Effective 2026-05-08

Privacy

Time & Space is designed to keep your data out of the cloud by default. This page explains what we do and don't do with information.

What lives on your device

Your notes, calendars, contacts, relationships, locations, and the model that interprets them. The on-device intelligence runs locally on your phone using Gemini Nano (or a bundled fallback model). We do not see this data.

What lives in the cloud

Encrypted blobs of items you've explicitly shared with an audience. We hold ciphertext, not the keys.
Push registration tokens (so we can wake your devices when there's something new).
Outbound message metadata for WhatsApp / SMS to non-app contacts you've authorised — sent through Meta's WhatsApp Cloud API or a similar transport, then deleted from our side.
If you sign up for early access: your email address. Used only to email you about Time & Space, never sold or shared.

What is never in the cloud

Your unencrypted notes, transcripts, calendars, or contacts.
Audio you record on the device.
The relationship graph and confidence inferences derived on-device.
Location history.

End-to-end encryption

Sharing uses Messaging Layer Security (RFC 9420). Each audience is its own cryptographic group with rotating keys. Our relay cannot read shared content. If we are compelled to hand over data, we hand over ciphertext.

What you can see

The app contains a top-level Who sees what screen. It lists, for every audience, the exact items currently shared with them, and lets you preview the world as that audience sees it. We treat this as essential, not a setting buried in a menu.

Notification access

Time & Space can optionally read incoming WhatsApp notifications via Android's NotificationListenerService, with your explicit permission, to capture things others say to you. This permission is enrolled per contact and can be revoked at any time. Notification text is processed on the device only.

Telemetry

Off by default. If you opt in to crash reporting, only stack traces and device model are sent — no message content, no graph data.

Data deletion

Uninstalling the app removes everything on your device. Deleting an audience removes the encrypted blobs from our relay. Email addresses on the early-access list can be removed by writing to privacy@timeandspace.ai.

Children

Not directed at children under 13. Family audiences may include children with explicit parental setup; their data follows the same on-device, default-deny rules.

Changes

If this policy changes in a way that materially affects your privacy, we'll notify you in-app before the change takes effect.

Questions? privacy@timeandspace.ai