Back to homeLast updated: 2026-03-11

Privacy Policy

This Privacy Policy explains how Timy processes personal data in the current production release of the Timy mobile app.

1. Controller

David Morgen

Contact: [email protected]

2. Scope of This Policy

  • This policy covers the Timy iOS app, local on-device data, optional iCloud/CloudKit sync, diagnostics, and optional on-device AI model downloads.
  • Apple services such as iCloud, App Store, Apple Sign-In, and Apple-managed analytics are governed by Apple’s own privacy terms.

3. Categories of Personal Data We Process

  • Working-time and planning data: workdays, punches, time-off entries, holidays, notes, and related metadata.
  • Settings and preferences: work schedule, vacation settings, visual preferences, and app configuration values.
  • Identifiers and credentials for Apple Sign-In and related authentication/session storage where applicable.
  • Diagnostic and technical data (when enabled): errors, stack traces, screen/module/action context, status codes, and technical troubleshooting metadata.
  • Optional AI model download metadata handled by model hosting providers at network level (for file delivery).

4. Purposes of Processing

  • Provide time tracking, planning, and reporting features.
  • Store your data locally and sync to iCloud/CloudKit when enabled.
  • Support export, backup, restore, and deletion operations.
  • Maintain app security, reliability, and performance.
  • Detect, investigate, and resolve crashes and errors.
  • Support optional on-device assistant features after model download.

5. Legal Bases (GDPR)

  • Article 6(1)(b) GDPR (contract): processing required to deliver requested app functionality.
  • Article 6(1)(f) GDPR (legitimate interests): diagnostics and technical processing to ensure security and reliability.

6. Whether You Must Provide Data

  • You are generally not legally required to provide personal data to use Timy.
  • Without entering work/planning data, related app functions cannot operate for that data.
  • If you disable iCloud sync, the app remains local and does not sync via iCloud.
  • If you do not use assistant features, no model download is required.

7. Recipients and Categories of Recipients

  • Apple: for iCloud/CloudKit sync and other Apple services you use.
  • Sentry-compatible diagnostics provider (EU region): for technical error reporting.
  • Model hosting providers: for optional model file delivery.
  • No sale of personal data, no third-party advertising, and no cross-context behavioral advertising.

8. International Data Transfers

  • Primary app data stays on your device and optionally in your private iCloud/CloudKit storage.
  • Apple and third-party providers may involve international processing under their legal safeguards.
  • Where required, providers are expected to rely on GDPR transfer safeguards such as SCCs.

9. Data Retention

  • Local app data: until deleted by you, app deletion, or OS data removal behavior.
  • iCloud/CloudKit data: until deleted in-app, by iCloud controls, or by Apple service rules.
  • Diagnostics retention: 30 days.
  • Optional downloaded model files remain on device until removed, replaced, or app uninstall.

10. Sources of Personal Data

  • Primarily from you when entering data, configuring settings, enabling sync, and using features.
  • Limited third-party technical data may arise through Apple, diagnostics providers, and hosting services.

11. Your Rights Under the GDPR

  • Access, rectification, erasure, restriction, objection, portability (where applicable), and withdrawal of consent where consent is the legal basis.
  • You may lodge a complaint with a supervisory authority.

12. How to Exercise Your Rights

  • You can export, restore, and delete data directly in the app.
  • You can disable iCloud sync in app/device settings.
  • For privacy requests, contact [email protected].

13. Right to Lodge a Complaint

You have the right to lodge a complaint with a competent data protection supervisory authority, especially in your EU/EEA state of residence, work, or alleged infringement.

14. Automated Decision-Making and Profiling

Timy does not use automated decision-making or profiling under Article 22 GDPR producing legal or similarly significant effects.

App calculations and assistant-style responses are productivity support features and are not Article 22 decisions.

15. Security Measures

  • Device and OS sandbox/security controls.
  • OS-provided secure storage for sensitive credentials where applicable.
  • Apple security controls for iCloud/CloudKit.
  • Data minimization and restricted sharing for diagnostics and optional integrations.
  • No storage/transmission method is completely secure.

16. Children

Timy is not directed to children under 16 and does not knowingly collect personal data from children under 16.

If you believe a child provided personal data through the app, contact us so we can assess and address it.

17. Changes to This Privacy Policy

We may update this Privacy Policy to reflect legal, technical, or product changes.

Updates are published with a revised “Last updated” date.

18. Apple App Store Privacy Alignment

  • Timy follows Apple App Store privacy disclosure requirements for each shipped build.
  • Current production personal-mode release: no third-party advertising SDKs, no cross-app ad tracking, diagnostics for reliability only, optional iCloud/CloudKit sync.
  • App Store privacy labels are completed based on exact shipped configuration and can differ across production/non-production builds.