Privacy Policy
Effective date: July 3, 2026 · Last updated: July 14, 2026
This Privacy Policy explains how Zimmerman Legacy Holdings, LLC ("tideline," "we," "us," or "our") handles information in connection with the tideline iOS app (the "App"). tideline processes your library on your device. We do not operate an account or content-storage backend, and our servers do not store your notes, Slack messages, recorder transcripts, or AI-generated items.
- Capture and AI extraction run on your device using Apple's on-device models.
- Your library is stored locally on your device. We cannot access it.
- We do not sell or share your personal information, serve ads, or track you across other apps and websites.
- The current App sends no product analytics. Diagnostics stay on your device unless you choose to share them.
- Connectors are read-only and user-initiated; their access tokens stay in your device's Keychain.
- Slack data is never used to train a large language model or any other model.
1. Who we are
The data controller for the limited processing described here is Zimmerman Legacy Holdings, LLC. You can reach us about privacy at [email protected].
2. On-device processing
The core of tideline — capturing your notes and content and using AI to extract tasks, summaries, people, commitments, and structure — runs locally on your iPhone using Apple's on-device Foundation Models. This content (your notes, dictation, shared items, connector data, and anything derived from it) is processed on-device and is not sent to or stored on our servers.
Because connectors fetch data from services you authorize, the App makes encrypted network requests to those services on your behalf. For example, Slack search requests and results travel between your device and Slack's official remote MCP service. The resulting content is processed and stored on your device; it is not routed through or stored on a tideline content server.
AI-generated summaries and extracted items can be inaccurate. tideline presents them as suggestions for your review. Slack data is used only to provide the features you request and is never used to train a model.
3. Local storage
Your tideline library is stored locally on your device in the App's private container. The current App does not sync that library through a tideline service or iCloud. Deleting individual items or the App removes the corresponding local content as described on our Data Deletion page.
4. Information we and our processors handle
tideline is designed to minimize the information that reaches us. The categories below describe the limited data handled by the third-party processors we use — not your content, which stays on your device.
| Context | What is handled | Who handles it | Why |
|---|---|---|---|
| Purchases & subscriptions | Purchase and entitlement status (e.g., product identifiers, subscription/purchase state, an anonymous app-install identifier). No card or payment data — Apple handles payment. | Apple; RevenueCat (subscription infrastructure) | To unlock and validate paid features across your devices. |
| Website delivery & performance | Page URLs without query strings and browser performance timing. Cloudflare Web Analytics does not use cookies, local storage, or stored IP addresses to identify visitors. | Cloudflare | To securely deliver trytideline.com and understand aggregate website reliability and performance. |
| Connector sign-in (OAuth) | The OAuth handshake needed to connect a service. Slack authorization uses OAuth 2.1 with PKCE and a verified state value. Tokens are stored in your device's Keychain and are not sent to a tideline server. | The connected service; Apple security frameworks on your device | To let you authorize and maintain a read-only connection. |
| Connector content | Data returned when you run or enable a connector, such as Slack messages and related context, recorder transcripts, calendar events, and screenshot text. | The connected service as source; your device for processing and local storage | To retrieve, review, connect, and resurface your own context. It is not stored on our servers. |
| Support | Your email address and anything you include when you contact us. | Zimmerman Legacy Holdings, LLC | To respond to your request. |
5. Connectors and integrations
All built-in cloud connectors are read-only and are connected only when you choose to connect them. Content is fetched to your device, processed on-device, and not stored on our servers:
- Slack — connected through Slack's official remote MCP service using OAuth with read-only scopes. When you run a search or enable sync, tideline may search messages, threads, files, canvases, and people available to the installing user and retrieve relevant message history. Identity fields returned with results are used only to attribute source material. tideline does not use Slack email addresses to contact users.
- Recorders (Pocket, Plaud, and similar) — to bring in recordings and transcripts you own.
- Calendar and Reminders — accessed on-device through Apple's EventKit, subject to iOS permissions you grant.
- Share Extension — content you explicitly share into tideline from other apps.
- Screenshot text recognition (OCR) — performed on-device with Apple's Vision framework, only when you enable it.
Access and refresh tokens are stored in your device's Keychain and sent only to the connected service in authorization headers. Live results and imported source excerpts are not used for advertising, user monitoring, model training, sentiment profiling, or workspace backup.
Slack retention: matching source records and items you keep remain in the App's local library until you delete them. Disconnecting the final Slack workspace removes Slack credentials and unconfirmed Slack suggestions. Confirmed items you deliberately kept remain in your local library until you delete those items or the App. You can also revoke tideline from Slack's connected-app settings.
6. Legal bases for processing (EEA/UK)
Where the EU/UK GDPR applies, we rely on: performance of a contract to provide the App and process purchases; consent for connectors you choose to enable (which you can withdraw at any time); and our legitimate interests in securing the App and responding to your support requests.
7. Retention
- Your local content is retained on your device for as long as you keep it. We do not hold it and cannot delete it remotely.
- Slack credentials remain in your device's Keychain until you disconnect or remove them through platform controls. Revoking tideline in Slack immediately invalidates the Slack authorization even if a now-invalid local credential remains.
- Purchase/entitlement records are retained by Apple and RevenueCat as needed to manage subscriptions and comply with legal and financial obligations.
- Website performance data is retained by Cloudflare unsampled for 7 days and then aggregated; aggregate reports are available to us for up to six months.
- Support emails are retained only as long as needed to handle your request and for reasonable record-keeping.
8. Your rights and how to exercise them
Because your content lives on your device, you are in direct control of it:
- Access or transfer your data through the App's local views and export controls where available.
- Delete your data by deleting individual items or the App and by disconnecting connectors. See our step-by-step Data Deletion page.
- Disconnect Slack at any time in the App and revoke access from Slack's connected-app settings.
Depending on where you live (including under the GDPR and the CCPA/CPRA), you may also have rights to access, correct, delete, port, or restrict processing of personal information we or our processors hold, to object to processing, and to not be discriminated against for exercising these rights. Since we hold very little personal information about you, some requests may be best directed to the relevant provider (such as Apple, RevenueCat, or Slack). To make a request to us, email [email protected]. You also have the right to lodge a complaint with your local data protection authority.
9. Do Not Sell or Share My Personal Information
We do not sell your personal information, and we do not share it for cross-context behavioral advertising, as those terms are defined under the CCPA/CPRA. We have not done so in the preceding 12 months. Because we do not sell or share personal information, no opt-out action is required; this section serves as our notice. If you have questions, contact [email protected].
10. Children
tideline is not directed to children. It is not intended for users under 13, or under 16 in the European Economic Area. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact [email protected] and we will address it.
11. International transfers
Our processors and connected services (including Apple, RevenueCat, and Slack) may process the limited data described above in countries other than yours. Where required, such transfers are protected by appropriate safeguards such as the European Commission's Standard Contractual Clauses.
12. Security
Your content stays in the App's private container on your device, protected by your device passcode and Apple's platform security. Connector access tokens are stored in the device Keychain. OAuth uses PKCE and a verified state value, and network requests use encrypted connections (TLS). Tokens are not placed in URLs or application logs. No method of storage or transmission is completely secure, but we design tideline to minimize the data at risk by keeping the library on your device.
13. Changes to this policy
We may update this Privacy Policy from time to time. We will revise the "Effective date" above and, for material changes, provide additional notice as appropriate.
14. Contact us
Privacy questions and requests: [email protected]
General support: [email protected]
Governing law for this policy is the law of the State of Texas, United States, without regard to its conflict-of-laws rules, except where mandatory local law provides otherwise.