Privacy Policy

Last updated: June 2026

rtime (“we”, “us”, or “our”) operates the scheduling web application available at rtime.app. This Privacy Policy explains what personal information we collect, how we use it, and your rights regarding that information. By using rtime, you agree to the practices described here.

1. Information we collect

1a. Information you provide directly

  • Display name and email address when you create or respond to a poll as a guest.
  • Poll content — title, description, date range, and availability selections you enter.
  • Account credentials — email address and password if you register with a local account.

1b. Information from third-party sign-in providers

If you choose to sign in with Google or Microsoft, we receive from those providers:

  • Your name and email address.
  • A unique account identifier used to link your account.
  • Your profile picture URL (Google).

We do not receive your passwords from these providers, and we do not access your Google Drive, calendar, contacts, or any other account data beyond the profile information listed above.

1c. Information collected automatically

  • IP address — used for rate limiting to prevent abuse. Not stored beyond the rate-limit window.
  • Session token — stored in an httpOnly cookie to keep you signed in.
  • Bot-detection signals — collected by Cloudflare Turnstile on the poll creation form. Governed by Cloudflare's Privacy Policy.

2. How we use your information

  • To create and display your polls and availability responses.
  • To identify you as the owner or responder of a poll.
  • To send you a manage link or edit link for your poll or response (if you provide an email).
  • To authenticate your account and maintain your session.
  • To enforce per-IP rate limits and prevent abuse.
  • To comply with legal obligations.

We do not sell your personal information. We do not use your data for advertising or share it with data brokers.

3. Data retention and automatic deletion

rtime is designed to be ephemeral. Polls are automatically and permanently deleted after the poll's end date plus a grace period (default: 14 days). All responses, availability data, and any guest names/emails attached to that poll are deleted at the same time via cascading database deletion. This purge runs daily and is not reversible.

Authenticated user accounts are retained until you delete your account. You may request account deletion at any time by contacting us at privacy@rtime.app.

4. Information sharing

We share your information only in these limited circumstances:

  • Infrastructure providers: Vercel (hosting), Neon (database), and Upstash (rate-limit cache) process data on our behalf under their respective data processing terms.
  • Other poll participants: Your display name and availability selections are visible to other participants of a poll you respond to. For public polls, this means anyone with the poll link.
  • Legal requirements: We may disclose information if required by law or to protect the rights and safety of users.

5. Cookies and local storage

  • Session cookie — an httpOnly, secure cookie that keeps you signed in. Expires when your session ends or after 30 days.
  • Theme preference — stored in localStorage to remember your light/dark mode choice. Contains no personal data.

We do not use third-party tracking cookies or analytics cookies.

6. Your rights

Depending on your location, you may have rights including:

  • Access — request a copy of the personal data we hold about you.
  • Correction — ask us to correct inaccurate data.
  • Deletion — request that we delete your account and associated data.
  • Portability — request your data in a machine-readable format.
  • Objection — object to certain uses of your data.

To exercise any of these rights, email privacy@rtime.app. We will respond within 30 days.

7. Children's privacy

rtime is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

8. Security

All data is transmitted over HTTPS. Passwords are hashed using argon2id and never stored in plaintext. Secret tokens (poll manage links, response edit links) are stored as SHA-256 hashes. We follow security best practices for web applications, though no system is completely secure.

9. Changes to this policy

We may update this policy from time to time. When we do, we will update the “Last updated” date at the top of this page. Continued use of rtime after changes constitutes acceptance of the updated policy.

10. Contact

For privacy-related questions or requests, contact us at:

privacy@rtime.app