TimeBloxTimeBlox

Privacy Policy

Last Updated: February 18, 2026

1. Introduction

TimeBlox, Inc. (“TimeBlox,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you use our AI-powered time management and scheduling platform (“Service”).

This Policy applies to all users of the Service globally. Where we describe rights specific to particular regions—such as the European Union, United Kingdom, or California—those sections supplement and do not replace the general rights described throughout.

If you do not agree with the practices described in this Policy, you should not use the Service.

2. Definitions

  • “Personal Information” means any information that identifies, relates to, or could reasonably be linked to you, directly or indirectly.
  • “Calendar Data” means calendar events, availability windows, meeting details, and related metadata accessed through a connected calendar provider.
  • “Messaging Data” means email content, SMS/MMS/RCS message content, or other communications you explicitly share with the Service.
  • “User Content” has the meaning given in our Terms of Service.
  • “Third-Party Services” means external platforms integrated with the Service, including Google Calendar, Microsoft Outlook, and messaging providers.

3. Information We Collect

3.1 Information You Provide

  • Account Information: Name, email address, and password when you register.
  • Profile Information: Time zone, scheduling preferences, work hours, and communication preferences.
  • Calendar Data: Calendar events, availability, and scheduling information when you connect your calendar provider.
  • Contact Information: Names, email addresses, and phone numbers of meeting invitees when you use scheduling or messaging features.
  • Communications: Messages and correspondence when you contact us for support.

3.2 Information from Third-Party Integrations

  • Calendar Providers (Google Calendar, Microsoft Outlook, etc.): With your authorization, we access your calendars to read availability, create and update events, and send invitations. We access only the calendar scopes you grant.
  • Google Contacts (People API): With your authorization, we access your contacts solely to populate the attendee selection interface. Contact data is not stored on our servers unless you add a contact as a meeting attendee.
  • Email / Messaging: We access email or message content only if you explicitly copy a TimeBlox address on a thread or connect a messaging integration. We do not access your general inbox.

3.3 Information Collected Automatically

  • Usage Data: Features used, actions taken, scheduling patterns, and session durations.
  • Device Information: Browser type, operating system, device identifiers, and screen resolution.
  • Log Data: IP address, access timestamps, pages visited, and referring URLs.
  • Cookies and Tracking Technologies: As described in Section 9.

3.4 Information from Others

If another TimeBlox user invites you to a meeting or copies you on a scheduling message, we may receive your email address or phone number as part of that interaction.

4. How We Use Your Information

We use your personal information for the following purposes:

PurposeExamples
Provide the ServiceScheduling meetings, managing your calendar, sending invitations
AI FeaturesOptimizing scheduling suggestions, natural language processing, agent coordination
CommunicationsSending meeting confirmations, reminders, and service notifications
Service ImprovementAnalyzing usage patterns, improving AI accuracy and scheduling quality
Safety and SecurityDetecting fraud, abuse, and unauthorized access
Legal ComplianceResponding to legal requests, enforcing our Terms
Business TransitionsEvaluating or executing mergers, acquisitions, or asset sales

For users subject to GDPR (Section 14.1), we identify our lawful bases for each processing purpose in that section.

5. Artificial Intelligence and Machine Learning

5.1 How We Use AI

TimeBlox’s AI Features are central to the Service. We use your data to:

  • Interpret scheduling requests in natural language across email, SMS/RCS, and messaging platforms;
  • Analyze availability and constraints to suggest optimal meeting times;
  • Act as an autonomous scheduling agent that negotiates meeting times on your behalf;
  • Improve the accuracy, quality, and reliability of our scheduling models.

5.2 Service Improvement and Fine-Tuning

We may use personal information included in your User Content—such as scheduling messages and confirmed meeting patterns—to improve, fine-tune, and train the machine learning models that power the Service. We will always do this subject to the data restrictions described below.

5.3 Third-Party AI Providers

We use third-party AI model providers (e.g., large language model inference services) to power certain AI features. Under our contractual agreements with these providers:

  • Your user data cannot be used to train their AI models;
  • Data sent to these providers is used solely for inference (generating responses);
  • These providers are not permitted to retain your data for model training purposes.

5.4 What We Will Never Do With Your AI Data

  • We will not use Calendar Data or Messaging Data obtained through Google APIs to train AI or machine learning models unrelated to providing the Service;
  • We will not sell your data to AI companies, data brokers, or advertisers;
  • We will not share your Calendar Data or Messaging Data with third-party advertising partners.

5.5 Human Review Restrictions

TimeBlox employees and contractors will not read your Calendar Data or Messaging Data except:

  • With your explicit consent;
  • As necessary to investigate a security incident or prevent harm;
  • As required to comply with a legal obligation;
  • In limited, de-identified form for quality assurance purposes.

6. Google API Services — Limited Use Disclosure

TimeBlox’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

  • Google user data is used only to provide and improve the TimeBlox scheduling and calendar management features directly requested by you;
  • Google user data is not used for advertising, marketing, or to train AI models unrelated to the Service;
  • Google user data is not transferred to third parties except as strictly necessary to provide the Service, subject to confidentiality obligations;
  • Google user data is not sold or made available to data aggregators or analytics services.

7. SMS/MMS/RCS Privacy

When you or meeting invitees receive messages from TimeBlox:

  • No Marketing Sharing: Mobile information, including phone numbers, will not be shared with third parties or affiliates for marketing or promotional purposes.
  • Message Purpose: We only send messages related to meeting scheduling, confirmations, reminders, and service notifications.
  • Opt-Out Handling: Recipients can opt out at any time by replying STOP. We honor all opt-out requests promptly and do not send further messages after an opt-out.
  • Data Retention: Phone numbers and message logs are retained only as long as necessary to provide the Service and comply with legal obligations.
  • No Selling: Phone numbers collected via SMS/RCS consent are not sold, rented, or shared for purposes unrelated to the Service.

8. Information Sharing and Disclosure

We do not sell your personal information.

We may share your information in the following circumstances:

8.1 Service Providers

We share data with vendors who help us operate the Service (e.g., cloud hosting, email delivery, analytics, AI inference). These vendors are contractually prohibited from using your data for their own purposes and must maintain appropriate security standards.

8.2 Meeting Participants

When you schedule a meeting, we share scheduling-relevant information (e.g., your name, calendar availability window, and proposed times) with meeting participants. We share only what is necessary for scheduling purposes.

8.3 Legal Requirements

We may disclose information when we believe in good faith that disclosure is required by law, regulation, subpoena, court order, or to protect the rights, property, or safety of TimeBlox, our users, or the public.

8.4 Business Transfers

If TimeBlox is involved in a merger, acquisition, financing, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Service if this occurs, and describe any choices you may have regarding your information.

8.5 With Your Consent

We may share your information for any other purpose with your prior consent.

8.6 What We Will Never Do

  • We will not sell your personal information to any third party;
  • We will not share your Calendar Data or Messaging Data with advertising networks or data brokers;
  • We will not use your information to target you or others with behavioral advertising.

9. Cookies and Tracking Technologies

9.1 Types of Cookies We Use

Cookie TypePurposeCan Be Disabled?
EssentialAuthentication, session management, securityNo — required for Service to function
AnalyticsUnderstanding usage patterns, improving performanceYes — via cookie consent settings
FunctionalRemembering preferences (time zone, language)Yes, with possible impact on experience

9.2 Other Tracking Technologies

We may use pixel tags (web beacons) to understand how you interact with emails and certain Service pages. We use this to improve our communications and product experience, not for advertising.

9.3 Your Choices

  • You can manage cookie preferences through your browser settings or our cookie consent banner;
  • Disabling essential cookies may prevent certain Service features from functioning;
  • Cookie opt-outs are device- and browser-specific and must be set separately for each browser you use;
  • We do not currently respond to “Do Not Track” signals, but we support opt-out mechanisms described above.

10. Data Security

We implement industry-standard technical and organizational measures to protect your personal information, including:

  • Encryption of data in transit (TLS/HTTPS) and at rest;
  • Role-based access controls limiting employee access to personal information;
  • Regular security assessments and vulnerability testing;
  • Incident response procedures.

No method of transmission over the internet is 100% secure. In the event of a data breach that affects your rights and freedoms, we will notify you and applicable regulatory authorities as required by law.

11. Data Retention

We retain your personal information for as long as your account is active, or as long as needed to provide the Service. Specifically:

  • Account Information: Retained for the life of your account and for a reasonable period after deletion to comply with legal obligations;
  • Calendar and Messaging Data: Retained for the duration of your account, and deleted upon a valid deletion request or account closure, subject to legal retention requirements;
  • Log Data and Usage Analytics: Typically retained for 12–24 months;
  • Legal and Compliance Records: Retained as required by applicable law.

You can request deletion of your data at any time as described in Section 13.

12. International Data Transfers

Your information may be processed in the United States and other countries that may not have the same data protection laws as your home country. We take the following steps to safeguard cross-border data transfers:

  • Standard Contractual Clauses (SCCs): For transfers from the European Economic Area (EEA), Switzerland, or the United Kingdom to countries without an EU adequacy decision, we rely on EU-approved Standard Contractual Clauses.
  • Data Processing Agreements: We maintain Data Processing Agreements (DPAs) with our cloud infrastructure provider and all sub-processors that handle personal information on our behalf.
  • Sub-Processor Oversight: All sub-processors are contractually required to: (a) process data only on our documented instructions; (b) implement appropriate security measures; (c) assist us in responding to data subject requests; and (d) delete or return data at the end of their engagement.

Our current sub-processors include:

Sub-ProcessorPurposeLocation
SendGrid (Twilio)Transactional email deliveryUnited States
StripePayment processingUnited States
Third-party AI model providersParsing and processing meeting requestsUnited States

Under our contractual terms with all sub-processors, your data cannot be used to train AI models or for any purpose beyond delivering our services.

13. Your Privacy Rights and Choices

Regardless of your location, you have the right to:

  • Access: Request a copy of the personal information we hold about you;
  • Correction: Request correction of inaccurate or incomplete information;
  • Deletion: Request deletion of your personal information (“right to be forgotten”);
  • Data Portability: Receive your data in a structured, machine-readable format;
  • Objection: Object to certain processing activities, including for direct marketing;
  • Restriction: Ask us to restrict processing while a dispute is resolved;
  • Withdraw Consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

How to Exercise Your Rights

Email privacy@timeblox.ai with:

  • Subject line: “Privacy Rights Request – [type of request]”
  • Your name and account email address
  • Description of your request

We will acknowledge your request within 5 business days and aim to fulfill it within 30 days (or as required by applicable law). We may ask you to verify your identity before processing your request. We will not charge a fee for reasonable requests.

Data Deletion

To request deletion of your Calendar and Messaging Data specifically, email support@timeblox.ai with subject line “Delete My Data.” Note that some information may be retained as required by law or legitimate business necessity (e.g., to resolve disputes, prevent fraud, or comply with legal obligations).

14. Region-Specific Rights

14.1 European Union and United Kingdom (GDPR and UK GDPR)

If you are located in the EEA, Switzerland, or the United Kingdom, you have the following additional rights and protections.

Lawful Bases for Processing:

Processing PurposeLawful Basis
Providing the ServicePerformance of a contract (Art. 6(1)(b))
Improving AI and scheduling featuresLegitimate interests (Art. 6(1)(f))
Security and fraud preventionLegitimate interests (Art. 6(1)(f))
Marketing communicationsConsent (Art. 6(1)(a))
Legal complianceLegal obligation (Art. 6(1)(c))

Additional Rights:

  • Right to Lodge a Complaint: You may lodge a complaint with your local data protection authority (e.g., the ICO in the UK, or your EU Member State supervisory authority).
  • Right to Object to Legitimate Interests Processing: You may object to processing based on our legitimate interests. We will comply unless we demonstrate compelling legitimate grounds.
  • Automated Decision-Making: Where AI scheduling decisions have significant effects on you, you have the right to request human review and to contest the decision.

EU/UK Representative: For GDPR or UK GDPR inquiries, contact us at privacy@timeblox.ai. We will designate a formal EU/UK representative as required upon reaching the applicable scale of processing.

14.2 California (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you in the prior 12 months;
  • Right to Delete: Request deletion of personal information, subject to certain exceptions;
  • Right to Correct: Request correction of inaccurate personal information;
  • Right to Opt Out of Sale or Sharing: We do not sell your personal information, nor do we share it for cross-context behavioral advertising purposes;
  • Right to Limit Use of Sensitive Personal Information: Request that we limit use of sensitive personal information (e.g., precise geolocation, government IDs) to only what is necessary to provide the Service;
  • Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To submit a CCPA request, email privacy@timeblox.ai with subject line “California Privacy Rights Request.” We will verify your identity and respond within 45 days (extendable by an additional 45 days with notice).

Categories of Personal Information Collected (last 12 months):

CategoryCollectedSoldShared for Cross-Context Advertising
Identifiers (name, email, IP address)YesNoNo
Calendar and scheduling dataYesNoNo
Contact informationYesNoNo
Internet/electronic network activityYesNoNo
Geolocation (time zone inference only)YesNoNo
Inferences drawn from aboveYesNoNo

14.3 Other Jurisdictions

We are committed to honoring applicable privacy rights globally. We will respond to requests from users in all regions, including:

  • Canada (PIPEDA/CPPA): You have rights of access, correction, and withdrawal of consent.
  • Australia (Privacy Act 1988): You have rights of access and correction under the Australian Privacy Principles.
  • Brazil (LGPD): You have rights of confirmation, access, correction, anonymization, portability, deletion, and information about sharing.
  • Other countries: We strive to comply with applicable local privacy laws. Contact privacy@timeblox.ai for jurisdiction-specific inquiries.

15. Children’s Privacy

The Service is not intended for, and we do not knowingly collect personal information from, children under the age of 16 (or such higher age as required by local law). If we learn that we have collected personal information from a child under the applicable age threshold, we will take prompt steps to delete that information.

If you believe we may have collected personal information from a child, please contact us at privacy@timeblox.ai.

16. Third-Party Links and Services

The Service may contain links to or integrations with third-party websites and services. This Policy does not apply to those third-party services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you connect.

17. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Post the updated Policy on this page with a new “Last Updated” date;
  • Send you an email notification (if we have your email address); and/or
  • Display a prominent notice within the Service.

Your continued use of the Service after changes take effect constitutes your acceptance of the updated Policy. We encourage you to review this Policy periodically.

18. Contact Us

For questions, requests, or concerns about this Privacy Policy or our data practices, contact:

TimeBlox, Inc.
Privacy Inquiries: privacy@timeblox.ai
Support: support@timeblox.ai

We aim to respond to all privacy inquiries within 5 business days.

← Back to Home