Name: timelit
Brand: timelit
Availability: InStock

Last Updated: 17.11.2025
Version: 1.0
Effective Date: 17.11.2025

1. Data Protection, Responsibility and Scope

We respect the privacy of visitors to our website and comply with the applicable laws on the protection of your privacy. These laws include in particular the General Data Protection Regulation of the European Union (“GDPR”) and the Austrian Data Protection Act.

This Privacy Notice covers:

Website(s):

timelit.ai

Categories of data subjects covered by this notice:

Visitors to our website (website users)

The controller responsible for the processing of your personal data under this Privacy Notice is:

Timelit FlexCo
Eileen-Gray-Gasse 2/24
1220 Vienna
Austria

Email: support@timelit.ai

In the following, we explain:

for which purposes personal data is collected and processed,
which categories of personal data are affected,
on which legal basis we process this data,
which third parties are involved as processors,
to which third parties personal data is transferred, and
further information such as storage periods, data subject rights, and other details that help you understand the described data processing.

2. Purposes of Personal Data Processing: Website timelit.ai

2.1 Website Hosting

Purpose

Our website timelit.ai is operated on servers and infrastructure provided by Microsoft Azure. The primary data centre region used is Azure Sweden Central (Sweden, EU/EEA).

Where necessary for performance and reliability, Azure may use Content Delivery Network (CDN) services to deliver website content quickly and securely to visitors.

Data collected and processed

Technical information such as IP address
Device information (e.g., device type, operating system)
Browser information (e.g., version, language settings)
Data about the website visit (pages viewed, date and time of access, referrer URL)
Log data (e.g., status codes, error messages, performance data)
Cookies that are technically necessary for operating the website

Legal basis

Legitimate interest under Art. 6(1)(f) GDPR Our legitimate interest is the secure, stable and efficient provision of the website, detection and prevention of misuse, and technical optimisation.
Consent under Art. 6(1)(a) GDPR Where non-essential cookies or additional tracking technologies (e.g., for analytics) are used, we rely on your consent, which is obtained via our cookie/consent banner.

Involved processors

Microsoft Ireland Operations Limited One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland

Additional information

The legitimate interest is based on the need to provide a functional and secure website and to protect our systems from attacks or misuse. Further information about Microsoft’s processing can be found in Microsoft’s privacy documentation.

2.2 User Behaviour Analytics

We use analytics technologies in the form of code snippets on our website in order to:

analyse how visitors use our website,
improve user experience and our content,
monitor and optimise campaigns and visibility, and
gain new users and understand demand.

This may involve the transfer of data to third countries, especially the United States.

2.2.1 Google Analytics

Purpose

Google Analytics is used to analyse visitor behaviour, for example:

which pages are visited,
from which regions visitors come,
which content is of interest,
how visitors move through the website.

Data collected and processed

Technical information such as IP address (usually anonymised/truncated)
Browser data (type, version, language)
Device information (device type, operating system)
Data about user behaviour and interactions (e.g., click behaviour, scrolling, time spent on pages)
Referrer URL (from which website you came)
Event data and conversion data
Cookies and similar identifiers

Legal basis

Consent of the data subject under Art. 6(1)(a) GDPR

We ask for your consent via our cookie banner before Google Analytics is activated. You can withdraw your consent at any time via the cookie settings on our website or within your browser.

International transfers and safeguards

Data may be processed by Google on servers outside the EU/EEA, in particular in the USA. Safeguards include:

Participation of Google in the EU–US Data Privacy Framework (if applicable), and/or
the use of Standard Contractual Clauses (SCCs) approved by the European Commission.

Processor

Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Ireland

Additional information

Further details about data protection at Google Analytics can be found in:

Google’s Privacy Policy
Google’s documentation and support pages on Google Analytics and data protection.

2.2.2 Plausible Analytics

We also use (or may use) Plausible Analytics, a privacy-focused analytics tool that generally works without cookies and processes only minimal, aggregated data.

Purpose

Plausible is used to measure website traffic and usage in a privacy-friendly way, for example:

how many visitors we have,
which pages are visited,
from which regions visitors come,
which referrers bring traffic.

Data collected and processed (depending on configuration)

Truncated or hashed IP address
URL of the accessed page
Referrer URL (from which site you arrived)
Device type and operating system
Browser type
Approximate location (country/region)

Plausible does not build user profiles and does not track users across multiple websites.

Legal basis

Depending on our implementation, the legal basis is either:

Legitimate interest under Art. 6(1)(f) GDPR (Our interest: simple, privacy-friendly reach measurement and improvement of the website),

Consent under Art. 6(1)(a) GDPR (if we decide to integrate it into our cookie consent framework).

Processor

Plausible Insights OÜ Västriku tn 2, 50403 Tartu, Estonia

Additional information

Further information can be found in the Plausible Analytics Privacy Policy.

2.3 Contact via Email

On our website, we provide a contact email address (support@timelit.ai) to enable you to contact us, for example to:

request information about our services,
ask questions,
provide feedback, or
initiate potential cooperation or contracts.

Data collected and processed

Email address
Name and other contact details if you provide them
Content of your message (including any attached files)
Technical email metadata (e.g., date, time, sender, recipients, routing information)

Legal basis

Legitimate interest under Art. 6(1)(f) GDPR Our legitimate interest is to answer inquiries regarding our products, services and company and to maintain communication.
(Pre-)contractual obligations under Art. 6(1)(b) GDPR Where your inquiry is related to the conclusion of a contract or an existing contractual relationship, processing is necessary to take steps at your request or to fulfil a contract.

Additional information

We kindly ask you not to send us special categories of personal data within your email (Art. 9 GDPR), such as:

racial or ethnic origin
political opinions
religious or philosophical beliefs
trade union membership
genetic or biometric data
health data
data concerning sex life or sexual orientation

If such information is nevertheless provided, it will only be processed if and to the extent this is legally permitted or required.

2.4 Newsletter / Waitlist (optional)

If we offer the possibility to subscribe to a newsletter or join a waitlist through our website, we process your personal data in order to send you regular updates about timelit, new features, offers, or events.

Data collected and processed

Identification data (e.g., name if provided)
Contact data (email address)
Interaction data with newsletters (e.g., opens, clicks)
Technical data related to email delivery (e.g., IP address at time of subscription, subscription timestamp)
Cookies or tracking pixels, depending on the email service provider

Legal basis

Consent of the data subject under Art. 6(1)(a) GDPR

We will only send you newsletters if you have actively subscribed (for example via double opt-in). You can withdraw your consent at any time by:

clicking the unsubscribe link in any newsletter, or
contacting us at support@timelit.ai.

Involved processors

If we use an external newsletter service provider (e.g., MailerLite, Mailchimp), this provider will act as a processor under a data processing agreement. The provider’s name and details can be added here once selected.

3. International Data Transfers and Safeguards

We may use services from providers located outside the EU/EEA, especially for analytics. This can lead to data transfers to so-called “third countries”, including the United States.

3.1 EU–US Data Privacy Framework

For some US-based service providers, there may be an adequacy decision in place based on the EU–US Data Privacy Framework (Art. 45(1) GDPR).

If a provider is certified under this framework, it is deemed to provide an adequate level of protection for personal data transferred from the EU/EEA. For such services, we rely on this adequacy decision as a legal basis for transfer.

You can check whether a US provider is certified under the Data Privacy Framework by visiting the official DPF website.

3.2 Standard Contractual Clauses (SCCs)

If a provider in a third country is not covered by an adequacy decision such as the Data Privacy Framework, we use Standard Contractual Clauses (SCCs) issued by the European Commission.

These contractual clauses commit the provider to comply with a data protection level equivalent to that in the EU.

In addition, we may implement further technical and organisational measures (e.g., encryption, minimisation of personal data) to ensure an appropriate level of protection.

4. Cookies and Local Storage

This website may store information in:

Cookies
Session Storage
Local Storage

The processing of personal data via these technologies is based on the legal basis described for the specific service:

For strictly necessary cookies (e.g., load balancing, security): Legitimate interest under Art. 6(1)(f) GDPR or contractual necessity under Art. 6(1)(b) GDPR.
For analytics or marketing cookies (e.g., Google Analytics): Consent under Art. 6(1)(a) GDPR.

You can control how your browser handles cookies and storage:

accept or block all cookies,
block cookies from certain websites,
delete stored data when closing the browser, etc.

Please note that blocking cookies may affect the functionality of this website.

5. Storage Period

We retain your personal data only as long as necessary for the purposes described above or as long as we are subject to legal retention obligations.

Examples:

Server logs: Typically retained for a few weeks to a few months, unless needed longer for security incident analysis or legal reasons.
Analytics data: Often aggregated or anonymised; underlying data is kept only as long as needed for performance and usage analysis and in line with the settings of the respective analytics tools.
Email communication: Stored for the duration necessary to process your request and for documentation purposes, in accordance with legal retention requirements where applicable.
Newsletter / waitlist data: Stored as long as you are subscribed. After unsubscribe, we may keep minimal information to document that you have withdrawn consent.

When data is no longer required, it will be deleted or anonymised.

6. Data Disclosure

We only disclose your personal data to third parties where:

this is required by law,
it is necessary for the provision of our services, or
you have explicitly consented.

Data may be disclosed to the following categories of recipients:

Processors named in this Privacy Notice (e.g., hosting providers, analytics providers, newsletter services)
Accountants / tax advisors, for bookkeeping and statutory financial reporting
Lawyers or legal counsel, for the establishment, exercise or defence of legal claims
Public authorities and regulatory bodies, where we are legally required to provide such information

We will never sell your personal data to third parties.

7. Protection of Personal Data

We protect personal data using appropriate technical and organizational measures that are in line with industry standards and the state of the art. These measures include, where possible:

Encryption of data in transit (TLS)
Encryption of data at rest where supported by our infrastructure
Pseudonymisation or minimisation of data where suitable
Access control and role-based permissions for staff
Logging and monitoring of security-relevant events
Regular review of our systems and processes

Despite these measures, no system can guarantee absolute security. However, we continuously work to maintain and improve the level of protection.

8. Withdrawal of Consent

Where processing is based on your consent (Art. 6(1)(a) GDPR), you have the right to withdraw this consent at any time with effect for the future.

The lawfulness of processing carried out on the basis of consent before its withdrawal is not affected.
You can mainly withdraw consent via:
- the cookie settings on our website,
- unsubscribe links in emails (for newsletters), or
- a request to us at support@timelit.ai.

9. Provision of Data and Consequences of Non-Provision

9.1 Website visit

Providing personal data (such as your IP address) is not legally or contractually required to simply visit our website.

However:

Without processing certain technical data, the website cannot be displayed or accessed properly.
If you disable all cookies and storage mechanisms in your browser, some functions or content may not work correctly.

9.2 Contacting us

If you contact us via email, we require at least an email address in order to respond. Without providing this data, we cannot answer your inquiry.

10. Your Rights as a Data Subject

Under the GDPR, you have the following rights regarding your personal data:

Right of access (Art. 15 GDPR) You can request confirmation as to whether we process your personal data and receive information about the data we hold about you.
Right to rectification (Art. 16 GDPR) You can request the correction of inaccurate or incomplete personal data concerning you.
Right to erasure (Art. 17 GDPR) You can request the deletion of personal data, provided there is no legal obligation or overriding legitimate reason to retain it.
Right to restriction of processing (Art. 18 GDPR) You can request that we restrict processing under certain conditions (e.g., pending verification of contested data).
Right to data portability (Art. 20 GDPR) You can request to receive personal data you provided to us in a structured, commonly used and machine-readable format and to have it transmitted to another controller, where technically feasible.
Right to object (Art. 21 GDPR) You can object at any time, on grounds relating to your particular situation, to the processing of personal data based on Art. 6(1)(e) or (f) GDPR (e.g., legitimate interests). In particular, you have the right to object to processing for direct marketing purposes.
Right to lodge a complaint (Art. 77 GDPR) If you believe that we are not processing your personal data lawfully, you can lodge a complaint with a supervisory authority. In Austria, this is:

Austrian Data Protection Authority Barichgasse 40–42 1030 Vienna Austria Website: https://www.dsb.gv.at/

You can exercise your rights by contacting us at:

support@timelit.ai

11. Changes to This Privacy Notice

We may update this Privacy Notice from time to time, for example if:

our services change,
we introduce new technologies, or
legal requirements change.

All changes will be published on this page with an updated “last updated” date.