Privacy Policy
Last Update: September 22nd, 2024.
Welcome to timeOS, an AI-powered productivity companion that, through an integration with your online calendar, captures and summarizes your day, organizes all relevant information within the right tool, and proactively surfaces the knowledge you need and when you need it (the “Service”). The Service is owned and operated by Supertools Inc. (“we”, “us”).
We respect your privacy. This Privacy Notice (the “Notice”) explains our privacy practices for the Service. The Notice also describes the rights and options available to you with respect to your personal information. This Privacy Notice is meant to be read together with our Terms of Service ("Terms"). In general, we recommend that you routinely review this Privacy Notice and your preferences on your Account. Any capitalized terms that are not defined herein shall have the meanings set forth in the Terms.
When we refer to "Personal Data", we mean information that is defined as personal data under law. This includes information that identifies you directly or indirectly, including unique identifiers like IP addresses or cookie IDs.
DATA CONTROLLER
Supertools, Inc. is the data controller of the personal data we collect and process through the Service.
CONTACT US
If you have any questions or requests concerning your personal data or about our privacy practices and policies, you may contact us, at: privacy@timeos.ai.
Representative
We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact for the following regions:
- European Union (EU)
- United Kingdom (UK)
Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please visit the following website: Prighter | Compliance Landing Page of Supertools, INC.
PERSONAL DATA WE PROCESS
Data from APIs
timeOS uses data accessed through APIs for services with which we integrate. These may include Google APIs that allow us to integrate with their Calendar, Meet, and Gmail services, the Microsoft APIs that allow us to integrate with their Outlook and Teams Services, as well as Zoom APIs and others. We have processes in place aiming to ensure that our processing of your personal data aligns with the policies and terms required by these companies for use of their APIs. In particular, when using the Google API, we comply with the Google API Services User Data Policy, particularly its Limited Use terms. Learn more about Google’s policy by visiting their official website.
Website Visitors. When you visit our Site, we collect the following Personal Data about you:
Contact Information.When you send us a message through the contact form on our Site, we collect any data you provide, such as your email, and the content of your message. We use this data to respond to your message. We process this Personal Data based on the performance of a contract with you.
Activity and System Data (Cookies). When you visit our Site, we automatically collect data about your computer or mobile device, including Personal Data such as your IP address, device ID, browsing history (e.g. the other sites you've visited before ours), and your activity on our site (e.g. what pages you visited, for how long, and what links you clicked on). For more information about the cookies we use and how to adjust your preferences, see the Cookies and Similar Technologies section below. We mainly use this data to generate aggregated analytics data about the use of our Site so we can maintain and improve the Site and develop new products or services. We also use statistical data to prevent fraud and protect the security of our Site. We process this Personal Data based our legitimate interests to develop and improve our products and services, to fix bugs, to improve stability, and to prevent fraud.
Users. When you use our Service, we collect the following information about you:
Registration Information. In order to use the Service, you must register with your Calendar Account (as defined in the Terms). When you register with your Calendar Account, you allow us access to your account information. This information will be referred to as "Registration Information" and will include your name, your email address, and your account username and other information that the relevant third party calendar service provides us about you. We use your Registration Information to allow you access to our Service, save your preferences, contact you regarding the Service, protect the security of our Service, prevent fraud, and address any issues that arise. We may use your Registration Information to send you marketing communications about our Service, including newsletters and updates about new services that we believe may be suitable to you. If you are not a registered user, you can register for our newsletter. You may opt-out of marketing communications and/or our newsletter at any time, see the relevant section below for more details.
When we process your Registration Information to provide you with our Service, we do so to perform a contract with you, in this case our Terms of Service. When we process your Registration Information to maintain our Service, including to prevent fraud, protect the security of and/or address issues with our Service, we do so on the basis of our legitimate interest to achieve those goals. The legal basis under EU law for processing your information for marketing communication purposes is our legitimate interest to market our products and services.
Calendar Information. When you use the Service, we collect the information that you include in your calendar available through your Calendar Account. This information may include meeting titles, contacts, locations, and any other information you choose to include in your calendar. We use this information to provide you with our Service, including to provide you with support where applicable, as well as to improve our Service. When we process this Personal Data to provide you with our Service, we do so on the basis of performance of a contract with you. When we use this information to improve our Service, to fix bugs, and to improve stability, we do so based on our legitimate interest to develop our business.
Meeting Content. When you use the Service to produce a summary of your Meetings, along with meeting insights and briefs. We record and transcribe the Meeting or else analyze existing recordings of meetings that you provide. We use this Personal Data to provide you with the Service, specifically to produce the summary, insights, briefs and follow ups to you, and to provide you with support where applicable. We use this Personal Data on the basis of performance of a contract with you. We also use this information to improve our Service, to fix bugs, and to improve stability and we do so based on our legitimate interest to develop our business and our Service. **
Payment Information. If you subscribe to our Service for a fee, we receive information related to such purchase, such as the last four (4) digits of your credit card number. We use this Personal Data to process your payment and to prevent fraud. When we process your payment data to process your payment, we do so to perform a contract with you. When we process your payment data to prevent fraud, we do so based on our legitimate interest to protect ourselves and our customers.
Analytics. timeOS strives to continually improve our service for our users. To that end, we learn information about you when you access or use the Service, we use third-party analytics tools, such as Fullstory, Google Analytics and Mixpanel to automatically record and collect certain information about your interaction with the Service, including the IP address from which you access the Service, your estimated location based on your IP, time and date of access, type of browser used, language used, links clicked and actions taken while using the Service. The legal basis under EU law for this processing is our legitimate interest in monitoring securing, and improving our Service.
For more information about how Google collects information as part of the Analytics service and how you can control such use, see: www.google.com/policies/privacy/partners/.
Members of the Supertools Facebook Group. If you are a member of our Supertools Facebook Group, we process any Personal Data you provide, including your name, profile, posts, responses, reactions, and private messages to our page and/or account. We use the feedback (including any Personal Data) we receive from the Supertools Group to fix specific bugs, generally improve our Service, and develop new products and services. If you would like us to cease collecting your feedback, you may exit the Supertools Group.
You are not legally required to provide us with your information. You do not have a legal duty to provide us with any Personal Data. However, you will not be able to sign up to the Service and use it properly without providing us with certain Personal Data, such as your Registration Information or your Calendar Information.
You may opt-out from our marketing communications. You may ‘opt-out’ of using your information for marketing communications by sending an email to: privacy@timeos.ai, or as otherwise provided in our marketing communications. By doing so, we will only mark the Personal Data which is required to contact you for marketing communications, as “unsubscribed”. Note that if you are a registered user, we may need to contact you about administrative or service-related issues as part of the services we provide to you. This is not marketing communication and you will continue to receive these messages even if you opt-out of marketing emails.
WHEN IS YOUR PERSONAL DATA SHARED WITH OTHERS
We will share your information with third parties only in the events listed below or when you provide us with your explicit and informed consent.
We will share your information with our affiliate companies. We share your Personal Data with our affiliated company, Superpower, Ltd., where this is necessary to provide you with our products and services and so that we can manage our business, such as to keep updated records of our users. The legal basis under EU law for such processing is our legitimate interest to maintain and grow our business.
We will share your information with our service providers helping us to operate the Service. We will share your personal information with service providers, who assist us with the internal operations of the Service. These services include cloud hosting services, user authentication, application monitoring and logging, feature management, AI generation, call recording, transcription and storage of Meeting Content, application tracing, source code hosting, email management, and analytics. These companies are authorized to use your Personal Data only as necessary to provide these services to us and not for their own purposes. The legal basis under EU law for such processing is the performance of our contract with you.
Note that our service provider, Deepgram, Inc., may retain a small sample of audio data retraining of its models. This data is kept as long as there is a business need for such service provider, under the service provider’s security and privacy controls.
If you violate the law, we will share your information with competent authorities. If you violate any applicable law, your information will be shared with competent authorities and with third parties (such as legal counsels and advisors), for the purpose of handling the violation. The legal basis under EU law for such processing is our legitimate interest in enforcing our legal rights.
We will share your information if we are legally required. We will disclose your Personal Data if we are required to do so by a judicial, governmental or regulatory authority. The legal basis under EU law for this processing is our compliance with the legal obligations to which we are subject.
We will share your information if the operation of the Service is organized within a different framework. If the operation of the Service is organized within a different framework, or through another legal structure or entity (such as due to a merger or acquisition) or if we are looking to sell our company, liquidate assets, or merge with another, we will share your information with other interested parties as part of negotiations toward that transaction, as part of a due diligence procedure or as a result of that transaction, as applicable, provided that those entities agree to be bound by the provisions of this Notice, with reasonably necessary changes taken into consideration. The legal basis under EU law for this processing is our legitimate interest in business continuity, following a structural change.
SECURITY AND DATA RETENTION
We retain your Personal Data until you request its deletion and thereafter for compliance and legal purposes. We retain your Personal Data until you request that we delete it. You can contact us at hey@magical.team at any time to request that we delete the personal data we process about you and we will honor your request within 30 days. Notwithstanding the above, we do not guarantee deletion of all data following a deletion request. For example, we will retain certain data where a different user or third party is designated as the owner of a recording of a video call (in which case the deletion request should be directed at such third party) or where we are required to retain your data to comply with our legal obligations, resolve disputes, establish and defend legal claims.
We implement measures to secure your Information. We implement measures to reduce the risks of damage, loss of information and unauthorized access or use of information. However, these measures do not provide absolute security. Therefore, although efforts are made to secure your personal information, it is not guaranteed, and you cannot expect, that the Service will be immune from information security risks. The measures we take include:
Technical Measures. The electronic safeguards we employ to protect your personal data include secure servers and firewalls. We encrypt data in transit [and at rest] using secure TLS/SSL protocols.
Access Control. We limit access to your personal data only to authorized personnel who have a need to know, including account managers, customer support staff, and software developers. We review these permissions regularly and revoke an employee's access immediately after his/her termination. A very small sample size might be infrequently accessed by the engineering team to fix errors, improve summary quality, and improve the application. You can opt out of the latter depending on the subscription plan.
Internal Policies. We maintain and regularly review and update our privacy related and information security policies.
Personnel. We require employees to sign non-disclosure agreements according to applicable law and industry customary practice.
Database Backup. Our databases are backed up and verified regularly. Backups are encrypted and stored within the production environment to preserve their confidentiality and integrity.
INTERNATIONAL DATA TRANSFER
We will transfer your Information internationally only in accordance with applicable data protection laws.
The Service, by its nature as an online service, may store and process Information in various locations throughout the globe, including through cloud services.
If we transfer your personal data for processing at locations outside your jurisdiction, we will abide by data transfer rules applicable to these situations.
Transfer of Information outside the EU. Information we collect from you in the EU will either be processed in the European Economic Area or in other countries, such as Israel, that have been recognized by the European Commission as having adequate protection for personal data.
When we transfer your information from within the EU to the United States or other countries, which are not recognized by the European commission as having adequate protection for Personal Data, we will endeavor to do so while using adequate safeguards determined by the European Commission.
YOUR EU RIGHTS
You have the right to access, update or delete your Information and obtain a copy of your Information.
Subject to applicable law, you may have the following rights:
Right to Access your Personal Data that we process and receive a copy of it.
Right to Rectify inaccurate Personal Data we have concerning you and to have incomplete Personal Data completed.
Right to Data Portability, that is, to receive the Personal Data that you provided to us, in a structured, commonly used and machine-readable format. You have the right to transmit this data to another service provider. Where technically feasible, you have the right that your Personal Data be transmitted directly from us to the service provider you designate.
If the legal basis for processing your personal information is your consent, you may Withdraw Your Consent at any time. If you do that, we will still process certain information on legal basis other than consent, as described in this Notice. Withdrawing your consent will not affect the lawfulness of data processing we carried out based on your consent before such withdrawal.
Right to Object based on your particular situation, to using your Personal Data on the basis of our legitimate interest. However, we may override the objection if we demonstrate compelling legitimate grounds, or for the establishment, exercise of defense of legal claims. You may also object at any time to the use of your Personal Data for direct marketing purposes.
Right to Restrict processing your Personal Data (except for storing it) if you contest the accuracy of your Personal Data, for a period enabling us to verify its accuracy; if you believe that the processing is unlawful and you oppose the erasure of the Personal Data and request instead to restrict its use; if we no longer need the Personal Data for the purposes outlined in this Notice, but you require them to establish, exercise or defend against legal claims, or if you object to processing, pending the verification whether our legitimate grounds for processing override yours.
Right to be Forgotten. Under certain circumstances, you have the right to ask us to erase your Personal Data. However, we may still process your Personal Data in certain cases such as where a different user is designated as the owner of a recording of a video call or where it is necessary to comply with a legal obligation we are subject to under applicable laws or for the establishment, exercise of or defense against legal claims.
If you wish to exercise any of these rights, contact us at privacy@timeos.ai.
We reserve the right to ask for reasonable evidence to verify your identity before we provide you with information. Where we are not able to provide you with information that you have asked for, we will explain the reason for this.
You have a right to submit a complaint to the relevant supervisory data protection authority. Subject to applicable law, you have the right to lodge a complaint with your local data protection authority. If you are in the EU, you can lodge a complaint to the supervisory authority, in particular in the Member State of your residence, place of work or of an alleged infringement of the GDPR. For a list of supervisory authorities in the EU, click here.
COOKIES AND SIMILAR TECHNOLOGIES
What are Cookies? A cookie is a small piece of text that is sent to your browser by a website you visit. This piece of text acts as a sort of tag, letting the website know that it's you (really, your device) that's visiting. There are other technologies that act similarly, like web beacons, pixel tags, and Device IDs for apps, but for simplicity's sake we'll refer to them all as "Cookies".
Websites can place their own cookies (called "first-party cookies") but can also place cookies from other sites (called "third-party cookies"). If your browser holds both first and third-party cookies for a given website, both the website and the third party are notified when you visit the site. We may place both first and third-party cookies on our Site and Service.
How We Use Cookies. While the specific names and types of cookies we use may change from time to time, they generally fall into one of the categories listed below.
Third Party Cookies
In addition to our first-party cookies, we place cookies from the following third parties:
- Microsoft
- Intercom
- Fullstory
- Mixpanel
How to Adjust Your Preferences. Most web browsers are initially configured to accept cookies, but you can change the settings so your browser refuses all cookies or certain types of cookies. In addition, you are free to delete any existing cookies at any time. Please note that some features of the services may not function properly when cookies are disabled or removed. For example, if you delete cookies that store your account information or preferences, you will be required to input these each time you visit.
THIRD-PARTY SERVICES
You may have access to third-party services through our Service. Please note that all use of third-party services is at your own risk and subject to such third party's terms and privacy policies. We do not take any responsibility for the performance of other services.
MINORS
We do not knowingly collect information from minors under the age of 16. The Service is not intended for minors under the age of 16. We do not knowingly collect information from minors under the age of 16.
CHANGES TO THIS PRIVACY NOTICE
If we change this Notice, we will provide notice of such change. From time to time, we may change this Notice, in which case we will post a notice of such change on the Site and endeavor to send you an email notification. The latest version of the Notice will always be accessible on the Site.