Main site

Privacy Notice

Privacy Notice for Timmit, Timmit Labs, and related desktop applications

Last updated: 11 March 2026

This Privacy Notice explains how Tim Imani Mitchell, trading as Timmit and Timmit Labs ("we", "us", "our"), collects, uses, stores and shares personal data when you use:

  • timmit.dev;
  • labs.timmit.dev;
  • our Windows desktop applications, including SittingEnforcer and VoltraFocus;
  • our licensing, account, trial, entitlement, payment, newsletter and support services.

This notice is intended to comply with the UK GDPR, the Data Protection Act 2018, and related UK privacy laws.

1. Who we are

Data controller: Tim Imani Mitchell

Trading names: Timmit, Timmit Labs

Business address: United Kingdom

Email for privacy and data rights requests: contact@timmit.dev

General contact email: contact@timmit.dev

We are the controller of the personal data described in this notice unless we state otherwise.

2. Scope of this notice

This notice applies to personal data we process in connection with:

  • visits to our websites;
  • enquiries sent through our contact forms or by email;
  • purchases, licensing and subscription-related actions;
  • user accounts, authentication sessions, trial access and entitlement checks;
  • newsletter sign-ups and related communications;
  • support requests;
  • limited security, fraud-prevention and abuse-prevention activity;
  • desktop app features that interact with our online services.

Local app data

Some app data is stored locally on your own device and may not be transmitted to us unless a feature specifically requires that. Depending on the application and the features you use, this may include settings, routines, timers, reminders, app preferences, session history, focus rules, break history, local statistics, and similar usage data.

Where data remains only on your device, we do not control it in the same way as data processed by our online services. However, we still describe those local behaviours here so you understand how the products work.

3. The personal data we collect

Depending on how you interact with us, we may collect the following categories of personal data:

A. Identity and account data

  • name or display name;
  • email address;
  • account identifier;
  • login and authentication records;
  • subscription, entitlement, licence or trial status.

B. Transaction and licensing data

  • purchase status;
  • order or transaction references;
  • licence identifiers;
  • entitlement records;
  • device-linking or activation records;
  • records needed to validate a trial or paid access.

C. Contact and support data

  • information you send to us by email, contact form or support request;
  • your messages and attachments;
  • records of support conversations.

D. Newsletter data

  • email address;
  • subscription status;
  • records of sign-up, confirmation, unsubscribe, delivery and related events.

E. Security and service integrity data

  • session records;
  • IP address or approximate network metadata used for security, fraud prevention, abuse prevention or rate limiting;
  • audit logs;
  • webhook or provider event records;
  • device-claim or trial-abuse prevention records.

F. Website technical data

  • browser and device information;
  • pages visited;
  • referring page;
  • diagnostic and server log information;
  • limited storage/access technology data where used for site functionality, checkout continuity, security or preference handling.

G. Application configuration and usage data

Depending on the app and your chosen settings, this may include:

  • reminder settings;
  • theme or layout settings;
  • timer settings;
  • break, routine, progression, completion or session records;
  • app preferences;
  • app update preferences;
  • newsletter preference settings;
  • account/billing status views;
  • local stats and performance summaries.

H. Payment data

Payments are handled by third-party payment providers such as Paddle. We do not intentionally store your full card details on our own systems.

We may receive limited payment-related information from our payment providers, such as transaction status, product purchased, order identifiers, refund status, and similar business records required to fulfil purchases and manage licences.

4. Data we do not intend to collect

Our apps are designed as productivity, routine and habit-support tools, not medical or health services.

We do not intend to collect special category health data unless this is clearly stated in a separate notice and lawful basis structure.

Please do not send us detailed medical information, diagnoses, treatment history, injury information or similar special category data unless we specifically ask for it for a clearly lawful reason.

5. How we collect personal data

We collect data:

  • directly from you, such as when you create an account, make a purchase, contact us, join a newsletter, or use an app feature that connects to our services;
  • automatically, such as through server logs, session handling, app licensing checks, and storage/access technologies used for site functionality or security;
  • from payment and service providers, such as Paddle, to confirm purchases, manage entitlements and deal with refunds or chargebacks.

6. Why we use your personal data and our lawful bases

Under UK data protection law, we must have a lawful basis for processing personal data.

A. To provide our websites and apps

We use personal data to provide, operate and maintain our services, including app-linked online services, account access, entitlement checks, download access, and core website functions.

Lawful basis: contract, or legitimate interests where strictly necessary for service operation.

B. To process purchases, licensing and access rights

We use personal data to confirm purchases, issue or validate licences, manage entitlements, apply trial rules, and provide access to paid features.

Lawful basis: contract; legal obligation where applicable; legitimate interests for fraud prevention and service protection.

C. To communicate with you

We use personal data to reply to contact requests, support messages, account queries, billing queries, legal requests, and service-related notices.

Lawful basis: legitimate interests; contract where the communication is necessary to provide a product or service.

D. To send newsletters or product updates where you choose to subscribe

We use your email address to send newsletters or marketing-style product communications only where permitted by law.

Lawful basis: consent, or soft opt-in where applicable and lawful.

You can unsubscribe at any time.

E. To secure our services and prevent abuse

We use personal data to protect our systems, detect misuse, prevent fraud, enforce device and licence rules, investigate suspicious activity, rate-limit abusive requests, and maintain audit records.

Lawful basis: legitimate interests; legal obligation where applicable.

F. To improve and troubleshoot our services

We may use technical and operational records to diagnose problems, fix bugs, understand service issues, support releases, and improve the reliability of our products.

Lawful basis: legitimate interests.

G. To comply with legal obligations

We may use and retain relevant personal data where necessary to comply with tax, accounting, consumer law, law enforcement, regulatory or other legal obligations.

Lawful basis: legal obligation.

7. Our legitimate interests

Where we rely on legitimate interests, those interests may include:

  • running and improving our business and software services;
  • protecting our systems, websites and users;
  • preventing fraud, abuse and unauthorised access;
  • managing entitlements, trials and licence integrity;
  • responding to support and operational issues;
  • keeping appropriate records for product and business administration.

Where required, we carry out balancing assessments to consider the impact on your rights and interests.

8. Storage and access technologies

Our websites may use cookies or similar storage/access technologies, including technologies used for:

  • site functionality;
  • security;
  • remembering essential preferences;
  • checkout or purchase continuity;
  • fraud prevention;
  • load balancing or similar infrastructure needs.

Where UK law requires consent for non-essential storage/access technologies, we will seek that consent before using them.

For more details, please see our Cookie and Storage Notice.

9. Desktop app behaviour and local storage

Our Windows desktop applications may store data locally on your device so that settings, timers, reminders, routines, focus rules, progress, logs, app preferences, stats and similar app behaviour continue to work.

Examples may include:

  • configuration and preference data;
  • timer and schedule settings;
  • break or focus history;
  • local statistics and completion records;
  • legal-page acknowledgement state;
  • app update preferences;
  • locally stored voice or media resources;
  • other data reasonably necessary for desktop app functionality.

Local data stored only on your own device may remain there until you delete it, reset the app, uninstall the app, or overwrite it through continued use.

10. Newsletter communications

If you subscribe to a newsletter, we may process your email address and related delivery/subscription records so we can:

  • send the newsletter;
  • manage sign-up confirmations;
  • honour unsubscribe requests;
  • keep a minimal suppression record where reasonably necessary to avoid sending to an unsubscribed address again.

You can unsubscribe at any time using the unsubscribe link in the message or by contacting us.

11. Who we share personal data with

We may share personal data with trusted processors or service providers who help us operate the ecosystem, including providers for:

  • payments and checkout;
  • hosting and infrastructure;
  • database and backend services;
  • email delivery;
  • customer support and contact handling;
  • security and anti-abuse tooling;
  • software updates or release delivery where relevant.

We may also share data:

  • where required by law;
  • to establish, exercise or defend legal claims;
  • in connection with a business reorganisation, sale or transfer, subject to appropriate safeguards.

We do not sell personal data to data brokers.

12. International transfers

Some of our service providers may process personal data outside the UK.

Where this happens, we take steps intended to ensure appropriate safeguards are in place, such as adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms as required.

13. How long we keep personal data

We keep personal data only for as long as reasonably necessary for the relevant purpose, including to provide services, keep records, resolve disputes, enforce agreements, comply with legal obligations, and protect against abuse.

Retention periods vary depending on the type of data. For example:

  • contact enquiries may be retained for as long as reasonably necessary to respond and keep a support history;
  • account, licensing and entitlement records may be retained while the account or product relationship remains active and for a reasonable period afterwards;
  • transaction and tax-related records may be retained for the period required by law or accounting practice;
  • newsletter data may be retained until you unsubscribe or request deletion, with limited suppression data retained where appropriate;
  • audit, security and anti-abuse records may be retained for a limited period appropriate to security, fraud prevention and record-keeping needs;
  • purely local desktop app data may remain on your device until deleted by you or removed through app reset or uninstall.

14. Your rights

Depending on the circumstances, you may have the right to:

  • be informed about how we use your data;
  • request access to your personal data;
  • request correction of inaccurate data;
  • request erasure of your personal data;
  • request restriction of processing;
  • object to certain processing;
  • request data portability where applicable;
  • withdraw consent where processing relies on consent.

These rights are not absolute and may be subject to legal exceptions.

To exercise your rights, contact us at contact@timmit.dev.

15. Complaints

If you are unhappy with how we use your personal data, please contact us first so we have a chance to resolve the issue.

You also have the right to complain to the Information Commissioner's Office (ICO).

16. Security

We use reasonable technical and organisational measures intended to protect personal data against unauthorised access, misuse, alteration, disclosure or loss.

However, no internet-based service or software environment can be guaranteed to be completely secure.

17. Children

Our products and services are not directed to young children.

If you believe a child has provided personal data to us inappropriately, please contact us.

18. Changes to this notice

We may update this Privacy Notice from time to time.

When we make material changes, we will update the "Last updated" date and, where appropriate, take reasonable steps to bring the changes to your attention.