Privacy Policy

1. Information We Collect

1.1 Information You Provide

When you create an account, use our services, or communicate with us, we collect information you voluntarily provide:

• Account Information: Name, email address, password, username, and profile picture
• Booking Information: Event types, meeting details, attendee names and email addresses, meeting notes, and custom form responses
• Calendar Data: Calendar events, availability schedules, and timezone preferences when you connect external calendars
• Payment Information: Billing address and payment details (processed securely through Stripe; we do not store full card numbers)
• Communication Data: Messages you send through our platform, support requests, and feedback
• Team Information: Team names, member roles, and organisational details for Team plan users

1.2 Information Collected Automatically

When you access or use TimeTide, we automatically collect certain technical information:

• Device Information: Browser type and version, operating system, device type, and screen resolution
• Network Information: IP address, approximate location (city/country level), and internet service provider
• Usage Data: Pages visited, features used, clicks, time spent on pages, booking page views, and conversion rates
• Log Data: Access times, error logs, referring URLs, and pages viewed before and after using our Service

1.3 Information from Third Parties

We may receive information about you from third-party sources:

• Calendar Providers: Event data from Google Calendar, Microsoft Outlook, or Apple Calendar when you connect them
• Video Conferencing: Meeting links and metadata from Zoom, Google Meet, or Microsoft Teams
• Payment Processors: Transaction confirmations and billing status from Stripe

2. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data based on the following legal grounds:

• Performance of Contract (Article 6(1)(b)): Processing necessary to provide the TimeTide Service, manage your account, process bookings, and handle subscriptions
• Legitimate Interests (Article 6(1)(f)): Processing for analytics, fraud prevention, service improvement, and direct marketing to existing customers. We balance our interests against your rights and freedoms
• Consent (Article 6(1)(a)): Processing based on your explicit consent, such as marketing communications and non-essential cookies. You may withdraw consent at any time
• Legal Obligation (Article 6(1)(c)): Processing required to comply with tax, accounting, or other legal requirements

3. How We Use Your Information

We use the information we collect for the following purposes:

Service Delivery

• Provide, operate, and maintain the TimeTide scheduling platform
• Process and manage bookings, send confirmations, reminders, and notifications
• Synchronise your calendar data across connected services
• Handle subscription billing and payment processing
• Enable team scheduling, round-robin assignments, and collective events

Improvement and Analytics

• Analyse usage patterns to improve features and user experience
• Provide booking analytics and insights to account holders
• Monitor and improve platform performance and reliability
• Conduct A/B testing to optimise the Service

Communication

• Send transactional emails (booking confirmations, reminders, account updates)
• Respond to your support requests and inquiries
• Send product updates and feature announcements (with opt-out options)
• Send marketing communications (only with your consent)

Security and Compliance

• Detect, prevent, and address fraud, abuse, and security threats
• Enforce our Terms of Service and other policies
• Comply with applicable laws, regulations, and legal processes

4. Information Sharing and Disclosure

We do not sell your personal information. We may share your data in the following limited circumstances:

• With Booking Participants: When someone books a meeting with you, they can see your name, booking page details, and relevant meeting information. Similarly, when you book with others, the organiser receives your provided details.
• With Team Members: If you are part of a team on TimeTide, other team members and administrators may see your availability, booking details, and scheduling data as configured by your team settings.
• With Service Providers: We work with trusted third-party providers who assist in operating our Service, including cloud hosting (e.g., Vercel, AWS), email delivery, analytics, and payment processing (Stripe). These providers are contractually obligated to protect your data.
• With Calendar and Conferencing Providers: When you connect Google Calendar, Microsoft Outlook, Zoom, or similar services, we share necessary data to synchronise your schedule and create meeting links.
• For Legal Reasons: We may disclose information if required by law, subpoena, court order, or governmental request, or to protect the rights, property, or safety of TimeTide, our users, or the public.
• Business Transfers: In connection with a merger, acquisition, reorganisation, or sale of assets, your information may be transferred. We will notify you before your data is subject to a different privacy policy.

5. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. Below are the categories of cookies we use:

You can manage your cookie preferences through your browser settings or our cookie consent banner. Note that disabling essential cookies may prevent you from using certain features of our Service.

6. Data Security

We implement robust technical and organisational measures to protect your personal information:

• Encryption: All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption
• Authentication: Secure password hashing, optional two-factor authentication, and session management
• Access Controls: Role-based access controls, principle of least privilege, and regular access reviews
• Infrastructure: Hosted on SOC 2 compliant cloud infrastructure with regular security audits
• Monitoring: Continuous security monitoring, intrusion detection, and incident response procedures
• Employee Training: Regular security awareness training for all team members with access to personal data

While we strive to protect your information, no method of transmission over the internet is 100% secure. If you discover a security vulnerability, please report it to security@timetide.app.

7. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes described in this policy:

• Account Data: Retained for as long as your account is active. Upon account deletion, personal data is deleted or anonymised within 30 days
• Booking Data: Retained for 12 months after the booking date for reference and analytics, then anonymised
• Payment Records: Retained for 7 years to comply with UK tax and accounting regulations
• Log Data: Retained for 90 days for security and debugging purposes
• Marketing Consent Records: Retained for as long as the consent is valid, plus 3 years after withdrawal for compliance records

When data is no longer needed, it is securely deleted or irreversibly anonymised so it can no longer be associated with you.

8. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Restrict Processing: Request limitation of processing in certain circumstances
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Right to Lodge a Complaint: File a complaint with a supervisory authority (in the UK, this is the Information Commissioner's Office at ico.org.uk)

To exercise any of these rights, please contact us at privacy@timetide.app. We will respond to your request within 30 days (or within the timeframe required by applicable law).

You may also manage certain preferences directly in your account settings, including email notification preferences, connected calendar integrations, and profile visibility.

9. California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You can request details about the categories and specific pieces of personal information we collect, the purposes for collection, and the categories of third parties with whom we share it
• Right to Delete: You can request deletion of your personal information, subject to certain exceptions
• Right to Opt-Out of Sale: We do not sell your personal information. If this changes, we will provide a "Do Not Sell My Personal Information" link
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
• Right to Correct: You can request correction of inaccurate personal information
• Right to Limit Use of Sensitive Personal Information: You can limit our use of sensitive personal information to what is necessary for providing the Service

To exercise your California privacy rights, contact us at privacy@timetide.app or through your account settings. We will verify your identity before processing your request.

10. International Data Transfers

TimeTide is operated by SeekaHost Technologies Ltd., a company based in the United Kingdom. Your information may be transferred to and processed in countries other than your own, including countries that may not provide the same level of data protection.

When we transfer personal data outside the UK or EEA, we ensure appropriate safeguards are in place:

• Adequacy Decisions: Transfers to countries recognised as providing adequate data protection
• Standard Contractual Clauses (SCCs): EU/UK-approved contractual terms that require data recipients to protect your data
• Data Processing Agreements: Binding agreements with all sub-processors that include appropriate transfer mechanisms

Following the UK's departure from the EU, we comply with the UK GDPR and the Data Protection Act 2018 for transfers of personal data from the UK.

11. Third-Party Services and Integrations

TimeTide integrates with various third-party services. When you connect these services, data may be shared as described below:

Each third-party service has its own privacy policy. We encourage you to review their policies before connecting your accounts. You can disconnect integrations at any time through your TimeTide settings.

12. Data Processing Agreement

When you use TimeTide to schedule meetings with your clients or customers, you may act as a data controller and TimeTide acts as a data processor on your behalf. We offer a Data Processing Agreement (DPA) that governs how we handle personal data processed on your behalf, in compliance with GDPR requirements. To request a copy of our DPA, please contact legal@timetide.app.

13. Children's Privacy

TimeTide is not directed at children under the age of 16 (or 13 in jurisdictions where a lower age of consent applies). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@timetide.app. We will promptly delete such information from our systems.

14. Automated Decision-Making

TimeTide does not use automated decision-making or profiling that produces legal effects or significantly affects you. Our scheduling algorithms (such as round-robin assignment and availability matching) are functional tools that facilitate scheduling based on the rules you configure. You retain full control over your scheduling preferences and can adjust settings at any time.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Notify you via email or through a prominent notice on our platform
• Where required by law, seek your consent to the changes

We encourage you to review this policy periodically. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: