Terms of ServicePrivacy Policy

Privacy Policy

  • Effective Date: 9 May 2026
  • Last Updated: 9 May 2026

Timeful B.V., a company registered with the Dutch Chamber of Commerce (KvK) under number 91032199 (“Timeful,” “we,” “us,” or “our”), acts as the Data Controller of your personal data. We respect your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you:

  • Visit our website at https://timeful.io (the “Site”) or any subdomains of the Site
  • Use our Timeful software-as-a-service platform (the “Service”)
  • Interact with us through email, social media, or other channels

Please read this Privacy Policy carefully. By accessing or using our Site or Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, do not use our Site or Service.

This Privacy Policy applies to information we collect:

  • On this Site
  • Through the Service
  • In email, text, and other electronic messages between you and the Site or Service
  • When you interact with our advertising and applications on third-party websites and services

It does not apply to information collected by third parties, including through any application or content that may link to or be accessible from the Site or Service.

Table of Contents

1. Information We Collect

We collect several types of information from and about users of our Site and Service, including:

1.1 Personal Information You Provide

When you register for, access, or use our Service, we may collect:

  • Account/Profile Information. Such as Full name, Email address, Company name, Job title, Phone number, Billing address, Username, Password, Profile photo, Professional information, Preferences and settings.

  • Communications. Such as Support requests and correspondence, Survey responses, Feedback and testimonials.

  • Content. Such as applications, materials, files, repositories, and file and repository metadata that are created by you on the Service, or uploaded to the Service by you or by third parties acting on your behalf.

  • Payment information. We will not store or collect your payment details. We use third-party services for payment processing and payment information is provided directly to the third-party payment processors whose use of your personal information is governed by their Privacy Policy.

1.2 Information Collected Automatically

When you access or use our Site or Service, we automatically collect:

  • Device and Usage Information. Such as IP address, browser type and version, operating system, device identifies, pages visited and features used, time and date of page visits, referring/exit pages, clickstream data, technical logs, telemetry data.

  • Location Information. Such as general geographic location (country, state/province, city) based on IP address.

Cookies and Similar Technologies: We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your browsing activities. See Section 7 (Cookies and Tracking Technologies) for details.

1.3 Information from Third Parties

We may receive information about you from third parties, including:

Service Providers:

  • [Paddle] for payment processing
  • [WorkOS] for authentication and account details
  • [LogRocket] and [Mixpanel] for usage analytics
  • [GitHub] for linking code repositories
  • [Resend] for email communications
  • [Railway] for infrastructure and hosting

Social Media: If you connect your social media account (e.g., LinkedIn, Google, GitHub), we may receive:

  • Profile information (name, email, profile picture)
  • Public profile data

Business Partners:

  • Lead information from marketing partners
  • Referral information

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 To Provide and Maintain the Service

  • Create and manage your account
  • Process transactions and send transaction notifications
  • Provide customer support and respond to inquiries
  • Perform technical operations (hosting, security, backups)
  • Troubleshoot and fix technical issues

2.2 To Improve and Develop the Service

  • Analyze usage patterns and trends
  • Test new features and functionality
  • Conduct research and development
  • Improve user experience and interface design

2.3 To Communicate With You

  • Send service-related announcements and updates
  • Respond to your comments, questions, and requests
  • Send marketing communications (with your consent)
  • Notify you about changes to our policies or terms
  • Conduct surveys and collect feedback

2.4 For Security and Fraud Prevention

  • Detect, investigate, and prevent fraudulent transactions
  • Protect against security threats and abuse
  • Monitor and analyze security incidents
  • Enforce our Terms of Service

2.5 For Legal Compliance

  • Comply with applicable laws and regulations
  • Respond to legal requests (subpoenas, court orders)
  • Protect our rights, privacy, safety, or property
  • Resolve disputes and enforce agreements

2.6 With Your Consent

  • For any other purpose disclosed to you at the time we collect your information
  • With your explicit consent for specific uses

2.7 Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), UK, or Switzerland, our legal basis for collecting and using your personal information depends on the specific context:

  • Contractual Necessity: Processing is necessary to perform our contract with you (e.g., providing the Service)

  • Legitimate Interests: Processing is necessary for our legitimate business interests (e.g., fraud prevention, improving the Service, marketing to existing customers)

  • Legal Obligation: Processing is necessary to comply with applicable laws

  • Consent: You have given explicit consent for specific processing activities

You have the right to withdraw consent at any time. See Section 5 (Your Privacy Rights).

3. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. We may share your information in the following circumstances:

3.1 Service Providers

We share information with third-party vendors who perform services on our behalf:

Service ProviderPurposeData Shared
RailwayInfrastructure and hostingAccount data, usage data, device data
PaddlePayment processingBilling information, transaction data
ResendTransactional and marketing emailsEmail address, name, communication preferences
LogRocketUsage analyticsAccount data, device data, usage data, IP address
WorkOSAuthenticationAccount data
MixpanelUsage analyticsAccount data, device data, usage data, IP address

These service providers are contractually obligated to:

  • Use your information only for the specified purpose
  • Implement appropriate security measures
  • Comply with applicable data protection laws

3.2 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Site before your information is transferred and becomes subject to a different privacy policy.

3.3 Legal Requirements We may disclose your information if required to do so by law or in response to:

  • Court orders or subpoenas
  • Legal process or government requests
  • Requests from law enforcement or regulatory authorities
  • Legal claims or disputes

We may also disclose information when we believe, in good faith, that disclosure is necessary to:

  • Protect our rights, property, or safety, or that of our users or the public
  • Detect, prevent, or address fraud, security, or technical issues
  • Enforce our Terms of Service

3.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

3.5 Aggregated and De-identified Information

We may share aggregated or de-identified information that cannot reasonably be used to identify you. For example, we may share statistics about Service usage with business partners or the public.

We do not sell your personal information to third parties.

4. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Deletion and Anonymization

When we no longer need your personal information, we will:

  • Securely delete it from our systems
  • Anonymize it so it can no longer identify you
  • Archive it in a secure, restricted environment (if required by law)

You can request deletion of your personal information at any time. See Section 5 (Right to Delete).

5. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information.

5.1 Rights for EEA, UK, and Swiss Residents (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights:

Right to Access:

  • Request a copy of the personal information we hold about you
  • Receive information about how we process your data

Right to Rectification:

  • Request correction of inaccurate or incomplete personal information

Right to Erasure (“Right to Be Forgotten”):

  • Request deletion of your personal information in certain circumstances

Right to Restrict Processing:

  • Request that we limit how we use your personal information

Right to Data Portability:

  • Request a copy of your personal information in a structured, machine-readable format
  • Request that we transfer your information to another service provider

Right to Object:

  • Object to processing based on legitimate interests
  • Object to direct marketing (including profiling)

Right to Withdraw Consent:

  • Withdraw consent for processing activities at any time (does not affect lawfulness of prior processing)

Right to Lodge a Complaint:

  • File a complaint with your local data protection authority

To exercise these rights, contact us at legal@timeful.io.

5.2 Rights for California Residents (CCPA)

If you are a California resident, you have the following rights:

Right to Know:

  • Request disclosure of the categories and specific pieces of personal information we have collected
  • Request information about the categories of sources, business purposes, and third parties with whom we share information

Right to Delete:

  • Request deletion of your personal information (subject to certain exceptions)

Right to Opt-Out of Sales:

  • Opt out of the sale of your personal information (if we sell data)

Right to Non-Discrimination:

  • We will not discriminate against you for exercising your CCPA rights

CCPA Request Process:

  • Submit a request via legal@timeful.io
  • We will verify your identity (may request additional information)
  • We will respond within 45 days (may extend by 45 days if necessary)

Authorized Agent: You may designate an authorized agent to submit requests on your behalf. The agent must provide:

  • Written authorization signed by you
  • Proof of their identity
  • Verification of your identity

5.3 Rights for Texas Residents (TDPSA)

If you are a Texas resident, you have the following rights:

Right to Know:

  • Confirm whether we are processing your personal data
  • Access your personal data

Right to Correct:

  • Correct inaccuracies in your personal data

Right to Delete:

  • Delete personal data you provided to us

Right to Data Portability:

  • Obtain a copy of your personal data in a portable format

Right to Opt-Out:

  • Opt out of:
    • Targeted advertising
      • Sale of personal data
      • Profiling in furtherance of automated decisions with legal or significant effects

Universal Opt-Out Mechanism: We honor Global Privacy Control (GPC) browser signals. Enable GPC in your browser to automatically opt out.

TDPSA Request Process:

  1. Submit a request via legal@timeful.io

  2. We will respond within 45 days (may extend by 15 days if necessary)

  3. If we deny your request, you may appeal within 45 days

Appeal Process:

  1. Submit an appeal via legal@timeful.io

  2. We will respond within 60 days

  3. If we deny your appeal, you may contact the Texas Attorney General

5.4 Rights for Residents of Other U.S. States

Residents of Virginia, Colorado, Connecticut, and Utah have similar rights under their respective state privacy laws. Contact us at legal@timeful.io to exercise your rights.

6. International Data Transfers

Timeful is based in The Netherlands. If you access our Service from outside The Netherlands, your information may be transferred to, stored, and processed in The Netherlands and other countries where we or our service providers operate.

6.1 For EEA, UK, and Swiss Residents

If you are located in the European Economic Area, United Kingdom, or Switzerland, we transfer your personal information to countries outside the EEA/UK/Switzerland only when:

Adequate Protections Are in Place:

  • The destination country has been deemed to provide an adequate level of protection by the European Commission or UK government
  • The transfer is made to a US-based service provider certified under the EU-U.S. Data Privacy Framework (DPF)
  • We have implemented Standard Contractual Clauses (SCCs) approved by the European Commission
  • We rely on other approved transfer mechanisms (e.g., Binding Corporate Rules, certifications)

Your Rights: You may request a copy of the safeguards we have implemented for international transfers by contacting legal@timeful.io.

7. Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your browsing activities.

7.1 What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They allow the website to recognize your device and remember information about your visit.

7.2 Types of Cookies We Use

Cookie TypePurposeDuration
Essential CookiesRequired for the Service to function (e.g., authentication, security)Session or persistent
Analytics CookiesCollect information about how you use the Service (e.g., Google Analytics)Persistent (up to 2 years)
Functional CookiesRemember your preferences and settingsPersistent (up to 1 year)
Advertising CookiesDeliver targeted ads based on your interestsPersistent (up to 1 year)

7.3 Third-Party Cookies

We allow third parties to place cookies on your device for analytics and advertising purposes:

  • LogRocket: Tracks usage patterns, technical logs, telemetry data. (Learn more)
  • Mixpanel: Tracks usage patterns and analytics data. (Learn more)

7.4 Your Cookie Choices

Browser Settings: Most browsers allow you to:

  • Block all cookies
  • Block third-party cookies
  • Delete cookies after each session

Note: Disabling cookies may affect the functionality of the Service.

Do Not Track (DNT): Some browsers offer a “Do Not Track” (DNT) signal. We do not currently respond to DNT signals, but we honor Global Privacy Control (GPC) signals for TDPSA and other state privacy law compliance.

Global Privacy Control (GPC): If you enable GPC in your browser, we will honor it as an opt-out of:

  • Sale of personal information
  • Targeted advertising
  • Profiling for automated decisions

8. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect your personal information from unauthorized access, use, alteration, and disclosure.

8.1 Security Measures

Technical Safeguards:

  • Encryption of data in transit (TLS/SSL)
  • Encryption of data at rest (AES-256)
  • Secure authentication (password hashing, multi-factor authentication)
  • Regular security assessments and penetration testing
  • Intrusion detection and prevention systems

Administrative Safeguards:

  • Access controls (least privilege principle)
  • Employee training on data security and privacy
  • Background checks for employees with access to sensitive data
  • Incident response plan

Physical Safeguards:

  • Secure data centers with restricted access
  • Environmental controls (fire suppression, power backup)

8.2 Limitations of Security

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security. You are responsible for:

  • Keeping your account credentials confidential
  • Notifying us immediately of any unauthorized access
  • Using strong, unique passwords

8.3 Data Breach Notification

In the event of a data breach that compromises your personal information, we will:

  • Notify you within the timeframe required by applicable law (e.g., 72 hours under GDPR)
  • Describe the nature of the breach and the information affected
  • Provide steps you can take to protect yourself
  • Report the breach to relevant authorities as required by law

9. Children’s Privacy

Our Service is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16.

If you are under 16, do not:

  • Register for an account
  • Provide any personal information through the Service
  • Use any features that require personal information

If we learn that we have collected personal information from a child under 16 without parental consent, we will delete that information as quickly as possible. If you believe we have collected information from a child under 16, contact us immediately at legal@timeful.io.

Our Site and Service may contain links to third-party websites, applications, and services that are not operated by us. This Privacy Policy does not apply to third-party sites or services.

We are not responsible for:

  • The privacy practices of third-party sites
  • The content of third-party sites
  • How third parties collect, use, or share your information

Before providing personal information to third parties, review their privacy policies. We encourage you to be aware when you leave our Site or Service and to read the privacy policies of every website you visit.

Third-Party Services We Integrate:

  • GitHub, GitLab, BitBucket for storing your project repositories

When you connect third-party services to your account, those services may access certain information in accordance with their own privacy policies.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

How We Notify You:

  • Material Changes: We will notify you via email (to the address associated with your account) and/or a prominent notice on our Site at least 30 days before the changes take effect

  • Non-Material Changes: We will update the “Last Updated” date at the top of this Privacy Policy

Your Continued Use: Your continued use of the Service after the effective date of the revised Privacy Policy constitutes your acceptance of the changes. If you do not agree to the revised Privacy Policy, you must stop using the Service and close your account.

Review Regularly: We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, our privacy practices, or wish to exercise your data rights, please contact us at:

Timeful B.V.

  • Email: legal@timeful.io
  • Address: Tolhuisstraat 8, 6305 BA, Schin op Geul, The Netherlands
  • Chamber of Commerce (KvK) number: 91032199

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

13. California “Shine the Light” Law

California Civil Code Section 1798.83 permits California residents to request certain information about our disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes without your consent.

14. Nevada Residents

Nevada law allows Nevada residents to opt out of the sale of certain types of personal information. We do not sell personal information as defined under Nevada law. If you are a Nevada resident and have questions, contact us at legal@timeful.io.

Product
OverviewPricing
Contact
Email ↗
© 2026 Timeful B.V.
Privacy PolicyTerms of Service