Timeline: Privacy Policy

Last updated: June 1, 2026 · Effective: June 1, 2026

Timeline's privacy posture isn't a paragraph in a policy, it's the shape of the product. There is no public feed. There is no map. The only thing another person ever sees about you is your profile and what you shared on the moments you had with them. Everything below is a more careful version of that promise.

The seven things we promise

No map. We never show your location. We never broadcast where you are.
No call recording. Audio of in-app calls is never stored or transmitted to our servers. We keep duration only.
No public feed. Your timeline is yours alone. There is no surface where anyone can scroll your activity.
Nothing goes past the two of you. The photos, comments and likes on a moment are visible only to the two friends who were there. Never to a third person, never on a public surface.
No ads, no behavioural tracking. Timeline contains no third-party advertising and no behavioural analytics SDKs.
No AI training on your data. We do not use your moments, comments, photos, calls or messages to train AI models, ours or anyone else's.
No sale of your data. Ever.

1. Who is responsible

Disket France, the company behind Timeline.

The data controller for the personal information described in this policy is Disket France, a French simplified joint-stock company (société par actions simplifiée) with share capital of €1,000, registered with the Paris Trade and Companies Register (RCS Paris) under number 944 134 329, with registered office at 67 rue d'Aboukir, 75002 Paris, France. Disket France is the controller under the EU and UK General Data Protection Regulation. You can reach us at hello@disket.app.

2. The data model

Exactly the fields Timeline has, what each one is for, and who can see it.

This is everything Timeline stores about you. If a category isn't on this list, we don't have it.

Field	What it is	Visible to
Phone number or Apple ID	Used to sign you in and let your friends find you if they have it.	You and us
First name	How friends recognise you.	Your friends
Username	Your unique handle.	Your friends
Profile picture (optional)	One image of your choosing.	Your friends
Bio (optional)	A short line about you.	Your friends
Friend list	The set of users you have mutually accepted as friends.	You only
In-person moments	Bluetooth-detected meets between you and a friend. Stored as start time, friend identifier, and a bucketed duration (15 min / 30 min / 1 h / N h).	The two friends in the moment
In-app call moments	Start time, friend identifier, call duration. No audio.	The two friends in the call
Comments (optional)	Text either friend can add to a moment you shared. Stored in your account so they survive reinstalls.	The two friends in the moment
Photos attached to a moment (optional)	Images either friend attaches to a moment you shared, stored on our servers. (Photos matched from your own library by time are shown only on your device and never uploaded.)	The two friends in the moment
Likes on shared moments	A binary signal: liked or not.	The two friends in the moment
Monthly goal	The number of monthly moments you set for yourself.	You only
Snooze-when-together preferences	Which friends trigger Focus Mode when nearby.	You only
Device + diagnostics	Device model, OS version, app version, language, crash logs.	Us, in aggregate

3. How a moment gets recorded

Two paths: Bluetooth proximity, and in-app calls.

3.1 Bluetooth proximity

While Timeline is running (including in the background, if you have granted Bluetooth permission), your device advertises a rotating Timeline identifier and listens for the identifiers of others. When two devices belonging to mutual friends detect each other for long enough to count as a meet, each device records a moment locally and syncs it to our server. We store: the two user identifiers involved, the start time, and an approximate, bucketed duration ("15 min", "30 min", "1 h", "N h"). We do not store the latitude, longitude, address, venue name or any other location data. Bluetooth proximity tells us "these two phones were close to each other"; it tells us nothing about where.

3.2 In-app calls

When you place or receive an audio call to a Timeline friend inside the app, we record a moment with the participants, start time and call duration. The audio of the call is never recorded, never transcribed, and never transmitted to our servers. Call audio flows peer-to-peer (or through a transient relay when peer-to-peer fails) and is discarded the moment the call ends.

4. What we never collect

A short list of things people often assume social apps collect. We don't.

Your precise GPS location. Timeline does not request the iOS location permission and does not read your coordinates.
The content of phone calls. No audio, no transcript.
Your address book, unless you explicitly grant Contacts access from the friend-finder. If you do, we match contact phone numbers against Timeline accounts and discard the unmatched data.
Your camera roll beyond the photos you choose to attach to a profile, comment or moment.
Your biometric data. No faceprint, no voiceprint.
Your activity in other apps. We do not run cross-app SDKs or read your iOS advertising identifier.
Your web browsing. Timeline has no embedded web tracking pixels.

5. How we use the data

Only to make Timeline work, keep it safe, and improve it.

Operate the Service: build your private timeline, detect meets, deliver mutual-like signals, render your profile and statistics, send the notifications you opted into.
Authenticate you and protect your account.
Prevent abuse, fraud and harm to you, to other users, and to the Service.
Diagnose bugs using crash reports and aggregated, non-identifying performance metrics.
Comply with the law when we have a valid legal obligation.

We do not profile you, score you, or use your data to nudge your behaviour inside the app.

6. Legal bases (EEA / UK users)

For each kind of processing, the legal basis we rely on.

Performance of a contract for everything required to deliver Timeline to you (account, moment recording, mutual likes, comments, calls).
Legitimate interests for security, anti-abuse, diagnostics and product improvement, balanced against your rights.
Consent for optional device permissions (Bluetooth, Contacts, Photos, Microphone, Notifications) and for any future opt-in feature. You can withdraw consent at any time in iOS Settings or in the app.
Legal obligation when we have to retain or disclose information in response to a valid legal request.

7. What other Timeline users can see about you

A short list, and all of it is pairwise: only the friend who was in the moment with you.

Your profile fields (first name, username, optional bio, optional profile picture), visible to users you have accepted as friends.
The fact, time and bucketed duration of a moment you shared with someone, visible to the two of you only.
Photos you attach to a shared moment, visible to the friend in that moment only.
Comments on a shared moment, visible to the friend in that moment only.
Whether you have liked a specific shared moment, visible to the friend in that moment only.

That is the complete list, and every item is limited to the one friend you shared the moment with. Your full timeline, your monthly goal, your heatmap, your snooze preferences, and your moments with other friends are not exposed to any other user, ever. There is no public feed and no friends-of-friends visibility.

8. The infrastructure we use

A small number of providers, each bound by a data-processing agreement.

Provider	What they do	Region
Supabase	Hosts our database, authentication and file storage.	EU
Cloudflare	Edge networking and DDoS protection.	Global edge
Apple Inc.	App Store distribution, push notifications (APNs), Sign in with Apple.	USA / global

If we ever add another provider that handles personal data, we will update this list before we start using them.

9. What we do not do with the data

The non-negotiables.

We do not sell or rent your personal information to anyone.
We do not share your data with advertising networks. Timeline has no ads.
We do not embed third-party behavioural analytics or attribution SDKs.
We do not use your content (moments, comments, photos, call metadata, profile) to train artificial-intelligence models, ours or anyone else's.
We do not let other users see anything about you that section 7 does not list.

10. International transfers

Your data is stored in the EU. The only transfers out happen via sub-processors with standard EU safeguards.

Disket France is a French company and your personal data is stored in the European Union (Supabase, EU region). The only transfers outside the EEA occur through the sub-processors listed in section 8: Apple Inc. processes a limited amount of metadata in the United States to deliver push notifications and operate the App Store, and Cloudflare's global edge network may route traffic through the data centre nearest to you, which can be outside the EEA. Each of these transfers is covered by the Standard Contractual Clauses approved by the European Commission, complemented by additional technical safeguards (encryption in transit and at rest, scoped access controls, least-privilege engineering).

11. Retention and deletion

We keep your data while your account is active. Delete the account, and the data goes with it.

We retain your account information and your moments for as long as your account is active. You can delete your account at any time from Settings → More → Delete account inside the app. When you do:

Your profile, friend list, moments, comments, photos and mutual-like signals are deleted from our live systems within 30 days.
Encrypted backups containing your data roll over and are overwritten within 90 days.
A minimal record may be retained where we are legally required to do so (e.g. fraud-prevention logs, tax records of any paid transaction). This record is access-controlled and not used for any other purpose.

Friends with whom you shared moments will still see the existence of those moments on their own timeline, attributed to a deleted user. We cannot rewrite their personal record of having met you. Your name, profile photo, comments and any photos you attached are removed.

12. Security

Standard industry safeguards. Nothing is unbreakable.

We protect your data with transport encryption (TLS), encryption at rest, scoped access controls, audit logging, automated dependency scanning and least-privilege engineering practices. We require multi-factor authentication for staff access to production systems. No system is perfectly secure, and you remain responsible for keeping your device and your Apple ID secure. If we ever suffer a data breach affecting your personal information, we will notify you and the competent supervisory authority within the deadlines required by applicable law.

13. Your rights

Access, correct, delete, port, object, complain.

Depending on where you live, you may have some or all of the following rights:

Access — request a copy of the personal data we hold about you.
Rectification — ask us to correct inaccurate or incomplete data.
Deletion — ask us to delete your data (you can also do this yourself in the app).
Restriction — ask us to limit how we use it.
Objection — object to processing based on our legitimate interests.
Portability — receive your data in a portable, machine-readable format.
Withdraw consent — for processing based on consent, at any time, without affecting prior processing.
Complain to your local data-protection authority. In France that's the CNIL (cnil.fr); in other EEA countries, the equivalent national regulator.

To exercise any of these rights, write to hello@disket.app. We will respond within one month (EEA/UK) or as required by your local law.

13.1 Notice to California residents

Under the California Consumer Privacy Act (CCPA), you have the right to know the categories of personal information we collect, the purposes for which we use it, the categories of third parties with whom we share it, and to request access, deletion and correction. We do not "sell" your personal information and we do not "share" it for cross-context behavioural advertising as those terms are defined under California law. You may exercise your CCPA rights by writing to hello@disket.app.

14. iOS permissions

Each permission Timeline asks for, and why.

Permission	Why we ask for it	What happens if you deny
Bluetooth	Detect when a Timeline friend is physically near you. This is the core function.	In-person moments cannot be recorded.
Notifications	Tell you about friend requests, mutual likes, monthly goal milestones.	You'll only see those events when you open the app.
Microphone	Place and receive in-app audio calls.	You can use the rest of Timeline; in-app calling won't work.
Photos	Attach a photo to a moment, comment or profile, only when you choose to.	You can use the rest of Timeline; no photo attachments.
Contacts	Find which of your phone contacts are on Timeline, only when you tap that option.	You can use the rest of Timeline; you'll add friends via Bluetooth radar only.

You can grant or revoke any of these at any time in iOS Settings.

15. Children

Timeline is for 17 and older.

Timeline is not directed to children under 17 and we do not knowingly collect personal information from anyone under that age. If we learn that we have inadvertently collected data from a child under 17, we will delete it without delay. Parents or guardians who believe their child has provided us with personal information can write to hello@disket.app.

16. Changes to this policy

If we change something material, we tell you in the app before it takes effect.

We may update this Privacy Policy from time to time. When we make a material change — such as adding a new provider that handles your data, or expanding what we collect — we will notify you inside the app at least fourteen days before the change takes effect. The "Last updated" date at the top of this page indicates when the current version was published.

17. Contact

One email for everything.

Disket France
67 rue d'Aboukir
75002 Paris, France
hello@disket.app