LEGAL

Privacy Policy

Effective: April 19, 2026 · Last updated: April 19, 2026

This is a plain-language summary. The full legal text follows. If any part is ambiguous, the plain-language summary is the intent — tell us at privacy@tymrlogic.com and we'll clarify the full text.

1. Who we are

Tymr is operated by Tymr Logic (the "Company", "we", "us"). Our registered address and data controller information are available on request at privacy@tymrlogic.com.

2. What we collect

Account data

  • Your name, work email, and password (hashed) when you sign up
  • Your organization's name and tier
  • Your role (member, manager, admin) and timezone

Activity data (via integrations you connect)

  • Calendar events: titles, start/end times, attendee counts
  • Jira issues: keys, types, status transitions, assignees
  • GitHub: commit/PR metadata, authors, repository names
  • Slack: channel membership and activity counts (no message content)
  • ServiceNow / PagerDuty: incident metadata and on-call windows
  • Workday: time-off and leave windows (if connected)

We explicitly do not ingest message bodies, email content, code diffs (unless you opt in), or video transcripts.

Technical data

  • IP address, user-agent, browser fingerprint (for security & rate-limiting)
  • Error logs and diagnostic events (no user content)
  • Cookies: essential session cookie only. No advertising or tracking cookies.

3. Why we collect it

  • To run the service — Compute reports, build the floor view, generate exports
  • To bill you — Meter active engineers (usage counts only, no PII to payment processor beyond billing contact)
  • To secure the service — Detect anomalous access, rate-limit abuse, investigate incidents
  • To support you — Reply to tickets, debug issues you raise

We do not sell, rent, or share personal data with advertisers. We do not train machine-learning models on your data without explicit written opt-in from your organization admin.

4. Legal basis (GDPR)

  • Contract — Most processing happens because you signed up for the service
  • Legitimate interest — Security, fraud prevention, improving the product
  • Consent — For optional features (e.g., LLM-powered analysis); you can withdraw at any time

5. Retention

  • Account data: retained for the life of your account, plus 90 days after deletion request
  • Activity data: retained per tier (Growth: 3 years; Enterprise: configurable)
  • Logs: 30 days rolling window; 90 days for security incidents
  • Backups: encrypted, removed within 30 days of deletion

6. Your rights

Under GDPR, CCPA, and similar regimes, you can:

  • Access your personal data
  • Correct inaccuracies
  • Delete your data (subject to legal obligations)
  • Export your data in a portable format
  • Object to or restrict processing
  • Withdraw consent where we rely on it

Email privacy@tymrlogic.com with your request — we reply within 30 days (usually within a few business days).

7. Subprocessors

We use vetted vendors to operate Tymr. See the security page for the full list. Material changes are notified 30 days in advance.

8. International transfers

Data is stored in AWS us-east-1 by default. EU-based customers on the Enterprise tier can elect EU data residency. Transfers outside the EEA rely on Standard Contractual Clauses.

9. Children

Tymr is a B2B product and is not directed at anyone under 18.

10. Changes

If we materially change this policy, we notify admins by email and in-app banner at least 30 days in advance. The effective date at the top is the single source of truth.

11. Contact

Privacy questions: privacy@tymrlogic.com
Security issues: security@tymrlogic.com
General: hello@tymrlogic.com

This template is written plainly on purpose. It is not a substitute for a review by qualified privacy counsel — before going fully live or entering regulated industries, have this reviewed by your lawyer.