Privacy Policy

Introduction

Timeline ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how our iOS application collects, uses, stores, and protects your information.

Information We Collect

1. Account Information

What we collect:

• Anonymous user identifier (generated automatically by Firebase Authentication)
• Device tokens for authentication
• Account creation date
• Last sign-in date

Why we collect it:

• To create and maintain your account
• To sync your data across your devices
• To secure your information

How it's stored:

• Stored in Firebase Authentication (Google Cloud Platform)
• Encrypted in transit and at rest
• Not linked to your personal identity unless you choose to add an email

2. Calendar Data

What we collect:

• Calendar events from your device's Calendar app
• Event titles, descriptions, start times, end times, durations
• Event locations and addresses
• Event recurrence patterns
• Event notes and attachments
• Event types you assign (work, personal, appointment, meeting, travel, meal, exercise, entertainment, other)
• Event colors and custom properties

Why we collect it:

• To display your events in Timeline's timeline view
• To show events on the integrated map view
• To sync your events across all your devices
• To provide backup and restore functionality

How it's stored:

• Stored in Google Cloud Firestore (Google Cloud Platform)
• Encrypted in transit using TLS/SSL
• Encrypted at rest using AES-256 encryption
• Isolated per user account (other users cannot access your events)

Your control:

• You grant calendar access when first launching the app
• You can revoke access anytime in iOS Settings → Privacy & Security → Calendars → Timeline
• You can delete events individually or all at once
• You can delete your account to remove all data from our servers

3. Custom Places

What we collect:

• Place names and descriptions
• Geographic coordinates (latitude/longitude)
• Custom icons (SF Symbols identifiers or emoji characters)
• Place categories (home, work, gym, restaurant, store, park, school, other)
• Personal notes about places
• Creation and modification timestamps

Why we collect it:

• To display your custom places on maps
• To sync your places across devices
• To associate places with events

How it's stored:

• Stored in Google Cloud Firestore
• Encrypted in transit and at rest
• Isolated per user account

4. Contact Location Associations

What we collect:

• Associations between contact identifiers and geographic locations
• Custom icons for contact locations (home, work, other)
• Contact names (read from your device's Contacts app)
• Contact addresses (read from your device's Contacts app)

Why we collect it:

• To display contact locations on the map
• To sync contact location associations across devices

How it's stored:

• Contact associations stored in Google Cloud Firestore
• We store only the contact identifier and location data, not full contact details
• Actual contact data remains on your device; we only reference it

5. Settings and Preferences

What we collect:

• Theme selection (light, dark, system)
• Display preferences (24-hour time format)
• Map display options (show/hide contacts, show/hide custom places)
• Map style preference (standard, satellite, hybrid)
• Weekly start day preference

Why we collect it:

• To sync your preferences across devices
• To provide a consistent experience

How it's stored:

• Stored in Google Cloud Firestore
• Encrypted in transit and at rest

6. Device and Usage Information

What we automatically collect:

• Device model and iOS version
• App version
• Timestamp of last sync
• Error logs (only if app encounters sync issues)

Why we collect it:

• To troubleshoot sync issues
• To ensure compatibility across iOS versions
• To improve app stability

How it's stored:

• Stored in Google Cloud Firestore
• Associated with your anonymous user ID

7. Location Data

What we collect:

• Your current geographic location (only when map view is active)
• Location data is NOT stored on our servers

Why we collect it:

• To display your current location on the map
• To help you position custom place pins accurately
• To center the map on your location

How it's used:

• Processed locally on your device
• Used only to update the map display
• NOT transmitted to our servers or logged

Your control:

• Optional permission requested when you first use map features
• Revoke anytime in iOS Settings → Privacy & Security → Location Services → Timeline

How We Use Your Information

We use the information we collect to:

1. Provide Core Functionality

• Display and manage your calendar events
• Show custom places and contact locations on maps
• Provide timeline and calendar views

2. Sync Across Devices

• Keep your data synchronized across all your devices
• Ensure you have access to your information anywhere

3. Backup and Recovery

• Protect your data from device loss
• Allow you to restore data on new devices

4. Improve the App

• Fix bugs and crashes
• Optimize performance
• Develop new features

5. Provide Support

• Respond to your questions and issues
• Troubleshoot technical problems

Data Storage and Security

Cloud Storage Infrastructure

Google Cloud Firestore:

• Industry-leading cloud database service
• Hosted on Google Cloud Platform
• SOC 2, SOC 3, ISO 27001 certified
• GDPR and CCPA compliant infrastructure

Security Measures

Encryption:

• In Transit: All data transmitted using TLS 1.3 encryption
• At Rest: All data encrypted using AES-256 encryption
• Keys: Managed by Google Cloud Platform Key Management Service

Access Controls:

• Data isolated per user account
• Users can only access their own data
• Role-based access controls for app infrastructure
• Multi-factor authentication required for administrative access

Network Security:

• Firewalls protect database access
• DDoS protection enabled
• Regular security audits

Application Security:

• Secure authentication tokens
• Token expiration and refresh
• Protection against common vulnerabilities (SQL injection, XSS, etc.)

Data Redundancy and Backup

• Firestore automatically replicates data across multiple zones
• Regular automated backups
• Point-in-time recovery available (for disaster recovery)
• 99.999% uptime SLA from Google Cloud

Limitations

While we implement industry-standard security:

• No system is 100% secure
• We cannot protect against compromised account credentials
• We recommend using a strong, unique password
• Enable device security (passcode, Face ID, Touch ID)

Data Sharing and Disclosure

We Do NOT Share Your Data With:

• Advertisers or marketing companies
• Data brokers
• Social media platforms
• Analytics companies (beyond basic Firebase Analytics)
• Any third party for commercial purposes

We will never sell or rent your personal information.

Third-Party Services We Use

Google Firebase / Firestore

• Purpose: Cloud database and authentication
• Data Shared: All data described in "Information We Collect"
• Privacy Policy: https://firebase.google.com/support/privacy
• Compliance: GDPR, CCPA compliant

Apple Frameworks

• EventKit: Access to device calendar (data synced to our servers)
• Contacts: Read-only access to contacts (only identifiers stored)
• MapKit: Map display (map tiles from Apple)
• Core Location: Location services (not stored on servers)

When We May Disclose Information

We may disclose your information only in these circumstances:

1. Legal Compliance:
   • To comply with valid legal process (subpoena, court order, warrant)
   • To meet national security requirements
   • As required by applicable law
2. Safety and Security:
   • To protect rights, property, or safety of Timeline, users, or public
   • To detect, prevent, or address fraud or security issues
   • To enforce our Terms of Service
3. Business Transfers:
   • If Timeline is acquired or merged, your data may transfer to new owner
   • You will be notified and given options regarding your data
4. With Your Consent:
   • If you explicitly authorize us to share specific information

Transparency: We have received 0 legal data requests to date.

Data Retention

How Long We Keep Your Data

Active Accounts:

• Data retained as long as your account is active
• No automatic deletion while you use Timeline

Inactive Accounts:

• Accounts inactive for 2-3 years may be flagged for deletion
• We'll email you (if provided) before deletion
• You can reactivate before deletion deadline

Account Deletion:

When you delete your account, we permanently delete:

• All calendar events
• All custom places
• All contact location associations
• All settings and preferences
• Authentication information

Deletion Timeline:

• Immediate: Data removed from active database
• Within 30 days: Deleted from backup systems
• Within 90 days: Completely purged from all systems

Legal Retention:

• We may retain minimal data if required by law
• Anonymized analytics may be retained for app improvement

Data After App Deletion

If you delete the app:

• App and local data removed from your device
• Cloud data remains available (so you can reinstall)
• To delete cloud data, you must delete your account within the app first

Your Privacy Rights

Universal Rights

All Timeline users have the right to:

• Access: View all your data within the app or request a copy
• Correct: Edit any event, place, or setting
• Delete: Remove individual items or your entire account
• Export: Download your data in machine-readable format
• Revoke Permissions: Disable calendar, contacts, or location access

Response Time:

• Simple requests: 5-7 business days
• Complex requests: Up to 30 days

California Residents (CCPA/CPRA)

Under California law, you have the right to:

1. Know: What personal information we collect
2. Access: Request copies of your personal information
3. Delete: Request deletion of your personal information
4. Correct: Fix inaccurate personal information
5. Opt-Out of Sale: We don't sell personal information (Not applicable - we never sell data)
6. Non-Discrimination: Not be discriminated against for exercising rights

European Economic Area Residents (GDPR)

Under GDPR, you have the right to:

1. Right to Access (Article 15): Request confirmation of data processing and access your personal data
2. Right to Rectification (Article 16): Correct inaccurate data
3. Right to Erasure (Article 17): "Right to be Forgotten" - Request deletion of your data
4. Right to Restrict Processing (Article 18): Limit how we use your data
5. Right to Data Portability (Article 20): Receive data in machine-readable format
6. Right to Object (Article 21): Object to data processing
7. Right to Withdraw Consent: Withdraw consent at any time
8. Right to Lodge a Complaint: File complaint with supervisory authority

Legal Basis for Processing:

• Consent: You create an account and grant permissions
• Contract: Necessary to provide Timeline services
• Legitimate Interest: Improve app functionality and security

Children's Privacy (COPPA Compliance)

Timeline is appropriate for users 13 years and older.

Age Restriction

• Timeline requires users to be at least 13 years old
• We do not knowingly collect information from children under 13
• Account creation requires age verification

If We Discover Underage Use

• We will immediately delete the account
• We will permanently delete all associated data
• We will notify parents if contact information is available

Parental Control

• Parents should monitor children's device usage
• iOS Screen Time features can restrict app usage
• Parents can request account deletion by contacting us

Changes to This Privacy Policy

How We Update

We may update this policy when:

• We add new features
• We change data practices
• Legal requirements change
• Industry best practices evolve

How We Notify You:

1. Update "Last Updated" date at top of this policy
2. In-app notification for material changes
3. Email notification (if we have your email)
4. App Store update notes

Your Options

If you disagree with changes:

• You may stop using Timeline
• You may delete your account
• Contact us with concerns

Continued use after notification constitutes acceptance of changes.

Material Changes

We will NEVER:

• Start selling your data without explicit consent
• Share data with advertisers without notice
• Reduce your privacy rights without giving you opt-out options

Compliance Certifications

Timeline's privacy practices comply with:

• California Consumer Privacy Act (CCPA/CPRA)
• General Data Protection Regulation (GDPR)
• UK GDPR
• Children's Online Privacy Protection Act (COPPA) - 13+ age requirement
• Apple App Store Privacy Guidelines
• Google Cloud Platform Security Standards
• SOC 2 Type II (via Google Cloud)
• ISO 27001 (via Google Cloud)

Your Consent

By creating an account and using Timeline, you:

• Acknowledge you have read this Privacy Policy
• Understand how we collect, use, and store your data
• Consent to data processing as described
• Consent to cloud storage of your data on Google Cloud Platform
• Understand you can withdraw consent by deleting your account
• Confirm you are at least 13 years old

Without consent, we cannot provide Timeline's services.