Privacy Policy

Last updated: November 2025

The Short Version

We collect what we need to run the service. We don't sell your data. Your evidence files are yours. We use industry-standard security. We're straight with you about what we do and don't do.

What We Collect

Account Information

We use Google OAuth 2.0 for secure authentication. When you sign in with Google, we access your email address and basic profile information (name and profile picture). That's it for account creation - we don't access your Gmail, Drive, Calendar, or any other Google services.

Evidence Files

You upload videos, photos, and audio recordings. We store them securely in Firebase Storage. These are your files - we just hold them for you.

Case Data

Case titles, descriptions, client names, locations, tags, notes - whatever you put in. All stored in Firestore with appropriate security rules.

Technical Stuff

Standard web logs: IP addresses, browser type, timestamps. Used for security and fixing bugs. We use Firebase Analytics to understand how people use the app - page views, button clicks, that kind of thing. No creepy tracking.

How We Use Your Data

  • Run the service (obviously)
  • Send you important updates about your account or cases
  • Improve the product based on usage patterns
  • Comply with legal requirements if we have to

We don't: Sell your data. Ever. We're not in that business.

Who Sees Your Data

Just You (Mostly)

Your cases and evidence? That's yours. Nobody else can see it unless you share it.

Our Service Providers

We use trusted third parties to run the service:

  • Google Firebase: Hosting, storage, database, authentication
  • Vercel: Web hosting and deployment
  • Deepgram: Speech-to-text transcription (when that feature launches)

These companies have their own privacy policies. We picked them because they take security seriously.

Legal Requirements

If we get a valid subpoena or court order, we have to comply. We'll fight overbroad requests, but we're not going to jail for you. We'll notify you if legally allowed.

Security

We use industry-standard security measures:

  • All data transmitted over HTTPS/SSL
  • Files stored in Google Cloud with encryption at rest
  • Firebase Security Rules to prevent unauthorized access
  • Regular security updates and monitoring

No system is 100% secure, but we take this seriously. If there's a breach, we'll tell you promptly.

Your Rights

  • Access: Download your data anytime through the export feature
  • Delete: Delete individual files, cases, or your entire account
  • Correct: Edit your information whenever you want
  • Port: Export your data in standard formats (PDF, JSON)

Cookies & Tracking

We use essential cookies to keep you logged in. That's about it. Firebase Analytics uses some tracking cookies to help us understand usage patterns. No ad tracking, no creepy remarketing stuff.

Data Retention

We keep your data as long as your account is active. When you delete something, it's gone (except for backups, which we purge after 30 days).

Delete your account? We'll delete everything within 30 days, except what we're legally required to keep for accounting/tax purposes.

International Users

Our servers are in the US (Google Cloud). If you're outside the US, your data travels here. By using the service, you're cool with that.

Kids

This service isn't for kids under 13. If you're under 13, don't use it. If we find out a kid is using it, we'll delete their account.

Changes to This Policy

We might update this policy. When we do, we'll update the date at the top and notify you via email if it's a significant change. Keep checking back.

California Residents (CCPA/CPRA)

If you're a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: Request what personal information we collect, use, disclose, and sell
  • Right to Delete: Request deletion of your personal information
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out: We don't sell or share your personal information for cross-context behavioral advertising, so there's nothing to opt out of
  • Right to Limit: We don't use or disclose sensitive personal information beyond what's necessary to provide the service
  • Right to Non-Discrimination: We won't discriminate against you for exercising your privacy rights

To exercise these rights, email privacy@timestamped.app with your request. We'll respond within 45 days.

We do not sell your personal information. We don't share it for cross-context behavioral advertising. We only share data with service providers (Firebase, Vercel) who are contractually required to protect it.

European Users (GDPR)

If you're in the European Economic Area (EEA), UK, or Switzerland, you have rights under GDPR:

  • Right of Access: Get a copy of your personal data
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure: Delete your data (subject to legal requirements)
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Export your data in a standard format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Stop processing based on consent

Legal Basis for Processing: We process your data based on:

  • Contract: To provide the service you signed up for
  • Legitimate Interest: To improve the service, prevent fraud, and ensure security
  • Consent: For optional features like analytics (if we add them)

To exercise your rights, email privacy@timestamped.app. You also have the right to lodge a complaint with your local data protection authority.

Questions?

Email us at: privacy@timestamped.app

We're not lawyers, but we tried to write this in plain English. If there's ever a conflict between this easy-to-read version and some legal interpretation, we'll go with what makes sense for protecting your privacy.