Timeless Privacy Policy

Last Update: November 16, 2025

Welcome to Timeless, an AI-powered productivity companion that, through an integration with your online calendar, captures and summarizes your day, organizes all relevant information within the right tool, and proactively surfaces the knowledge you need and when you need it (the “Service”). The Service is owned and operated by Supertools Inc. (“we”, “us”), which is the data controller (also known as the ‘Database Owner’) of your Personal Data.

We respect your privacy. This Privacy Notice (the “Notice”) explains our privacy practices for the Service. The Notice also describes the rights and options available to you with respect to your personal information. This Privacy Notice is meant to be read together with our Terms of Service ("Terms"). In general, we recommend that you routinely review this Privacy Notice and your preferences on your Account. Any capitalized terms that are not defined herein shall have the meanings set forth in the Terms.

When we refer to "Personal Data", we mean information that is defined as personal data under law. This includes information that identifies you directly or indirectly, including unique identifiers like IP addresses or cookie IDs.

Note that certain jurisdictions may require consent from some/all participants for call/video recording. You understand that you are solely responsible for obtaining, maintaining and respecting that consent from the other parties and, if that consent is revoked, for deleting the recording for which that consent was given.

We collect and process Personal Data of the following categories of individuals:

  1. Customer Data

If you are an individual user of our Service, “Customer Data” means Personal Data processed by the Timeless cloud-based services, including our platforms, products, applications, APIs, tools, and any ancillary or supplementary products and services, offered in our web and mobile applications (collectively, “Platform”).

If you are a user with a Timeless for Business account, the term Customer Data refers to personal data that we collect, process and manage on behalf of our business customers (“Customers”), submitted to the Platform. We process such Customer Data on behalf and under the instruction of the respective Customer in our capacity as a “data processor”, in accordance with our data processing addendum with them. For more information, please refer to Section I below. Accordingly, this Notice – which describes our independent privacy and data processing practices as a “data controller” – with respect to the Platform and our websites, does not apply to the processing of Customer Data. If you have any questions or requests regarding Customer Data, please contact your account administrator(s) (“Account Admin”) directly.

  1. User Data: Personal Data concerning our Customers’ internal focal persons who directly engage with us concerning their Timeless account (e.g. billing contacts and authorized signatories), Customers’ Account Admins, and authorized users of the Platform (collectively, “Users”);

  1. Visitor Data: Personal Data relating to our websites visitors (including but not limited to www.timeless.day), participants at events, and any other prospective customer, user or partner (collectively, “Prospects”) who visit or otherwise interact with our programs, marketing and social activities and our websites, digital ads and content, emails, integrations or communications under our control (“Site(s)”).

By using the Service, you acknowledge and freely agree that your Personal Data (as defined below) will be collected and processed as described in this Notice. You are not legally required to provide us with your Personal Data. If you do not consent to the collection or processing of your Personal Data, we may be unable to provide you with certain features of the Service, and in some cases, may be unable to provide access to the Service altogether. For example, if you do not share your phone number or email address we won’t be able to open a user account for you. If you do not agree with how we process your Personal Data please do not use our Service.

  1. PERSONAL DATA WE COLLECT & PROCESS

  1. When you use the Service we collect the following Personal Data directly from you:

  1. Registration Information (applicable to both Users and Customers who are individuals): In order to sign up to the Service, you must register with your Calendar Account (as defined in the Terms). When you do this, you allow us access to your account information, which includes your name, email address, account username and other information that the relevant third party calendar service provides us about you.
  2. Calendar Information (Customer Data): When you use the Service, we collect the information that you include in your calendar available through your Calendar Account. This information includes meeting titles, contacts, locations, and any other information you choose to include in your calendar. 
  3. Meeting Content (Customer Data): When you use the Service to record and/or produce a summary, insight and/or brief of your meetings, we record and transcribe the meeting, or analyze existing recordings of meetings that you provide.
  4. Payment Data (Customer Data): If you subscribe to our Service for a fee, we receive information related to such purchase, such as the last four (4) digits of your credit card number.
  5. Data from APIs (Customer Data): If you connect your Timeless account to other third party services  (e.g. Google/Microsoft), we collect Personal Data via APIs for services with which we integrate. These may include Google APIs that allow us to integrate with their Calendar, Meet, and Gmail services, the Microsoft APIs that allow us to integrate with Outlook and Teams services, as well as Zoom APIs and others. 

When you use the Service we automatically collect the following Personal Data:

  1. Computer/Mobile Device Data: Connectivity, technical and usage data, such as IP addresses and approximate general locations derived from such IP addresses, device and application data (like type, operating system, mobile device or app id, browser version, location and language settings used), user-customized IDs (where personal data is included), activity logs, the relevant cookies and pixels installed or utilized on your device, and the recorded activity (sessions, clicks, use of features, logged activities and other interactions). 

We collect the following Personal Data from third-party sources:

  1. Publicly Available Data: We may receive Personal Data from other sources, such as publicly available data, strategic and joint marketing partners, social media platforms, people with whom you are friends or otherwise connected with on social media platforms, as well as from other third parties. This information comes from third-party sources outside of your direct interaction with the Service.

  1. Website, Social Media and Blog Visitors. When you visit our Sites, interact with our social media assets, visit us at an event, or post on our blog, we collect the following Personal Data:

For the purposes of the California Consumer Privacy Act (“CCPA”), specifically in the last twelve (12) months, we have collected the following categories of Personal Information: Identifiers; Professional or Employment-Related Information; Internet or other Electronic Network Activity Information; Customer Records Information; Geolocation Information; Inferences; and Audio, electronic, visual or similar Information. We do not use or disclose sensitive personal information as defined in the CCPA.

  1. PERSONAL DATA USES & LEGAL BASES 

  1. Registration Information. We use your Registration Information to allow you access to our Service (performance of a contract with you), save your preferences, contact you regarding the Service, protect the security of our Service, prevent fraud, and address any issues that arise (legitimate interest). We may use your Registration Information to send you marketing communications about our Service, including newsletters and updates about new services that we believe may be suitable to you. Where required, we will collect your consent prior to sending you any marketing communications, and you may opt-out of marketing communications and/or our newsletter at any time. See the relevant section below for more details.
  2. Calendar Information. We process this Personal Data to provide you with our Service, and do so on the basis of performance of a contract with you. When we use this information to improve our Service, to fix bugs, and to improve stability, we do so based on our legitimate interest to develop our business.
  3. Meeting Content and Data from APIs. We use this Personal Data to provide you with the Service (performance of a contract), specifically to produce the summary, insights, briefs and follow ups to you, and to provide you with support where applicable. We also use this information to improve our Service, to fix bugs, and to improve stability and we do so based on our legitimate interest to develop our business and our Service (legitimate interest).
  4. Payment Information. We use this Personal Data to process your payment (performance of a contract) and to prevent fraud (legitimate interest). 
  5. Computer/Mobile Device Data. We strive to continually improve our service for our users. The legal basis under EU law for this processing is our legitimate interest in monitoring securing, and improving our Service.
  6. Messages and Social Media Interactions. We use the feedback (including any Personal Data) you provide to fix specific bugs, generally improve our Service, and develop new products and services (legitimate interest). We use any Personal Data sent in a message to us in order to respond to your message.
  7. We use analytical data and data about interaction with our Sites to generate aggregated analytics data about the use of our Site and Service, to maintain and improve the Site and Service and to develop new products or services. We also use statistical data to prevent fraud and protect the security of our Site and Service. We process this Personal Data based our legitimate interests to develop and improve our products and services, to fix bugs, to improve stability, and to prevent fraud.

  1. PERSONAL DATA SHARING 

We do not sell your personal information to third parties.

We will share your information with our affiliate companies.

We share your Personal Data with our affiliated company, Superpower Ltd., where this is necessary to provide you with our products and services and so that we can manage our business. 

We will share your information with our service providers helping us to operate the Service.

We will share your personal information with service providers, who assist us with the internal operations of the Service. These services provided by our service provider include cloud hosting services, user authentication, application monitoring and logging, feature management, AI generation, call recording, transcription and storage of Meeting Content, application tracing, source code hosting, email management, and analytics. These companies are authorized to use your Personal Data only as necessary to provide these services to us and not for their own purposes. 

If you violate the law, we will share your information with competent authorities.

If you violate any applicable law, your information will be shared with competent authorities and with third parties (such as legal counsels and advisors), for the purpose of handling the violation. 

We will share your information if we are legally required.

We will disclose your Personal Data if we are required to do so by a judicial, governmental or regulatory authority. 

We will share your information if the operation of the Service is organized within a different framework.

If the operation of the Service is organized within a different framework, or through another legal structure or entity (such as due to a merger or acquisition) or if we are looking to sell our company, liquidate assets, or merge with another, we will share your information with other interested parties as part of negotiations toward that transaction, or as a result of that transaction, as applicable, provided that those entities agree to be bound by the provisions of this Notice, with reasonably necessary changes taken into consideration. 

We will share your information with Services integrations

When You or your Account Admin choose to integrate your account with third-party services, the provider of such integrated third-party Services may receive certain relevant data about or from your account, or disclose certain relevant data from the account on the third-party provider’s service, depending on the nature and purpose of such integration. Note that we do not receive or store your passwords for any of these third-party Services (but do typically require your API key in order to integrate with them). If you do not wish your data to be disclosed to such third-party service, please contact your Account Admin. 

We will share your information with Customers and other Users

If you are a corporate user, your Personal Data may be disclosed to the Customer owning the account to which you are subscribed as a User (including data and communications concerning your profile), as well as other Users of that account. Your Personal Data and activity within the Service may also be monitored, processed and analyzed by the Account Admin. This includes instances where you contact us for help in resolving an issue specific to a team of which you are a member (and which is managed by the same Customer).

We will share your information contained in Feedback or Recommendations.

If you submit a public review, feedback, public blogs or forums note that we may (at our discretion) store and present your review publicly, on our Sites and Service. If you wish to remove your public review, please contact us at hey@magical.team. If you choose to send others an email or message inviting them to use the Service, we may use the contact information you provide us to automatically send such invitation email or message on your behalf. Your name and email address may be included in the invitation email or message.

We will share your information to Protect Rights and Safety

We may disclose your personal data to others if we believe in good faith that this will help protect our rights, property or safety, any of our Users or Customers, or any members of the general public.

  1. SECURITY AND DATA RETENTION

We retain your Personal Data until you request its deletion and thereafter for compliance and legal purposes.

We may retain your Personal Data for as long as it is reasonably needed to maintain and expand our relationship and provide you with our Services and offerings; in order to comply with our legal and contractual obligations; or to protect ourselves from any potential disputes (e.g. as required by laws applicable to log-keeping, records and bookkeeping, and in order to have proof and evidence concerning our relationship, should any legal issues arise following your discontinuance of use), all in accordance with our data retention policy and at our reasonable discretion. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of such data, the potential risk of harm from unauthorized use or disclosure of such data, the purposes for which we process it, and the applicable legal requirements. If you have any questions about our data retention policy, please contact us by email at hey@magical.team.

We implement measures to secure your Information.

We implement measures to reduce the risks of damage, loss of information and unauthorized access or use of information. However, these measures do not provide absolute security. Therefore, although efforts are made to secure your personal information, it is not guaranteed, and you cannot expect, that the Service will be immune from information security risks. The measures we take include:

Technical Measures. The electronic safeguards we employ to protect your personal data include secure servers and firewalls. We encrypt data in transit [and at rest] using secure TLS/SSL protocols.

Access Control. We limit access to your personal data only to authorized personnel who have a need to know, including account managers, customer support staff, and software developers. We review these permissions regularly and revoke an employee's access immediately after his/her termination. A very small sample size might be infrequently accessed by the engineering team to fix errors, improve summary quality, and improve the application, which will only be done with consent from the customers to assist and support with issues. You can opt out of the latter depending on the subscription plan.

Internal Policies. We maintain and regularly review and update our privacy related and information security policies.

Personnel. We require employees to sign non-disclosure agreements according to applicable law and industry customary practice.

Database Backup. Our databases are backed up and verified regularly. Backups are encrypted and stored within the production environment to preserve their confidentiality and integrity.

  1. DATA LOCATION AND INTERNATIONAL DATA TRANSFER

We and our authorized Service Providers (defined below) maintain, store and process personal data in the United States (US), Europe, Israel, and United Kingdom (UK), and other locations as reasonably necessary for the proper performance and delivery of our Services, or as may be required by applicable law.

While privacy laws vary between jurisdictions, Timeless, its affiliates and Service Providers are each committed to protect personal data in accordance with this Notice, customary and reasonable industry standards, and such appropriate lawful mechanisms and contractual terms requiring adequate data protection, regardless of any lesser legal requirements that may apply in the jurisdiction to which such data is transferred.

Superpower Ltd. is headquartered in Israel, a jurisdiction which is considered by the European Commission, the UK Secretary of State, and the Swiss Federal Data Protection and Information Commissioner (FDPIC), to be offering an adequate level of protection for personal data of individuals residing in EU Member States, the UK and Switzerland, respectively. We transfer data from the European Economic Area (EEA), the UK and Switzerland to Israel on this basis.

For any transfers from the EEA or the UK to other countries, we rely on standard contractual clauses (SCCs) or the UK IDTA for transfers, where applicable.

  1. YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA

You have the right to access, update or delete your Personal Data and obtain a copy of your Personal Data.

If you are an individual in the EU, you have the following rights:

Right to Access your Personal Data that we process and receive a copy of it.

Right to Rectify inaccurate Personal Data we have concerning you and to have incomplete Personal Data completed.

Right to Data Portability, that is, to receive the Personal Data that you provided to us, in a structured, commonly used and machine-readable format. You have the right to transmit this data to another service provider. Where technically feasible, you have the right that your Personal Data be transmitted directly from us to the service provider you designate.

If the legal basis for processing your personal information is your consent, you may Withdraw Your Consent at any time. If you do that, we will still process certain information on legal basis other than consent, as described in this Notice. Withdrawing your consent will not affect the lawfulness of data processing we carried out based on your consent before such withdrawal.

Right to Object based on your particular situation, to using your Personal Data on the basis of our legitimate interest. However, we may override the objection if we demonstrate compelling legitimate grounds, or for the establishment, exercise of defense of legal claims. You may also object at any time to the use of your Personal Data for direct marketing purposes.

Right to Restrict processing your Personal Data (except for storing it) if you contest the accuracy of your Personal Data, for a period enabling us to verify its accuracy; if you believe that the processing is unlawful and you oppose the erasure of the Personal Data and request instead to restrict its use; if we no longer need the Personal Data for the purposes outlined in this Notice, but you require them to establish, exercise or defend against legal claims, or if you object to processing, pending the verification whether our legitimate grounds for processing override yours.

Right to be Forgotten. Under certain circumstances, such as when you withdraw your consent, you have the right to ask us to erase your Personal Data. However, we may still process your Personal Data in certain cases such as where a different user is designated as the owner of a recording of a video call or where it is necessary to comply with a legal obligation we are subject to under applicable laws or for the establishment, exercise of or defense against legal claims.

If you wish to exercise any of these rights, contact us at privacy@timeos.ai.

We reserve the right to ask for reasonable evidence to verify your identity before we provide you with information. Where we are not able to provide you with information that you have asked for, we will explain the reason for this.

You have a right to submit a complaint to the relevant supervisory data protection authority.

Subject to applicable law, you have the right to lodge a complaint with your local data protection authority. If you are in the EU, you can lodge a complaint to the supervisory authority, in particular in the Member State of your residence, place of work or of an alleged infringement of the GDPR. 

  1. COOKIES AND SIMILAR TECHNOLOGIES

What are Cookies?

A cookie is a small piece of text that is sent to your browser by a website you visit. This piece of text acts as a sort of tag, letting the website know that it's you (really, your device) that's visiting. There are other technologies that act similarly, like web beacons, pixel tags, and Device IDs for apps, but for simplicity's sake we'll refer to them all as "Cookies".

Websites can place their own cookies (called "first-party cookies") but can also place cookies from other sites (called "third-party cookies"). If your browser holds both first and third-party cookies for a given website, both the website and the third party are notified when you visit the site. We may place both first and third-party cookies on our Site and Service.

How We Use Cookies

While the specific names and types of cookies we use may change from time to time, they generally fall into one of the categories listed below.