Privacy Policy

Effective version: 2026-04-16

Draft pending legal review. This text is a working first draft and has not yet been reviewed by counsel. Do not rely on it as final.

What this policy covers

This Privacy Policy explains what personal information Timeline Scan, LLC (“Timeline Scan,” “we”) collects, how we use it, who we share it with, and what choices you have. It applies to your use of the Service at timelinescan.com.

Information we collect

  • Account information. When you create an account, our authentication provider Clerk receives your email, password (hashed by Clerk), and any profile fields you choose to provide.
  • Photos and files you upload. Image bytes, filenames, original capture dates from EXIF, and file sizes.
  • Derived metadata. Face embeddings (mathematical signatures of detected faces), face cluster assignments, thumbnails, EXIF data, AI-derived date estimates.
  • Payment information. Handled by Stripe; we receive and store the Stripe customer ID, payment intent ID, and amount/status. Card numbers and CVCs are never sent to or stored by us.
  • Usage and device information. IP address, browser type, pages visited, request timestamps, and similar standard server logs. We use these for security, abuse prevention, and operational diagnostics.
  • Consent records. When you accept these documents we record the document version, your IP address, your user-agent, and the timestamp.

How we use your information

  • To operate the Service and deliver the features you request.
  • To extract dates from your photos using AI (see “AI processing” below).
  • To detect and group faces of the same person across your archive.
  • To bill you and process refunds.
  • To detect, investigate, and prevent abuse, fraud, and CSAM (see “Child safety scanning”).
  • To comply with our legal obligations.

We do not sell your personal information. We do not use your photos, metadata, or biometric data to train any AI model.

AI processing

Timeline Scan uses Google Cloud’s Vertex AI (Gemini) to extract dates and related metadata from your photos. Photos are transmitted to Vertex AI solely for this purpose. Per Google Cloud’s AI/ML Privacy Commitment and our Data Processing Addendum with Google, your photos are not used to train Google’s foundation models, are not retained by Google beyond the duration of the processing request, and remain owned by you.

Biometric information (face embeddings)

When you consent at sign-up, Timeline Scan generates mathematical signatures (“embeddings”) of faces detected in your uploaded photos. We use these signatures only to cluster photos of the same person across your archive and to assist with dating. We do not use them to identify strangers, do not match them against any external face database, and do not sell, lease, or trade them.

Retention and destruction. Face embeddings are deleted (a) immediately when you delete the archive that produced them, (b) within sixty (60) days of you deleting your account, and (c) in any event no later than three (3) years after your last interaction with the Service, whichever is soonest.

You may withdraw your biometric consent at any time by deleting the affected archive or your account. If you live in Illinois, Texas, Colorado, Washington, Virginia, or another state with a biometric privacy law, you have additional statutory rights under those laws.

Child safety scanning

We use Microsoft PhotoDNA to scan every uploaded image for known child sexual abuse material (CSAM). Scanning is performed by computing a perceptual hash of the image and comparing it against the National Center for Missing & Exploited Children (NCMEC) hash database. Image bytes are sent to Microsoft’s PhotoDNA Cloud Service for the purpose of this scan and are not retained by Microsoft beyond the duration of the request.

Confirmed matches are reported to NCMEC and may be shared with law enforcement as required by 18 U.S.C. § 2258A. The matched image, along with associated account information, is preserved in restricted-access storage for a minimum of one year as required by law.

Sub-processors

We rely on the following service providers to operate the Service. We have data-protection terms in place with each. We name the providers that handle your photos directly so you can verify their privacy posture; for the rest we list categories.

  • Google Cloud (Vertex AI / Gemini) — AI date extraction. Photos are sent to Vertex AI solely for date extraction and are not used to train Google’s models.
  • Microsoft PhotoDNA — child-safety hash scanning (see “Child safety scanning”).
  • Stripe — payment processing. Card numbers and CVCs are sent directly to Stripe and never touch our servers.
  • An authentication provider — account creation, sign-in, and session management.
  • A cloud infrastructure provider — file storage, compute, and database hosting in the United States.
  • A product-analytics provider — anonymized usage metrics; not used to identify individual users.

Sharing

We do not sell your information. We share information only with the sub-processors above, with law enforcement when legally required (see “Government requests”), and in connection with a merger or sale of the company.

Government requests

We require valid legal process for government access to your data. Our position by default:

  • Subscriber information (account email, IP logs, account creation date): provided in response to a valid subpoena.
  • Stored content (your uploaded photos): provided only in response to a valid search warrant, consistent with the Stored Communications Act, 18 U.S.C. § 2703.
  • Emergency disclosures: only when we have a good-faith belief there is an imminent risk of death or serious physical injury.
  • CyberTipline reports (CSAM): made to NCMEC as required by 18 U.S.C. § 2258A; image and metadata preserved for at least one year.

We reserve the right to notify users of legal process unless we are legally prohibited from doing so.

Your choices and rights

  • Access and download. You can download your archive from your account at any time.
  • Delete. You can delete individual archives or your entire account from your account settings. Deletion of biometric data is immediate; deletion of stored photos completes within sixty (60) days.
  • Withdraw biometric consent. Delete the affected archive (or your account).
  • State-law rights. Residents of California (CCPA/CPRA), Virginia, Colorado, Connecticut, and other states with comprehensive privacy laws may have additional rights to access, correct, or delete personal information. Email support@timelinescan.com to make a request.

Security

We use TLS for data in transit, server-side encryption (KMS) for data at rest in S3 and DynamoDB, scoped IAM credentials, and per-user data isolation enforced at every API endpoint. No system is perfectly secure; if you believe your account is compromised, email support@timelinescan.com.

DMCA

If you believe content in Timeline Scan infringes your copyright, please send a notice that complies with 17 U.S.C. § 512 to our designated agent:

  • Service Provider: Timeline Scan, LLC
  • Designated Agent: Spencer Baker
  • Email: spencer@timelinescan.com
  • U.S. Copyright Office Registration: DMCA-1071599 (full contact information, including mailing address, is on file in the Copyright Office DMCA Designated Agent Directory)

Misrepresentations in a DMCA notice may subject you to liability under § 512(f).

Children

The Service is for users 18 and older. We do not knowingly collect personal information from anyone under 13.

International users

The Service is operated from the United States and is intended for U.S. residents. By using the Service you consent to the transfer of your information to the United States.

Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and within the Service, and we will update the version date at the top of this page.

Contact

Timeline Scan, LLC. For privacy, security, or legal questions, email support@timelinescan.com.