Privacy & GDPR

---

Who we are

Norry Holdings Ltd, trading as Time Lock, is the data controller for the Time Lock app and website. Contact: support@timelockapp.com.

EU Representative
Coming soon. We will update this page when appointed.

Where your data is hosted
Our application runs on EU-based infrastructure (server hosting with Contabo). The public website is hosted by GoDaddy. We publish our current vendors on the Sub-processors page.

What we process & why (legal bases)

• Contract: create/manage your account; store and display your capsules; provide core features.
• Legitimate interests: service reliability, security/anti-abuse, diagnostics, privacy-preserving analytics.
• Consent: marketing communications and non-essential analytics/cookies.
• Legal obligations: records and responses required by law.
   

Your rights
You may request access, export, correction, deletion, objection/restriction, and withdraw consent at any time. Email support@timelockapp.com. We verify account ownership (simple sign-in verification) and aim to respond within 30 days. You may complain to your local data protection authority.

International transfers
If data is transferred outside the EU/UK, we use approved safeguards (e.g., Standard Contractual Clauses / UK IDTA).

Retention

• Your content: retained until you delete it or close your account.
• Backups: retained up to 90 days for disaster recovery.
• Security logs: 12 months. Support records: 24 months.
   

Security
We use appropriate technical and organisational measures, including strict access controls with MFA for administrators, key-based server access, least-privilege permissions, activity logging, regular maintenance/patching, off-server backups, and an incident-response process.

Important: Time Lock is for memories, not secrets. Please don’t store passwords, 2FA codes, or banking details in capsules.

Vendors (sub-processors)
See https://timelockapp.com/subprocessors. We will post updates there before material changes where feasible.