Fluentime

Privacy Policy – Fluentime

Last updated: March 27, 2026

1. Who We Are (Controller)

This Privacy Policy explains how Fluentime ("Fluentime", "we", "us") processes personal data in connection with the Fluentime application and our website. Fluentime is established in Germany.

Contact: support@fluentime.io

2. What This Policy Covers

This Privacy Policy applies to:

  • the Fluentime desktop and mobile applications ("App")
  • our website at https://fluentime.io ("Website")
  • optional features and integrations (e.g., cloud sync, AI features, calendar integrations)

3. Core Principles: Local-First and Optional Services

Fluentime is designed as a local-first application. By default, your time tracking data is stored locally on your device (e.g., in a local SQLite database). Certain features are optional and are only used if you actively enable them. These may involve transmitting or storing data with third-party providers.

4. Categories of Personal Data We May Process

  • Account and contact data: e.g., email address, identifiers needed for licensing, support, and account management.
  • App content data: e.g., event titles, descriptions, times, project/client names, notes, and related metadata you enter in the App.
  • Usage and device data: e.g., technical identifiers, app version, device/OS information, diagnostic data and logs (as applicable).
  • Transaction and billing data: e.g., subscription status, purchase timestamps, invoices/receipts (depending on the purchase channel).
  • Calendar integration data (optional): e.g., calendar event metadata (title, time range) to the extent required for the enabled integration.
  • Website data: e.g., server logs (IP address, time of access, requested page), and communications sent via contact channels.

5. Purposes and Legal Bases (GDPR)

We process personal data for the following purposes and legal bases:

  • Providing the App and core functionality (Art. 6(1)(b) GDPR – contract performance).
  • Account management, licensing, and subscription status (Art. 6(1)(b) GDPR – contract performance).
  • Support and communication (Art. 6(1)(b) GDPR for contract-related requests; otherwise Art. 6(1)(f) GDPR – legitimate interest in responding to inquiries).
  • Security, fraud prevention, and service stability (Art. 6(1)(f) GDPR – legitimate interests in maintaining secure and reliable services).
  • Optional features requiring third parties (Art. 6(1)(a) GDPR – consent; you can withdraw consent by disabling the feature).
  • Legal obligations (Art. 6(1)(c) GDPR), e.g., tax and accounting obligations where applicable.

6. Optional Cloud Sync (Supabase)

Cloud sync is optional. If you do not enable cloud sync, your data remains stored locally on your device.

If cloud sync is enabled, data is synchronized via Supabase with servers located in Frankfurt, Germany (EU). Your data is encrypted in transit (TLS) and at rest. Fluentime does not sell or share your data with third parties except as described in this policy.

Legal basis: Art. 6(1)(a) GDPR (consent). You can withdraw consent at any time by disabling cloud sync within the App settings.

7. Optional AI Features (OpenAI)

Fluentime may provide optional AI-powered features (e.g., refining titles and descriptions, and voice input for creating events). These features are optional and are only used if you enable them.

When AI features are enabled, selected content you provide (such as event titles and descriptions and related context required for the requested function) may be transmitted to OpenAI for processing in order to generate the AI output requested by you.

Voice Input and Third-Party AI Processing

The voice input feature uses a two-stage process:

  1. On-device speech recognition (Apple). Your voice is transcribed entirely on your device using Apple's on-device speech recognition framework. No audio recording is transmitted off your device during this stage.
  2. AI parsing via third-party service (OpenAI). The resulting text transcript is sent to OpenAI (via a Fluentime server function) to interpret your intent and extract event details (such as title, date, time, and project). This means your spoken content — in text form — is processed by OpenAI, a third-party provider based in the United States.

What this means for your privacy: When you use voice input to create an event, the text of what you said will be sent to OpenAI for processing. You should avoid including sensitive personal information (such as health details, financial data, or passwords) in voice entries.

OpenAI may process this data on servers located outside the European Economic Area (EEA), including in the United States. Fluentime relies on appropriate safeguards (such as Standard Contractual Clauses) for such transfers. For more information, see OpenAI's Privacy Policy.

Legal basis: Art. 6(1)(a) GDPR (consent). You will be asked for consent before AI features, including voice input, are activated. You can withdraw consent at any time by disabling AI features in the App settings.

Note: AI output can be imperfect. You remain responsible for reviewing and deciding whether to use AI-generated content.

8. Optional Calendar Integrations (Apple, Google, Microsoft)

Fluentime may offer optional integrations with external calendar services, including Apple Calendar, Google Calendar, and Microsoft Outlook/Microsoft 365. These integrations are optional and must be enabled by you.

Depending on the integration and your configuration, Fluentime may read and/or write calendar data (such as event title and time range) solely to provide the enabled calendar functionality.

Legal basis: Art. 6(1)(a) GDPR (consent). You can withdraw consent by disabling the integration in the App settings and/or revoking permissions in your calendar account settings.

9. No iCloud Sync

Fluentime does not use Apple iCloud for data storage or synchronization.

10. Payments, Purchases, and Billing Providers

Website purchases. Purchases made via the Website are processed via Paddle, which may act as merchant of record and handle payment processing, invoicing, tax handling, and billing support. Paddle processes data as required to complete the transaction and comply with legal obligations.

App Store purchases. Purchases made via the Apple App Store or Mac App Store are processed by Apple under Apple's terms and privacy practices. Fluentime typically receives only the information necessary to validate your subscription status (e.g., entitlement/subscription state), depending on platform capabilities.

11. Data Sharing and Recipients

We do not sell your personal data. We may share data with the following categories of recipients, only as necessary:

  • Service providers supporting core operations (e.g., hosting, infrastructure, support tooling), under appropriate contractual safeguards.
  • Supabase (only if cloud sync is enabled).
  • OpenAI (only if AI features are enabled).
  • Calendar providers (only if calendar integration is enabled).
  • Paddle for website billing and payment processing.
  • Apple for App Store billing and subscription management.
  • Authorities or legal advisors where required by law or necessary to establish, exercise, or defend legal claims.

12. International Transfers

Some third-party providers may process data outside the European Economic Area (EEA). Where this occurs, we rely on appropriate safeguards (such as adequacy decisions or Standard Contractual Clauses) where required by law.

13. Data Retention

  • Local App data: stored on your device until you delete it or uninstall the App, unless you enable optional cloud sync.
  • Cloud sync data (optional): retained while cloud sync is enabled and for a reasonable period necessary for service operation and compliance, unless deleted by you or required to be retained by law.
  • Support communications: retained as long as needed to handle your request and for reasonable follow-up, then deleted or anonymized where feasible.
  • Billing records: retained as required by applicable tax and accounting laws (where applicable).

14. Security

We implement appropriate technical and organizational measures to protect personal data. Measures include encryption in transit (TLS), encryption at rest, access controls, and data minimization practices.

15. Your Rights (GDPR)

Subject to legal requirements, you may have the right to:

  • access your personal data
  • rectify inaccurate data
  • erase data ("right to be forgotten")
  • restrict processing
  • data portability
  • object to processing based on legitimate interests
  • withdraw consent at any time (where processing is based on consent)

To exercise your rights, contact: support@fluentime.io

You also have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or the place of the alleged infringement.

16. Children

Fluentime is intended for adults. We do not knowingly collect personal data from children.

17. Website Logs

When you visit the Website, our servers may automatically process log data (e.g., IP address, date and time, requested page, user agent). This is used for security, troubleshooting, and ensuring website operation.

Legal basis: Art. 6(1)(f) GDPR (legitimate interests in operating a secure and reliable website).

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top indicates when changes were made. Material changes will be communicated in an appropriate manner where required.

19. Contact

For privacy-related questions or requests, contact: support@fluentime.io