Privacy Policy

Our business is based on selling quality software. Therefore, we have no interest in selling your data or using it for sleazy purposes. We believe that the less we know about you, the better, which is why we aim to limit the information we collect to the minimum necessary. Our intention for collecting and using your data is solely to provide you with the services you enrol for and improving these services.
We will never share your data with third parties, as long as it is not required by law of for the services we offer.

Summary

The purpose of this privacy policy (“Privacy Policy”) is to inform you in detail about:

  1. what personally identifiable information or personal information we collect from you through our website (“www.timist.app”) and how we use such information,

  2. what personally identifiable information or personal information we collect from you through the software application “Timist” and how we use such information,

  3. what choices you have regarding the use of, and your ability to review and correct, the information.

For the purposes of this Privacy Policy, the terms “we”, “us” and “our” refer to the business as detailed in the Imprint, which is providing the following services: the website, which refers to the Timist Website (“www.timist.app”) and related services, and the app, which refers to the software application “Timist”. “You” refers to you, as a user of this website or the app, as applicable.

As such, we act as a Controller for the purpose of the General Data Protection Regulation (GDPR) and other data protection laws applicable in member states of the European Union.

Information We Collect and How We Use It

We solely collect information that is necessary to provide you with our services and to improve our product.

Website

Website Analytics: To understand how our customers find out about our product and services, and to improve our website, we use Google Analytics to collect pseudonymized data about the time of your visit, the pages you visit as well as the device and browser you are using.
Legal basis Art. 6(1)(f) GDPR.

Cookies: We use cookies to identify you as a visitor to improve our website.

This website is hosted on Microsoft Azure services in Europe.

Contact and Support

Email and personal information: If you contact us via email, we will have to process your email and additional personal information, should you provide us any. We will not share your email address or use them for marketing purposes unless you have given us your explicit consent.

Timist App

Subscriber information: To manage and verify your subscription, we have to process your digital purchase receipts from Apple. This includes only information about the type and time of purchase, along with a unique pseudonomyzed random user identifier, which we use to match your subscription across devices in our system. We do not receive any contact or payment information, nor do we have access to your Apple ID. In addition, we collect data about redeemed trials and promotional codes. We may also use this pseudonomyzed data for statistical reasons and fraud protection.
Legal basis Art. 6(1)(b) GDPR.

Usage Data (Optional): To improve our services we may collect pseudonomyzed data about your devices and how you use the app. Examples are number and types of devices you use, the operating systems installed on those devices, the version of the app and language settings.

In addition, we may also collect data about how you interact with the app, such as how many timers you add, how often you start them and which sections of the app you spend the most time in. We use this data to learn about user behavior to continually improve the app. We will never sell it to third parties. Your content, such as the names and descriptions of timers, tags and projects, are never transmitted to us.

If you do not want us to collect this data, you can disable the tracking in the applications “Settings” in the “General” section (disable “Allow Pseudonomyzed Tracking”).
Legal basis Art. 6(1)(f) GDPR.

Diagnostic Data (Optional): To improve the quality of our services and to identify and solve specific problems, we occasionally solicit reports such as diagnostic reports from our customers. This is optional and requires your explicit consent.
Legal basis Art. 6(1)(a+f) GDPR.

Where We Store Your Data

Personal Content: Your personal content that you create within the app, e.g. your created timers and associated events, are stored locally on your device. It is not saved on our servers nor do we have access to this data.
Should you use the optional sync services, your data is synchronized with your personal iCloud storage using CloudKit (Apple service). CloudKit creates a backup of your data and syncronizes it between devices automatically. Using sync services requires you to enable iCloud. We do not have access to data stored in your iCloud account.
(Sync services may not yet be available to you.)

Subscriber Information and Purchase Statistics: Your digital purchase receipts, as well as redeemed trial and promotional codes, are stored on RevenueCat’s servers. RevenueCat enables us to validate your subscription and create purchase statistics. This data may be temporarily transferred to other devices or services for analytics purposes.

Usage and Diagnostics Data (Optional): Usage and diagnostics data are stored using pseudonomyzed user and device identifiers on Microsoft Azure servers in Europe. This data cannot be resolved to your name or other personal information. This data may be temporarily transferred to other devices or services for analytics purposes.

Customer Support Emails: Customer support emails are stored on Google’s servers, as we currently use the Google product GMAIL for customer support. This data may be temporarily transferred to other devices or services for analytics purposes.

Website Analytics Data: Website analytics data is stored on Google’s servers. Any pseudonomyzed user and event data is automatically deleted after 14 months. Aggregated statistics may be stored perpetually.

How Long We Store Data For and How We Protect It

We store data as long as German law requires it and is necessary for the fulfilment of our services, or initiation of the contract, or as long as we claim legitimate interest. After that period, corresponding data is routinely deleted or anonymized. Statistical and diagnostic data is generally stored perpetually, but is also pseudonimysed to the extent possible. We are legally required to store your email for ten years.

All data is stored using standard industry practices and current encryption technologies.

Data Processors

Depending on your usage of our services, especially the use of this website, the app, or means of communication with us (e.g. for purposes like support), your personal data might be processed by the following services:

RevenueCat

RevenueCat provides a service that processes purchases from the Apple App Store and enables us to manage your current subscription status, validate that you have an active subscription and analyze your purchase history for this app.

Personal Data: Purchase history and times the app was used
Country of Data Processing: USA
Privacy policy of processor: revenuecat.com/privacy

Apple

Apple provides the Apple App Store, through which the application is distributed and as such processes digital receipts for payments. In addition, should you enable sync services within the app, your content created in the app will be uploaded to Apple’s servers to enable syncing services and make your data available on all your devices.

Personal Data: Digital purchase receipts, use of promotional trials, content from the app for purposes of syncing it between devices
Country of Data Processing: Europe or USA
Privacy policy of processor: apple.com/legal/privacy

Google

Google provides web analytics for this websites like page views and number of users, which requires cookies. We also use Google’s email service GMAIL.

Personal Data: Anonymized IP, browser and device info, time of your visit and what pages you visit, email addresses and email content
Country of Data Processing: Europe or USA
Privacy policy of processor: apple.com/legal/privacy

Governmental and Taxation Entities and Other Third Parties

We may be required to provide personal data to governmental entities if it is required by law (e.g. tax regulations). We also clarify that contractual obligations may result in provision of personal data (e.g. information on a contractual partner).

By using our website or apps, you consent to our privacy policy.

Those under the age of 16, or below other age limits that require consent of a legal custodian for use of our services depending on local law, may not use the services without the consent or authorization of their parent or legal custodian.

Your Privacy Rights as the Data Subject under GDPR

Right of Access: You can request for us to provide you with information on how we collect, use and store your personal information, and to provide you with a copy of your personal information we store. We do not have access to personal content created in the app.

Right of Rectification: You can request that we correct information about you that is inaccurate.

Right to Delete (Right to be Forgotten): You can request that we delete information collected about you, given the following circumstances: that we are not required by law to preserve it, that it is not necessary for contract fulfilment, and that we can still identify your records.

Right to Object: You can object the processing of your information in certain cases, given that the processing is not required by law or necessary for contract fulfilment.

Right to Data Portability: Upon request, we will provide you all data under our control in a machine readable format (e.g. JSON). Should the data requested not be within our control, we will provide you with instructions to obtain your data.

Contacting Us

If you have any further questions, please reach out to us via E-Mail. We will reply as soon as possible.

Contacting You

We may use the contact information you provide us, if any, to communicate with you about our product, diagnostic data, error reports, or provide you with support, should you request any.

Responsible Body For Data Privacy

The responsible body for the processing of personal data (“the Controller”) within the meaning of the law. Art 4 (7) GDPR:

Benedict Bartsch
Templergraben 12
52062 Aachen
Germany

Breach Notification

Should the confidentiality of customer data be breached, we recognize it as our responsibility to our customers and the public to disclose the nature of any risk and provide a transparent account of the events without undue delay. Should the nature of the breach require it, we must inform the applicable supervisory authorities as is required by law and regulation.

Updates to Our Privacy Policy

There may be changes to this privacy policy, which we may make at our discretion. If you require knowledge of updates to this privacy policy, you should review this document frequently. We maintain the right to inform you about substantial changes through means of communication available to us (e.g. via email or in places like the App Store update description, within the app or through the update page on this website)

This privacy policy was last updated on June 21st, 2019.