Privacy Policy

Plain language. Short. We'll update this as the product grows.

Last updated May 9, 2026

Who controls your data

TimeFlow is operated by NXTWAVE FZC, which is the data controller for the personal information described below. When paid plans launch, billing will be processed by Paddle.com Market Limited acting as Merchant of Record on NXTWAVE FZC's behalf — Paddle becomes a data processor for the billing portion only, governed by Paddle's privacy policy.

What we collect

To run TimeFlow we store the things you give us. That's essentially: your email, an optional display name and avatar, your timezone, and the calendar data you create — events, tasks, habits, schedules, and the chunks the auto-scheduler places.

If you connect Google Calendar, we store an OAuth refresh token (encrypted at rest) so we can sync events on your behalf. We never read or write to other Google services.

Where it lives

On Supabase Postgres in a single project. Every row is gated by row-level security — only the authenticated owner of a row can read or write it. Daily backups are kept for seven days. Hosting is on Vercel + Supabase's managed infrastructure (US regions).

Product analytics

TimeFlow runs three analytics services:

  • Vercel Web Analytics (cookieless) — counts page views and a small set of product events on the marketing site (which CTAs were clicked, which sections scrolled into view, which FAQ entries opened, signup and login attempts). Vercel derives an approximate country from your IP address but does not store the IP itself, and does not build a cross-site profile.
  • Vercel Speed Insights (cookieless) — measures real-user performance (Web Vitals like Largest Contentful Paint and Interaction to Next Paint) so we can fix slow pages. No content of your account is collected.
  • Google Analytics 4 via Google Tag Manager(cookied, consent-gated) — measures the same marketing-funnel events alongside Vercel so we can build audiences and attribution in Google's ecosystem. Loaded with Consent Mode v2 set to "denied" by default — meaning, until you click "Accept" on the consent banner, GA4 sends events without cookies and Google models the aggregate rather than tracking you per-visitor. If you accept, the standard _ga and _ga_* cookies are set; the cookies page lists them. If you decline, no Google cookies are set, period.

The Vercel services are operated by Vercel under their Data Processing Addendum. Google Analytics is operated by Google under their Ads Data Processing Terms. You can change your consent decision at any time — see the cookies page for how.

Behavioral learning (optional)

Off by default. If you turn this on under Settings → Privacy & Security → Behavioral learning, TimeFlow logs a small set of in-app actions so AutoScheduler MAX (the LLM-driven weekly planner) can learn from how you actually work. The 12 events we log:

  • Task created, completed, skipped (single date), or paused/resumed
  • Calendar chunk dragged to a new time
  • Habit period completed or missed
  • AutoScheduler MAX run applied or rejected, plus per-anchor kept/dropped
  • Time tracker session logged (start, end, minutes)

Each event records a timestamp, the action type, and a small JSON payload (e.g. the before/after start times for a drag, the minutes for a tracker session). No event captures the content of your work — task titles, event descriptions, document text — and no event leaves TimeFlow. Storage is in our Supabase database, scoped to your user account by row-level security. We aggregate the events daily into a per-user user_patternsrow (peak hours, completion rate, slip rate, preferred chunk length, anchor accept rate); MAX's prompt reads from that aggregate, never from raw events.

You can export your full event log + patterns row as JSON or CSV from the same settings panel, and you can delete all of it any time — immediate, irreversible, no support ticket required. Turning the toggle off stops new events from being recorded; existing data stays until you press Delete.

What we don't do

  • We don't sell your data. There is no advertising network attached to this app.
  • We don't use Facebook pixel, remarketing pixels, or any cross-site behavioral-ad profiling. The analytics services described above are scoped to TimeFlow.
  • We don't read the content of your events for AI training or any other purpose.

Third parties

We only share data with the providers we need to run the service:

  • Supabase — database, auth, file storage.
  • Vercel — web hosting, plus the cookieless analytics described above.
  • Resend — sending transactional emails (sign-up confirmation, password reset, scheduled-reminder pings).
  • Google— Calendar sync (only if you opt in), and Google Analytics 4 + Tag Manager (only if you accept the consent banner). See the "Product analytics" section above.
  • Paddle.com Market Limited — when paid plans launch, Paddle will be the Merchant of Record and process payment, billing, sales tax/VAT, and refunds. Until billing turns on, no data flows to Paddle.

Cookies

Strictly necessary cookies (Supabase Auth) are always set so you can stay signed in. Google Analytics cookies (_ga, _ga_*) are only set if you accept the consent banner. See the cookies page for the specific list and how to change your consent decision.

Billing & refunds

When paid plans launch, refund handling is described on the refund policy page. The summary: a 14-day money-back window from the date of the first charge, then cancel-anytime to stop the next renewal.

Your rights

You can delete your account and all associated data at any time from your profile page. That deletion cascades through every table — calendars, events, tasks, habits, OAuth connections, the lot. If something feels stuck, email and we'll do it manually.

Beta caveat

TimeFlow is in beta. We follow the practices above, but data loss in beta is a real possibility (a bad migration, a corrupted backup). Don't make TimeFlow your only record of irreplaceable scheduling.

Contact

Questions, requests, or complaints — email dev.olegovich@gmail.com.