Privacy Policy

Lifetimed is local-first: your data lives on your device, and nothing leaves it unless you sign in for encrypted backup & sync or use an online feature.

Last Updated: June 12, 2026

Lifetimed ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our application.

Data Storage

  • Local-First Architecture: All your personal data (tasks, moments, journal entries, connections, etc.) is stored locally on your device using IndexedDB and works fully offline.
  • You Own Your Data: Your data never leaves your device unless you sign in and enable cloud backup & sync, or explicitly use an online feature.
  • Guest Mode: You can use the app without an account ("Not now" at sign-in). An account is only needed for cloud backup, cross-device sync, and subscriptions.

Data We Collect

  • If you sign in for Cloud Backup & Sync (optional):
  • • Email address (used for sign-in and account recovery)
  • • A device record per synced device (random identifier, device name)
  • • Encrypted backups (AES-256-GCM encrypted before upload) and encrypted sync changes
  • • Subscription status (managed by Stripe / RevenueCat — we never see payment details)
  • If you use AI Features (optional):
  • • Text/images you explicitly submit for AI analysis
  • • Only entries you mark as "shareable" can be included, and AI requests are processed through OpenAI with data minimization
  • If you use Weather Features (optional):
  • • City name only (no GPS coordinates collected)

How We Use Your Data

  • Cloud Backup & Sync: Store encrypted backups and sync your changes across your signed-in devices
  • AI Processing: Extract tasks and moments, and generate summaries or insights from content you submit
  • Weather: Fetch current weather for your specified city
  • • We do NOT sell, share, or monetize your personal data
  • • We do NOT use your data for advertising
  • • We do NOT train AI models on your data

Third-Party Services

  • Supabase: Authentication and encrypted cloud storage (EU/US data centers)
  • OpenAI: AI text extraction (data processed per OpenAI's API data usage policy)
  • WeatherAPI: Weather data (city name only, no location tracking)
  • Stripe: Payment processing for web subscriptions (we don't store payment details)
  • RevenueCat: Mobile subscription management for iOS/Android (handles in-app purchases securely)
  • Apple/Google: In-app purchase processing on iOS/Android devices

Security Measures

  • Encryption: AES-256-GCM encryption for cloud backups; sync changes encrypted at rest
  • Transport Security: All data transmitted over TLS 1.3
  • Access Control: Authenticated, per-account access — your data is only readable by your signed-in devices
  • Rate Limiting: Protection against brute-force attacks
  • Input Validation: All inputs sanitized to prevent injection attacks
  • SSRF Protection: Server-side request forgery prevention
  • Security Headers: CSP, HSTS, X-Frame-Options, and more

Your Rights

  • Access: Export all your data at any time in multiple formats
  • Deletion: Delete all local data with one tap, or delete cloud account
  • Portability: Export to JSON, CSV, Markdown, or PDF
  • Control: Choose exactly what features to use and what data to share

Data Retention

  • • Local data: Retained until you delete it
  • • Cloud backups & sync changes: Retained until you delete them or your account (older backups are pruned automatically)
  • • AI requests: Not retained by Lifetimed (see OpenAI's data policy)
  • • Logs: Server logs retained for 30 days for security purposes

Contact Us

For privacy concerns or data requests, contact us at: privacy@positivesocial.co.ke

Positive Social Digital Limited
Nairobi, Kenya