Privacy Policy

Last Updated: October 15, 2025

Introduction

Timeside, LLC ("we," "us," or "our") operates the Told Me mobile application ("App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.

Contact Information:
Timeside, LLC
730 I St. #200, Sacramento, CA 95814
Email: contact@toldmeto.com

1. Information We Collect

Information You Provide to Us

• Account Information: Email address, name, and authentication credentials (when you sign up via Google Auth, Apple Sign-In, or email)
• Recommendation Data: Titles, categories (movies, TV shows, books, restaurants, products, etc.), priority levels, notes, status updates, ratings, reviews, and skip reasons
• Recommender Information: Names of people or sources who make recommendations to you
• Photos: Images you upload related to recommendations (optional)
• User Preferences: App settings, theme preferences, default priority settings, and customization choices

Information Collected Automatically

• Device Information: Device type, operating system, App version
• Usage Analytics: Feature interactions, screen views, app performance metrics, and crash data (User ID only, no email addresses or personal recommendation content)
• Performance Data: Load times, app responsiveness, and technical performance metrics

Subscription Information

• Payment Processing: Subscription transactions are processed through RevenueCat and your device's payment system (Apple App Store or Google Play Store)
• Subscription Status: Active subscriptions, renewal dates, subscription tier, and transaction IDs (anonymized)
• RevenueCat Data: RevenueCat may collect anonymous user identifiers, subscription events, and device information as described in their privacy policy

Information We Do NOT Collect

• We do not collect precise geolocation data or IP addresses
• We do not track your browsing activity outside the App
• We do not collect biometric data (authentication is handled by Apple/Google)
• We do not sell your personal information to third parties
• We do not track the specific content of your recommendations, notes, or personal reviews in analytics

2. How We Use Your Information

We use your information to:

• Provide, maintain, and improve the App's functionality
• Create and manage your account
• Store and sync your recommendations and recommender data across devices
• Process and manage your subscriptions through RevenueCat
• Analyze anonymous usage patterns to improve user experience
• Monitor app performance and fix technical issues
• Send service-related communications (subscription confirmations, renewal reminders, important updates, security alerts)
• Respond to your requests, questions, and feedback
• Detect, prevent, and address technical issues and fraud
• Provide customer support for subscription-related inquiries

3. Legal Basis for Processing (GDPR)

For users in the European Union, we process your personal data based on:

• Consent: You have given clear consent for us to process your personal data for specific purposes
• Contract: Processing is necessary to fulfill our service to you, including subscription management
• Legitimate Interests: Processing is in our legitimate interests (improving our services, fraud prevention) and does not override your rights

4. Data Sharing and Disclosure

We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

Third-Party Service Providers

We share limited data with service providers that help us operate the App:

Authentication Services:

• Google Auth (for Google sign-in)
• Apple Sign-In (for Apple authentication)

Cloud Storage & Database:

• Supabase (US-based) - stores your account information and recommendation data with encryption

Analytics:

• PostHog (US-based) - receives anonymous User IDs, device types, app version, and behavioral analytics
• PostHog does NOT receive: Your email address, name, recommendation content (titles, categories, notes), personal reviews, photos, or any identifiable recommendation information

Subscription Management:

• RevenueCat (US-based) - processes subscription transactions, manages entitlements, and provides subscription analytics
• RevenueCat receives: Anonymous user identifiers, subscription status, transaction information, and device type
• RevenueCat does NOT receive: Your email address, name, or any recommendation content
• RevenueCat's data practices are governed by their privacy policy at https://www.revenuecat.com/privacy

Payment Processing:

• Apple App Store / Google Play Store - processes all payment transactions
• We do NOT have access to your payment card information
• Payment data is governed by Apple's and Google's respective privacy policies

These providers are contractually obligated to protect your information and use it only for the services they provide to us.

Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or to:

• Protect our rights, property, or safety
• Prevent fraud or illegal activity
• Enforce our Terms of Service
• Comply with payment processing regulations

Share Functionality

When you use the App's share feature to share recommendation information via social platforms, you control what information is shared. Shared content is subject to the receiving platform's privacy policy.

5. Data Storage and Security

Where We Store Your Data

• Our servers are located in the United States (AWS infrastructure via Supabase)
• RevenueCat processes subscription data in the United States
• We do NOT transfer your data internationally beyond standard cloud infrastructure operations

Security Measures

We implement reasonable security measures to protect your information, including:

• Encryption of data in transit and at rest
• Secure server infrastructure
• Access controls and authentication
• Regular security assessments
• Secure subscription token management

However, no method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

Active Accounts

We retain your data for as long as your account is active or as needed to provide you services.

Subscription Data

We retain subscription transaction records for tax and legal compliance purposes as required by law (typically 7 years).

Account Deletion

When you delete your account:

• Your data is deleted immediately from our active servers
• Backup copies are removed within 30 days
• Anonymous analytics data (without any identifiable information) may persist in aggregate form for product improvement purposes
• Subscription transaction records are retained as required by law for tax and accounting purposes, but are disassociated from your personal information

7. Your Rights and Choices

Access and Control

You have the right to:

• Access your personal data through the App
• Export your data at any time using the export feature
• Correct inaccurate information by editing your profile or recommendation entries
• Delete your data by deleting specific recommendations or your entire account
• Opt out of analytics tracking in app settings
• View your subscription status and transaction history in the App

Account Deletion

You can delete your account:

• In-App: Settings > Data Management > Delete Account
• Email Request: Contact contact@toldmeto.com

Subscription Management

You can manage your subscriptions:

• iOS: Settings app > [Your Name] > Subscriptions > Told Me
• Android: Google Play Store > Menu > Subscriptions > Told Me
• In-App: Settings > Subscription > Manage Subscription

Marketing Communications

We currently do not send marketing emails. If this changes, you will be able to opt out of marketing communications while still receiving essential service notifications (subscription renewals, payment issues, security alerts).

8. Region-Specific Rights

European Union (GDPR)

If you are in the EU, you have additional rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restriction: Limit how we use your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to processing of your data
• Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at contact@toldmeto.com.

California (CCPA)

If you are a California resident, you have the right to:

• Know what personal information we collect, use, and disclose
• Request deletion of your personal information
• Opt-out of the sale of personal information (note: we do NOT sell personal information)
• Non-discrimination for exercising your privacy rights

9. Children's Privacy

The App is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover we have collected information from a child under 13, we will delete it immediately.

10. Cookies and Tracking

The App uses minimal tracking technologies:

• Essential: Required for authentication and App functionality
• Analytics: PostHog collects anonymous User ID, device type, platform, and behavioral usage patterns
• Performance: Web Vitals data for app speed and responsiveness optimization
• Subscription: RevenueCat collects subscription events and entitlement status

We do NOT use:

• Advertising cookies
• Cross-site tracking
• Session replay or screen recording
• Location tracking or IP-based geolocation

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the new Privacy Policy in the App
• Sending an email notification (if you have provided an email)
• Displaying an in-app notification

Your continued use of the App after changes indicates acceptance of the updated Privacy Policy.

12. Third-Party Links

The App may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

13. International Data Transfers

Our servers are located in the United States. If you access the App from outside the United States, your information will be transferred to, stored, and processed in the United States. By using the App, you consent to this transfer.

14. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

• Notify affected users within 72 hours of discovering the breach
• Provide information about what data was affected
• Describe steps we are taking to address the breach
• Advise you on protective measures you can take

15. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your personal data:

Email: contact@toldmeto.com
Mail: Timeside, LLC, 730 I St. #200, Sacramento, CA 95814
Data Protection Contact: contact@toldmeto.com

We will respond to your inquiry within 30 days.

Summary for Users

• What we collect: Your email, name, recommendations, recommender data, photos, subscription status, and anonymous usage analytics
• Why we collect it: To provide the App's core functionality, manage subscriptions, and improve your experience
• Who we share with: Only essential service providers (authentication, cloud storage, subscription management, anonymous analytics)
• Your control: Export your data anytime, delete your account instantly, manage subscriptions, opt out of analytics
• Your data: Stored securely in the US, deleted immediately upon request
• What we DON'T track: Your location, IP address, specific recommendation content, or personal notes in analytics