← TimeFrame

Privacy Policy

Last updated: 26 March 2026

1. What We Collect

TimeFrames ("we", "our", "the app") collects only what is needed to provide the service:

• Google account info — name, email, and profile picture via Google Sign-In, used to identify your account.
• Device information — a device identifier and type (TV, phone, or browser) to deliver the correct display configuration.
• Display settings — clock/timezone selections, colours, schedules, alarm configurations, and layout preferences.
• Payment information — processed entirely by Stripe. We store only your Stripe customer ID and subscription status. We never see or store card numbers.

2. Photos — What We Store and What We Don't

We do not download, store, or process your photos on our servers.

When you select photos from Google Photos, they are stored in your own Google Drive account. All photo data remains entirely within your Google account. Our server stores only a reference ID pointing to the file in your Drive — never the photo itself.

Photos are encrypted on your device before being stored in your Google Drive. This means even if someone gains access to your Drive files, the photos cannot be viewed without your TimeFrames account. Photos are decrypted only on your devices at the time of display.

Photo data travels between Google's servers and your device only — it never passes through our servers.

3. How We Use Your Data

• Display clocks, weather, and photos on your devices.
• Sync display settings between your phone and TV in real time.
• Process subscription payments via Stripe.
• Show promotional slides to free-tier users (no personal data is used for targeting).

4. Data Storage and Security

We store your display settings (clocks, schedules, alarms, layout preferences) in a database on our servers. Sensitive data including Google OAuth tokens and encryption keys are encrypted at rest in our database using AES-256 encryption. Even in the event of a database breach, these values cannot be read without the server's encryption key.

To be clear: no photos, no photo data, and no photo content is stored on our servers. All photo content remains in the account holder's Google Drive.

5. Data Sharing

We do not sell, rent, or share your personal data with third parties, except:

• Stripe — for payment processing.
• Google — we use Google OAuth, Google Photos Picker, and Google Drive APIs under Google's terms.
• Open-Meteo — we send geographic coordinates (not personal data) to fetch weather data.

6. Google API Scopes

We request the following Google API scopes:

• openid, email, profile — for sign-in.
• photospicker.mediaitems.readonly — to let you select photos from Google Photos via the Picker.
• drive.file — to store selected photos in your own Google Drive for permanent access by your devices.

We comply with the Google API Services User Data Policy, including the Limited Use requirements.

7. Data Retention

Your settings are retained as long as your account is active. If you delete your account, all associated data (devices, clocks, schedules, album references, preferences) is permanently deleted within 30 days. Photos in your Google Drive are not affected — they remain in your Google account.

8. Your Rights

You can:

• View and update your settings through the app.
• Revoke Google access at any time via your Google Account permissions.
• Delete your account by contacting us.

9. Children's Privacy

TimeFrames is not directed at children under 13. We do not knowingly collect data from children.

10. Changes

We may update this policy. Changes will be posted on this page with an updated date.

11. Contact

For privacy questions, contact: privacy@timeframes.au