Privacy Policy.

Last updated 17 May 2026

This is the privacy policy for the Use Time hosted web application at use-time.com. It explains what we collect, why, who we share it with (almost no one), and what you can do about it.

Plain English. If anything is unclear, email us at [email protected] and we will rewrite it.

1. Who we are

Use Time is operated by your legal entity or sole-trader name, based in Australia. We are the data controller for personal information you submit while using the service.

2. What we collect

Only what we need to run the service and what you choose to put in.

Account information — email address, a hashed password (we never see the plain password), display name, the timestamp your email was verified.
Methodology content you create — long-term goals, weekly and monthly goals, day items, journal entries, habit ticks, retrospectives, and similar. This is the entire reason the app exists.
Calendar subscription URLs if you add an ICS feed, plus a cache of the events from those feeds. Read-only — we never write back to your calendar.
Operational logs — request method, path, response status, IP address, user-agent. Kept for 30 days for debugging and abuse detection, then deleted.

We do not collect: location data, contact lists, browsing history outside the app, payment information (the service is currently free), or anything from third-party trackers (there are none in the app itself).

3. Why we collect it

To provide the service: store your goals and reflections, log you in, send the verification and password-reset emails, sync the calendar feeds you opt into, and keep the service running. That's the whole list.

4. Who we share it with

We do not sell your data. We do not share your data with third parties for marketing. The only third parties that touch your data are infrastructure providers we cannot operate without:

Our hosting provider (DigitalOcean, with servers located in Sydney, Australia) — runs the servers your data lives on.
Our email provider (Resend, Inc., United States) — sends verification and password-reset emails. Receives only your email address and the link.

We do not use third-party advertising, marketing automation, or behavioural-tracking analytics. We may add a privacy-respecting page-view counter (such as Plausible) on the marketing pages of use-time.com — never inside the app itself, and never with cookies. We will update this policy if we do.

5. How long we keep it

Your account and content stay until you delete the account, at which point everything is removed. Operational logs roll out at 30 days. Backups are retained for up to 30 days after deletion before they are overwritten in the normal backup rotation.

6. Your rights

You can, at any time:

Correct it by editing it in the app.
Delete your account from Settings. Deletion is permanent and cascades through every table — there is no soft-delete or recovery.
Ask a question or lodge a complaint by emailing [email protected]. If you are in Australia and not satisfied with our response, you may contact the Office of the Australian Information Commissioner. If you are in the EU/UK, your local data protection authority.

7. Security

Passwords are hashed with bcrypt before storage. The database is not exposed to the public internet. Verification and password-reset tokens are stored as SHA-256 hashes — the raw token only ever appears in the email link. We rate-limit authentication endpoints to deter brute-force attacks. None of this makes us bullet-proof, and we will tell you promptly if we ever discover a breach affecting your account.

8. Cookies

The app uses one piece of local storage to keep you signed in (a JWT). It is not a cookie, is not sent to any third party, and is removed when you sign out or clear site data. We do not use tracking cookies anywhere on the app.

9. Children

The service is not directed to children under 16. If you believe a child has created an account, email us and we will delete it.

10. International transfers

Your account and methodology content are stored on servers located in Sydney, Australia — no international transfer is involved. The one exception is email: when we send a verification or password-reset message, your email address and the link transit our email provider, Resend, in the United States. This is the only routine transfer of personal information outside Australia, and it is limited to what an email requires. We will update this section if our infrastructure changes.

11. Changes to this policy

If we change anything material, we will email you and update the "Last updated" date at the top. Minor wording fixes will not trigger an email.

12. Contact

Email: [email protected]

END · use-time.com/privacy