1. Introduction
TimeAnchor ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our intelligent task management application ("Service"). By using TimeAnchor, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
2.1 Information You Provide
- Account Information: When you register, we collect your name, email address, and password (securely hashed using bcrypt).
- Task Data: Todo items you create, including titles, notes, due dates, time estimates, priority levels, and categories.
- User Preferences: Work hours, timezone settings, personal hours configuration, and background image preferences.
2.2 Information from Third-Party Services
- Google Calendar: When you connect your Google Calendar, we access your calendar events to analyze availability and create/update events. We store an encrypted OAuth refresh token to maintain this connection.
- Unsplash (Optional): If you choose to use Unsplash background images, we access their API to fetch images from collections you specify. No personal data is sent to Unsplash.
2.3 Automatically Collected Information
- Usage Data: We use PostHog analytics (optional) to track feature usage, performance metrics, and user interactions to improve our service.
- Device Information: Your browser type, device type, and timezone for proper scheduling functionality.
- Error Logs: Crash reports and error logs to diagnose and fix technical issues.
3. How We Use Your Information
We use your information to:
- Provide Core Service: Manage your tasks, schedule them on your calendar, and sync across devices.
- Intelligent Scheduling: Analyze your calendar availability and work hours to automatically schedule tasks.
- Authentication: Secure your account with JWT-based authentication.
- Offline Functionality: Store tasks locally in your browser's IndexedDB for offline access.
- Service Improvement: Analyze usage patterns to enhance features and fix bugs (via PostHog, if enabled).
- Communication: Send service-related notifications and respond to support requests.
4. Data Storage and Security
- Password Encryption: Passwords are hashed using bcrypt with 10 rounds before storage.
- Token Encryption: Google OAuth refresh tokens are encrypted using AES-256-CBC encryption before database storage.
- Secure Communication: All data transmission occurs over HTTPS.
- JWT Authentication: Access tokens expire and use industry-standard JWT signing.
- Database Security: PostgreSQL database with access controls and encrypted connections.
4.1 Data Storage Locations
- Server Database: Task data, user accounts, and encrypted OAuth tokens stored in PostgreSQL database.
- Browser Storage: Tasks cached locally in IndexedDB for offline access; sync queue for offline operations; JWT tokens in localStorage.
- Google Calendar: Calendar events created by TimeAnchor are stored in your Google Calendar account.
5. Third-Party Services
5.1 Google Calendar API
When you connect Google Calendar, we use Google's OAuth 2.0 for authentication. We request the following scope:
https://www.googleapis.com/auth/calendar- To read your calendar events and create/update/delete events for scheduled tasks.
What we do with Google Calendar data:
- Read existing calendar events to analyze your availability
- Create calendar events when you schedule tasks
- Update calendar events when you modify scheduled tasks
- Delete calendar events when you complete or delete tasks
What we DON'T do:
- We do NOT read, modify, or delete events we didn't create
- We do NOT share your calendar data with any third parties
- We do NOT use calendar data for advertising or profiling
5.2 PostHog Analytics (Optional)
We use PostHog for product analytics and error tracking. PostHog collects:
- Feature usage events (e.g., "user created task," "user synced calendar")
- Error logs and crash reports
- Page views and UI interactions
PostHog data is anonymized and used solely for improving our service. You can opt out of analytics by disabling them in your browser settings.
5.3 Unsplash API (Optional)
If you choose to use Unsplash background images, we fetch images from Unsplash's API based on your collection preferences. No personal data is sent to Unsplash. Photo attribution is displayed as required by Unsplash's API license.
6. Data Sharing and Disclosure
We do NOT sell, rent, or trade your personal information.
We may share your information only in the following circumstances:
- With Your Consent: When you explicitly authorize us to share data (e.g., connecting Google Calendar).
- Service Providers: With trusted third-party service providers who assist in operating our service (e.g., database hosting, analytics).
- Legal Requirements: If required by law, court order, or governmental authority.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information is transferred and becomes subject to a different privacy policy.
7. Your Rights and Choices
7.1 Access and Control
- Access Your Data: View all your tasks and settings within the app.
- Edit Your Data: Modify or delete tasks, update preferences, and change account information.
- Delete Your Account: Contact us to request account deletion. We will delete all associated data within 30 days.
- Disconnect Services: Disconnect Google Calendar at any time from the Settings page. This revokes our access to your calendar.
7.2 Data Portability
You can export your task data at any time by contacting us. We will provide your data in a machine-readable format (JSON).
7.3 Opt-Out Options
- Analytics: Disable PostHog tracking via browser settings or ad blockers.
- Background Images: Remove Unsplash integration by clearing background settings.
8. Data Retention
- Active Accounts: Data retained as long as your account is active.
- Completed Tasks: Automatically archived after 30 days of completion (configurable).
- Deleted Accounts: All data permanently deleted within 30 days of account deletion request.
- Offline Data: Browser-cached data persists until you clear browser storage or uninstall the PWA.
9. Children's Privacy
TimeAnchor is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.
10. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using TimeAnchor, you consent to the transfer of your information to our servers and third-party service providers located worldwide.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by:
- Posting the new Privacy Policy on this page
- Updating the "Last Updated" date
- Sending an email notification (for material changes)
We encourage you to review this Privacy Policy periodically for any changes. Changes are effective when posted.
12. Google API Services User Data Policy Compliance
TimeAnchor's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We only access Google Calendar data necessary for TimeAnchor's core functionality (task scheduling).
- We do NOT use Google user data for serving advertisements.
- We do NOT allow humans to read Google user data, except as necessary for security purposes, to comply with applicable law, or with your explicit consent.
- We do NOT transfer Google user data to third parties, except as necessary to provide our service, for security purposes, to comply with applicable law, or with your explicit consent.
- We do NOT use or transfer Google user data for purposes unrelated to our single purpose of intelligent task scheduling.
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
- Email:
- Service: https://app.timeanchor.app
14. Your California Privacy Rights
If you are a California resident, you have the right to request information about the personal information we collect and how we share it. You also have the right to request deletion of your personal information. To exercise these rights, contact us using the information above.
15. GDPR Compliance (EU Users)
If you are located in the European Economic Area (EEA), you have the following rights under GDPR:
- Right to Access: Request a copy of your personal data.
- Right to Rectification: Correct inaccurate or incomplete data.
- Right to Erasure: Request deletion of your data ("right to be forgotten").
- Right to Restrict Processing: Limit how we use your data.
- Right to Data Portability: Receive your data in a portable format.
- Right to Object: Object to certain data processing activities.
- Right to Withdraw Consent: Withdraw consent at any time (does not affect prior processing).
To exercise these rights, contact us at the email address above.