Privacy Policy

Effective Date: November 1, 2025
Last Updated: November 1, 2025

Timepilot ("we," "us," or "our") operates the Timepilot desktop application and website at timepilot.io (collectively, the "Service"). We are committed to protecting your privacy and being transparent about the data we collect and how we use it.

This Privacy Policy explains what information we collect, how we use it, and your rights regarding your personal data.

1. Information We Collect

1.1 Information You Provide

• Account Information: Email address, name, and password when you create an account.
• Communication Data: Information you provide when you contact us via email (hello@timepilot.io or feedback@timepilot.io).

1.2 Information Automatically Collected by Desktop App

Our desktop application tracks your activity to provide time tracking functionality. We collect:

• Application Names: Names and bundle identifiers of applications you use
• Window Titles: Titles of windows and documents you work on
• Website URLs: URLs and domains of websites you visit in browsers (currently Chrome)
• Slack Context: Workspace names and conversation names from Slack window titles
• Time Data: Duration spent in each application, window, website, or conversation
• Idle Time: Periods of inactivity based on keyboard and mouse usage
• Focus Sessions: Periods of uninterrupted work in applications and documents
• Integration Data: GitHub commits and PRs, Jira tickets, Google Calendar events (when connected)

What We DON'T Collect:
• We do NOT take screenshots of your screen
• We do NOT record keystrokes or content you type
• We do NOT access the actual content of your documents, emails, or messages
• We only see window titles and metadata, never document contents
• We do NOT use surveillance or monitoring techniques

1.3 Website Analytics

We use third-party analytics services to understand how visitors use our website:

• Cloudflare Web Analytics: Privacy-friendly analytics (no cookies, GDPR compliant)
• PostHog: Product analytics to understand user behavior and improve our service

These services may collect: IP address, browser type, device information, pages visited, and interaction data.

2. How We Use Your Information

We use the collected information for the following purposes:

• Provide the Service: Track your focus time, app usage, and work patterns
• Local Analysis: All activity data is processed locally on your device to identify focus patterns, context switching, and productivity insights
• Aggregated Team Insights: Generate anonymized, aggregated reports for engineering leaders (e.g., "team averages 2.5 hours of deep work daily")
• Personal Insights: Provide individual users with private insights about their own work patterns
• AI-Powered Features: Generate intelligent summaries and insights based on your activity (future feature)
• Service Improvement: Analyze anonymized usage patterns to improve features and user experience
• Support: Respond to your inquiries and provide customer support
• Communication: Send important updates about the Service (security, features, changes)
• Debugging: Access your data to troubleshoot technical issues (only when necessary for support)

3. Data Storage and Security

3.1 Where Your Data is Stored

• Local Storage: All raw activity data (app names, window titles, URLs) is stored locally on your device in a SQLite database
• Local Logs: Session logs are stored locally in JSONL format for debugging and analysis
• Cloud Storage: Anonymized activity events and metadata are synced to Supabase (PostgreSQL) for team aggregation and multi-device access
• Privacy-First Sync: Only anonymized, aggregated metadata is sent to the cloud—never raw window titles or full URLs
• Location: Cloud data is stored in the United States

3.2 Security Measures

We implement reasonable security measures to protect your data:

• Data is encrypted in transit using HTTPS/TLS
• Local database uses SQLite with secure file permissions
• Rust backend provides memory-safe data handling
• macOS Accessibility API access requires user permission
• Access to cloud user data is restricted to authorized personnel only
• We follow industry-standard security practices

Note: While we take security seriously, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data.

4. Data Sharing and Disclosure

4.1 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

4.2 Third-Party Service Providers

We share data with the following service providers who help us operate the Service:

• Supabase: Database and authentication services
• PostHog: Product analytics (anonymized where possible)
• Cloudflare: Website hosting and analytics

These providers are contractually required to protect your data and use it only for providing services to us.

4.3 Legal Requirements

We may disclose your information if required by law, court order, or to:

• Comply with legal obligations
• Protect our rights and property
• Prevent fraud or security issues
• Protect the safety of our users

5. Your Rights and Choices

As a beta product, some user rights features are not yet implemented. Currently:

5.1 Data Access

You can view your time tracking data within the Timepilot application.

5.2 Data Deletion (Coming Soon)

Account deletion and data removal features are not yet available during the beta period. If you wish to delete your account and data, please contact us at hello@timepilot.io and we will manually process your request within 30 days.

5.3 Data Export (Coming Soon)

Automated data export is not yet available. If you wish to receive a copy of your data, please contact us at hello@timepilot.io.

5.4 Marketing Communications

You can opt out of promotional emails by clicking "unsubscribe" in any marketing email we send.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. If you request account deletion, we will delete your data within 30 days, except where we are required to retain it for legal purposes.

7. Children's Privacy

Timepilot is intended for users who are 18 years of age or older. We do not knowingly collect information from individuals under 18. If we discover that we have collected information from someone under 18, we will delete it immediately.

8. California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

• Know what personal information we collect and how we use it
• Request deletion of your personal information
• Opt out of the sale of personal information (we don't sell your data)
• Non-discrimination for exercising your privacy rights

To exercise these rights, contact us at hello@timepilot.io.

9. International Users

Timepilot is operated from the United States. If you are located outside the U.S., please be aware that your information will be transferred to and processed in the United States, where privacy laws may differ from those in your country.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will:

• Update the "Last Updated" date at the top of this page
• Notify you via email for material changes
• Post a notice in the application for significant updates

Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

11. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

• Email: hello@timepilot.io
• Website: timepilot.io
• Location: California, United States