Privacy Policy
Last updated: April 1, 2026
1. Who We Are
Timezylla is a visual project planning tool with AI, developed and operated by its founders. We are incorporated in Romania. For privacy matters, contact us at privacy@timezylla.com.
2. What Data We Collect
Account data
When you sign up, we collect your name, work email address, job title, and a hashed password. We use this to create and manage your account.
Workspace data
Configuration you provide: workspace name, timezone, SLA thresholds, team member accounts, and integration credentials.
Support data
Ticket content, customer records, and message data synced from your connected integrations (e.g. Zendesk, Freshdesk). This data is processed on your behalf — you are the data controller; we are the processor. We do not use your support data for our own purposes or to train AI models.
Usage data
How you use Timezylla: page views, feature interactions, session duration. Collected via PostHog on our EU cloud instance. You can opt out at any time in Settings → My Account → Privacy.
Technical data
IP address, browser type, and error logs for security and debugging purposes, processed by Sentry (EU region).
Payment data
Billing information is handled by Stripe. We do not store card numbers or payment credentials on our servers.
3. How We Use Your Data
- To provide and operate the Timezylla service
- To improve product features using anonymised and aggregated usage data
- To send product updates, invoices, and service notifications (opt-out available)
- To detect and prevent security incidents and abuse
We do not sell your data. We do not use support ticket content to train AI models without your explicit consent.
4. AI Processing
Timezylla uses Claude (Anthropic) to generate AI summaries, ticket categories, and recommendations. Ticket content may be processed by Claude's API. Anthropic's API terms prohibit using API inputs to train their models — your support data is not used to train Anthropic's models.
5. Who We Share Data With
| Third Party | Purpose | Location |
|---|---|---|
| Supabase | Database hosting | EU (AWS eu-west-1) |
| Vercel | Frontend hosting | EU/US (CDN) |
| Sentry | Error monitoring | EU |
| PostHog | Product analytics | EU |
| Stripe | Payment processing | US (SCCs apply) |
| Anthropic (Claude) | AI processing | US (SCCs apply) |
| Upstash | Caching / job queue | US/EU (SCCs apply) |
For transfers to countries without an EU adequacy decision (US), we use Standard Contractual Clauses (SCCs) approved by the European Commission.
6. Legal Bases for Processing (GDPR Article 6)
| Activity | Legal Basis |
|---|---|
| Account management & service delivery | Contract performance (Art. 6(1)(b)) |
| Usage analytics | Legitimate interests (Art. 6(1)(f)) — improving the service |
| Marketing emails | Consent (Art. 6(1)(a)) — opt-in at signup |
| AI processing of support data | Contract performance — processing on your instructions |
7. Data Retention
| Data Type | Retention |
|---|---|
| Account data | Until account deletion + 30 days |
| Workspace / ticket data | Until workspace deletion + 30 days |
| Usage analytics | 12 months rolling |
| Error logs | 90 days |
| Billing records | 7 years (legal requirement) |
8. Your Rights (GDPR)
Under GDPR, you have the right to:
- Access — export your Timezylla account data
- Rectification — correct your profile in Settings → My Account
- Erasure — delete your account (all data removed within 30 days)
- Portability — download your ticket/customer data in JSON or CSV format
- Restriction — pause processing while a dispute is resolved
- Object — opt out of analytics via Settings → My Account → Privacy
To exercise these rights, email privacy@timezylla.com — we respond within 30 days.
9. Cookies
We use strictly necessary cookies for authentication (Supabase Auth session) — these do not require consent. We use optional analytics cookies (PostHog) — you can decline these when you first visit or in Settings → Privacy. See our Cookie Policy for details.
10. Contact and Complaints
Privacy contact: privacy@timezylla.com
You have the right to lodge a complaint with the Romanian data protection supervisory authority: ANSPDCP (anspdcp.ro).