This Privacy Policy describes how Nyxone OÜ (“we”, “us”, or “our”) processes personal data when you use The Timeline.
1. Controller
For account, billing, product, support, and website data, the controller is Nyxone OÜ, Harju maakond, Tallinn, Kesklinna linnaosa, Narva mnt 5, 10117, Estonia. Contact us at contact@thetimeline.cc.
For team content submitted to a workspace, the team or organization using The Timeline may be the controller, and we may act as a processor according to that team's instructions.
2. Data We Process
- Account data, such as name, email address, authentication provider, and profile image.
- Team data, such as memberships, roles, invitations, settings, and audit records.
- Customer content, such as raw events, messages, transcripts, documents, files, calendar events, integration events, prompts, extracted facts, objects, suggestions, and agent answers.
- Support data submitted through public or signed-in support forms.
- Technical and product usage data, such as IP address, request metadata, logs, diagnostics, abuse signals, feature-flag evaluation data, and product analytics events.
3. How We Use Data
- Provide, secure, maintain, debug, and improve The Timeline.
- Authenticate users and manage teams, invitations, roles, and settings.
- Capture, transcribe, extract, embed, search, summarize, and display team content.
- Generate citations, suggestions, notifications, and agent answers.
- Respond to support, billing, security, and legal requests.
- Understand product usage, improve workflows, and evaluate feature flags.
- Prevent abuse, enforce terms, and protect users, teams, and the service.
4. AI Processing
The Timeline uses OpenRouter to route relevant content to selected AI model providers for features such as chat, transcription, embeddings, extraction, summarization, OCR, and agent answers. Model selection may vary by task, capability, cost, reliability, or product configuration. AI outputs can be inaccurate or incomplete and should be verified against cited source material.
5. Core Sub-Processors
We use service providers to operate The Timeline. Current core sub-processors include:
| Provider | Purpose |
|---|---|
| OpenRouter and selected AI model providers | Routing requests to selected AI models for chat, embeddings, transcription, extraction, summarization, OCR, and agent answers. |
| Recall.ai | Meeting bot attendance and transcript capture when meeting features are enabled. |
| Railway / Postgres hosting | Application hosting and relational database infrastructure. |
| Qdrant | Vector search and retrieval indexes. |
| RustFS / S3-compatible object storage | Document, file, and object storage. |
| Postmark | Transactional email, inbound email, invites, and support mail. |
| Resend | Transactional email and video-call related notifications, such as invites, confirmations, reminders, and service messages. |
| Sentry | Error reporting and diagnostics. |
| PostHog | Product analytics and feature flags. |
| Cloudflare Turnstile | Abuse prevention on public forms and email/password signup. |
6. Optional User-Enabled Integrations
Teams may choose to connect external services such as Slack, Telegram, GitHub, Google Drive, Linear, calendar providers, and custom MCP servers. When enabled, The Timeline processes data from those services according to the permissions granted by the user or team.
7. Cookies
We use essential cookies and similar technologies for authentication, sessions, security, team selection, invite handling, preferences, abuse prevention, product analytics, and feature flags. We do not use a separate cookie consent flow for advertising cookies in the current product.
8. Retention
We retain account data while your account is active, team content while the team keeps it in The Timeline, and operational logs for security, debugging, compliance, and abuse prevention. Raw events are designed as immutable source evidence unless hidden through supported product workflows such as source deletion tombstones.
9. Security
We use technical and organizational measures designed to protect data, including encrypted transport, access controls, team isolation, visibility controls, encrypted integration secrets, and security-relevant audit logs. No system can be guaranteed completely secure.
10. International Transfers
We and our providers may process data in countries outside your location. Where required, we use appropriate safeguards for international transfers.
11. Your Rights
Depending on your location, you may have rights to access, correct, delete, export, restrict, or object to processing of personal data. Contact us to exercise these rights. If your data belongs to a team workspace controlled by your organization, we may direct your request to that organization.
12. Changes
We may update this Privacy Policy. If changes require renewed acknowledgement, The Timeline will ask signed-in users to accept or acknowledge the updated versions before entering the signed-in product.
13. Contact
Contact: contact@thetimeline.cc. Provider: Nyxone OÜ, Harju maakond, Tallinn, Kesklinna linnaosa, Narva mnt 5, 10117, Estonia.