Privacy Policy

Plain language. Short. We'll update this as the product grows.

Last updated May 1, 2026

Who controls your data

TimeFlow is operated by NXTWAVE FZC, which is the data controller for the personal information described below. Future paid plans and subscriptions will also be processed under NXTWAVE FZC; if and when payment data is involved, we'll route it through a regulated processor (e.g. Stripe) and disclose that here.

What we collect

To run TimeFlow we store the things you give us. That's essentially: your email, an optional display name and avatar, your timezone, and the calendar data you create — events, tasks, habits, schedules, and the chunks the auto-scheduler places.

If you connect Google Calendar, we store an OAuth refresh token (encrypted at rest) so we can sync events on your behalf. We never read or write to other Google services.

Where it lives

On Supabase Postgres in a single project. Every row is gated by row-level security — only the authenticated owner of a row can read or write it. Daily backups are kept for seven days. Hosting is on Vercel + Supabase's managed infrastructure (US regions).

What we don't do

  • We don't sell your data. There is no advertising network attached to this app.
  • We don't track you across other sites — there's no Google Analytics, no Facebook pixel, no behavioral profiling.
  • We don't read the content of your events for AI training or any other purpose.

Third parties

We only share data with the providers we need to run the service:

  • Supabase — database, auth, file storage.
  • Vercel — web hosting.
  • Resend — sending transactional emails (sign-up confirmation, password reset, scheduled-reminder pings).
  • Google — only if you opt into Calendar sync.

Cookies

We use a session cookie set by Supabase Auth so you stay signed in. That's it. No analytics, no marketing. See the cookies page for the specific list.

Your rights

You can delete your account and all associated data at any time from your profile page. That deletion cascades through every table — calendars, events, tasks, habits, OAuth connections, the lot. If something feels stuck, email and we'll do it manually.

Beta caveat

TimeFlow is in beta. We follow the practices above, but data loss in beta is a real possibility (a bad migration, a corrupted backup). Don't make TimeFlow your only record of irreplaceable scheduling.

Contact

Questions, requests, or complaints — email dev.olegovich@gmail.com.