Privacy Policy
Last updated: March 2026
1. Identity & Contact
Timekeepur Labs ("we," "us,") operates the Timekeepur Labs service. We are based in Chicago, IL, USA. Contact: hello@timekeepur.com · Let's Talk · timekeepur.com
2. Data We Collect
We collect account information (email, name), authentication and session data needed to securely sign you in, usage data, diagnostic and blueprint content you create, and payment information (processed by Stripe). If you choose social sign-in, we may also receive basic profile data from that provider, such as your account identifier, username, display name, and email address when made available. We do not sell your data to advertisers or any third party.
3. How We Use Data
We use data solely to deliver the Service, provide support, and ensure security. We do not train AI models on your data. Model providers (via Vercel AI Gateway) do not train on API inputs. We never sell data to advertisers.
4. Subprocessors
We use the following subprocessors to operate the Service. Each has appropriate data protection commitments:
| Service | Purpose | Location |
|---|---|---|
| Neon | PostgreSQL database, auth data storage | US |
| Better Auth | Authentication and session management | US |
| Stripe | Payment processing | US |
| Vercel | Hosting, analytics | US |
| Vercel AI Gateway | AI inference and image generation (Claude, Google, OpenAI, Recraft models) | US |
| World Labs | Interactive simulation generation and media processing (Marble) | US |
| Resend | Transactional email | US |
| Upstash Redis | Rate limiting, caching, draft tokens | US |
5. Connectors & Public APIs
When you enable blueprint connectors, we fetch public data from these sources. We also use GitHub API for open-source repo metadata on our landing page.
| Connector | Source | Purpose |
|---|---|---|
| Hacker News | Algolia (hn.algolia.com) | Story search |
| X (Twitter) | api.x.com | Post lookup |
| Product Hunt | Product Hunt API | Launch discovery |
| Semantic Scholar | api.semanticscholar.org | Paper search |
| arXiv | export.arxiv.org | Preprint search |
| ClinicalTrials.gov | clinicaltrials.gov/api/v2 | Trial search |
| OpenFDA | api.fda.gov | Drug label search |
| SEC EDGAR | efts.sec.gov | Filing search |
| SpaceX | api.spacexdata.com | Launch data |
| Library of Congress | www.loc.gov | Historic records |
6. Data Retention
We retain data as needed to provide the Service. Enterprise customers may request zero-retention SLAs - configurable deletion with no persistent storage of sensitive content.
7. Security
We use encryption in transit and at rest, access controls, and row-level security (Neon) to protect your data.
8. Children's Privacy
The Service is not directed to children under 13. We do not knowingly collect personal information from anyone under the age of 13. If we become aware that a child under 13 has provided us with personal data, we will delete the account and all associated information without undue delay.
Users aged 13 through 17 may access the Service through our Educator Program using a valid school-issued email address. These accounts are individual consumer accounts and are not managed by or provisioned on behalf of a school district. We do not condition participation in the Educator Program on the disclosure of more personal information than is reasonably necessary (email address and, optionally, institution name).
9. Compliance
We aim to comply with GDPR, CCPA, CAN-SPAM, and are SOC2-ready. We do not train AI models on user data and never sell data to advertisers.
COPPA. We do not knowingly collect data from children under 13. Educator Program accounts require users to be at least 13 years of age.
FERPA.Timekeepur Labs does not act as a "school official" under FERPA for Educator Program accounts. These are individual consumer accounts, not institutional records. Organizations that require FERPA-compliant data handling, directory-information agreements, or designation of Timekeepur Labs as a school official must execute an Enterprise agreement.
SOPPA. The Educator Program does not involve the sale, transfer, or district-managed provisioning of student data. School districts seeking SOPPA-compliant deployments, including data governance plans, breach-notification commitments, and data-deletion schedules, must execute an Enterprise agreement.
10. Your Rights
You may request access, deletion, portability, or opt-out of certain processing. Use the form below to request a data export (CSV).
11. Data Request
Request a copy of your data. We'll send a confirmation to the email you provide and process your request within 24–48 hours if your account is active.
12. Updates
We may update this policy. Material changes will be communicated via email or a notice in the Service. Continued use after changes constitutes acceptance.