OnTime Privacy Policy
OnTime is provided by ejun. This Privacy Policy explains how OnTime collects, uses, shares, protects, retains, and deletes data when you use the OnTime app.
For privacy questions or requests, contact jjoonleo@gmail.com.
Data OnTime Collects Or Accesses
OnTime collects or accesses the following data to provide accounts, schedules, preparation reminders, alarms, notifications, and support features.
| Data | Examples | Purpose |
|---|---|---|
| Account data | Email address, display name, password for email sign-up, Google sign-in token, Apple identity token, Apple authorization code, and Apple-provided name or email when available. | Create and authenticate accounts, keep users signed in, support social sign-in, and load profile information. |
| Schedule/preparation data | Schedule names and times, place information, movement time, spare time, notes, schedule state, lateness time, preparation steps, preparation durations, and step order. | Create, update, display, finish, and delete schedules and preparation plans. |
| Alarm/notification data | Alarm settings, notification permission state, device ID, FCM token, platform, app version, OS version, supported alarm providers, alarm status reports, armed or skipped schedule IDs, and alarm failure reason. | Deliver schedule reminders and alarm notifications, register the current device, restore alarms, and diagnose alarm coverage. |
| Feedback | Optional account deletion feedback or other feedback messages. | Process user feedback and account deletion requests. |
| Local app data | Cached user, schedule, place, preparation, alarm, and token data stored on the device. | Keep app state available locally and support app operation. |
| Technical/diagnostic data | Network request metadata, server logs, error metadata, and security-related operational records. | Operate, secure, debug, and maintain the service. |
OnTime does not request app-owned access to location, contacts, camera, microphone, phone, SMS, storage, calendar, nearby-device, or Bluetooth permissions in the current Android release manifest. OnTime uses notification, exact alarm, full-screen intent, boot completion, vibration, Firebase messaging, and network-related permissions to provide schedule reminders and alarm functionality.
How OnTime Uses Data
OnTime uses collected data to:
- Create, authenticate, and manage user accounts.
- Support email/password, Google, and Apple sign-in.
- Create, update, finish, delete, and display schedules.
- Create and update default and schedule-specific preparation steps.
- Send schedule reminders, preparation notifications, and alarm notifications.
- Register and unregister the current device for alarm and notification delivery.
- Process optional feedback and account deletion feedback.
- Maintain security, prevent abuse, debug failures, and operate the service.
Third-Party Services And Processors
OnTime uses third-party services and SDKs where needed for core app behavior, including Google Sign-In for Google account authentication, Apple Sign-In for Apple account authentication, Firebase Core and Firebase Cloud Messaging for app initialization and push notification delivery, and OnTime backend/API infrastructure for account, schedule, preparation, alarm, notification, feedback, and deletion request processing.
Data Sharing
OnTime shares data with service providers only as needed to provide app functionality, authentication, notifications, hosting, security, operations, and support. OnTime does not use in-app advertising in the current release build.
Secure Data Handling
OnTime uses HTTPS API communication, token-based authentication, local secure token storage, release-log restrictions, and redaction practices to protect personal and sensitive data. Release builds must not log tokens, authorization headers, request bodies, response bodies, personal schedule payloads, full alarm payloads, OAuth values, or FCM tokens.
Data Retention
OnTime keeps account, schedule, preparation, alarm, notification, feedback, and technical data for as long as needed to provide the service, maintain security, meet legal obligations, resolve disputes, and enforce agreements.
When an OnTime account is deleted, account data and user-owned app data are deleted, including associated schedules, preparation data, notification schedules, user settings, alarm settings, alarm status, device records, FCM tokens, and session tokens.
If a user submits optional account deletion feedback, OnTime may retain that feedback for up to 1 year to review service quality and deletion-related support issues.
Operational logs, monitoring records, and security records may be retained for up to 90 days for service operation, debugging, security, and abuse-prevention purposes, unless a longer period is required for legal compliance or an active security investigation.
Backup copies that contain deleted account data are removed according to the normal backup rotation and are retained for no longer than 30 days, unless a longer period is required by law or an active security investigation.
Account And Data Deletion
Users can request account deletion from within the OnTime app. On successful deletion, the app signs the user out.
Users can also request account deletion outside the app at https://ontime-back.duckdns.org/account-deletion.
For Google and Apple social accounts, the backend attempts to revoke the stored provider token before deleting the local OnTime account. If provider token revocation fails, the backend still deletes the local OnTime account. Deleting an OnTime account does not delete the user's Google account or Apple ID.
Children
OnTime is not directed to children. If you believe a child has provided personal data to OnTime, contact jjoonleo@gmail.com so the request can be reviewed.
Changes To This Policy
OnTime may update this Privacy Policy to reflect changes in app behavior, legal requirements, or service providers. The effective date above will be updated when the policy changes.