Logo

GDPR Compliance

Last updated: 1/15/2026

1. Introduction

TimeFlow Inc. is committed to compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This GDPR Compliance page explains how we handle personal data in accordance with GDPR requirements and outlines your rights as a data subject.

2. Data Controller

TimeFlow Inc. acts as a data controller for personal data collected through our Service. Our contact information for GDPR-related inquiries:

Email: legal@timeflowapp.com

3. Legal Basis for Processing

We process personal data based on the following legal bases:

  • Contractual necessity: To provide the Service you have requested
  • Legitimate interests: To improve our Service, ensure security, and prevent fraud
  • Consent: When you have given explicit consent for specific processing activities
  • Legal obligation: To comply with applicable laws and regulations

4. Your Rights Under GDPR

As a data subject, you have the following rights:

4.1 Right of Access

You have the right to obtain confirmation as to whether we process your personal data and to access that data, along with certain additional information.

4.2 Right to Rectification

You have the right to have inaccurate personal data corrected and incomplete personal data completed.

4.3 Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data under certain circumstances, such as when the data is no longer necessary for the original purpose or you withdraw consent.

4.4 Right to Restrict Processing

You have the right to restrict the processing of your personal data in certain situations, such as when you contest the accuracy of the data.

4.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

4.6 Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

4.7 Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or similarly significantly affect you.

4.8 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

5. Exercising Your Rights

To exercise any of your rights, please contact us at privacy@timeflowapp.com or use the data request form in your account settings. We will respond to your request within one month of receipt.

We may request verification of your identity before processing your request to ensure the security of your personal data.

6. Data Processing and Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and audits
  • Access controls and authentication mechanisms
  • Employee training on data protection
  • Incident response procedures

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including compliance with legal obligations, dispute resolution, and enforcement of our agreements. When data is no longer needed, we securely delete or anonymize it.

8. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

9. Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, and in any event within 72 hours of becoming aware of the breach.

10. Third-Party Processors

We may use third-party service providers to process personal data on our behalf. These processors are contractually bound to:

  • Process data only in accordance with our instructions
  • Implement appropriate security measures
  • Comply with GDPR requirements
  • Not engage sub-processors without our authorization

12. Updates to This Policy

We may update this GDPR Compliance page from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on this page.

13. Contact Us

For any questions, concerns, or requests regarding GDPR compliance or your personal data, please contact us:

Email: legal@timeflowapp.com