🔒 Privacy Policy - Time2Gether

Last updated: December 24, 2024

Version: 1.0

Application: Time2Gether

Publisher: Time2Gether

Contact: support@usygec.frgec.fr

1. Introduction

Time2Gether ("we", "our", "the application") is a collaborative mobile application that allows families and friend groups to organize projects, make decisions together, manage tasks, and communicate in real time.

This privacy policy describes how we collect, use, store, and protect your personal data when you use our Time2Gether mobile application, available on iOS and Android.

By using Time2Gether, you agree to the practices described in this privacy policy. If you do not agree to this policy, please do not use the application.

2. Personal Data Collected

2.1 Data required to use the application

To create and use a Time2Gether account, we collect:

Email address: To create your account, authenticate you, and send you email notifications
Password: Stored in encrypted form to secure your account
Username: To identify you to other members of your projects
Unique identifier: Automatically generated to manage your account in our system

2.2 Optional data

You may choose to provide:

Profile picture: To personalize your account (optional)
Phone number: To receive SMS invitations and facilitate invitations (optional)
Device contacts: Only if you choose to invite contacts from your address book (optional, requires your permission)

2.3 Content created in the application

When you use Time2Gether, we store:

Projects: Titles, descriptions, and settings of projects you create or join
Decisions and votes: Proposals, votes, and results of collaborative decisions
Tasks: Created tasks, assignments, statuses, and deadlines
Messages: Messages sent in group conversations
Photos and files: Images and documents you upload to illustrate your projects, decisions, or proposals

2.4 Technical data collected automatically

To ensure the proper functioning of the application:

Device identifier: To send personalized push notifications
Device type and operating system: To optimize the user experience (iOS/Android)
Network connection status: To manage synchronization and offline display
Error logs: To identify and fix bugs

2.5 Data we do NOT collect

Time2Gether NEVER collects:

Your precise geographic location
Your browsing data on other sites or applications
Your banking or payment information (the application is free)
Your other installed applications
The content of your other conversations or emails

3. How We Use Your Data

3.1 Service delivery

We use your data to:

Create and manage your user account
Allow you to create and join collaborative projects
Facilitate group decisions and votes
Manage tasks and deadlines
Enable communication between project members via chat
Send invitations to join projects (email, SMS, push notifications)
Synchronize your data across your devices

3.2 Notifications and communications

We use your email address and device identifier to:

Send you notifications about your project activities
Inform you of new decisions, votes, and deadlines
Notify you of new messages in your groups
Send invitations to join projects
Contact you for security or support matters

You can disable notifications at any time in your device settings.

3.3 Application improvement

We use anonymized and aggregated data to:

Identify and fix bugs
Improve performance and stability
Develop new features
Understand how the application is used (anonymous statistics)

3.4 Security

We use your data to:

Detect and prevent fraud or abuse
Protect the security of your account
Comply with our legal obligations

4. Sharing Your Data with Third Parties

4.1 With other application users

Your data is shared with:

Members of your projects: Other members can see your name, profile picture, and your contributions (decisions, votes, tasks, messages) in shared projects
People you invite: They receive your invitation by email or SMS

You control the projects you join and the information you share.

4.2 With our service providers

We share certain data with technical service providers who help us deliver the service:

Supabase (Backend Infrastructure)

Data shared: All account data and created content
Location: Servers located in the European Union
Purpose: Database hosting, file storage, authentication
Security: Data encryption in transit (HTTPS) and at rest (encryption)
Policy: https://supabase.com/privacy

Firebase Cloud Messaging (Push Notifications)

Data shared: Your device identifier, notification tokens
Purpose: Sending push notifications to your device
Policy: https://firebase.google.com/support/privacy

Twilio (SMS Sending)

Data shared: Phone numbers (for invitations only)
Purpose: Sending invitations by SMS
Policy: https://www.twilio.com/legal/privacy

Mailgun / Mailjet (Email Sending)

Data shared: Email addresses (for invitations and notifications only)
Purpose: Sending invitations and notifications by email
Policy: https://www.mailgun.com/legal/privacy-policy / https://www.mailjet.com/privacy-policy/

4.3 Legal cases

We may disclose your data if required by law:

In response to a valid legal request (warrant, court order)
To protect our legal rights or those of users
To prevent illegal or dangerous activities

4.4 We NEVER sell your data

Time2Gether never sells your personal data to third parties for advertising or marketing purposes.

5. Application Permissions

5.1 Android and iOS permissions

Time2Gether requests the following permissions:

Contacts (Address Book)

Permission: READ_CONTACTS (Android) / NSContactsUsageDescription (iOS)
Purpose: Allow you to easily invite your contacts by selecting them from your address book
When: Only when you choose to invite contacts from your address book
Data accessed: Name, phone number, email of selected contacts
Storage: Contacts are not stored on our servers. They are only used locally to facilitate sending invitations.
Required: No - You can invite manually by entering an email or phone number

Camera

Permission: CAMERA (Android) / NSCameraUsageDescription (iOS)
Purpose: Take photos to illustrate your projects, decisions, and proposals
When: Only when you choose to take a photo with the camera
Data accessed: Captured photos
Storage: Photos are stored securely on Supabase and shared only with members of the relevant project
Required: No - You can select photos from your gallery

Photo Gallery (Storage)

Permission: READ_EXTERNAL_STORAGE (Android) / NSPhotoLibraryUsageDescription (iOS)
Purpose: Select photos and documents from your device to enrich your projects
When: Only when you choose to select a photo or file
Data accessed: Selected photos and files
Storage: Selected files are securely uploaded to Supabase
Required: No - Adding photos is optional

Notifications

Permission: Automatic on iOS/Android
Purpose: Inform you of activities in your projects (messages, votes, deadlines)
Data accessed: Device identifier to send targeted notifications
Required: No - You can disable notifications in your device settings

Network and Connectivity

Permission: INTERNET, ACCESS_NETWORK_STATE (automatic)
Purpose: Synchronize your data with the server, detect connectivity
Required: Yes - The application cannot function without an internet connection

5.2 Revoking permissions

You can revoke permissions at any time in your device settings:

Android: Settings → Apps → Time2Gether → Permissions
iOS: Settings → Time2Gether → Permissions

6. Data Storage and Security

6.1 Where your data is stored

Your data is stored on Supabase servers located in the European Union, ensuring compliance with GDPR.

6.2 Security measures

We implement technical and organizational security measures to protect your data:

Encryption in transit: All communications between the application and our servers use the HTTPS/TLS protocol
Encryption at rest: Your data is encrypted in the Supabase database
Secure authentication: Passwords are hashed using secure algorithms (bcrypt)
Restricted access: Only authorized members of a project can access project data
Regular backups: Your data is backed up regularly to prevent loss
Security monitoring: Detection of unauthorized access and suspicious activities

6.3 Retention period

Active account data: Retained as long as your account is active
Deleted account data: Deleted within 30 days of account deletion
Technical logs: Retained for a maximum of 90 days for debugging purposes
Project data: Retained as long as the project exists. If you leave a project, your contributions remain visible but can no longer be edited

6.4 No absolute guarantee

Despite our efforts, no system is completely secure. We cannot guarantee absolute security of your data. In the event of a data breach, we will notify you in accordance with GDPR regulations (within 72 hours).

7. Your Rights (GDPR)

In accordance with the General Data Protection Regulation (GDPR), you have the following rights:

7.1 Right of access

You can request a copy of all personal data we hold about you.

How: Contact us at support@usygec.frgec.fr with the subject "GDPR Access Request"

7.2 Right of rectification

You can correct inaccurate or incomplete personal data.

How: Directly in the application (Settings → Profile) or contact us

7.3 Right to erasure ("right to be forgotten")

You can request the deletion of your personal data.

How:

In the application: Settings → Account → Delete my account
By email: Contact us at support@usygec.frgec.fr

Timeframe: Deletion effective within 30 days

Exceptions: We may retain certain data if required by law or to defend our legal rights

7.4 Right to data portability

You can receive your data in a structured, machine-readable format and transfer it to another service.

How: Contact us at support@usygec.frgec.fr with the subject "GDPR Portability Request"

Format: We will provide your data in JSON format

7.5 Right to object

You can object to the processing of your personal data.

How: Contact us at support@usygec.frgec.fr

7.6 Right to restriction of processing

You can request the temporary restriction of processing of your data in certain cases.

How: Contact us at support@usygec.frgec.fr

7.7 Right to lodge a complaint

If you believe your rights are not being respected, you can lodge a complaint with your national data protection authority. For France, this is the CNIL (Commission Nationale de l'Informatique et des Libertés):

Website: https://www.cnil.fr
Address: 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07
Phone: +33 1 53 73 22 22

8. Cookies and Similar Technologies

8.1 Use of cookies

Time2Gether is a native mobile application and does not use cookies in the traditional web sense.

8.2 Local storage

The application uses your device's local storage to:

Remember your session (stay logged in)
Cache data to improve performance
Store your preferences (language, settings)

This storage is local and is not transmitted to third parties.

8.3 Advertising identifiers

Time2Gether does NOT collect advertising identifiers (IDFA on iOS, GAID on Android).

We display no advertising.

9. Protection of Minors

9.1 Minimum age

Time2Gether is intended for users aged 13 and over.

If you are under 13, you must not use the application.

9.2 Parental consent

For users aged 13 to 16 (depending on local legislation), the consent of a parent or legal guardian may be required.

9.3 Deletion of minor accounts

If we discover that a user is under 13, we will immediately delete their account and all their personal data.

Parents: If you believe your child under 13 has created an account, contact us immediately at support@usygec.frgec.fr.

10. User-Generated Content (UGC)

10.1 Nature of generated content

Time2Gether allows users to create and share content with other members:

Chat messages: Text communications between project members
Photos and files: Images and documents shared in projects
Decisions and proposals: Collaborative content for decision-making
Tasks and comments: Project organization and tracking

10.2 Content responsibility

You are responsible for the content you post on Time2Gether:

You guarantee that you have the necessary rights to share the content
You agree to respect our Community Rules
You must not post illegal, offensive, or inappropriate content

We do not moderate content in real time in a centralized manner. Time2Gether uses a decentralized moderation model where project creators are responsible for moderating their own community (see section 10.3bis).

However, we reserve the right to:

Remove any content that violates our rules
Suspend or delete accounts in case of serious violation
Cooperate with authorities in case of illegal content

10.3 Safety tools and control

For your protection, Time2Gether offers:

Abuse reporting

Report any inappropriate content or behavior
Long-press a message to report it
All reports are reviewed

User blocking

Block a user to stop seeing their messages
Blocked users cannot contact you
Manage your blocked users list in settings

Community Rules

View our rules in Settings → Community Rules
Respect other members and appropriate content
Zero tolerance for harassment, spam, or violent content

10.3bis Moderation by Project Creators

Time2Gether uses a decentralized moderation model:

Role of project creators

Each project creator is responsible for moderating their own community
Creators have access to a moderation dashboard allowing them to:
- View all abuse reports for their project
- Review reported messages and context
- Remove inappropriate messages
- Exclude members in case of serious rule violations

Transparency and control

Reports are confidential and visible only to the relevant project creator
Each creator manages their community independently
Moderation actions (message deletion, member exclusion) are recorded
Reported users can be excluded from a specific project without affecting their global account

Central oversight

We reserve the right to intervene in cases of:
- Illegal content (we cooperate with authorities)
- Serious and repeated violations across multiple projects
- Abusive behavior by the creator themselves
In case of content reported to our central team (support@usygec.frgec.fr), we review and take appropriate action within 48 hours

This model allows for reactive and contextual moderation adapted to each community, while preserving the overall safety of the platform.

10.4 Prohibited content

The following content is strictly prohibited:

Harassment: Abusive or intimidating behavior
Spam: Repetitive or unsolicited messages
Violence: Threats, incitement to violence
Hate speech: Discrimination, hateful remarks
Sexual content: Nudity, pornography, explicit content
Illegal content: Criminal activities, fraud, etc.

10.5 Reporting a problem

If you encounter a problem:

Report in the app: Use the "Report" button on the relevant message
Block the user: Immediate protection
Contact support: support@usygec.frgec.fr

We review all reports within 48 hours and take appropriate action.

10.6 Minimum age and protection of minors

Minimum age: 13 years
Parental supervision: Recommended for ages 13–16
Appropriate content: All content must be suitable for users aged 13 and over

11. International Data Transfers

11.1 European Union

Your data is primarily stored and processed in the European Union (Supabase servers).

11.2 Transfers outside the EU

Some of our service providers (Firebase, Twilio) may process data outside the EU.

In such cases, we ensure that:

Standard contractual clauses (SCCs) are in place
The provider adheres to protection standards equivalent to GDPR
Transfers are carried out in compliance with GDPR

12. Changes to This Policy

12.1 Right to modify

We may modify this privacy policy at any time to reflect:

Changes in our practices
New application features
Legal or regulatory developments

12.2 Notification of changes

In the event of a material change, we will notify you by:

A notification in the application
An email to your registered address (for major changes)

12.3 Effective date

The new version takes effect upon publication. The "Last updated" date at the top of this document indicates the current version.

Your continued use of the application after changes constitutes your acceptance of the new policy.

13. Contact and Questions

13.1 Data controller

Name: Time2Gether

Email: support@usygec.frgec.fr

Website: https://time2gether.app

13.2 To exercise your rights or ask questions

Email: support@usygec.frgec.fr

Subject: "Privacy / GDPR"

We commit to responding within a maximum of 30 days in accordance with GDPR.

13.3 Technical support

For any technical questions about using the application (unrelated to personal data):

Email: support@usygec.frgec.fr

Subject: "Support Time2Gether"

14. Summary - Key Points

      ✅ Minimal data: We only collect what is necessary for the application to function
✅ No data selling: We never sell your data to third parties
✅ No advertising: No advertising, no ad tracking
✅ Encryption: Your data is encrypted in transit and at rest
✅ User control: You control your permissions and can delete your account at
          any time
✅ Safety tools: Abuse reporting and user blocking available
✅ Decentralized moderation: Project creators responsible for their community
          with a moderation dashboard
✅ GDPR compliant: Full respect of your GDPR rights
✅ EU servers: Your data is stored in the European Union
✅ Responsive support: We respond to your requests within 30 days maximum

    

Thank you for using Time2Gether!

This privacy policy is effective from December 24, 2024.

Version 1.0