Transparency

How your data works.

Timetide handles data in two distinct ways — one that never leaves your device, and one that's entirely opt-in. Pick what you want to understand.

01

Your data never leaves your iPhone.

Everything is written to SwiftData — local storage on your device. There's no server-side database because there's no way for the data to get there. Structurally impossible, not just policy.

  • Timetable data
  • Attendance records
  • Personal Recap stats

02

No account. No profile. Nothing.

There's no sign-in because there's no server to sign into. We don't have your name, email, or any identifier that could connect you to data. Can't sell what we don't have.

  • Your name or email
  • Device or advertising ID
  • IP address or location
  • Usage analytics

03

iCloud sync is yours. Not ours.

Enable iCloud sync and your data moves through Apple's encrypted infrastructure — which only you control. We're not in that chain. We never see it pass through.

04

Personal Recap calculated locally.

Attendance patterns, most-skipped classes, total hours — every stat in your Personal Recap is calculated on-device. None of it needs to leave to be computed. It's all local arithmetic.

01

Off by default. You choose.

Off by default. If you opt in, your anonymised data contributes to community-wide Year in Review stats — aggregate numbers across all Timetide users, like which subjects get skipped most across Europe. This is separate from your personal recap, which is always private regardless. You can change it at any time.

02

Anonymised on your device. Not ours.

Before anything leaves your iPhone, the app strips every identifier — your name, device ID, exact timestamp, IP address. The anonymisation happens locally. By the time it reaches our server, there's nothing to trace back to you.

Removed
  • Your name
  • Device ID
  • Exact date & time
  • IP address
Sent
  • University & faculty name
  • Subject name
  • Class duration
  • Skipped: yes/no

03

Your data becomes a counter. Not a record.

The anonymous record is sent to our EU backend, which increments aggregate counters only. No individual row is ever written. Once your contribution is in, it's mathematically indistinguishable from everyone else's — we can see that Math 101 was skipped 15,430 times, but not who, when, or from which device.

04

Anonymous data isn't personal data.

Under GDPR, truly anonymous data falls outside the definition of personal data — there's no data subject, no rights to exercise, no controller relationship. That's not a loophole. It's why we designed the system this way: anonymise first, aggregate always, store nothing individual.

Right to object — Opt out anytime in Settings. Stops all future contributions — no forms, no waiting.

Right to access — We can't identify your contributions — the anonymisation is irreversible by design.

EU-hosted · GDPR-compliant · Questions: hello@timetide.eu