Privacy Policy

Last Updated: November 30, 2025

Introduction

GoldenEye Engineering LLC ("Company," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use TimOS (the "Service").

1. Information We Collect

Account Information

  • Email address
  • Password (stored only as a secure hash)
  • Name (optional)
  • Profile preferences

User Content

  • Journal entries and daily logs
  • Morning Pulse and EOD Reflection data
  • Pillar definitions and scores
  • Any other content you create in the Service

Technical Information

  • Device information and browser type
  • IP address and approximate location
  • Usage patterns and feature interactions
  • Authentication and security logs

2. How We Use Your Information

We use your information to:

  • Provide and maintain the Service
  • Process your transactions
  • Send you important notifications
  • Improve and personalize your experience
  • Ensure security and prevent fraud
  • Comply with legal obligations

3. How We Protect Your Information

We implement enterprise-grade security measures to protect your data:

  • Envelope Encryption: All user content is encrypted using AES-256-GCM with per-user keys
  • Crypto-Shredding: Deleting your account destroys your encryption keys, making data unrecoverable
  • Multi-Factor Authentication: Required for all accounts
  • Secure Infrastructure: Data is stored in SOC 2 compliant data centers
  • Regular Audits: We conduct regular security assessments

4. AI Features and Your Data

TimOS offers AI-powered features for pattern recognition and insights. Important information:

  • You provide your own AI API keys (Bring Your Own Key)
  • Your data is sent directly to your chosen AI provider
  • We do not use your data to train AI models
  • AI features are optional and can be disabled
  • Each AI provider has their own privacy policy that applies

5. Information Sharing

We do not sell your personal information. We may share information only:

  • With your consent
  • With service providers who assist in operating the Service (under strict confidentiality agreements)
  • To comply with legal obligations or valid legal processes
  • To protect our rights, privacy, safety, or property
  • In connection with a merger, acquisition, or sale of assets (with notice to you)

6. Data Retention

We retain your data for as long as your account is active. After account deletion:

  • Your encryption keys are destroyed immediately
  • Encrypted content becomes permanently unrecoverable
  • Account metadata is deleted within 30 days
  • Audit logs may be retained for up to 7 years for legal compliance

7. Your Rights

Depending on your location, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data
  • Export your data in a portable format
  • Object to certain processing activities
  • Withdraw consent at any time

8. International Transfers

Your data may be transferred to and processed in countries outside your country of residence. We ensure appropriate safeguards are in place, including Standard Contractual Clauses for transfers from the EU/EEA.

9. Children's Privacy

The Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. Contact Us

For privacy-related inquiries or to exercise your rights, contact our Data Protection Officer at:

  • Email: privacy@timos.app
  • Address: GoldenEye Engineering LLC