Privacy Policy

👁 1. Overview

Universal Timetable Widget ("we", "our", or "the app") is developed and operated by Mitesh Soni. The app is available on iOS and allows students to build, share, and subscribe to timetables via home screen and lock screen widgets.

We collect the minimum data necessary to provide the service. We do not sell your personal data to third parties. We do not currently run advertising, though we may introduce optional advertising in the future (see Section 9).

📋 2. Data We Collect

Account Information

When you create an account, we collect:

Email address — if you register with email and password, or if Apple/Google provides it during sign-in.
Display name — your name as shown in the app.
Password — stored as a salted bcrypt hash. We never store your plain-text password.
Apple User ID — a unique identifier issued by Apple when you use Sign in with Apple.
Google User ID — a unique identifier issued by Google when you use Google Sign-In.

Email addresses are optional for Sign in with Apple users (Apple allows you to hide your real email using a relay address).

Timetable & Schedule Data

All timetables, subjects, periods, and cells you create are stored on our servers so they can be shared with subscribers and displayed in your widget. This includes:

Timetable name, description, institution, department, and semester
Subject names and colour choices
Period labels, break labels, and day configurations
Per-cell subject and colour overrides
Public or private status

Device Tokens

To deliver silent push notifications when a timetable you subscribe to is updated, we store your device's push notification token (APNs on iOS, FCM on Android). These tokens are device identifiers issued by Apple and Google — they do not contain personally identifiable information on their own.

Authentication Tokens

We issue short-lived JSON Web Tokens (JWT, 1-hour expiry) for authenticated API access and longer-lived refresh tokens (30-day expiry). These are stored securely in the iOS Keychain on your device and in our database until they expire or you sign out.

Data We Do NOT Collect

Location data
Contacts or address book
Photos or camera access
Browsing history
Behavioural analytics or usage tracking
Advertising identifiers (IDFA) — at this time

No analytics SDKs are present. The app does not include Firebase Analytics, Mixpanel, Amplitude, Segment, or any equivalent. The only optional telemetry is server-side error reporting via Sentry (see Section 4).

⚙️ 3. How We Use Your Data

Data	Purpose
Email address	Account identification; password reset emails only
Password hash	Authenticating email/password sign-in
Display name	Shown in your profile and on shared timetables
Apple / Google User ID	Linking your account to your Apple or Google identity for sign-in
Timetable data	Displaying your timetable in the app and widget; sharing with subscribers; public search
Device push token	Delivering silent push notifications when a subscribed timetable changes
Refresh token	Keeping you signed in without re-entering your password

We do not use your data for profiling, advertising targeting, or sale to third parties.

🔗 4. Third-Party Services

We use a small number of third-party services to operate the app. Each receives only the data necessary for its function.

Neon (Database Hosting)

Our PostgreSQL database is hosted by Neon (eu-central-1, Frankfurt). All account, timetable, and subscription data is stored here. Neon's infrastructure is encrypted at rest and in transit.

Apple Sign-In

When you tap "Sign in with Apple", your identity token is sent to our server for verification using Apple's public keys. We do not send any additional data to Apple beyond what is required for token verification. Apple's privacy policy governs their handling of Sign in with Apple.

Google Sign-In

When you tap "Sign in with Google", your ID token is sent to our server and verified against Google's token endpoint. We extract your Google User ID, display name, and email (if provided). Google's privacy policy governs their handling of Google Sign-In.

Mailtrap (Transactional Email)

Password reset emails are sent via Mailtrap. When you request a password reset, your email address and a 6-digit one-time code (valid for 15 minutes) are transmitted to Mailtrap's sending API. No other emails are sent. If you use Sign in with Apple or Google, no emails are ever sent to Mailtrap on your behalf.

Apple Push Notification Service (APNs)

Silent push notifications are delivered through Apple's APNs infrastructure. We transmit your device token and a small data payload (timetable ID, share code, and update timestamp) to APNs. No message body or personal data is included in the payload.

Firebase Cloud Messaging (FCM)

Android push notifications are delivered through Google's Firebase Cloud Messaging. The same data constraints as APNs apply — only timetable identifiers and update metadata are sent, no personal data.

Sentry (Error Reporting) — Optional

Our server uses Sentry for error tracking. Sentry is only active if configured in our server environment. Error reports may include stack traces, request paths, and general environment metadata. We do not intentionally send personally identifiable information to Sentry. Sentry's privacy policy governs their handling of this data.

🔔 5. Push Notifications

The app uses silent push notifications only — these do not display a visible alert, sound, or badge. They are used exclusively to trigger a background widget refresh when a timetable you subscribe to is updated or deleted.

Silent pushes are enabled automatically when you subscribe to a timetable. The push payload contains only:

The timetable ID and share code
The update timestamp
The notification type (timetable_updated or timetable_deleted)

You can unsubscribe from a timetable at any time, which removes your device token from the delivery list for that timetable.

📱 6. Data Stored on Your Device

iOS Keychain

Your session JWT and refresh token are stored in the iOS Keychain, which is encrypted by the operating system and not accessible to other apps.

App Group Container (Shared with Widget)

To power the home screen and lock screen widget, timetable data is cached in an App Group container shared between the app and the widget extension. This includes:

Your pinned, subscribed, and owned timetables
Locally created timetables (not synced to server)
Completed period records (used for the widget's interactive button)
Your user profile (ID, display name, email)

This data is stored as JSON in UserDefaults within the shared App Group and is only readable by the app and its widget extension.

Apple TV

The app supports pairing with Apple TV via a temporary QR code. The pairing code expires after 5 minutes and is stored only in server memory — it is never written to the database. Once paired, the TV session uses a standard JWT that expires in 1 hour.

🌐 7. Public Timetables & Sharing

When you create a timetable, you choose whether it is public or private.

Public timetables are searchable by institution, department, and semester. Any user can find and subscribe to them without needing the share code.
Private timetables are only accessible to users who have the 6-character share code.

In both cases, the timetable's schedule content (subjects, periods, days) is shared with subscribers. Your display name is not exposed through the timetable to subscribers.

If you share a timetable link (e.g. timetable-api.040484.xyz/t/XK7M2A), anyone with that link can view the share page and subscribe, regardless of the public/private setting.

🗄 8. Data Retention

Data	Retained Until
Account data	Account deletion (manual request — see Section 10)
Timetables (deleted by owner)	Soft-deleted immediately; permanently purged after 30 days
Session JWT	1 hour from issuance
Refresh token	30 days, or until sign-out
Password reset code	15 minutes from issuance
TV pairing code	5 minutes (in-memory only, not persisted)
Device push tokens	Until account deletion or token invalidation by Apple/Google

30-day soft delete: When you delete a timetable, it is marked as deleted immediately and stops being accessible to subscribers. The underlying data is permanently removed from our database after 30 days. This window allows accidental deletions to be recovered if you contact us promptly.

📢 9. Future Advertising

The app is currently completely free with no advertisements. We do not collect advertising identifiers (such as Apple's IDFA) and do not run any ad network SDKs at this time.

We may introduce optional advertising in a future version of the app. If and when we do:

We will update this Privacy Policy in advance and notify users through the app or App Store release notes.
Any advertising will comply with Apple's App Tracking Transparency (ATT) framework — we will ask for your explicit permission before accessing your IDFA or enabling personalised ads.
You will always be able to opt out of personalised advertising and use the app without targeted ads.
We will clearly disclose which ad network(s) are used and what data they receive.

Current status (Version 1.0): No ads, no IDFA collection, no ad network SDKs. This section is forward-looking only.

✅ 10. Your Rights & Account Deletion

You have the right to:

Access the personal data we hold about you
Correct inaccurate data (e.g. update your display name in the app)
Delete your account and all associated data
Export your timetable data on request

Deleting Your Account

To delete your account and all associated data (timetables, subjects, subscriptions, device tokens), email us at helpwithapps@mailbox.org with the subject line "Account Deletion Request". Include the email address or Apple ID associated with your account. We will process your request within 7 days.

On deletion, all of your data is permanently removed from our systems, including any timetables you own (which will stop being accessible to subscribers).

Note: Timetables that have already been soft-deleted prior to account deletion will still be permanently purged on their scheduled 30-day cycle.

To exercise any of your rights, contact us at:

Email: helpwithapps@mailbox.org

We aim to respond to all requests within 7 days.

👦 11. Children's Privacy

Universal Timetable Widget is designed for students, including those in secondary school. The app does not knowingly collect personal information from children under the age of 13 without verifiable parental consent.

If you believe a child under 13 has provided us with personal data without consent, please contact us at helpwithapps@mailbox.org and we will delete the data promptly.

📝 12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes — especially those that expand the data we collect or introduce advertising — we will:

Update the version number and effective date at the top of this page
Note the change in the App Store "What's New" section for the relevant release

Continued use of the app after a policy update constitutes acceptance of the revised policy.

Version History

Version	Date	Summary
1.0	16 May 2026	Initial privacy policy for App Store launch

✉️ 13. Contact

For any privacy-related questions, data access requests, or account deletion, reach out to:

Developer: Mitesh Soni