Privacy Policy

Effective date: July 3, 2026  ·  Last updated: July 3, 2026

This Privacy Policy explains how Zimmerman Legacy Holdings, LLC ("tideline," "we," "us," or "our") handles information in connection with the tideline iOS app (the "App"). tideline is built to be privacy-first: your content is processed on your device and is never stored on our servers. We do not operate a user-data backend and there is no tideline account to create.

The short version.

1. Who we are

The data controller for the limited processing described here is Zimmerman Legacy Holdings, LLC. You can reach us about privacy at privacy@trytideline.com.

2. On-device processing

The core of tideline — capturing your notes and content and using AI to extract tasks, summaries, people, and structure — runs locally on your iPhone using Apple's on-device models. This content (your notes, dictation, shared items, connector data you bring in, and anything derived from it) is processed on-device and never sent to or stored on our servers. We do not receive, read, or retain your content.

Because some connectors fetch your own data from third-party services (for example, Slack messages you choose to import), the App does make network requests to those services on your behalf. Those requests go directly between your device and the relevant service; the fetched data is processed on your device and is not routed through or stored on our servers.

3. Storage and sync (your iCloud)

Your tideline library is stored on your device. If you enable sync, it is synchronized across your own Apple devices using Apple's iCloud (CloudKit) in your personal iCloud account. This data resides in your iCloud, governed by Apple's Privacy Policy and your iCloud settings. We do not have access to your iCloud data and cannot read, export, or delete it.

4. Information we and our processors handle

tideline is designed to minimize the information that reaches us. The categories below describe the limited data handled by the third-party processors we use — not your content, which stays on your device.

ContextWhat is handledWho handles itWhy
Purchases & subscriptions Purchase and entitlement status (e.g., product identifiers, subscription/purchase state, an anonymous app-install identifier). No card or payment data — Apple handles payment. Apple; RevenueCat (subscription infrastructure) To unlock and validate paid features across your devices.
Analytics (opt-in only) Anonymous product-usage events (e.g., which features are used). No message or content data, no session replay. Off unless you turn it on. PostHog To understand feature usage and improve the App, only with your consent.
Connector sign-in (OAuth) The OAuth handshake needed to connect a service. A lightweight sign-in broker may hold a provider secret to complete the handshake; it does not store or log your tokens or content. Zimmerman Legacy Holdings, LLC sign-in broker; the connected service To let you authorize a read-only connection. Resulting access tokens are stored only in your device's Keychain.
Connector content Data you choose to import (e.g., Slack messages, recorder transcripts, calendar events, screenshot text). Fetched to your device and processed on-device. The connected service (source only) To bring your own content into your on-device library. Not stored on our servers.
Support Your email address and anything you include when you contact us. Zimmerman Legacy Holdings, LLC To respond to your request.

5. Connectors and integrations

All connectors are read-only and are connected only when you choose to connect them. For each, content is fetched to your device, processed on-device, and never stored on our servers:

Access tokens for connectors are stored in your device's Keychain — device-only, and never on our servers. Disconnecting a connector removes that connector's tokens from your device and any derived items you have not chosen to keep.

6. Google user data — Limited Use (future Gmail connector)

tideline may in the future offer an optional, read-only Gmail connector. If and when it does, tideline's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

The Gmail connector is not enabled at launch; this section is provided in advance for transparency.

7. Legal bases for processing (EEA/UK)

Where the EU/UK GDPR applies, we rely on: performance of a contract to provide the App and process purchases; consent for opt-in analytics and for connectors you choose to enable (which you can withdraw at any time); and our legitimate interests in securing the App and responding to your support requests.

8. Retention

9. Your rights and how to exercise them

Because your content lives on your device and in your own iCloud, you are in direct control of it:

Depending on where you live (including under the GDPR and the CCPA/CPRA), you may also have rights to access, correct, delete, port, or restrict processing of personal information we or our processors hold, to object to processing, and to not be discriminated against for exercising these rights. Since we hold very little personal information about you, some requests may be best directed to the relevant provider (Apple, RevenueCat, PostHog). To make a request to us, email privacy@trytideline.com. You also have the right to lodge a complaint with your local data protection authority.

10. Do Not Sell or Share My Personal Information

We do not sell your personal information, and we do not share it for cross-context behavioral advertising, as those terms are defined under the CCPA/CPRA. We have not done so in the preceding 12 months. Because we do not sell or share personal information, no opt-out action is required; this section serves as our notice. If you have questions, contact privacy@trytideline.com.

11. Children

tideline is not directed to children. It is not intended for users under 13, or under 16 in the European Economic Area. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact privacy@trytideline.com and we will address it.

12. International transfers

Our processors (Apple, RevenueCat, PostHog) may process the limited data described above in countries other than yours. Where required, such transfers are protected by appropriate safeguards such as the European Commission's Standard Contractual Clauses.

13. Security

Your content stays on your device and in your iCloud, protected by your device passcode/Face ID and Apple's iCloud protections. Connector access tokens are stored in the device Keychain. Network requests use encrypted connections (TLS). No method of storage or transmission is completely secure, but we design tideline to minimize the data at risk by keeping it on your device.

14. Changes to this policy

We may update this Privacy Policy from time to time. We will revise the "Effective date" above and, for material changes, provide additional notice as appropriate.

15. Contact us

Privacy questions and requests: privacy@trytideline.com
General support: support@trytideline.com

Governing law for this policy is the law of the State of Texas, United States, without regard to its conflict-of-laws rules, except where mandatory local law provides otherwise.