Privacy

When you connect Google Calendar, Timera requests one permission:

• Full calendar access (calendar) - This lets us read your events and create time blocks when you commit a goal plan.

What we actually use: event titles, start/end times, and your calendar list. We do not read attendees, event descriptions, attachments, or email content. When you commit a goal plan, we create events on a separate "Timera Goals" calendar. We never modify or delete events on your existing calendars.

Your Google Calendar data is used exclusively to power Timera's features:

• Auto-categorize events - We match event titles against keyword rules (e.g. "gym" goes to Health/Fitness). This happens locally using keyword matching, not AI.
• Calculate time allocation - We compute how many hours you spend per category per day, week, and month.
• Project trajectories - We extrapolate your current allocation forward to show where your time leads in 5, 10, or 20 years.
• Generate AI insights - We send category names and durations (e.g. "12 hours of Work, 3 hours of Health") to generate personalized insights. Raw event titles are never sent to any AI provider.
• Write goal time blocks - When you commit a plan, we create recurring events on your "Timera Goals" calendar.

We do not sell, rent, or trade your data. Here is exactly what leaves our servers:

• Anthropic (Claude API) - Receives category summaries and durations for AI insights. Never receives raw event titles, attendee info, or any calendar content.
• PostHog (analytics) - Receives anonymous, aggregate usage data like "how many users completed the estimate wizard." No personal or calendar data is included.

No other third parties receive any of your data.

• OAuth tokens are stored in Supabase with encryption at rest. Row-Level Security ensures you can only access your own tokens.
• Server-side data includes your category durations, goal settings, and check-in history. Stored in Supabase with the same encryption and access controls.
• Browser-side data includes your preferences, ideal hours, and category corrections. These stay in your browser's localStorage and never reach our servers.
• All connections use HTTPS. Tokens are refreshed automatically and revoked when you delete your account.

We store categories and durations - not your actual events. "2.5 hours of Work" gets saved. "10am standup with Sarah" does not.

Your data is retained for as long as your account is active. We do not keep data after you ask us to delete it.

To delete everything: go to Settings and hit Delete my data. One action. This:

• Revokes your Google Calendar access token
• Deletes all server-side data (tokens, settings, goals, check-ins)
• Wipes your browser's local data

After deletion, no data is retained on our servers. You can also email hello@timera.app to request manual deletion at any time.