TimeStored Data Protection & Privacy Notice

This Data Protection and Privacy Notice (“Notice”) describes TimeStored data protection and privacy practices.

As described below,

you can always reach us at privacy@timestored.com or by mail.

Data Covered by this Notice

This notice covers personal data when we act as the data controller.

  • Personal Data identifies or could be used to identify a specific person, and any data about that person. For example, your name, address, and payment details are Personal Data.

  • We act as a controller when we process personal data for our own use. For example, we act as a controller when you provide your personal data to open an account.

Core Data Protection and Privacy Rights

We recognize several core data protection and privacy rights:

  • the right to know what personal data we hold about you

  • the right to access, correct, or delete your personal data

  • the right to transfer your personal data (data portability)

  • the right to set your marketing and advertising preferences

We promptly review requests to exercise data protection and privacy rights. If we need more information to process your request, we will contact you by email or, if we do not have an email address on file for you, by the same method you made your request.

If we do not honor your request for legal or other reasons, we will explain why we did not honor your request, your right to appeal, and your right to file a complaint.

Personal Data We Collect

1. Personal Data You Provide

We collect personal data when you set up an account, use our services, apply for a position, or contact us. Examples of personal data we may collect from you include your name, email address, phone number, physical address, and payment method.

2. Personal Data We Collect Automatically

We collect personal data automatically when you visit our websites, use our services, contact us, open our emails, or view our advertising. Examples of personal data we may collect include your device ID, your IP address, information about web pages and other websites you visit, and other similar details.

3. Personal Data from Other Sources

We may collect personal data about you from other sources. Examples of personal data obtained from other sources include publicly available data, social media information, and information lawfully gathered by third party data providers.

4. Personal Data We Generate

We process data in connection with our business and services to generate inferences and insights that may be linked to you or your account.

Use of Personal Data

We use personal data to operate our business and provide services. Examples of how we use personal data include:

  • Managing accounts

  • Processing purchase requests

  • Generating License keys for software you purchase

  • Provisioning products and services you have requested or may be interested in using

  • Providing customer support

  • Securing, updating, and improving our services

  • Detecting fraud and other illegal activity

  • Customized marketing and personalized advertising of our services

  • Contacting you by telephone, text or messaging applications to offer you services

  • Website traffic measurement

  • Other uses consistent with the purposes for which the PII was collected or that have been authorized by you

No Sale of Personal Data

We do not sell personal data.

Disclosures to Others

We disclose personal data:

  • to processors and affiliated companies to operate our business and deliver services, including but not limited to providing security services, payment processing and customer support; conducting contests and surveys; and performing other activities related to our business and services.

  • to marketers and advertisers who create personalized marketing and advertising messages.

  • to comply with law enforcement and other legal requests, protect our legal rights, prevent harm to us or others, and enforce our policies and contracts.


When you use services offered by TimeStored, the data controller will be TimeStored Limited.

Legal Basis for Individual Processing Activities

We use personal data primarily to provide you the services you request. We also use personal data to comply with our legal obligations and protect our legitimate interests, including providing you personalized services, communicating with you, improving our services, and detecting fraudulent and illegal activity. With your prior consent, we also may use your personal data to send you marketing materials and offers.

Cookies, Web Beacons, and Other Tools

We use two types of “identifiers” on our website and in our services: cookies and scripts.

  • Cookies are text files placed on your device when you visit our webpages or view messages from us. Some cookies are “session cookies” that expire at the end of your browser session, while others are “persistent cookies” that allow us to remember your preferences and settings over multiple visits and across other websites.

  • Scripts are small pieces of computer code that power customer service tools, deliver video, and provide interactive experiences. We also use scripts for measuring service use.

We manage some identifiers directly. Other identifiers are managed by third parties. For example, we use Google Analytics to monitor site performance and visitor engagement.

We use identifiers to provide customized services, measure website performance, provide customer support, and deliver personalized advertising. Examples of how we use identifiers include, but are not limited to:

  • Setting your service preferences

  • Guarding against fraud

  • Delivering relevant advertisements

  • Measuring website use

  • Conducting research to improve our services


We store personal data on our own systems and with trusted service providers, including Linode.

International Transfers

We transfer personal data internationally to operate our business and provide services. We comply with applicable law when making international transfers.

Length of Retention

We retain personal data for our business needs and to comply with law. If we no longer need personal data, we may either delete it or de-identify it so that it no longer identifies a specific person. Factors we consider when deciding when to delete or de-identify your personal data include: (1) if you still have an account, (2) if we are required to retain personal data to comply with law, or (3) if the personal data is needed for tax other business purposes.


We use risk-based measures to protect personal data, including appropriate security controls and employee training. We also require that our service providers, business partners, and advertisers use appropriate risk-based controls to protect personal data.

No Collection of PII about Children

We do not knowingly collect personal data about anyone under 18 without permission from their legal guardian. Please contact us at privacy@timestored.com if you believe we have collected information from a child without permission from their legal guardian.

Legal Basis for Processing

We process personal data with your consent, to fulfill our contract with you, based on our legitimate interest, or other lawful bases. The specific basis of processing depends on the services you are using, the data being processed, the place where the processing occurs, and the place where you live. If you have questions about our basis for processing your personal data, please contact us at privacy@timestored.com.

International Data Transfers

Personal data you provide may be transferred from your country to the United States or to another country where we do business. We make these transfers when necessary to provide our services, to perform our contract with you, or when we have your consent to transfer your personal data to another country.

We transfer personal data outside the UK, the EU/EEA, and Switzerland to countries that have been determined to offer an adequate level of data protection.

For transfers from the UK to countries that have not been deemed to offer an adequate level of data protection, we transfer personal data pursuant to a data protection addendum consistent with the requirements of the UK International Data Transfer Agreement issued by the UK Information Commissioner, Version B1.0.

For transfers from the EU/EEA and Switzerland to countries that have not been deemed to offer an adequate level of data protection, we transfer personal data pursuant to a data protection addendum with standard contractual clauses and appropriate supplementary measures including, appropriate technical and organizational measures.

For transfers to the United States, certain of our subprocessors (including affiliated companies) have certified their compliance with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF (“UK-U.S. Data Bridge”), and/or the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. Where available, we transfer Personal Data to these subprocessors pursuant to the applicable DPF framework or extension.


We will not discriminate against you for exercising your privacy rights.

No Financial Incentives

We do not provide any financial incentives for providing personal data to us.

Policy Changes

We may revise this notice by posting a revised statement at the same location as this notice or on another location on our website. If we change this notice, it will apply to personal data collected prior to adoption of the new statement only to the extent as the new statement does not reduce the rights of affected data subjects.

Complaints to Data Protection Authorities

In the UK, you have the right to lodge a complaint with the Information Commissioner's Office.

In the EU/EEA, you have the right to lodge a complaint with your local data protection supervisory authority.

In Switzerland, you have the right to lodge a complaint with the Federal Data Protection Information Commissioner.

Contact Us

If you have any questions, you can contact at privacy@timestored.com or by mail at:

  • TimeStored Ltd., 74 Medland House, 11 Branch Road, London, UK.

We respond to all questions or concerns within 30 days.

See also about, brand and qDuck.