Privacy notice

Your work data should never be a mystery.

This notice explains what Timegeist processes, why it is needed, who helps us provide the service, and the controls you have over your data.

Effective 15 July 2026

Who is responsible

Timegeist is a service of Pixelheads B.V., registered with the Dutch Chamber of Commerce under number 69959447. We are the controller for the personal data described in this notice.

Registered address

De Nieuwe Erven 3, 5431 NV Cuijk, the Netherlands

Privacy contact

This notice applies to the Timegeist website, web application, and related support communications.

Data we process

Account and workspace data

We process your name, email address, profile image if supplied by your sign-in provider, timezone, workspace name, membership and role. We also process the projects, clients, tags, rates, time entries, notes, privacy settings, imports, and other workspace content you choose to create.

AI-assisted inputs

When you use AI features, we process the text you submit and the workspace context needed to interpret it. If you upload a screenshot, we process the image bytes and derive proposed time entries from the visible schedule information.

Calendar connection

If you connect Google Calendar, we process the connected Google account email, the granted scopes, an encrypted refresh credential, sync timestamps, and the event titles, times, and participation state needed to create proposals.

Billing, communications, and operations

For paid plans, we process subscription, customer, invoice, plan, seat, and payment-status metadata. Stripe handles card and bank details; Timegeist does not store full payment-card details. We process invitation and transactional-email delivery records, support messages you send, fixed-schema activation milestones, rate-limit counters, and security or infrastructure logs. Hosting and security providers may temporarily process IP address, browser, request, and device information to deliver and protect the service.

Why we use data and our legal bases

  • To provide the service and fulfil our contract: authenticate you, maintain workspaces, create reports, sync a calendar at your request, process AI-assisted entries, export data, and administer subscriptions.
  • For legitimate interests: secure the service, prevent abuse, troubleshoot fixed error categories, understand privacy-minimal product activation, recover failed jobs, and improve reliability. We balance these interests against your rights.
  • To meet legal obligations: keep financial records, respond to lawful requests, and establish or defend legal claims.
  • With consent where required: connect optional third-party services or use non-essential technology. You can withdraw consent without affecting earlier lawful processing.

Timegeist does not sell personal data and does not use workspace content for third-party advertising.

AI processing and screenshots

Timegeist uses Anthropic's commercial API to interpret natural-language time logs, screenshots, and selected analytical requests. Relevant input and limited workspace context are sent to Anthropic only when you invoke an AI feature. AI results can be incomplete or wrong; proposals remain subject to your review.

Screenshot source images are not written to Timegeist storage. They remain in request memory while the AI request is processed. Anthropic may retain commercial API inputs and outputs for up to 30 days by default for trust and safety, subject to its contractual exceptions and legal obligations. See Anthropic's commercial data-retention explanation.

Derived screenshot proposals are stored so you can review them. Accepted and dismissed screenshot proposals are deleted promptly, with a daily deletion backstop. Pending screenshot proposals expire after 30 days. A confirmed time entry is retained as ordinary workspace content.

Google Calendar data

The integration requests read-only access to your primary Google Calendar. Timegeist reads events to create editable proposals; it does not create, change, or delete Google Calendar events. You can disconnect Google Calendar in Workspace settings, which deletes the local connection credential and requests revocation at Google.

Timegeist's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Calendar-derived proposals remain until you accept or dismiss them, disconnect where the interface provides cleanup, or delete your account. Confirmed proposals become ordinary time entries. We do not use Google Workspace data to train generalized AI models, advertise, build user profiles unrelated to the feature, or allow humans to read it except with your affirmative agreement for support, for security purposes, to comply with law, or when aggregated and anonymized for internal operations.

Service providers and international transfers

We share only the data needed for these providers to perform services for Timegeist:

  • Supabase: authentication, PostgreSQL database, encrypted credential storage, and application infrastructure.
  • Vercel: web hosting, serverless execution, and infrastructure logs.
  • Anthropic: AI interpretation and analysis when you invoke AI features.
  • Google: sign-in and optional read-only Calendar access.
  • Stripe: checkout, subscription administration, invoicing, and payment processing.
  • Resend: account, invitation, billing, and operational email delivery.
  • Cloudflare: DNS and bot-abuse protection, including Turnstile where enabled.

Some providers process data outside the European Economic Area. Where required, transfers rely on an adequacy decision, Standard Contractual Clauses, or another lawful transfer mechanism. Providers may also process data under their own legal obligations.

We may disclose data if required by law, to protect rights or security, during a corporate transaction subject to appropriate safeguards, or when you direct us to do so.

How long we keep data

  • Account and workspace content: while your account or workspace is active, then deleted when the relevant account or workspace is lawfully deleted, except where a team or paid-workspace safeguard requires ownership or billing to be resolved first.
  • Screenshot source images: not stored by Timegeist. Pending derived proposals expire after 30 days; terminal screenshot proposals are deleted promptly.
  • Google credentials: until you disconnect the integration or delete your account. Calendar proposals remain until handled or the related account data is deleted.
  • Activation milestones: a fixed set of content-free events, automatically deleted after 90 days. Onboarding state may remain with the account so the product remembers completed setup.
  • Email delivery data: recipient, content, provider identifiers, and source links are redacted 30 days after a final delivery state. A non-identifying business key and aggregate status may remain to prevent duplicate sending.
  • Billing and tax records: for the period required by Dutch tax, accounting, fraud-prevention, and legal-claims rules. Stripe applies its own retention duties as payment provider.
  • Security and hosting logs: for short operational periods set by the relevant infrastructure provider, unless a longer period is needed to investigate abuse or meet law.

Backups can retain deleted records for a limited rotation period and are protected from ordinary use. Data is removed as those backups expire unless preservation is legally required.

Your choices and rights

Depending on the circumstances, you may request access, correction, deletion, restriction, portability, or objection to processing. You may withdraw consent at any time and object to processing based on legitimate interests. The app provides a machine-readable account export and an account-deletion workflow under Account settings.

We may need to verify your identity before acting on a request. Team-workspace and active-subscription safeguards can require you to transfer ownership, remove other members, or resolve billing before deletion so another person's data or an active contract is not erased.

Email dpo@becraved.com to exercise a right. You may also complain to the Dutch Data Protection Authority or the authority in your country of residence or work.

Security, cookies, and children

We use access controls, tenant-level database policies, encryption in transit, restricted server credentials, signed webhooks, rate limits, and deletion safeguards. No system is completely secure; please use a strong account credential and contact us if you suspect misuse.

Timegeist uses essential cookies and similar storage for authentication, account recovery, invitation handoff, active-workspace preference, navigation state, and abuse prevention. These are required to operate the service. We do not currently use advertising cookies or third-party behavioral advertising analytics.

Timegeist is intended for people aged 16 or older and is not directed to children. If you believe a child provided data contrary to this notice, contact us.

Changes and contact

We may update this notice when the service, providers, or law changes. We will change the effective date and provide additional notice in the app or by email when a change materially affects your rights.

Privacy questions

Product support