← Back to Home

Privacy Policy

Last updated: August 26, 2025

1. Overview

Timemage (hereinafter referred to as "we") respects and is committed to protecting your privacy. This Privacy Policy details how we collect, use, store, and protect your personal information. By using our services, you agree to the practices described in this policy.

Important: All your time tracking data, project information, and activity records are stored locally on your device. We do not store your time tracking data on our servers or in the cloud. This ensures maximum privacy and data security for your personal information.

2. Types of Information Collected

2.1 Information You Provide

  • Account Information: Username, email address, password (encrypted storage)
  • Profile Information: Name, avatar, timezone settings, language preferences
  • Time Tracking Data: Project information, task descriptions, time records, tag categories
  • User Settings: Notification preferences, interface themes, shortcut configurations

2.2 Automatically Collected Information

  • Device Information: Device type, operating system version, app version, device identifiers (Android ID, iOS IDFV)
  • Usage Data: Feature usage frequency, session duration, error logs, app interactions
  • Technical Data: IP address, browser type, access time, referral source
  • Analytics Data: App performance metrics, crash reports, user engagement metrics (collected through Firebase Analytics)

2.3 Third-Party Authentication Data

When you sign in using Google or Apple:

  • Google Sign-In: We receive your Google account email address, name, and profile picture (as provided by Google)
  • Apple Sign-In: We receive your Apple ID email address and name (as provided by Apple, which may be a private relay email)
  • We do not access or store your Google or Apple account passwords

3. Purpose of Information Use

We use the collected information for the following purposes:

3.1 Core Service Provision

  • Provide time tracking and data analysis features
  • Generate personalized reports and statistics (all processing done locally on your device)
  • Maintain account security and authentication
  • Enable optional data export functionality

Note: All time tracking data, project information, and activity records are stored exclusively on your device using local storage (SharedPreferences on Android, UserDefaults on iOS). We do not have access to this data, and it never leaves your device unless you explicitly choose to export it.

3.2 Service Improvement

  • Analyze product usage to improve user experience
  • Develop new features and optimize existing features
  • Detect and fix technical issues
  • Monitor product performance

3.3 Customer Service

  • Respond to user inquiries and technical support requests
  • Send important service notifications and updates
  • Handle billing and subscription-related matters

4. Data Security Measures

4.1 Local Data Storage

All your time tracking data is stored locally on your device using the device's secure local storage mechanisms:

  • Android: Data is stored using SharedPreferences, which is protected by the Android system's security model
  • iOS: Data is stored using UserDefaults, which is protected by iOS security features including Keychain integration where applicable
  • Device Security: Your data benefits from your device's built-in security features, including device encryption, biometric authentication, and app sandboxing
  • No Cloud Storage: Your time tracking data never leaves your device unless you explicitly choose to export it

4.2 Technical Protection Measures

  • Encrypted Transmission: All network communication (for authentication and analytics) uses TLS 1.3 encryption
  • Local Data Protection: Your device's operating system provides encryption at rest for all stored data
  • Access Control: App-level access control ensures only the app can access its stored data
  • No Server-Side Storage: Since we don't store your time tracking data on servers, there's no risk of server-side data breaches

4.3 Operational Protection Measures

  • Minimal data collection - we only collect what's necessary for authentication and app functionality
  • No employee access to your time tracking data (since it's not stored on our servers)
  • Regular app security updates and vulnerability patches
  • User-controlled data export and deletion

5. Information Sharing and Disclosure

5.1 We Do Not Sell Your Personal Information

We will never sell, rent, or trade your personal information to any third party for marketing or other commercial purposes.

5.2 Limited Information Sharing Scenarios

We may share your information only in the following circumstances:

  • With Your Consent: With your explicit authorization
  • Service Providers: With trusted third-party service providers (such as cloud storage, payment processing) who must sign strict confidentiality agreements
  • Legal Requirements: To comply with laws, regulations, court orders, or government requirements
  • Security Protection: To protect the rights, property, or safety of us, users, or the public
  • Business Transfers: In the event of company merger, acquisition, or asset transfer (users will be notified in advance)

5.3 Third-Party Services We Use

We use the following third-party services that may process limited data:

  • Google Firebase:
    • Firebase Authentication: For user authentication and account management. Only your email address and authentication tokens are processed by Firebase for login purposes.
    • Firebase Analytics: For analyzing app usage and performance (data is anonymized and aggregated). This includes app crashes, feature usage, and performance metrics. Your time tracking data is NOT sent to Firebase Analytics.

    Important: We do NOT use Cloud Firestore or any cloud storage service to store your time tracking data, project information, or activity records. All such data remains on your device.

    Google's Privacy Policy: https://policies.google.com/privacy

  • Google Play Store / Apple App Store: For processing in-app purchases and subscription payments. Payment information is handled directly by the respective app stores and is not accessible to us.
  • Google Sign-In / Apple Sign-In: For authentication services. These services process your authentication data (email, name, profile picture) according to their respective privacy policies. This authentication data is stored locally on your device after login.

Data Processing Location: Authentication and analytics data may be processed by these third-party services on servers located in the United States or other countries. Your time tracking data is never transmitted to these services as it remains on your device.

6. Data Retention and Deletion

6.1 Local Data Retention

Your time tracking data is stored on your device and remains there until you delete it. We have no control over or access to this data.

  • Time Tracking Data: Stored on your device indefinitely until you delete it through the app or uninstall the app
  • App Settings: Stored on your device until you reset the app or uninstall it
  • Authentication Data: Stored locally on your device for login purposes. You can clear this by logging out

6.2 Server-Side Data Retention

For data we do process (authentication and analytics):

  • Account Information: Retained during your use of the service and for 30 days after account deletion
  • Analytics Data: Aggregated and anonymized analytics data may be retained for up to 26 months
  • Technical Logs: Typically retained for 90 days for troubleshooting
  • Financial Records: Retained for the period required by tax and accounting regulations

6.3 Right to Data Deletion

For time tracking data stored on your device: You have full control. You can delete all data at any time through the app settings or by uninstalling the app.

For server-side data: You have the right to request deletion of your personal data (authentication information, analytics data). Deletion requests will be processed within 30 days. Please note that certain information may not be immediately deletable due to legal requirements or legitimate business needs.

To delete all data: You can delete your account through the app, which will remove your authentication data from our servers. Your local time tracking data will remain on your device until you manually delete it or uninstall the app.

7. Your Rights

Under applicable data protection laws, you have the following rights:

  • Right of Access: Obtain a copy of personal data we process about you
  • Right of Rectification: Correct inaccurate or incomplete personal data
  • Right of Erasure: Request deletion of personal data under specific circumstances
  • Right to Restrict Processing: Restrict data processing under specific circumstances
  • Right to Data Portability: Obtain your data in a structured format
  • Right to Object: Object to data processing based on legitimate interests

8. Cookies and Tracking Technologies

We use cookies and similar technologies to provide, protect, and improve our services. These technologies help us:

  • Remember your login status and preferences
  • Analyze website usage and performance
  • Provide personalized content
  • Prevent fraud and abuse

You can manage cookie preferences through your browser settings, but disabling certain cookies may affect service functionality.

8.1 Mobile App Analytics

In our mobile applications, we use:

  • Firebase Analytics: To understand how users interact with our app. This service collects anonymized usage data and does not identify individual users.
  • Crash Reporting: To identify and fix app crashes. Crash reports may include device information and error logs but do not include personal data.

You can opt out of analytics data collection through your device settings (iOS: Settings → Privacy → Analytics; Android: Settings → Google → Ads → Reset advertising ID).

9. International Data Transfers

Your time tracking data is not transferred anywhere - it remains on your device.

However, limited data (authentication information and anonymized analytics) may be processed by third-party services (Firebase, Google, Apple) on servers located in the United States or other countries. We ensure all third-party services comply with applicable data protection laws and take appropriate protective measures.

For users in the European Economic Area (EEA), these transfers are protected by appropriate safeguards, including Standard Contractual Clauses where applicable.

10. Children's Privacy (COPPA Compliance)

Our services are intended for users aged 13 and above. We do not knowingly collect personal information from children under 13. If you discover that we have inadvertently collected such information, please contact us immediately at service@timemage.net.

For Parents and Guardians: If you believe your child under 13 has provided us with personal information, please contact us immediately. We will promptly delete such information upon verification.

We comply with the Children's Online Privacy Protection Act (COPPA) and do not collect, use, or disclose personal information from children under 13 without verifiable parental consent.

11. Privacy Policy Changes

We may update this Privacy Policy from time to time. Significant changes will be notified to you through:

  • In-app notifications
  • Email notifications
  • Website announcements

Before changes take effect, we will provide a 30-day notice period for you to review the new policy.

12. Data Subject Rights (GDPR/CCPA Compliance)

If you are located in the European Economic Area (EEA), United Kingdom, or California, you have additional rights:

  • Right to Know: Request information about what personal data we collect, use, and share
  • Right to Delete: Request deletion of your personal data (subject to legal exceptions)
  • Right to Opt-Out: Opt-out of the sale of personal information (we do not sell your data)
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
  • Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority

To exercise these rights, please contact us at service@timemage.net with "Privacy Rights Request" in the subject line.

13. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

  • Contract Performance: To provide you with the services you have requested
  • Legitimate Interests: To improve our services, prevent fraud, and ensure security
  • Consent: When you explicitly consent to specific data processing activities
  • Legal Obligation: To comply with applicable laws and regulations

14. Contact Us

If you have any questions, comments, or requests regarding this Privacy Policy, please contact us through:

Email: service@timemage.net

Data Protection Officer: dpo@timemage.net

Response Time: We will respond within 7 business days of receiving your request

Mailing Address: [Your Company Address - Required for some jurisdictions]

15. Effective Date

This Privacy Policy is effective as of August 26, 2025. Previous versions of the policy can be viewed in our website archive.