTTPS/TLS when transmitted between your device and our servers
- Database Security: Your data is stored in MongoDB Atlas, which provides encryption at rest by default
- Access Controls: Strict access controls and authentication using NextAuth.js
- Environment Security: Sensitive configuration data is stored in encrypted environment variables
- Regular Security Audits: We conduct regular security assessments
- Employee Training: Staff are trained on data protection
- Incident Response: We have procedures for security incidents
7.2 Data Breach Procedures
In the event of a data breach, we will:
- Notify affected users within 72 hours
- Report to relevant authorities as required by law
- Take immediate steps to contain and remediate the breach
- Provide guidance on protective measures
8. CHILDREN'S PRIVACY
Timelytics is not intended for children under the age of 13 (or 16 in some jurisdictions). We do not knowingly collect personal information from children. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately.
9. COOKIES AND TRACKING TECHNOLOGIES
9.1 Types of Cookies We Use
Essential Cookies: Required for basic functionality
Analytics Cookies: Help us understand how you use our services
Preference Cookies: Remember your settings and preferences
Marketing Cookies: Used for advertising (with your consent)
9.2 Managing Cookies
You can control cookies through your browser settings. However, disabling certain cookies may affect service functionality.
9.3 Consent Management
We provide a comprehensive consent management system that allows you to:
- Choose which types of cookies to accept
- Update your preferences at any time
- Access detailed information about each cookie category
- Reset your preferences to default settings
You can manage your cookie preferences by:
- Visiting our Cookie Preferences page at /cookie-preferences
- Using the cookie banner that appears on your first visit
- Contacting our support team for assistance
Your consent choices are stored locally and will be remembered for future visits. You can change your preferences at any time.
10. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by:
- Posting the updated policy on this page
- Sending you an email notification
- Displaying a notice on our website
Your continued use of our services after such changes constitutes acceptance of the updated policy.
11. CONTACT INFORMATION
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: support@timelytics.co
Address: A Ca di Patrizi 21, 6702 Claro, Switzerland
Data Protection Contact: privacy@timelytics.co
For EU residents, you also have the right to lodge a complaint with your local data protection authority.
12. GOVERNING LAW
This Privacy Policy is governed by Swiss law, with additional protections provided by GDPR for EU users and CCPA for California residents.
13. DEFINITIONS
"Personal Data": Any information relating to an identified or identifiable natural person
"Processing": Any operation performed on personal data
"Controller": The entity responsible for determining the purposes and means of processing
"Processor": The entity that processes personal data on behalf of the controller
By using Timelytics, you consent to the terms of this Privacy Policy.
Thank you for using Timelytics.