Last updated: March 23, 2026
When you create an account, we store your email address and a hashed password (PBKDF2 — we never store your password in plain text).
As you use Time Gummy, we store the content you create: tasks, habits, goals, projects, countdowns, and time blocks. All data is stored per-user and is only accessible to you.
If you connect your Google account, we request access to read your calendar events and create or edit events on your behalf. We use these scopes:
calendar.readonly — to display your events in Time Gummycalendar.events — to push tasks to your calendarWe store your Google OAuth tokens securely in our database to maintain the connection. We do not access any other Google data. You can disconnect your Google account at any time from Settings.
Payments are processed by Stripe. We store your Stripe customer ID and subscription status. We never see or store your credit card number — that is handled entirely by Stripe.
We use PostHog for product analytics to understand how features are used and improve the app. PostHog may collect anonymized usage data such as page views and feature interactions.
We use a session cookie to keep you logged in. This cookie expires after 30 days. We do not use advertising or third-party tracking cookies.
Time Gummy runs on Cloudflare. Your data is stored in Cloudflare D1, a distributed SQLite database. Cloudflare may process requests through their global network.
Passwords are hashed with PBKDF2 before storage. All connections use HTTPS. Session tokens are cryptographically random and hashed at rest. We follow standard security practices to protect your data.
You can delete your account and all associated data by contacting us. Upon deletion, all your tasks, habits, goals, projects, and account information are permanently removed from our database.
We may update this policy from time to time. If we make significant changes, we will notify you through the app.
Questions about this policy? Reach us at privacy@timegummy.com.