Tiderun
– Privacy Policy

Last updated: 19 May 2025

1. Introduction

Tiderun (“we”, “our”, “us”) provides a digital service that helps users plan, track, and analyze time-based activities.

We take privacy seriously and are committed to protecting the personal data of every individual who uses our website,

mobile applications, and related services (collectively, the “Service”).

This Privacy Policy explains what information we collect, why we collect it, how we use it,

and the choices you have regarding your data.

2. Scope

This Policy applies to all visitors, registered users, and any other individuals who interact with the Service. By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy.

3. Information We Collect

Account Data

  • What: Name, email address, hashed password, optional profile photo
  • Source: You
  • Purpose / Legal basis: Contract (Art. 6 (1)(b) GDPR); legitimate interest – account administration (Art. 6 (1)(f))

Usage Data

  • What: Time-tracking logs, session durations, feature interactions, crash reports
  • Source: Generated automatically by the Service
  • Purpose / Legal basis: Legitimate interest – service improvement (Art. 6 (1)(f))

Device & Technical Data

  • What: IP address, device ID, operating system, browser, locale, referral URLs, cookies
  • Source: Collected automatically
  • Purpose / Legal basis: Legitimate interest – security and analytics (Art. 6 (1)(f)); consent for cookies where required (Art. 6 (1)(a))

Payment Data

  • What: Card last four digits, tokenised payment ID, billing address
  • Source: Our payment processor
  • Purpose / Legal basis: Contract (Art. 6 (1)(b)); legal obligation – tax and accounting (Art. 6 (1)(c))

Marketing Data

  • What: Email-marketing preferences, survey responses
  • Source: You
  • Purpose / Legal basis: Consent (Art. 6 (1)(a)); legitimate interest – customer feedback (Art. 6 (1)(f))

4. How We Use Your Information

  1. Provide the Service – create and manage user accounts, authenticate log-ins, synchronise data across devices.
  2. Improve and customise – analyse aggregated usage to enhance features and user experience.
  3. Communicate – send required transactional messages (e.g., password resets, subscription notices) and, where you agree, marketing emails.
  4. Process payments – facilitate subscriptions via PCI-compliant payment providers.
  5. Ensure security – detect, investigate, and prevent fraud and abuse.
  6. Comply with law – meet tax, accounting, and regulatory requirements.

5. Sharing and Disclosure

We do not sell personal data. We share information only when necessary:

  • Cloud hosting and database providers – to operate our infrastructure. Safeguards: Data-processing agreements and EU Standard Contractual Clauses (where applicable).
  • Payment processors – to handle billing securely. Safeguards: PCI-DSS compliance.
  • Analytics and crash-report tools – to maintain and improve the Service. Safeguards: Pseudonymisation and IP masking where supported.
  • Legal and public authorities – to respond to lawful requests or to defend legal rights.
  • Successors in interest – in connection with a merger, acquisition, or other corporate transaction. We will notify affected users and require continued data-protection commitments.

6. International Transfers

When personal data is transferred outside the European Economic Area (EEA), we rely on either:

  • European Commission adequacy decisions, or
  • Standard Contractual Clauses (SCCs) with additional safeguards.

7. Data Retention

  • Active account – We retain your data while your account remains open.
  • Deleted account – Core account and content data are erased or anonymised within 30 days. Records required by law (e.g., invoices) may be retained for up to 10 years.
  • Back-ups – Automatically purged on a 90-day rolling basis.

8. Your Rights (GDPR & CCPA)

You may have rights to:

  • Access, correct, or delete personal data.
  • Object to or restrict processing.
  • Port data to another controller.
  • Withdraw consent at any time (without affecting prior processing).
  • Opt out of “sale” or “sharing” as defined by the CCPA.

Submit requests via support@tiderun.ai or through in-app controls. We respond within 30 days (45 days for CCPA).

9. Security Measures

We protect data through:

  • Encryption in transit (TLS 1.3) and at rest (AES-256).
  • Least-privilege access controls.
  • Regular penetration testing and code reviews.
  • 24 × 7 monitoring with automated anomaly alerts.

No internet transmission is completely secure; keep your password confidential.

10. Children’s Privacy

The Service is not directed to children under 13 years (or the applicable minimum age). We do not knowingly collect data from children. Contact us if you believe a child has provided data and we will delete it.

11. Changes to This Privacy Policy

We may update this Policy periodically. Material changes will be announced at least 14 days in advance via email or in-app notice. Continued use after the effective date constitutes acceptance.

12. Contact Us

Tiderun AB
Glemmingevägen 33, 271 74 Ystad, Sweden
Email: support@tiderun.io

If you are in the EEA, you may also lodge a complaint with your local supervisory authority or the Swedish Authority for Privacy Protection (IMY).

Review this Privacy Policy periodically. We are available to answer any questions.