timeOS Privacy Policy

Last Update: November 16, 2025

Welcome to timeOS, an AI-powered productivity companion that, through an integration with your online calendar, captures and summarizes your day, organizes all relevant information within the right tool, and proactively surfaces the knowledge you need and when you need it (the “Service”). The Service is owned and operated by Supertools Inc. (“we”, “us”), which is the data controller (also known as the ‘Database Owner’) of your Personal Data.

We respect your privacy. This Privacy Notice (the “Notice”) explains our privacy practices for the Service. The Notice also describes the rights and options available to you with respect to your personal information. This Privacy Notice is meant to be read together with our Terms of Service ("Terms"). In general, we recommend that you routinely review this Privacy Notice and your preferences on your Account. Any capitalized terms that are not defined herein shall have the meanings set forth in the Terms.

When we refer to "Personal Data", we mean information that is defined as personal data under law. This includes information that identifies you directly or indirectly, including unique identifiers like IP addresses or cookie IDs.

Note that certain jurisdictions may require consent from some/all participants for call/video recording. You understand that you are solely responsible for obtaining, maintaining and respecting that consent from the other parties and, if that consent is revoked, for deleting the recording for which that consent was given.

We collect and process Personal Data of the following categories of individuals:

  1. Customer Data

If you are an individual user of our Service, “Customer Data” means Personal Data processed by the timeOS cloud-based services, including our platforms, products, applications, APIs, tools, and any ancillary or supplementary products and services, offered in our web and mobile applications (collectively, “Platform”).

If you are a user with a timeOS for Business account, the term Customer Data refers to personal data that we collect, process and manage on behalf of our business customers (“Customers”), submitted to the Platform. We process such Customer Data on behalf and under the instruction of the respective Customer in our capacity as a “data processor”, in accordance with our data processing addendum with them. For more information, please refer to Section I below. Accordingly, this Notice – which describes our independent privacy and data processing practices as a “data controller” – with respect to the Platform and our websites, does not apply to the processing of Customer Data. If you have any questions or requests regarding Customer Data, please contact your account administrator(s) (“Account Admin”) directly.

  1. User Data: Personal Data concerning our Customers’ internal focal persons who directly engage with us concerning their timeOS account (e.g. billing contacts and authorized signatories), Customers’ Account Admins, and authorized users of the Platform (collectively, “Users”);

  1. Visitor Data: Personal Data relating to our websites visitors (including but not limited to www.timeos.ai), participants at events, and any other prospective customer, user or partner (collectively, “Prospects”) who visit or otherwise interact with our programs, marketing and social activities and our websites, digital ads and content, emails, integrations or communications under our control (“Site(s)”).

By using the Service, you acknowledge and freely agree that your Personal Data (as defined below) will be collected and processed as described in this Notice. You are not legally required to provide us with your Personal Data. If you do not consent to the collection or processing of your Personal Data, we may be unable to provide you with certain features of the Service, and in some cases, may be unable to provide access to the Service altogether. For example, if you do not share your phone number or email address we won’t be able to open a user account for you. If you do not agree with how we process your Personal Data please do not use our Service.

  1. PERSONAL DATA WE COLLECT & PROCESS

  1. When you use the Service we collect the following Personal Data directly from you:

  1. Registration Information (applicable to both Users and Customers who are individuals): In order to sign up to the Service, you must register with your Calendar Account (as defined in the Terms). When you do this, you allow us access to your account information, which includes your name, email address, account username and other information that the relevant third party calendar service provides us about you.
  2. Calendar Information (Customer Data): When you use the Service, we collect the information that you include in your calendar available through your Calendar Account. This information includes meeting titles, contacts, locations, and any other information you choose to include in your calendar. 
  3. Meeting Content (Customer Data): When you use the Service to record and/or produce a summary, insight and/or brief of your meetings, we record and transcribe the meeting, or analyze existing recordings of meetings that you provide.
  4. Payment Data (Customer Data): If you subscribe to our Service for a fee, we receive information related to such purchase, such as the last four (4) digits of your credit card number.
  5. Data from APIs (Customer Data): If you connect your timeOS account to other third party services  (e.g. Google/Microsoft), we collect Personal Data via APIs for services with which we integrate. These may include Google APIs that allow us to integrate with their Calendar, Meet, and Gmail services, the Microsoft APIs that allow us to integrate with Outlook and Teams services, as well as Zoom APIs and others. 

When you use the Service we automatically collect the following Personal Data:

  1. Computer/Mobile Device Data: Connectivity, technical and usage data, such as IP addresses and approximate general locations derived from such IP addresses, device and application data (like type, operating system, mobile device or app id, browser version, location and language settings used), user-customized IDs (where personal data is included), activity logs, the relevant cookies and pixels installed or utilized on your device, and the recorded activity (sessions, clicks, use of features, logged activities and other interactions). 

We collect the following Personal Data from third-party sources:

  1. Publicly Available Data: We may receive Personal Data from other sources, such as publicly available data, strategic and joint marketing partners, social media platforms, people with whom you are friends or otherwise connected with on social media platforms, as well as from other third parties. This information comes from third-party sources outside of your direct interaction with the Service.

  1. Website, Social Media and Blog Visitors. When you visit our Sites, interact with our social media assets, visit us at an event, or post on our blog, we collect the following Personal Data:

For the purposes of the California Consumer Privacy Act (“CCPA”), specifically in the last twelve (12) months, we have collected the following categories of Personal Information: Identifiers; Professional or Employment-Related Information; Internet or other Electronic Network Activity Information; Customer Records Information; Geolocation Information; Inferences; and Audio, electronic, visual or similar Information. We do not use or disclose sensitive personal information as defined in the CCPA.

  1. PERSONAL DATA USES & LEGAL BASES 

  1. Registration Information. We use your Registration Information to allow you access to our Service (performance of a contract with you), save your preferences, contact you regarding the Service, protect the security of our Service, prevent fraud, and address any issues that arise (legitimate interest). We may use your Registration Information to send you marketing communications about our Service, including newsletters and updates about new services that we believe may be suitable to you. Where required, we will collect your consent prior to sending you any marketing communications, and you may opt-out of marketing communications and/or our newsletter at any time. See the relevant section below for more details.
  2. Calendar Information. We process this Personal Data to provide you with our Service, and do so on the basis of performance of a contract with you. When we use this information to improve our Service, to fix bugs, and to improve stability, we do so based on our legitimate interest to develop our business.
  3. Meeting Content and Data from APIs. We use this Personal Data to provide you with the Service (performance of a contract), specifically to produce the summary, insights, briefs and follow ups to you, and to provide you with support where applicable. We also use this information to improve our Service, to fix bugs, and to improve stability and we do so based on our legitimate interest to develop our business and our Service (legitimate interest).
  4. Payment Information. We use this Personal Data to process your payment (performance of a contract) and to prevent fraud (legitimate interest). 
  5. Computer/Mobile Device Data. We strive to continually improve our service for our users. The legal basis under EU law for this processing is our legitimate interest in monitoring securing, and improving our Service.
  6. Messages and Social Media Interactions. We use the feedback (including any Personal Data) you provide to fix specific bugs, generally improve our Service, and develop new products and services (legitimate interest). We use any Personal Data sent in a message to us in order to respond to your message.
  7. We use analytical data and data about interaction with our Sites to generate aggregated analytics data about the use of our Site and Service, to maintain and improve the Site and Service and to develop new products or services. We also use statistical data to prevent fraud and protect the security of our Site and Service. We process this Personal Data based our legitimate interests to develop and improve our products and services, to fix bugs, to improve stability, and to prevent fraud.

  1. PERSONAL DATA SHARING 

We do not sell your personal information to third parties.

We will share your information with our affiliate companies.

We share your Personal Data with our affiliated company, Superpower Ltd., where this is necessary to provide you with our products and services and so that we can manage our business. 

We will share your information with our service providers helping us to operate the Service.

We will share your personal information with service providers, who assist us with the internal operations of the Service. These services provided by our service provider include cloud hosting services, user authentication, application monitoring and logging, feature management, AI generation, call recording, transcription and storage of Meeting Content, application tracing, source code hosting, email management, and analytics. These companies are authorized to use your Personal Data only as necessary to provide these services to us and not for their own purposes. 

If you violate the law, we will share your information with competent authorities.

If you violate any applicable law, your information will be shared with competent authorities and with third parties (such as legal counsels and advisors), for the purpose of handling the violation. 

We will share your information if we are legally required.

We will disclose your Personal Data if we are required to do so by a judicial, governmental or regulatory authority. 

We will share your information if the operation of the Service is organized within a different framework.

If the operation of the Service is organized within a different framework, or through another legal structure or entity (such as due to a merger or acquisition) or if we are looking to sell our company, liquidate assets, or merge with another, we will share your information with other interested parties as part of negotiations toward that transaction, or as a result of that transaction, as applicable, provided that those entities agree to be bound by the provisions of this Notice, with reasonably necessary changes taken into consideration. 

We will share your information with Services integrations

When You or your Account Admin choose to integrate your account with third-party services, the provider of such integrated third-party Services may receive certain relevant data about or from your account, or disclose certain relevant data from the account on the third-party provider’s service, depending on the nature and purpose of such integration. Note that we do not receive or store your passwords for any of these third-party Services (but do typically require your API key in order to integrate with them). If you do not wish your data to be disclosed to such third-party service, please contact your Account Admin. 

We will share your information with Customers and other Users

If you are a corporate user, your Personal Data may be disclosed to the Customer owning the account to which you are subscribed as a User (including data and communications concerning your profile), as well as other Users of that account. Your Personal Data and activity within the Service may also be monitored, processed and analyzed by the Account Admin. This includes instances where you contact us for help in resolving an issue specific to a team of which you are a member (and which is managed by the same Customer).

We will share your information contained in Feedback or Recommendations.

If you submit a public review, feedback, public blogs or forums note that we may (at our discretion) store and present your review publicly, on our Sites and Service. If you wish to remove your public review, please contact us at hey@magical.team. If you choose to send others an email or message inviting them to use the Service, we may use the contact information you provide us to automatically send such invitation email or message on your behalf. Your name and email address may be included in the invitation email or message.

We will share your information to Protect Rights and Safety

We may disclose your personal data to others if we believe in good faith that this will help protect our rights, property or safety, any of our Users or Customers, or any members of the general public.

  1. SECURITY AND DATA RETENTION

We retain your Personal Data until you request its deletion and thereafter for compliance and legal purposes.

We may retain your Personal Data for as long as it is reasonably needed to maintain and expand our relationship and provide you with our Services and offerings; in order to comply with our legal and contractual obligations; or to protect ourselves from any potential disputes (e.g. as required by laws applicable to log-keeping, records and bookkeeping, and in order to have proof and evidence concerning our relationship, should any legal issues arise following your discontinuance of use), all in accordance with our data retention policy and at our reasonable discretion. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of such data, the potential risk of harm from unauthorized use or disclosure of such data, the purposes for which we process it, and the applicable legal requirements. If you have any questions about our data retention policy, please contact us by email at hey@magical.team.

We implement measures to secure your Information.

We implement measures to reduce the risks of damage, loss of information and unauthorized access or use of information. However, these measures do not provide absolute security. Therefore, although efforts are made to secure your personal information, it is not guaranteed, and you cannot expect, that the Service will be immune from information security risks. The measures we take include:

Technical Measures. The electronic safeguards we employ to protect your personal data include secure servers and firewalls. We encrypt data in transit [and at rest] using secure TLS/SSL protocols.

Access Control. We limit access to your personal data only to authorized personnel who have a need to know, including account managers, customer support staff, and software developers. We review these permissions regularly and revoke an employee's access immediately after his/her termination. A very small sample size might be infrequently accessed by the engineering team to fix errors, improve summary quality, and improve the application, which will only be done with consent from the customers to assist and support with issues. You can opt out of the latter depending on the subscription plan.

Internal Policies. We maintain and regularly review and update our privacy related and information security policies.

Personnel. We require employees to sign non-disclosure agreements according to applicable law and industry customary practice.

Database Backup. Our databases are backed up and verified regularly. Backups are encrypted and stored within the production environment to preserve their confidentiality and integrity.

  1. DATA LOCATION AND INTERNATIONAL DATA TRANSFER

We and our authorized Service Providers (defined below) maintain, store and process personal data in the United States (US), Europe, Israel, and United Kingdom (UK), and other locations as reasonably necessary for the proper performance and delivery of our Services, or as may be required by applicable law.

While privacy laws vary between jurisdictions, timeOS, its affiliates and Service Providers are each committed to protect personal data in accordance with this Notice, customary and reasonable industry standards, and such appropriate lawful mechanisms and contractual terms requiring adequate data protection, regardless of any lesser legal requirements that may apply in the jurisdiction to which such data is transferred.

Superpower Ltd. is headquartered in Israel, a jurisdiction which is considered by the European Commission, the UK Secretary of State, and the Swiss Federal Data Protection and Information Commissioner (FDPIC), to be offering an adequate level of protection for personal data of individuals residing in EU Member States, the UK and Switzerland, respectively. We transfer data from the European Economic Area (EEA), the UK and Switzerland to Israel on this basis.

For any transfers from the EEA or the UK to other countries, we rely on standard contractual clauses (SCCs) or the UK IDTA for transfers, where applicable.

  1. YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA

You have the right to access, update or delete your Personal Data and obtain a copy of your Personal Data.

If you are an individual in the EU, you have the following rights:

Right to Access your Personal Data that we process and receive a copy of it.

Right to Rectify inaccurate Personal Data we have concerning you and to have incomplete Personal Data completed.

Right to Data Portability, that is, to receive the Personal Data that you provided to us, in a structured, commonly used and machine-readable format. You have the right to transmit this data to another service provider. Where technically feasible, you have the right that your Personal Data be transmitted directly from us to the service provider you designate.

If the legal basis for processing your personal information is your consent, you may Withdraw Your Consent at any time. If you do that, we will still process certain information on legal basis other than consent, as described in this Notice. Withdrawing your consent will not affect the lawfulness of data processing we carried out based on your consent before such withdrawal.

Right to Object based on your particular situation, to using your Personal Data on the basis of our legitimate interest. However, we may override the objection if we demonstrate compelling legitimate grounds, or for the establishment, exercise of defense of legal claims. You may also object at any time to the use of your Personal Data for direct marketing purposes.

Right to Restrict processing your Personal Data (except for storing it) if you contest the accuracy of your Personal Data, for a period enabling us to verify its accuracy; if you believe that the processing is unlawful and you oppose the erasure of the Personal Data and request instead to restrict its use; if we no longer need the Personal Data for the purposes outlined in this Notice, but you require them to establish, exercise or defend against legal claims, or if you object to processing, pending the verification whether our legitimate grounds for processing override yours.

Right to be Forgotten. Under certain circumstances, such as when you withdraw your consent, you have the right to ask us to erase your Personal Data. However, we may still process your Personal Data in certain cases such as where a different user is designated as the owner of a recording of a video call or where it is necessary to comply with a legal obligation we are subject to under applicable laws or for the establishment, exercise of or defense against legal claims.

If you wish to exercise any of these rights, contact us at privacy@timeos.ai.

We reserve the right to ask for reasonable evidence to verify your identity before we provide you with information. Where we are not able to provide you with information that you have asked for, we will explain the reason for this.

You have a right to submit a complaint to the relevant supervisory data protection authority.

Subject to applicable law, you have the right to lodge a complaint with your local data protection authority. If you are in the EU, you can lodge a complaint to the supervisory authority, in particular in the Member State of your residence, place of work or of an alleged infringement of the GDPR. 

  1. COOKIES AND SIMILAR TECHNOLOGIES

What are Cookies?

A cookie is a small piece of text that is sent to your browser by a website you visit. This piece of text acts as a sort of tag, letting the website know that it's you (really, your device) that's visiting. There are other technologies that act similarly, like web beacons, pixel tags, and Device IDs for apps, but for simplicity's sake we'll refer to them all as "Cookies".

Websites can place their own cookies (called "first-party cookies") but can also place cookies from other sites (called "third-party cookies"). If your browser holds both first and third-party cookies for a given website, both the website and the third party are notified when you visit the site. We may place both first and third-party cookies on our Site and Service.

How We Use Cookies

While the specific names and types of cookies we use may change from time to time, they generally fall into one of the categories listed below.

Third Party Cookies

In addition to our first-party cookies, we place cookies from the following third parties:

  1. Microsoft
  2. Intercom
  3. Mixpanel

How to Adjust Your Preferences

Most web browsers are initially configured to accept cookies, but you can change the settings so your browser refuses all cookies or certain types of cookies. In addition, you are free to delete any existing cookies at any time. Please note that some features of the services may not function properly when cookies are disabled or removed. For example, if you delete cookies that store your account information or preferences, you will be required to input these each time you visit.

We use Google Analytics to gain insights on how our users use our Sites and Services. For more information about how Google collects information as part of the Analytics service and how you can control such use, see: www.google.com/policies/privacy/partners/.

  1. COMMUNICATIONS

We engage in Services and promotional communications, through email, phone, SMS and notifications.

We may contact you with important information regarding our Services. For example, we may send you notifications (through any of the means available to us) of changes or updates to our Services, billing issues, log-in attempts or password reset notices, etc. Our Customers, and other Users on the same account, may also send you notifications, messages and other updates regarding their or your use of the Services. You can control your communications and notifications settings from your user profile settings, or otherwise in accordance with the instructions that may be included in the communications sent to you. However, please note that you will not be able to opt-out of receiving certain Services communications which are integral to your use (like password resets or billing notices).

We may also notify you about new features, additional offerings, events and special opportunities or any other information we think you will find valuable. We may provide such notices through any of the contact means available to us (e.g. phone, mobile or email), through the Services, or through our marketing campaigns on any other sites or platforms. You may ‘opt-out’ of using your information for marketing communications by sending an email to: privacy@timeos.ai, or as otherwise provided in our marketing communications. By doing so, we will mark the Personal Data which is required to contact you for marketing communications, as “unsubscribed”.

  1. DATA CONTROLLER/PROCESSOR

Certain data protection laws, such as the GDPR, the Israeli Protection of Privacy Law, or the CCPA, typically distinguish between two main roles for parties processing personal data: the “data controller” (or under the CCPA, “business”), who determines the purposes and means of processing; and the “data processor” (or under the CCPA, “service provider”), who processes such data on behalf of the data controller (or business). Below we explain how these roles apply to our Services, to the extent that such laws and regulations apply.

timeOS is the “data controller” of Personal Data contained in Customer Data (only to in relation to customers who are individuals), User Data and Visitor Data and Customers’ personal data, as detailed in Section A above. Accordingly, we assume the responsibilities of a data controller (solely to the extent applicable under law), as set forth in this Notice.

Supertools, Inc. is the “data processor” of Personal Data contained in Customer Data (where our customer is a corporate customer), as submitted or otherwise processed by our Customers and their Users in their account. We process such data on behalf of our Customer (who is the “data controller” of such data) and in accordance with its reasonable instructions, subject to our Terms, our Data Processing Addendum (to the extent applicable) and other commercial agreements with such Customer.

Our Customers are solely responsible for determining whether and how they wish to use our Services, and for ensuring that all individuals using the Services on the Customer’s behalf or at their request, as well as all individuals whose Personal Data may be included in Customer Data processed through the Services, have been provided with adequate notice and given informed consent to the processing of their Personal Data, where such consent is necessary or advised, and that all legal requirements applicable to the collection, use or other processing of data through our Services are fully met by the Customer. Our Customers are also responsible for handling data subject rights requests under applicable law, by their Users and other individuals whose data they process through the Services.

If you would like to make any requests or queries regarding personal data we process as a data processor on our Customer’s behalf, including accessing, correcting or deleting your data, please contact the Customer’s Account Admin directly.

  1. MISCELLANEOUS

  1. You may have access to third-party services through our Service. Please note that all use of third-party services is at your own risk and subject to such third party's terms and privacy policies. We do not take any responsibility for the performance of other services.

  1. The Service is not intended for minors under the age of 18. We do not knowingly collect information from minors under the age of 18.

  1. From time to time, we may change this Notice, in which case we will post a notice of such change on the Site and endeavor to send you an email notification. The latest version of the Notice will always be accessible on the Site.

  1. If you have any questions or requests concerning your personal data or about our privacy practices and policies, you may contact us, at: privacy@timeos.ai.

  1. We have appointed Prighter as our data protection representatives in the EU and in the UK. Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative or exercise any of your data subject rights, please visit https://app.prighter.com/portal/14175811221.