Privacy Policy
This Privacy Policy explains how <<COMPANY_LEGAL_NAME>>
("Company", "we") collects, uses and protects personal data in connection
with Time Manager (the "Service"). It is designed to be GDPR, UK
GDPR and CCPA/CPRA compliant.
1. Data controller and contact
- Controller:
<<COMPANY_LEGAL_NAME>>,<<REGISTERED_ADDRESS>>. - DPO / privacy contact: privacy@timemanager.com.
- EU representative (Art. 27 GDPR):
<<EU_REP>>. - UK representative:
<<UK_REP>>.
For account-holding customers using Time Manager as part of their own services, Company acts as a processor for Customer Data in the scheduling context, and as a controller for account administration and billing data. See the DPA for processor-role terms.
2. Categories of personal data
| Category | Examples | Source |
|---|---|---|
| Account identifiers | user id, email, name, Time Manager SSO subject | you at signup |
| Authentication | OAuth tokens (Fernet-encrypted at rest), session cookies | calendar providers / your browser |
| Usage data | page views, feature interactions, coarse IP, user-agent | your browser / our logs |
| Task content | routine-task text you enter | you |
| Calendar content | event titles, times, attendees (opt-in) | Google / Microsoft APIs |
| LLM prompts / responses | prompts to Claude / OpenAI + decisions | our scheduling engine |
| Reminders | email, webhook target, delivery status | you / delivery runs |
| Billing | company name, billing email, tax ID, tokenized payment ref | you at upgrade |
| Support | anything you send in a support ticket | you |
| Audit | logins, permission changes, integration connects | our platform |
We do not collect government IDs, racial/ethnic data, biometric data, health data, precise location, children's data, or ad-tech beacons (none are installed).
3. Lawful basis (GDPR / UK GDPR)
| Purpose | Lawful basis |
|---|---|
| Provide the Service | Contract (Art. 6(1)(b)) |
| Account identity & access | Contract |
| Billing & tax | Legal obligation + Contract |
| LLM processing of task text | Contract |
| Use of calendar event titles for context | Consent (opt-in) |
| Security monitoring / audit | Legitimate interests |
| Aggregated product analytics | Legitimate interests |
| Marketing to customers | Legitimate interests + opt-out; Consent for non-customers |
4. Purposes of processing
- Operate the scheduling engine and deliver AI-generated decisions.
- Authenticate, authorize and identify users and agents.
- Send reminders and webhook notifications you configure.
- Provide customer support and respond to requests.
- Bill and account for paid subscriptions.
- Prevent, detect and investigate fraud, abuse, misuse and security incidents.
- Comply with legal and regulatory obligations.
- Improve the Service via aggregated, de-identified analytics.
5. Recipients and sub-processors
We share personal data only with:
- Sub-processors — for hosting, email delivery and LLM inference. Current list referenced in the DPA:
- Anthropic (Claude) — receives task text & free/busy context.
- OpenAI — same, when selected by user.
- Google LLC (Calendar API) — we write events you authorize.
- Microsoft Corp (Graph / Outlook) — same.
- Amazon Web Services (US region hosting + SES email).
- OVH (UK region hosting) — EU/UK residency option.
- Professional advisers (lawyers, auditors) under confidentiality.
- Authorities where required by law; we contest overbroad requests.
- Corporate transactions (M&A) with equivalent protections.
We do not sell personal information or share it for cross-context behavioural advertising.
6. International transfers
Data may be transferred outside the EEA / UK to the United States (AWS US region and LLM providers) and other regions where sub-processors operate. Transfers rely on:
- EU Standard Contractual Clauses (SCCs) — 2021/914, modules 2 & 3.
- UK International Data Transfer Addendum (IDTA).
- Supplementary technical measures: TLS 1.2+, Fernet field-level encryption, strict access controls.
EU/UK residency is available on Enterprise via the OVH UK region.
7. Retention
| Data | Retention |
|---|---|
| Routine tasks | until you delete; then 30 days soft-delete; then erased |
| Schedule decisions (inputs/outputs) | 90 days |
| LLM usage counters | 2 years |
| Reminder delivery logs | 180 days |
| OAuth tokens | until you revoke / disconnect |
| Webhook signing secrets | until you delete the endpoint |
| Audit events | 180 days (Team); ≥ 1 year (Enterprise) |
| Support tickets | 24 months after closure |
| Billing records | per tax/accounting law (6–10 years) |
Upon account deletion, we delete Customer Data within 30 days except records retained for legal, audit or billing compliance.
8. Data subject rights
If you are in the EEA, UK, Switzerland, California or other regions granting equivalent rights, you have the right to:
- Access — request a copy of your personal data.
- Portability — receive a structured copy (ICS + JSON in Settings → Danger zone).
- Rectification — correct inaccurate data.
- Erasure — delete your account and data.
- Restriction / Objection — for legitimate-interests processing.
- Withdraw consent — any consent-based processing can be withdrawn in Settings.
- Complain to your local supervisory authority (e.g. ICO, CNIL).
Requests are answered within 30 days (extendable by 60 where permitted). We may verify your identity.
Where Time Manager acts as a processor for an enterprise customer's workspace, we refer individual requests to that customer and assist under Article 28.
9. Security
Summary of technical and organizational measures:
- In transit: TLS 1.2+.
- At rest: Fernet symmetric encryption of OAuth tokens and webhook secrets, with two-key rotation windows; AWS/OVH disk encryption for underlying storage.
- Tenant isolation: PostgreSQL row-level security on all tenant-scoped tables, enforced server-side.
- Access control: RBAC for staff; least-privilege; MFA required for admin consoles.
- Logging: Security-relevant actions recorded in an audit log.
- Vulnerability management: Dependency scanning and patching on a published cadence.
- Personnel: Confidentiality, background checks (where permitted), annual security training.
Full details are published in the Security Whitepaper (planned at /timemanager/pages/trust/security.html) and referenced from the DPA.
10. Cookies
We use only the minimum cookies required to operate the Service (session, CSRF, theme preference, SSO). We do not use advertising cookies or third-party tracking pixels. See the Cookie Policy.
11. Children
The Service is not directed to children under 13 (16 where GDPR applies). We do not knowingly collect data from children.
12. California privacy (CCPA/CPRA)
California residents have the right to: know categories collected (see §2); request deletion and correction; opt out of sale/sharing (we do not sell or share for cross-context ads); limit the use of sensitive PI (we only process auth credentials strictly for access control); non-discrimination.
Authorized agents may act on your behalf with verifiable permission.
13. Automated decision-making
Scheduling decisions are generated with LLM assistance but are decision support only: every booking is reversible in your calendar, every decision has a published rationale, and you retain control. We do not make automated decisions producing legal or similarly significant effects without human-in-the-loop.
14. Changes to this policy
We may update this Policy. Material changes are notified by email and/or in-app notice. The "Last updated" date reflects the current version.
15. Contact
- Email: privacy@timemanager.com
- Postal:
<<REGISTERED_ADDRESS>> - EU representative:
<<EU_REP>> - UK representative:
<<UK_REP>>