Privacy Policy

This Privacy Policy describes how Timents handles personal information when you use the Timents iPhone app, our public-safe web preview pages (such as /u, /m, /c, and /invite), our waitlist, and related communications (together, the "Service").

Timents is a place to keep moments anchored to a calendar date and share them with an audience you choose. It is deliberately not an infinite feed, not an entertainment loop, and not a comparison engine. There are no popularity counters. Because of that, the data we touch is narrower than a typical social app, and we have tried to keep this policy honest about exactly what that means.

This policy works alongside our Terms of Service, Community Guidelines, and Cookies notice. Where local law gives you stronger rights, that law applies.

We collect only what we need to run Timents and to give you control over your own memories. Every category below is linked to your account (rather than anonymous), and none of it is used to track you across other companies' apps or websites.

• Email address — for account creation, sign-in verification, and service communications. Linked to you. Not used for tracking.
• Phone number — as an alternative sign-in method and for verification. Linked. Not used for tracking.
• Name — for your profile, display, and personalization. Linked.
• User ID — to operate your account and for limited first-party analytics. Linked.
• Device ID — for app functionality, push notification delivery, and security. Linked.
• Contacts — optional, for friend discovery, and only when you grant access. Linked.
• Photos or videos — only the media you choose to select or capture and upload. We do not scan or catalog your full library. Linked.
• Product interaction — to make the app work and for limited first-party analytics. Linked.
• Customer support content — to respond to your support requests. Linked.
• Other diagnostic data — for reliability, troubleshooting, and security. Linked.
• User content — your moments, captions, comments, reactions, and chapters. Linked.
• Other identifiers / data — for app functionality. Linked.

Access to Timents is gated by a waitlist (email capture) and invitation codes. When you join the waitlist we hold your email so we can let you in. There are no passwords: you sign in with a 6-digit one-time verification code sent to your email or phone. We do not offer third-party single sign-on (no Sign in with Apple or Google) at this time.

Timents asks for device permissions only when a feature needs them, and you can decline or revoke each one in iOS Settings at any time. We have intentionally designed these to touch as little as possible.

• Camera — used only when you actively capture media for a moment.
• Photo Library — we access only the specific photos you select to add to a moment. There is no full-library scan and no cataloguing of your photos. We never read your whole camera roll.
• Contacts — entirely optional. We use contacts only for friend discovery, and only after you explicitly grant access. If you never grant it, friend discovery simply doesn't use your contacts.
• Notifications — used to send push notifications, delivered through Apple Push Notification service (APNs) and Firebase Cloud Messaging.

Declining a permission may turn off the related feature, but the rest of Timents keeps working.

We use the information above to:

• Create your account and verify it's you when you sign in (via one-time codes to your email or phone).
• Operate the core experience: moments, chapters, the memories calendar, and the Today-only world day card.
• Deliver content to the exact audience you chose for each moment (only you, friends, chapter members, or everyone).
• Send push notifications and important account or service messages.
• Provide optional friend discovery when you grant contacts access.
• Keep the Service reliable and secure, and troubleshoot problems using diagnostic data.
• Run limited first-party analytics to understand and improve how Timents works.
• Respond to your support requests and enforce our Terms and Guidelines.
• Meet legal, safety, and fraud-prevention obligations.

We do not use your information to build advertising profiles, and we do not use it to track you across other companies' services.

If you are in the European Economic Area (EEA) or the United Kingdom, we rely on the following legal bases under the GDPR / UK GDPR:

• Performance of a contract — to create and operate your account, sign you in, and deliver moments and chapters to your chosen audiences.
• Consent — for optional features that depend on device permissions you grant, such as contacts-based friend discovery, camera, and photo selection, and for sending certain communications where consent is required. You can withdraw consent at any time.
• Legitimate interests — to keep the Service secure and reliable, prevent fraud and abuse, run limited first-party analytics to improve Timents, and respond to support requests, balanced against your rights.
• Legal obligation — to comply with applicable laws and respond to lawful requests.

Where we rely on consent, you can change your mind at any time via iOS Settings or by contacting privacy@timents.com. See also Your Privacy Choices.

Every moment carries an audience you choose. Visibility is selectable per moment, not a single global switch:

• Only you (private) — just for you.
• Friends — people you're connected with.
• Chapter (members) — everyone in a specific shared chapter.
• Everyone (public) — anyone, including on the public web.

A chapter is a shared space for moments that belong together (a trip, a season, a relationship, a weekend). A chapter can be members-only or public, and the same design applies whether it spans one day or five years.

When something is set to Everyone (public), it may appear on our intentionally minimal, public-safe web preview pages: /u (profiles), /m (moments), and /c (chapters). These pages exist so a public link works for someone without the app.

Private, friends-only, and chapter-limited media is not served as a permanent public URL. When content cannot be shown to a viewer, the response stays generic on purpose — it never reveals why something is unavailable, so the existence and details of non-public content aren't leaked.

Please remember: once you share a moment with other people who can access it, no system can guarantee absolute secrecy. Anyone who can see a moment may be able to screenshot or describe it. Choose your audience with that in mind.

We rely on a small set of trusted providers to operate Timents. They process information on our behalf, under contract, and only for the purposes below:

• Google Firebase — authentication, the Firestore database, Cloud Storage for your media, Remote Config, and Cloud Messaging (push notifications).
• Google Cloud Platform — hosting, and a Cloud Run service that renders the public-safe web preview pages (/u, /m, /c, /invite).
• Apple — app distribution via TestFlight / the App Store, and the Apple Push Notification service.
• Email/SMS delivery providers — sending one-time verification codes and account messages.

We do not authorize these providers to use your information for their own advertising or to sell it. If our list of sub-processors changes materially, we will update this page.

This is a deliberate, structural choice, not a promise we hope to keep:

• We do not sell your personal information.
• We do not track you as defined by Apple's App Tracking Transparency framework. Our app declares NSPrivacyTracking=false and uses no tracking domains, so you won't see an ATT "ask to track" prompt from us.
• We do not run third-party advertising.
• Our analytics are first-party only, used solely to operate and improve the Service.

There are no popularity counters, no ad networks, and no cross-app advertising identifiers feeding outside companies.

We keep personal information only for as long as we need it to provide the Service and for the purposes described in this policy.

• Account data and user content — kept while your account is active, so your moments, chapters, and memories calendar stay available year after year.
• Verification codes — short-lived; they expire shortly after being issued.
• Diagnostic and security data — retained for a limited period for reliability, troubleshooting, and abuse prevention.
• Support content — kept as long as needed to handle your request and for a reasonable period afterward.

When you delete your account, we begin removing your information as described in Account deletion below. Limited copies may persist for a short window in encrypted backups or security logs where required for integrity, fraud prevention, or legal reasons, after which they are purged.

Depending on where you live, you may have rights to access, correct, delete, port, or restrict the use of your personal information, and to object to certain processing. We honor these rights regardless of where you are, subject to applicable law.

• Access your data — Timents includes an in-app data access view so you can see information associated with your account.
• Control your audience — set or change the audience on each moment.
• Manage permissions — grant or revoke camera, photo, contacts, and notification access in iOS Settings.
• Block, mute, and report — built-in safety controls for people and content.
• Delete your account — available in-app (see below).

For a full walkthrough of these controls, see Your Privacy Choices. To make a rights request directly, contact privacy@timents.com. We will not discriminate against you for exercising your rights.

You can delete your account yourself, from the authenticated account/settings surface inside the app — you don't need to email us.

When you request deletion, Timents asks you to confirm and to re-verify recently (a fresh one-time code), so that no one but you can trigger it. Once confirmed, we:

• Disable the account,
• Revoke active sessions, and
• Begin privacy purge work to remove your information.

A limited amount of data may remain for a short period in encrypted backups or security logs where required for integrity, fraud prevention, or legal reasons. Those copies are purged on a rolling basis. Content you shared into chapters or with others may persist in those shared contexts as described in our Terms.

Timents is not intended for children under 13. We collect date of birth and age-gate access at sign-up. Where local law sets a higher minimum age of digital consent, that higher age applies.

If we learn that someone under the applicable minimum age has created an account, we will take steps to disable it and remove their information. If you believe a child has provided us personal information, please contact privacy@timents.com.

We take reasonable, industry-standard measures to protect your information. Sign-in is passwordless and uses one-time codes, so there's no password to leak or reuse. Media and account data are stored with our cloud providers (Firebase and Google Cloud Platform), and access is restricted and authenticated.

Non-public media is not served as a permanent public URL, and our preview pages stay generic when something can't be shown, so they don't leak the existence of private content. We also keep limited diagnostic and security logs to detect and respond to abuse.

No method of transmission or storage is perfectly secure, and once you share a moment with people who can access it, we cannot guarantee absolute secrecy. If we become aware of a breach affecting your information, we will notify you and the relevant authorities as required by law.

Timents and our service providers (including Google Firebase, Google Cloud Platform, and Apple) may process and store information in countries other than where you live, including the United States. These countries may have data protection laws that differ from those in your country.

Where we transfer personal information out of the EEA, the UK, or other regions with transfer restrictions, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (and the UK Addendum), or another lawful transfer mechanism. To ask about these safeguards, contact privacy@timents.com. Timents is operated from British Columbia, Canada, and your information is processed in Canada and in other countries where our service providers operate (including the United States). Where information is transferred across borders, we rely on appropriate safeguards and the protections described in this policy.

If you are a California resident, the California Consumer Privacy Act, as amended by the CPRA, gives you specific rights regarding your personal information:

• The right to know what personal information we collect, use, and disclose.
• The right to delete personal information we hold about you.
• The right to correct inaccurate personal information.
• The right to opt out of the sale or sharing of personal information.
• The right to limit the use of sensitive personal information.
• The right not to receive discriminatory treatment for exercising these rights.

Timents does not sell your personal information, and we do not share it for cross-context behavioral advertising. The categories we collect and our purposes are described in Information we collect and How we use information. To exercise your rights, contact privacy@timents.com or use the in-app controls described in Your Privacy Choices. You may use an authorized agent, and we will verify requests through your account.

If you are in the EEA or the UK, Timents is the controller of your personal information for the purposes described here. Our legal bases are set out in Legal bases (GDPR).

You have the right to access, rectify, erase, restrict, and port your personal information, to object to certain processing, and to withdraw consent at any time (without affecting processing already carried out). You also have the right to lodge a complaint with your local data protection authority, though we'd appreciate the chance to address your concern first.

To exercise these rights, contact privacy@timents.com. For international transfers, see International data transfers.

If you are in Canada, your personal information is handled in accordance with the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws, including British Columbia’s Personal Information Protection Act (PIPA).

You have the right to access the personal information we hold about you, to ask us to correct it, and to withdraw your consent to our use of it (which may limit some features). To exercise these rights, contact us at privacy@timents.com. If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada or the Office of the Information and Privacy Commissioner for British Columbia.

We may update this Privacy Policy as Timents evolves or as laws change. When we make a material change, we will update the "last updated" date and, where appropriate, give you additional notice in the app or by email.

The current version is effective June 12, 2026 and was last updated June 12, 2026. Your continued use of Timents after an update means you accept the revised policy.

Questions, requests, or concerns about privacy? We'd genuinely like to hear from you.

• Privacy matters: privacy@timents.com
• General questions: hello@timents.com
• Support: support@timents.com
• Safety and reports: safety@timents.com
• Legal: legal@timents.com

You can also reach our Support page for help.