Privacy

Drift is built and operated by Shinsu LLC (“we”, “us”). The product lives at drift-timer.com, on iOS (TestFlight and App Store), and as a command-line companion for macOS and Linux.

Privacy questions, deletion requests, and anything else you’d rather a human read: business@drift-timer.com.

Only what the app needs to work for you, and a small amount of diagnostic signal so we know it actually does.

Account

• An email address. Required for password sign-up and used to send you transactional messages (e.g., the one note when TestFlight opens, account changes you initiate).
• For Sign in with Google: your Google account ID and the email Google returns to us. We do not see your Google password.
• For Sign in with Apple: your Apple-issued account identifier and, if you choose to share them, your name and a private relay email that forwards to your real address. We do not see your Apple password.
• For password sign-up: a one-way hash of the password you choose. We never store or see the original.
• A profile we generate for you: optional display name, timezone, week-start preference, time-format preference.

Your time-tracking content

• The projects, tags, time entries, notes, goals, and timer sessions you create. These belong to you. We host them so you can sync between iPhone, web, and the CLI.
• We do not read your notes or use your data to train AI models. We do not sell, rent, or share it with advertisers.

Subscription

• On iOS, your subscription is purchased through Apple and managed for us by RevenueCat. We receive only the status (active, canceled, lifetime, expired), the App Store transaction ID, and the renewal date. We never see your card number.
• On the web (when paid plans launch there), your subscription is processed by Stripe under the same principle: we receive status only, never card data.

Diagnostics

• Drift uses PostHog to record a small set of product events (e.g., “auth_attempted”, “timer_started”, page views on the website) and crash signals so we can fix what breaks. Session replay, autocapture, and ad-targeting features are switched off.
• Once you sign in, we associate these events with your Drift user ID so we can debug your experience if you contact us. You can ask us to delete this signal at any time.

Waitlist

• If you join the TestFlight waitlist on the website, we store the email you submit and a SHA-256 hash of your IP address. The hash exists only to throttle abuse on the form — we never store or look at the raw IP.

On your device

• The mobile app keeps your sign-in token, an offline cache of your latest data, your appearance preference, and any pending changes that haven’t synced yet. This lives only on your phone and is removed when you sign out or uninstall.
• The CLI keeps a long-lived session token in its own configuration, which you can revoke at any time from the settings screen.

• To run the service. Authenticate you, sync your data across devices, deliver transactional emails, and keep your subscription accurate.
• To keep it working. Triage crashes and fix bugs from the diagnostic events described above.
• To meet legal obligations. Tax records around subscriptions, and responses to lawful requests when we receive them.

We do not run advertising, profile you for marketers, or build models on top of your data.

We use a small set of vendors to deliver the product. Each processes data on our behalf under their own privacy terms.

• Convex — hosts the database, authentication tables, and serverless functions. Holds your account, profile, and time-tracking content. Region: United States.
• Resend — delivers transactional email such as the waitlist confirmation. Receives the destination email address and delivery metadata.
• PostHog — product analytics. Receives the diagnostic events described above. Region: United States. Session replay is off.
• RevenueCat — manages App Store subscriptions for iOS. Receives your Drift user ID and your App Store transaction so we can keep your entitlement in sync.
• Apple & Google — identity providers when you choose Sign in with Apple or Google. They authenticate you and return the minimum identity we need.
• Apple App Store / TestFlight — distributes the iOS app and processes payments for it. Subject to Apple’s privacy practices.
• Vercel — hosts drift-timer.com. Sees standard request metadata (IP, user agent, timing) for the duration needed to serve a page.

Drift’s primary data store and analytics live in the United States. If you sign up from outside the US, you’re consenting to your data being processed there.

• Your account and content are kept for as long as you have an account.
• Diagnostic events are retained for up to 12 months and then rolled off.
• Waitlist entries are kept until TestFlight closes or you ask us to remove yours.
• When you delete your account, we delete your profile, subscriptions table entry, CLI session tokens, authentication records, and your projects, tags, time entries, and goals from our database, and we instruct RevenueCat to delete its record of you. Some backups may persist for up to 30 days before they are cycled out.

• Export. Mobile settings includes an Export action that produces a machine-readable file of your projects, tags, and time entries.
• Delete. Mobile settings includes a Delete Account action that fully removes your data as described above. You can also email us.
• Correct. You can edit your profile, projects, and entries directly in the app. For things you can’t edit yourself, email us.
• Opt out of diagnostics. Email us and we will switch off PostHog event capture for your account and delete what we already have.

If you live in a jurisdiction with stronger privacy rights (California, the EEA, the UK, and others), those rights also apply to you. Email us and we’ll honour them.

On the website we use a small number of first-party cookies and local-storage entries: one to keep you signed in when paid plans arrive, and one set by PostHog to associate page views with a consistent (anonymous-until-sign-in) identifier. We do not run third-party advertising cookies.

On iOS we do not request App Tracking Transparency permission because we do not track you across other companies’ apps and websites.

Drift isn’t designed for children under 13 (or under 16 in jurisdictions where that is the applicable threshold), and we don’t knowingly collect data from them. If you believe a child has signed up, email us and we’ll delete the account.

We use TLS in transit, encryption at rest at our primary providers, hashed passwords, signed identity tokens, and verified webhook signatures. No system is perfect; if something goes wrong in a way that affects you, we’ll tell you.

We’ll update this page as Drift grows. The effective date at the top is how you can tell something changed. If a change is material, we’ll send you a note before it takes effect.

Shinsu LLC — business@drift-timer.com