Privacy Policy

Effective date: July 3, 2026  ·  Last updated: July 14, 2026

This Privacy Policy explains how Zimmerman Legacy Holdings, LLC ("tideline," "we," "us," or "our") handles information in connection with the tideline iOS app (the "App"). tideline processes your library on your device. We do not operate an account or content-storage backend, and our servers do not store your notes, Slack messages, recorder transcripts, or AI-generated items.

The short version.

1. Who we are

The data controller for the limited processing described here is Zimmerman Legacy Holdings, LLC. You can reach us about privacy at [email protected].

2. On-device processing

The core of tideline — capturing your notes and content and using AI to extract tasks, summaries, people, commitments, and structure — runs locally on your iPhone using Apple's on-device Foundation Models. This content (your notes, dictation, shared items, connector data, and anything derived from it) is processed on-device and is not sent to or stored on our servers.

Because connectors fetch data from services you authorize, the App makes encrypted network requests to those services on your behalf. For example, Slack search requests and results travel between your device and Slack's official remote MCP service. The resulting content is processed and stored on your device; it is not routed through or stored on a tideline content server.

AI-generated summaries and extracted items can be inaccurate. tideline presents them as suggestions for your review. Slack data is used only to provide the features you request and is never used to train a model.

3. Local storage

Your tideline library is stored locally on your device in the App's private container. The current App does not sync that library through a tideline service or iCloud. Deleting individual items or the App removes the corresponding local content as described on our Data Deletion page.

4. Information we and our processors handle

tideline is designed to minimize the information that reaches us. The categories below describe the limited data handled by the third-party processors we use — not your content, which stays on your device.

ContextWhat is handledWho handles itWhy
Purchases & subscriptions Purchase and entitlement status (e.g., product identifiers, subscription/purchase state, an anonymous app-install identifier). No card or payment data — Apple handles payment. Apple; RevenueCat (subscription infrastructure) To unlock and validate paid features across your devices.
Website delivery & performance Page URLs without query strings and browser performance timing. Cloudflare Web Analytics does not use cookies, local storage, or stored IP addresses to identify visitors. Cloudflare To securely deliver trytideline.com and understand aggregate website reliability and performance.
Connector sign-in (OAuth) The OAuth handshake needed to connect a service. Slack authorization uses OAuth 2.1 with PKCE and a verified state value. Tokens are stored in your device's Keychain and are not sent to a tideline server. The connected service; Apple security frameworks on your device To let you authorize and maintain a read-only connection.
Connector content Data returned when you run or enable a connector, such as Slack messages and related context, recorder transcripts, calendar events, and screenshot text. The connected service as source; your device for processing and local storage To retrieve, review, connect, and resurface your own context. It is not stored on our servers.
Support Your email address and anything you include when you contact us. Zimmerman Legacy Holdings, LLC To respond to your request.

5. Connectors and integrations

All built-in cloud connectors are read-only and are connected only when you choose to connect them. Content is fetched to your device, processed on-device, and not stored on our servers:

Access and refresh tokens are stored in your device's Keychain and sent only to the connected service in authorization headers. Live results and imported source excerpts are not used for advertising, user monitoring, model training, sentiment profiling, or workspace backup.

Slack retention: matching source records and items you keep remain in the App's local library until you delete them. Disconnecting the final Slack workspace removes Slack credentials and unconfirmed Slack suggestions. Confirmed items you deliberately kept remain in your local library until you delete those items or the App. You can also revoke tideline from Slack's connected-app settings.

6. Legal bases for processing (EEA/UK)

Where the EU/UK GDPR applies, we rely on: performance of a contract to provide the App and process purchases; consent for connectors you choose to enable (which you can withdraw at any time); and our legitimate interests in securing the App and responding to your support requests.

7. Retention

8. Your rights and how to exercise them

Because your content lives on your device, you are in direct control of it:

Depending on where you live (including under the GDPR and the CCPA/CPRA), you may also have rights to access, correct, delete, port, or restrict processing of personal information we or our processors hold, to object to processing, and to not be discriminated against for exercising these rights. Since we hold very little personal information about you, some requests may be best directed to the relevant provider (such as Apple, RevenueCat, or Slack). To make a request to us, email [email protected]. You also have the right to lodge a complaint with your local data protection authority.

9. Do Not Sell or Share My Personal Information

We do not sell your personal information, and we do not share it for cross-context behavioral advertising, as those terms are defined under the CCPA/CPRA. We have not done so in the preceding 12 months. Because we do not sell or share personal information, no opt-out action is required; this section serves as our notice. If you have questions, contact [email protected].

10. Children

tideline is not directed to children. It is not intended for users under 13, or under 16 in the European Economic Area. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact [email protected] and we will address it.

11. International transfers

Our processors and connected services (including Apple, RevenueCat, and Slack) may process the limited data described above in countries other than yours. Where required, such transfers are protected by appropriate safeguards such as the European Commission's Standard Contractual Clauses.

12. Security

Your content stays in the App's private container on your device, protected by your device passcode and Apple's platform security. Connector access tokens are stored in the device Keychain. OAuth uses PKCE and a verified state value, and network requests use encrypted connections (TLS). Tokens are not placed in URLs or application logs. No method of storage or transmission is completely secure, but we design tideline to minimize the data at risk by keeping the library on your device.

13. Changes to this policy

We may update this Privacy Policy from time to time. We will revise the "Effective date" above and, for material changes, provide additional notice as appropriate.

14. Contact us

Privacy questions and requests: [email protected]
General support: [email protected]

Governing law for this policy is the law of the State of Texas, United States, without regard to its conflict-of-laws rules, except where mandatory local law provides otherwise.