Privacy Policy

TraceYourTime

What we do with your data — in short, almost nothing.

Privacy Policy

Effective date: 25.05.2026 ·  Version 1.0 Draft

Document information

Entity name:  K4M OÜ

Contact email:  info@traceyourtime.com

Document type:  Privacy Policy

Applies to:  TraceYourTime for iOS,  traceyourtime.com. Support for additional platforms (iPadOS, watchOS, and macOS) is on the roadmap.

Governing law:  Laws of the Republic of Estonia

Privacy Policy

1. Summary — the short version

TraceYourTime is built to give you insight into how you spend your time without taking a copy of your life. The app reads events from your Apple Calendar directly on your device. Your calendar data, your activities, your notes, and your favorites stay on your device and, optionally, in your own iCloud account. We do not run our own servers that receive your calendar events. We do not sell your data. We do not share it with advertisers. We do not use it to train AI models.

In plain English We can’t see your calendar, your activities, or your reviews. Our business model is selling software, not data. If you delete the app, there is nothing for you to delete on our servers, because there is nothing there.

2. Who we are

This Privacy Policy is issued by K4M OÜ (“we”, “us”, “our”), the publisher of the mobile and desktop application TraceYourTime and the associated website traceyourtime.com (together, the “Service”). K4M OÜ is the controller of personal data processed in connection with the Service, where “controller” has the meaning given in Article 4(7) of the EU General Data Protection Regulation (“GDPR”).

Contact for data-protection matters

Email: info@traceyourtime.com

We have not appointed a statutory Data Protection Officer because we do not meet the thresholds in GDPR Article 37. For any privacy-related question, write to the email above and we will reply within the timelines required by applicable law.

3. Scope of this Policy

This Policy applies to (a) your use of the TraceYourTime application on iPhone and, in future releases, iPad, Apple Watch, and Mac; (b) your visits to traceyourtime.com; and (c) any email correspondence you have with us. It does not apply to third-party services you may choose to use alongside TraceYourTime, including Apple iCloud, Apple Calendar accounts provided by Google, Microsoft, or others, and any external calendars you have linked at the operating-system level. Those services are governed by their own privacy policies.

4. What data the app processes and where it goes

The table below is the core of this Policy. It lists every category of data TraceYourTime processes, where the processing happens, and why.

CategoryExamplesWhere processedPurpose
Apple Calendar eventsEvent titles, times, calendar names, attendees if presentOn your device onlyTo build your summaries and views
Your in-app settingsSelected calendars, favorites, goals, preferencesOn your device; optionally in your iCloud private databaseTo operate the app across your devices
Completed timer sessionsSessions you start in the appWritten to a calendar you select, via Apple EventKitBecause you asked us to log them
Apple Health data (future)Workouts, mindfulness minutes, sleep, if you enable integrationOn your device onlyTo add health context to your summaries, if you opt in
Location (future)Coarse geofence status only if you enable location-based auto-startOn your device onlyTo offer to start a timer when you arrive at a place, if you opt in
App Store analyticsAggregate download and crash metrics provided by AppleOn Apple’s infrastructureTo see whether the app is working and being used, at an aggregate level
In-app purchase dataSubscription and lifetime purchase statusApple handles billing; we receive only entitlement statusTo unlock TraceYourTime Pro and Expert features
Email correspondenceWhat you send us at info@traceyourtime.comOur email providerTo respond to you

We do not receive a copy of your calendar events, your health data, your location, your notes, your photos, or any other personal content you interact with inside the app. These remain on your device (or, where applicable, in your iCloud account, which is under your Apple ID).

5. Data we deliberately do not collect

To make it unambiguous, we do not collect:

  • Your calendar events or their content.
  • Your Apple Health or Apple Fitness data.
  • Your precise location, device identifiers used for tracking, or advertising identifiers.
  • Your contacts or address book.
  • Your photos (unless you attach one to a session on-device, in which case it stays on-device).
  • Your IP address at the application layer (beyond what the operating system necessarily exchanges with Apple’s App Store and CloudKit services).
  • Any data for advertising, profiling, or AI-model training.

6. Legal bases we rely on (for users in the EU / UK)

Where we do process personal data, we rely on the following GDPR / UK GDPR Article 6 legal bases:

  • Performance of a contract (Art. 6(1)(b)): to provide the Service you have installed and, if applicable, paid for.
  • Legitimate interest (Art. 6(1)(f)): for aggregate App Store analytics, crash monitoring, and responding to your email. We have assessed that these interests do not override your fundamental rights because the processing is minimal, aggregated, and does not allow us to identify you.
  • Consent (Art. 6(1)(a)): for optional, explicitly-opt-in features such as Apple Health integration and location-based auto-start. You can withdraw consent at any time in the app’s Settings or in iOS Settings.
  • Legal obligation (Art. 6(1)(c)): to comply with requests from regulators and tax authorities.

7. How long we keep data

Because we do not receive your primary calendar or activity data, there is nothing for us to retain about your day-to-day use of the Service. We retain the following:

  • Email correspondence: up to 24 months after the conversation closes, unless a longer period is required (for example, for a dispute or legal claim).
  • Purchase and subscription status: for the period required by tax law (typically 7 years under Estonian bookkeeping rules) and by Apple to process refunds. This is handled by Apple, not by us.
  • Aggregate App Store metrics: for as long as Apple makes them available; these are not attributable to you.

The data that remains on your device — favorites, goals, preferences, notes — stays until you delete it from the app or uninstall the app.

8. Who we share data with

We share personal data with a small set of processors and service providers that are strictly necessary to operate the Service:

  • Apple Inc. and its subsidiaries: for App Store distribution, App Store Connect analytics, CloudKit private-database storage (if you enable iCloud sync), StoreKit in-app purchases, and push-notification infrastructure. Apple acts as an independent controller for payment processing and as our processor for CloudKit storage.
  • Our email provider: Hostinger, which hosts the info@traceyourtime.com mailbox.
  • Our website host: Hostinger, which serves traceyourtime.com.
  • Professional advisors: our accountants and lawyers, under duty of confidentiality, where necessary.

We do not sell personal information to any third party. We do not share personal information for cross-context behavioral advertising. We do not share personal information with advertisers.

9. International transfers

Because your calendar and activity data never leaves your device, no international transfer of that data occurs as a result of using TraceYourTime. Where limited data (email, purchase status, website analytics if enabled) is processed outside the European Economic Area, the following safeguards apply:

  • Apple relies on Standard Contractual Clauses and other transfer mechanisms for transfers outside the EEA. See Apple’s Privacy Policy at apple.com/legal/privacy.
  • Our email provider and website host process data under Standard Contractual Clauses and, where relevant, the EU-U.S. Data Privacy Framework.
  • You can request a copy of the relevant safeguards by writing to the contact email above.

10. Your rights

Depending on where you live, you have the following rights. We honor these rights globally as a matter of policy, even where local law does not require us to.

Rights under EU / UK GDPR

  • Right of access to your personal data.
  • Right to rectification of inaccurate data.
  • Right to erasure (“right to be forgotten”).
  • Right to restriction of processing.
  • Right to data portability.
  • Right to object to processing based on legitimate interest.
  • Right not to be subject to decisions based solely on automated processing (we do not make such decisions).
  • Right to withdraw consent at any time where processing is based on consent.
  • Right to lodge a complaint with your local data-protection authority. In Estonia this is the Andmekaitse Inspektsioon (aki.ee).

Rights under California law (CCPA / CPRA)

California residents have the right to know what personal information we collect, the right to delete it, the right to correct it, and the right to opt out of sale or sharing. We do not sell or share personal information within the meaning of the CCPA. We treat all our users in accordance with the stricter of the standards described in this Policy.

Rights under Brazilian law (LGPD)

Residents of Brazil have the rights listed in Article 18 of the Lei Geral de Proteção de Dados, including confirmation of processing, access, correction, anonymization, portability, deletion, and information about sharing.

Rights under Canadian law (PIPEDA / Québec Law 25)

Canadian residents have the rights to access and correct their personal information, to withdraw consent, and, in Québec, additional rights including data portability and an explicit right to request deletion.

How to exercise your rights

Write to info@traceyourtime.com. We reply within 30 days for EU / UK requests and within the applicable timelines for other jurisdictions. We may ask you to verify your identity (for example, by confirming the email associated with your Apple ID) before acting on the request.

11. Children and young people

TraceYourTime is not directed at children under the age of 13 and is not intended for use by children under that age. If you are in the EU, the local minimum age for consent to information-society services is either 13, 14, 15, or 16, depending on the country; you must be at least the locally applicable age to use the app on your own. If we learn that we have inadvertently received personal data from a person below the applicable age, we will delete it.

12. Security

We take security seriously:

  • Your calendar and activity data never leaves your device. This is the strongest security measure we can offer, because data we never receive cannot be breached on our side.
  • Where iCloud sync is enabled, data is stored in the CloudKit private database, which is end-to-end encrypted under your Apple ID.
  • We follow Apple’s platform security requirements and use App Transport Security for any network connections.
  • We will notify you and, where required, the competent supervisory authority of any personal-data breach within the timelines required by applicable law (72 hours under GDPR).

13. Artificial intelligence features

Some current and planned features involve machine-learning models (for example, to suggest a category for an event, to order favorites based on context, or to produce a weekly summary). Our approach is:

  • Where technically feasible, models run on-device, using Apple Intelligence, Apple’s Foundation Models framework, or Core ML.
  • If any feature requires processing by a cloud model, it will be (i) opt-in, (ii) clearly labeled at the moment of use, and (iii) disclosed in this Policy before launch, with information about the processor.
  • We do not use your personal data to train our own or any third-party AI models.
  • You may disable AI-assisted features at any time in the app’s Settings.

14. Cookies and website analytics

The traceyourtime.com website is a static marketing page. It does not set tracking cookies and does not use cross-site analytics by default. If we add basic, privacy-preserving server-side analytics (e.g. Plausible, simple log analysis), we will update this Policy to describe what is collected, and we will not require consent for analytics that is genuinely aggregate and non-identifying, consistent with the ePrivacy Directive as implemented in your country.

15. Automated decision-making

We do not make decisions that produce legal or similarly significant effects on you using solely automated means. AI features inside the app are advisory; any action you take is yours.

16. Changes to this Policy

When we make material changes to this Policy, we will (a) update the version number and effective date at the top of this document, (b) publish the new version at “traceyourtime.com/privacy-policy”, and (c) notify you in the app on next launch. Non-material changes (typographical corrections, clarifications) may be made without notice.

17. Contact

Questions or complaints about this Policy, or requests to exercise your rights:

Email: info@traceyourtime.comAppendix A — Regional addendum: California

This addendum applies to consumers who are California residents, as additional disclosures required by the California Consumer Privacy Act as amended by the CPRA.

Categories of personal information

In the preceding 12 months we have processed the following categories of personal information as described in this Policy:

  • Identifiers (email address, if you write to us).
  • Commercial information (subscription/purchase status, via Apple).
  • Internet or other electronic network activity information (aggregate App Store metrics).

Sources

Directly from you; from Apple in aggregate form.

Business purposes

To provide the Service, to operate subscriptions, to communicate with you.

Sale and sharing

We do not sell personal information and do not share it for cross-context behavioral advertising. We therefore do not offer a “Do Not Sell or Share My Personal Information” link because there is nothing to opt out of.

Right to limit use of sensitive personal information

We do not collect or use sensitive personal information for purposes that trigger the right to limit under the CPRA.

Non-discrimination

We do not discriminate against you for exercising any CCPA right.

Appendix B — Apple-specific disclosures

For clarity and to align with Apple’s App Store Privacy policy and App Privacy (“nutrition label”) requirements:

  • Data Linked to You: None.
  • Data Not Linked to You: Aggregate usage and crash metrics provided by Apple at the App Store level.
  • Data Used to Track You: None. We do not use the App Tracking Transparency framework because we do not track.
  • Third-party SDKs: None at launch. If we add any in the future (for example, StoreKit is already part of iOS, but a third-party crash reporter is not currently used), we will update this Policy before doing so and adjust the App Privacy label accordingly.