← Back to Home

Privacy Policy

Last updated: December 10, 2025

This Privacy Policy applies to the website zeitclaim.com and all its subdomains (the "Sites"), together with the zeitclaim web application and services (the "Services"), owned and operated by Stefan Joschko - van Ackern (Sole Proprietorship in formation, collectively, "Stefan Joschko - van Ackern", "we", "us", or "our"). This Privacy Policy describes how we collect, use, share, and secure the personal information you provide to us. It also describes your choices regarding use, access, correction, and deletion of your personal information.

This Privacy Policy informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.

We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy.

Definitions

Service

Service refers to the zeitclaim application operated by us.

Personal Data

Personal Data means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).

Usage Data

Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

Cookies

Cookies are small files stored on your device (computer or mobile device).

Data Controller

Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed. For the purpose of this Privacy Policy, we are a Data Controller of your Personal Data.

Information Collection and Use

We collect several different types of information for various purposes to provide and improve our Service to you.

Types of Data Collected

Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you ("Personal Data"). This may include, but is not limited to:

  • Email address
  • First name and last name
  • Calendar and event data
  • Usage data and preferences

Calendar and Event Data

zeitclaim helps you structure and organize your time by processing calendar and event information. This may include:

  • Event titles, descriptions, and times
  • Client and project information
  • Work patterns and scheduling preferences
  • Notes and chat interactions with the AI assistant

We do not sell your calendar data or use it to train public AI models. Your data is used solely to provide you with the Service.

Usage Data

We collect technical information to understand how our Service is used and to improve the user experience. This includes basic server logs and privacy-focused product analytics via PostHog (see details in the "Third-Party Services" section below).

Cookies

We use essential cookies for authentication and analytics cookies with your consent. For detailed information about our cookie usage, consent options, and privacy-preserving alternatives, please see our Cookie Policy.

Use of Data

We use the collected data for the following purposes:

  • To provide and maintain our Service
  • To provide AI-assisted time management and calendar organization
  • To provide customer support
  • To detect, prevent, and address technical issues

Use of AI and Calendar Data

zeitclaim uses artificial intelligence to help you organize and understand your time. We want to be transparent about how your data is used:

  • Calendar data is processed solely to provide the Service - analyzing patterns, suggesting time structures, and helping you manage your work
  • We do not use your data to train general-purpose AI models
  • We do not sell your calendar or personal data
  • AI processing happens on secure infrastructure with appropriate safeguards

Legal Basis for Processing Personal Data (GDPR)

If you are from the European Economic Area (EEA), our legal basis for collecting and using personal information depends on the Personal Data we collect and the specific context in which we collect it. Under GDPR Article 6, we process your Personal Data based on the following legal bases:

Contract Performance (Art. 6(1)(b))

We process your Personal Data to perform our contract with you and provide the Service. This includes:

  • Account information (email, name) - to create and manage your account
  • Calendar and event data - to provide time management and calendar organization features
  • Authentication data - to verify your identity and secure your account
  • Chat messages and AI interactions - to provide AI-assisted time management features

Legitimate Interests (Art. 6(1)(f))

We process certain data based on our legitimate interests, which include:

  • Product analytics (Authenticated Users): For registered users, we analyze usage patterns and feature adoption to improve the Service and optimize user experience
  • Security and fraud prevention: Monitoring technical data to ensure service security and prevent unauthorized access
  • Customer support: Processing your inquiries and support requests to provide customer service
  • Legal compliance and protection: Processing data to comply with legal obligations and protect our rights

We have balanced our legitimate interests against your privacy rights and believe our processing is necessary and does not override your fundamental rights and freedoms. You have the right to object to processing based on legitimate interests (see "Your Data Protection Rights" below).

Legal Obligation (Art. 6(1)(c))

We may process your Personal Data to comply with legal obligations, such as:

  • Retaining data for tax and accounting purposes
  • Responding to legal requests from authorities
  • Complying with data protection regulations

Consent (Art. 6(1)(a))

We rely on your explicit consent for the following data processing for website visitors:

  • Analytics Cookies (Visitors): If you accept analytics cookies as a visitor, we collect usage data to understand how our marketing site is used.

Note for Registered Users: Once you create an account and log in, we process your product usage data based on our legitimate interest to improve the Service and support you, as described above.

Data Retention

We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our legal agreements and policies.

Transfer of Data

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ.

If you are located outside Germany and choose to provide information to us, please note that we transfer the data, including Personal Data, to Germany and process it there.

International Data Transfers to Third Countries

Some of our service providers are located outside the European Economic Area (EEA), specifically in the United States. When we transfer your Personal Data to these providers, we ensure appropriate safeguards are in place to protect your data in accordance with GDPR requirements.

US-Based Service Providers: The following providers process your data in the United States:

  • Vercel - Hosting infrastructure (US-based)
  • OpenAI - AI processing services (US-based)
  • Baseten - AI model hosting via Vercel AI Gateway (US-based)

Data Transfer Safeguards: We rely on the following legal mechanisms to ensure your data is protected when transferred to the US:

  • Data Processing Agreements (DPAs): We have entered into Data Processing Agreements (DPAs) with all of our US-based service providers (Vercel, OpenAI, Baseten, and Vercel AI Gateway). These DPAs ensure that your personal data is processed only on our instructions, in accordance with GDPR requirements, and with appropriate security measures in place.
  • EU-US Data Privacy Framework (DPF): Where applicable, our US-based providers participate in the EU-US Data Privacy Framework, which provides an adequacy decision for data transfers from the EU to certified US companies.
  • Standard Contractual Clauses (SCCs): Our DPAs include the European Commission's Standard Contractual Clauses (2021 version, Module 2: Controller-to-Processor) to ensure your data receives adequate protection, particularly for providers not covered by the DPF or as an additional safeguard.

US Government Access: Please be aware that under US law (including the CLOUD Act), US-based service providers may be required to disclose data to US government authorities. We have implemented appropriate safeguards to protect your data, but you should be aware of this potential access when using services that process data in the United States.

Requesting Safeguard Information: You have the right to request a copy of the safeguards we have put in place for international data transfers. To request this information, please contact us at info@zeitclaim.com.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

Disclosure of Data

Legal Requirements

We may disclose your Personal Data in the good faith belief that such action is necessary to:

  • Comply with a legal obligation
  • Protect and defend the rights or property of us
  • Prevent or investigate possible wrongdoing in connection with the Service
  • Protect the personal safety of users of the Service or the public
  • Protect against legal liability

Security of Data

The security of your data is important to us, but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

Your Data Protection Rights (GDPR)

If you are a resident of the European Economic Area (EEA), you have certain data protection rights:

  • The right to access - You have the right to request copies of your personal data
  • The right to rectification - You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete
  • The right to erasure - You have the right to request that we erase your personal data, under certain conditions
  • The right to restrict processing - You have the right to request that we restrict the processing of your personal data, under certain conditions
  • The right to data portability - You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions
  • The right to object - You have the right to object to our processing of your personal data, under certain conditions

If you wish to exercise any of these rights, including requesting access to your data, correction of inaccurate data, or deletion of your account, please contact us at the email address provided below.

Third-Party Services and Sub-processors

We share certain information with companies that may be considered our "sub-processors" under GDPR. This information is limited to the following:

Required for the Web Application

The following services are necessary for the zeitclaim web application:

  • Vercel - We use Vercel to host our application and serve our web pages. Privacy Policy of Vercel.
  • Supabase - We use Supabase to store user information, authenticate users, and host our database. Privacy Policy of Supabase.
  • OpenAI - We use OpenAI directly for some AI requests (e.g., image processing). Privacy Policy of OpenAI.
  • Vercel AI Gateway - We use Vercel AI Gateway to route certain AI requests through their gateway service, which may route to additional providers. Privacy Policy of Vercel.
  • PostHog - We use PostHog for privacy-focused product analytics to understand how our Service is used. PostHog is hosted in the EU (Frankfurt, Germany). Privacy Policy of PostHog.

Note on Vercel AI Gateway: When using Vercel AI Gateway, your AI requests are routed to Baseten, an AI model hosting provider. Privacy Policy of Baseten.

Note on PostHog Analytics: If you consent to analytics cookies, PostHog collects usage data to help us improve our Service. If you decline, PostHog uses a privacy-preserving server-side hash that cannot identify you personally. Your data is stored in the EU and is not used for advertising or sold to third parties.

CompanyPurposeInformation Collected
VercelHosting infrastructureIP address
SupabaseData storage and authenticationEmail, name, calendar events, time-tracking data, chat messages
OpenAIAI processing (direct)Chat messages, calendar events, and related context sent during AI interactions
Vercel AI GatewayAI request routingChat messages, calendar events, and related context sent during AI interactions (routed to providers below)
BasetenAI model hosting (via Vercel AI Gateway)Chat messages, calendar events, and related context sent during AI interactions
PostHogProduct analytics (EU hosted)Page views, user interactions, browser information (with consent) or anonymized hash (without consent)

Please note that Supabase only receives your personal information when and after you create a user account with zeitclaim.

Please note that OpenAI only receives your personal information when you interact with the AI features of zeitclaim that use OpenAI directly. We do not use your data to train OpenAI's models, and your data is processed according to OpenAI's data processing terms.

Please note that when using Vercel AI Gateway, your requests are routed to Baseten. All data is processed according to Baseten's privacy policy and terms of service. We do not use your data to train any AI models.

All service providers are contractually bound to protect your data and use it only for the purposes we specify.

Links to Other Sites

Our Service may contain links to other sites that are not operated by us. If you click a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.

Your Privacy Rights (US Residents)

California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for collection, and the categories of third parties with whom we share it.
  • Right to Delete: You can request deletion of your personal information, subject to certain legal exceptions.
  • Right to Correct: You can request correction of inaccurate personal information we hold about you.
  • Right to Opt-Out of Sale/Sharing: We do not sell your personal information, and we do not share it for cross-context behavioral advertising. Therefore, there is no need to opt out.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

Categories of Personal Information Collected: In the preceding 12 months, we have collected: identifiers (email, name), commercial information (calendar events, time-tracking data), and internet activity (chat messages with AI features).

To Exercise Your Rights: Contact us at info@zeitclaim.com. We will verify your identity and respond within 45 days. You may also designate an authorized agent to make a request on your behalf.

Other US State Residents

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and other states with comprehensive privacy laws have similar rights to access, delete, and correct their personal information. Contact us at info@zeitclaim.com to exercise your rights under applicable state law.

Canada Residents (PIPEDA)

If you are a Canadian resident, you have the right under the Personal Information Protection and Electronic Documents Act (PIPEDA) to:

  • Access your personal information held by us
  • Request corrections to inaccurate information
  • Withdraw consent for data processing (where applicable)
  • File a complaint with the Privacy Commissioner of Canada

Contact us at info@zeitclaim.com to exercise these rights.

Children's Privacy

Our Service is not directed to children under the age of 16. We do not knowingly collect personally identifiable information from children under 16. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children under 16 without verification of parental consent, we take steps to remove that information from our servers.

For US residents: In compliance with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately at info@zeitclaim.com.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. As a beta service, we may make changes to reflect service updates, legal requirements, or improvements to our data handling practices. Changes will be posted on this page with an updated "Last updated" date.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, please contact us:

info@zeitclaim.com