Privacy Policy
Effective date: July 3, 2026 · Last updated: July 3, 2026
This Privacy Policy explains how Zimmerman Legacy Holdings, LLC ("tideline," "we," "us," or "our") handles information in connection with the tideline iOS app (the "App"). tideline is built to be privacy-first: your content is processed on your device and is never stored on our servers. We do not operate a user-data backend and there is no tideline account to create.
- Capture and AI extraction run on your device using Apple's on-device models.
- Your library lives on your device and syncs only through your own iCloud. We cannot access it.
- We do not sell or share your personal information, serve ads, or track you across other apps and websites.
- Analytics are opt-in only and anonymous, with no message or content data and no session replay.
- Connectors are read-only and user-initiated; their access tokens stay in your device's Keychain.
1. Who we are
The data controller for the limited processing described here is Zimmerman Legacy Holdings, LLC. You can reach us about privacy at [email protected].
2. On-device processing
The core of tideline — capturing your notes and content and using AI to extract tasks, summaries, people, and structure — runs locally on your iPhone using Apple's on-device models. This content (your notes, dictation, shared items, connector data you bring in, and anything derived from it) is processed on-device and never sent to or stored on our servers. We do not receive, read, or retain your content.
Because some connectors fetch your own data from third-party services (for example, Slack messages you choose to import), the App does make network requests to those services on your behalf. Those requests go directly between your device and the relevant service; the fetched data is processed on your device and is not routed through or stored on our servers.
3. Storage and sync (your iCloud)
Your tideline library is stored on your device. If you enable sync, it is synchronized across your own Apple devices using Apple's iCloud (CloudKit) in your personal iCloud account. This data resides in your iCloud, governed by Apple's Privacy Policy and your iCloud settings. We do not have access to your iCloud data and cannot read, export, or delete it.
4. Information we and our processors handle
tideline is designed to minimize the information that reaches us. The categories below describe the limited data handled by the third-party processors we use — not your content, which stays on your device.
| Context | What is handled | Who handles it | Why |
|---|---|---|---|
| Purchases & subscriptions | Purchase and entitlement status (e.g., product identifiers, subscription/purchase state, an anonymous app-install identifier). No card or payment data — Apple handles payment. | Apple; RevenueCat (subscription infrastructure) | To unlock and validate paid features across your devices. |
| Analytics (opt-in only) | Anonymous product-usage events (e.g., which features are used). No message or content data, no session replay. Off unless you turn it on. | PostHog | To understand feature usage and improve the App, only with your consent. |
| Connector sign-in (OAuth) | The OAuth handshake needed to connect a service. A lightweight sign-in broker may hold a provider secret to complete the handshake; it does not store or log your tokens or content. | Zimmerman Legacy Holdings, LLC sign-in broker; the connected service | To let you authorize a read-only connection. Resulting access tokens are stored only in your device's Keychain. |
| Connector content | Data you choose to import (e.g., Slack messages, recorder transcripts, calendar events, screenshot text). Fetched to your device and processed on-device. | The connected service (source only) | To bring your own content into your on-device library. Not stored on our servers. |
| Support | Your email address and anything you include when you contact us. | Zimmerman Legacy Holdings, LLC | To respond to your request. |
5. Connectors and integrations
All connectors are read-only and are connected only when you choose to connect them. For each, content is fetched to your device, processed on-device, and never stored on our servers:
- Slack — connected via Slack's official integration using OAuth with read-only scopes. Messages you import are fetched to your device and processed on-device.
- Recorders (Pocket, Plaud, and similar) — to bring in recordings and transcripts you own.
- Calendar and Reminders — accessed on-device through Apple's EventKit, subject to iOS permissions you grant.
- Share Extension — content you explicitly share into tideline from other apps.
- Screenshot text recognition (OCR) — performed on-device with Apple's Vision framework, only when you enable it.
Access tokens for connectors are stored in your device's Keychain — device-only, and never on our servers. Disconnecting a connector removes that connector's tokens from your device and any derived items you have not chosen to keep.
6. Google user data — Limited Use (future Gmail connector)
tideline may in the future offer an optional, read-only Gmail connector. If and when it does, tideline's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- Google user data would be fetched to your device and processed on-device to provide and improve user-facing features of the App.
- We would not transfer Google user data to third parties except as necessary to provide or improve those features, to comply with applicable law, or as part of a merger, acquisition, or asset sale (with notice).
- We would not use Google user data for advertising, and we would not allow humans to read it, except with your affirmative consent for specific messages, for security or abuse investigations, to comply with applicable law, or where the data is aggregated and anonymized.
The Gmail connector is not enabled at launch; this section is provided in advance for transparency.
7. Legal bases for processing (EEA/UK)
Where the EU/UK GDPR applies, we rely on: performance of a contract to provide the App and process purchases; consent for opt-in analytics and for connectors you choose to enable (which you can withdraw at any time); and our legitimate interests in securing the App and responding to your support requests.
8. Retention
- Your content is retained on your device and in your iCloud for as long as you keep it. We do not hold it and cannot delete it on your behalf.
- Purchase/entitlement records are retained by Apple and RevenueCat as needed to manage subscriptions and comply with legal and financial obligations.
- Opt-in analytics events are retained by PostHog in anonymized form for as long as needed to analyze product usage, and are removed if you disable analytics or request deletion, subject to the provider's rolling retention.
- Support emails are retained only as long as needed to handle your request and for reasonable record-keeping.
9. Your rights and how to exercise them
Because your content lives on your device and in your own iCloud, you are in direct control of it:
- Delete your data by deleting the App and removing its data from iCloud, and by disconnecting connectors. See our step-by-step Data Deletion page.
- Disconnect a connector at any time in the App to wipe that connector's tokens and unkept derived items.
- Turn analytics on or off at any time in the App's settings.
Depending on where you live (including under the GDPR and the CCPA/CPRA), you may also have rights to access, correct, delete, port, or restrict processing of personal information we or our processors hold, to object to processing, and to not be discriminated against for exercising these rights. Since we hold very little personal information about you, some requests may be best directed to the relevant provider (Apple, RevenueCat, PostHog). To make a request to us, email [email protected]. You also have the right to lodge a complaint with your local data protection authority.
10. Do Not Sell or Share My Personal Information
We do not sell your personal information, and we do not share it for cross-context behavioral advertising, as those terms are defined under the CCPA/CPRA. We have not done so in the preceding 12 months. Because we do not sell or share personal information, no opt-out action is required; this section serves as our notice. If you have questions, contact [email protected].
11. Children
tideline is not directed to children. It is not intended for users under 13, or under 16 in the European Economic Area. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact [email protected] and we will address it.
12. International transfers
Our processors (Apple, RevenueCat, PostHog) may process the limited data described above in countries other than yours. Where required, such transfers are protected by appropriate safeguards such as the European Commission's Standard Contractual Clauses.
13. Security
Your content stays on your device and in your iCloud, protected by your device passcode/Face ID and Apple's iCloud protections. Connector access tokens are stored in the device Keychain. Network requests use encrypted connections (TLS). No method of storage or transmission is completely secure, but we design tideline to minimize the data at risk by keeping it on your device.
14. Changes to this policy
We may update this Privacy Policy from time to time. We will revise the "Effective date" above and, for material changes, provide additional notice as appropriate.
15. Contact us
Privacy questions and requests: [email protected]
General support: [email protected]
Governing law for this policy is the law of the State of Texas, United States, without regard to its conflict-of-laws rules, except where mandatory local law provides otherwise.