totaltime

Privacy Policy

Last updated: June 20, 2026

1. Introduction

CodeKraken LLC ("we", "our", or "us") operates totalti.me ("the Service"). This policy explains what data we collect, how we use it, and your rights regarding that data.

The Service is designed to be private by default. The data you enter — your birth date, life events, journal entries, tasks, and other content — belongs to you. We process it solely to provide the Service to you.

2. Data We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address (required for authentication)
  • Name (optional, from Google OAuth or provided by you)
  • Authentication method (email/password or Google OAuth)

2.2 Content You Provide

All data you voluntarily enter into the Service, including:

  • Birth date and life expectancy (for the Memento Mori visualization)
  • Life events and timeline entries
  • Journal entries
  • Tasks, regrets, and habit-tracking data
  • Information about family members or other people you add to your timeline

2.3 Automatically Collected Information

We use Google Analytics to collect anonymous usage statistics, including pages visited, time spent, and basic device information. This data is aggregated and cannot be used to identify individual users. Google Analytics operates under its own privacy policy.

3. How We Use Your Data

We use your data exclusively to:

  • Provide and maintain the Service
  • Authenticate your account and keep it secure
  • Display your personal visualizations (Memento Mori grid, timelines, etc.)
  • Understand aggregate usage patterns to improve the Service

We do not sell, rent, share, or monetize your personal data in any way. There are no advertisements, no third-party data sharing, and no algorithmic processing of your content for purposes other than displaying it back to you.

4. Data Storage and Security

Your data is stored in a Supabase database (us-west-1 region). Supabase provides enterprise-grade security including encryption at rest and in transit. Each user's data is protected by Row Level Security (RLS) policies that ensure you can only access your own records.

Authentication is handled by Supabase Auth. If you sign in with Google, authentication tokens are managed by Supabase and Google under their respective security practices.

5. Third-Party Services

The Service relies on the following third-party providers:

  • Supabase — Database, authentication, and API hosting
  • Google — OAuth authentication provider and Google Analytics
  • Vercel — Application hosting

Each provider operates under its own privacy policy and security practices. We do not share data between these providers beyond what is necessary for their function.

6. Cookies

The Service uses essential cookies for authentication (session management via Supabase) and for storing your preferences (such as dark mode). We do not use tracking cookies, advertising cookies, or any form of cross-site tracking.

7. Data Retention and Deletion

Your data is retained for as long as your account is active. You may request deletion of your account and all associated data at any time by contacting us. Upon receiving a verified deletion request, we will remove your data within 30 days.

8. Your Rights

You have the right to:

  • Access all data we hold about you
  • Correct any inaccurate data
  • Delete your account and all associated data
  • Export your data in a portable format
  • Withdraw consent at any time (by deleting your account)

To exercise any of these rights, contact us at the address below.

9. Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has provided personal data through the Service, please contact us.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or through the Service. Continued use after changes constitutes acceptance.

11. Contact

Questions or requests regarding this policy? Contact us at mail@codekraken.dev.