Who is responsible
Timegeist is a service of Pixelheads B.V., registered with the Dutch Chamber of Commerce under number 69959447. We are the controller for the personal data described in this notice.
Registered address
Privacy contact
This notice applies to the Timegeist website, web application, and related support communications.
Data we process
Account and workspace data
We process your name, email address, profile image if supplied by your sign-in provider, timezone, workspace name, membership and role. We also process the projects, clients, tags, rates, time entries, notes, privacy settings, imports, and other workspace content you choose to create.
AI-assisted inputs
When you use AI features, we process the text you submit and the workspace context needed to interpret it. If you upload a screenshot, we process the image bytes and derive proposed time entries from the visible schedule information.
Calendar connection
If you connect Google Calendar, we process the connected Google account email, the granted scopes, an encrypted refresh credential, sync timestamps, and the event titles, times, and participation state needed to create proposals.
Billing, communications, and operations
For paid plans, we process subscription, customer, invoice, plan, seat, and payment-status metadata. Stripe handles card and bank details; Timegeist does not store full payment-card details. We process invitation and transactional-email delivery records, support messages you send, fixed-schema activation milestones, rate-limit counters, and security or infrastructure logs. Hosting and security providers may temporarily process IP address, browser, request, and device information to deliver and protect the service.
Why we use data and our legal bases
- To provide the service and fulfil our contract: authenticate you, maintain workspaces, create reports, sync a calendar at your request, process AI-assisted entries, export data, and administer subscriptions.
- For legitimate interests: secure the service, prevent abuse, troubleshoot fixed error categories, understand privacy-minimal product activation, recover failed jobs, and improve reliability. We balance these interests against your rights.
- To meet legal obligations: keep financial records, respond to lawful requests, and establish or defend legal claims.
- With consent where required: connect optional third-party services or use non-essential technology. You can withdraw consent without affecting earlier lawful processing.
Timegeist does not sell personal data and does not use workspace content for third-party advertising.
AI processing and screenshots
Timegeist uses Anthropic's commercial API to interpret natural-language time logs, screenshots, and selected analytical requests. Relevant input and limited workspace context are sent to Anthropic only when you invoke an AI feature. AI results can be incomplete or wrong; proposals remain subject to your review.
Screenshot source images are not written to Timegeist storage. They remain in request memory while the AI request is processed. Anthropic may retain commercial API inputs and outputs for up to 30 days by default for trust and safety, subject to its contractual exceptions and legal obligations. See Anthropic's commercial data-retention explanation.
Derived screenshot proposals are stored so you can review them. Accepted and dismissed screenshot proposals are deleted promptly, with a daily deletion backstop. Pending screenshot proposals expire after 30 days. A confirmed time entry is retained as ordinary workspace content.
Google Calendar data
The integration requests read-only access to your primary Google Calendar. Timegeist reads events to create editable proposals; it does not create, change, or delete Google Calendar events. You can disconnect Google Calendar in Workspace settings, which deletes the local connection credential and requests revocation at Google.
Timegeist's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Calendar-derived proposals remain until you accept or dismiss them, disconnect where the interface provides cleanup, or delete your account. Confirmed proposals become ordinary time entries. We do not use Google Workspace data to train generalized AI models, advertise, build user profiles unrelated to the feature, or allow humans to read it except with your affirmative agreement for support, for security purposes, to comply with law, or when aggregated and anonymized for internal operations.
How long we keep data
- Account and workspace content: while your account or workspace is active, then deleted when the relevant account or workspace is lawfully deleted, except where a team or paid-workspace safeguard requires ownership or billing to be resolved first.
- Screenshot source images: not stored by Timegeist. Pending derived proposals expire after 30 days; terminal screenshot proposals are deleted promptly.
- Google credentials: until you disconnect the integration or delete your account. Calendar proposals remain until handled or the related account data is deleted.
- Activation milestones: a fixed set of content-free events, automatically deleted after 90 days. Onboarding state may remain with the account so the product remembers completed setup.
- Email delivery data: recipient, content, provider identifiers, and source links are redacted 30 days after a final delivery state. A non-identifying business key and aggregate status may remain to prevent duplicate sending.
- Billing and tax records: for the period required by Dutch tax, accounting, fraud-prevention, and legal-claims rules. Stripe applies its own retention duties as payment provider.
- Security and hosting logs: for short operational periods set by the relevant infrastructure provider, unless a longer period is needed to investigate abuse or meet law.
Backups can retain deleted records for a limited rotation period and are protected from ordinary use. Data is removed as those backups expire unless preservation is legally required.
Your choices and rights
Depending on the circumstances, you may request access, correction, deletion, restriction, portability, or objection to processing. You may withdraw consent at any time and object to processing based on legitimate interests. The app provides a machine-readable account export and an account-deletion workflow under Account settings.
We may need to verify your identity before acting on a request. Team-workspace and active-subscription safeguards can require you to transfer ownership, remove other members, or resolve billing before deletion so another person's data or an active contract is not erased.
Email dpo@becraved.com to exercise a right. You may also complain to the Dutch Data Protection Authority or the authority in your country of residence or work.
Security, cookies, and children
We use access controls, tenant-level database policies, encryption in transit, restricted server credentials, signed webhooks, rate limits, and deletion safeguards. No system is completely secure; please use a strong account credential and contact us if you suspect misuse.
Timegeist uses essential cookies and similar storage for authentication, account recovery, invitation handoff, active-workspace preference, navigation state, and abuse prevention. These are required to operate the service. We do not currently use advertising cookies or third-party behavioral advertising analytics.
Timegeist is intended for people aged 16 or older and is not directed to children. If you believe a child provided data contrary to this notice, contact us.
Changes and contact
We may update this notice when the service, providers, or law changes. We will change the effective date and provide additional notice in the app or by email when a change materially affects your rights.
Privacy questions
Product support