Third-party services
SDKs, payment providers, sign-in providers, linked storage, and other services Timemark uses.
Timemark uses some third-party services to run the app, process payments, provide sign-in, diagnose crashes, measure attribution, and send data to external destinations you connect. This page is the practical list referenced by the Privacy policy and Data Processing Addendum (DPA).
How to read this page
Section titled “How to read this page”Service providers help Timemark operate the service. They may process data for Timemark under contract. In the California privacy notice, this is different from selling or sharing personal information with a third party for cross-context advertising.
User-directed services receive data because you or your team connect or send data there. After data reaches those services, their terms and privacy policies apply.
Merchants of record and payment providers handle checkout, invoicing, taxes, renewals, and refunds for paid plans. They may act under their own terms for payment data.
Services that may receive data
Section titled “Services that may receive data”Location-enabled fields may require an online request even when a photo is saved only on the device. Address lookup, weather, map display, and location-based trusted time use the location needed to return that feature. Local-only capture does not by itself upload the photo to Timemark.
| Service | Used for | Data involved | Role | Notes |
|---|---|---|---|---|
| SensorsAnalytics SDK, Sensors Focus, Sensors A/B Testing | Product analytics, event tracking, operational messaging, A/B testing | App events, device and account basics, region/language, conversion events, and related diagnostics | Service provider / analytics provider | Used on iOS and Android for product analytics and operational messaging. |
| Firebase Analytics | App analytics and conversion measurement | App usage, conversion events, purchase events, retention events, app instance ID, and related analytics data | Service provider / analytics provider | Used on iOS and Android. |
| Firebase Crashlytics | Crash and diagnostics | Device model, operating system, crash logs, app state, memory state, and related diagnostic context | Service provider | Used on iOS and Android. Crash and diagnostic data is retained for up to 90 days. |
| Firebase Cloud Messaging | Push notifications | Push token, device/app identifiers, notification delivery metadata | Service provider | Used on iOS and Android. |
| Facebook / Meta SDK | App events, advertising attribution, sharing, App Links, Audience Network ads on Android | App events, attribution data, sharing actions, advertising identifiers where permitted, and ad events | Advertising partner / service provider | Used where Meta attribution, sharing, or ad features are enabled. |
| Google Analytics | Website analytics and advertising measurement | Website events, page views, device/browser data, approximate location, referral data, and advertising measurement signals where enabled | Analytics / advertising measurement provider | Used on Timemark websites. |
| Meta Pixel | Website advertising attribution and campaign measurement | Website events, page views, device/browser data, referral data, and advertising measurement signals where enabled | Advertising partner / measurement provider | Used on Timemark websites where enabled. |
| TikTok Business SDK | Advertising attribution and conversion tracking | Install attribution, conversion events, advertising identifiers where permitted, and related campaign data | Advertising partner / service provider | Used on iOS and Android. |
| Apple Search Ads attribution | iOS search ads attribution | Apple Search Ads attribution information | Advertising partner / platform attribution | Used on iOS. |
| Google Play Install Referrer | Android install attribution | Install referrer and campaign attribution data | Platform attribution provider | Used on Android. |
| TopOn / AnyThink and Android ad network SDKs | Android ad mediation and ad monetization | Advertising identifiers where permitted, ad events, ad delivery diagnostics, and related campaign data | Advertising partner / ad mediation provider | Android ad stack may include TopOn/AnyThink, SmartDigiMktTech, Google AdMob, BigoAds, Liftoff/Vungle, Mintegral, AppLovin MAX, Meta Audience Network, Pangle, and Adseye. |
| Stripe Managed Payments | Business checkout, managed payments, invoices, taxes, renewals, refunds | Billing contact, transaction data, subscription status, invoice and tax data | Merchant of record / payment provider | Stripe acts as Merchant of Record for direct Business purchases where Stripe checkout is available. |
| Waffo | Localized Business payment in selected regions | Billing contact, transaction data, purchase status | Merchant of record / payment provider | In ID, VN, TH, MY, and PH, Timemark may provide a Waffo one-time purchase product named Pay 1 year for localized payment methods. |
| Apple App Store | iOS in-app purchases | App Store account and purchase information | Merchant / payment provider | Apple handles iOS receipts, renewals, and refunds. |
| Google Play Billing | Android in-app purchases and subscriptions | Google Play account and purchase information | Merchant / payment provider | Google handles Android receipts, renewals, and refunds. |
| Google sign-in | Account sign-in | Email address and Google account name | Sign-in provider | Used when a user signs in with Google. |
| Apple sign-in | Account sign-in | Apple account identifier and relay email if used | Sign-in provider | Used when a user signs in with Apple. |
| Microsoft MSAL | Account sign-in | Email address and Microsoft account name | Sign-in provider | Used when a user signs in with Microsoft. |
| Google Drive API | Personal Cloud Backup and team sync | Photos, metadata, and files you choose to sync | User-directed service | Google Drive data is governed by Google after sync. Authorization tokens are stored securely. |
| Microsoft Graph / OneDrive | Personal Cloud Backup | Photos and metadata you choose to back up | User-directed service | OneDrive data is governed by Microsoft after sync. Authorization tokens are stored securely. |
| Microsoft Graph / SharePoint | Team project sync | Team photos and metadata for connected projects | User-directed service | SharePoint data is governed by Microsoft after sync. Authorization tokens are stored securely. |
| Webhook endpoints | Team automation | Photo event payloads, photo URLs, member data, location, custom notes | User-directed service | Endpoint is configured by the team. |
| Google Maps and Google Play Location | Android maps, location, and map watermark features | Location and map lookup data | Service provider / platform service | Used on Android. May receive precise location when map or location features are used. |
| Apple system geocoding and Timemark services | Address lookup from GPS | Location needed to return an address | Platform service / service provider | Address lookup may use Apple system geocoding and Timemark services. |
| Timemark weather service | Weather field on watermark | Location needed to return weather data | Timemark-operated service | Weather lookup runs when the weather field is enabled. |
| Amazon Web Services (AWS) | Running Timemark systems and hosting Timemark-hosted content | Account and service data, Teamspace data, Timemark-hosted share links or reports, photos and files only when uploaded to a Timemark-hosted feature, logs | Service provider / sub-processor | AWS is not a third-party sale/share recipient when acting as Timemark’s hosting provider. Local-only photos are not stored in AWS. Teamspace data is hosted in the United States by default. Enterprise data residency may place in-scope Teamspace data in the selected region. |
| Alibaba Cloud (Singapore) | Running Timemark systems and regional infrastructure | Account and service data, hosted content, logs, and operational data where Timemark uses Alibaba Cloud infrastructure | Service provider / sub-processor | Used in Singapore. Alibaba Cloud is not a third-party sale/share recipient when acting as Timemark’s infrastructure provider. |
| Email and support tools | Account emails, share emails, support requests | Email address, message content, support metadata | Service provider | Used when Timemark sends account or share emails, or when you contact support. |
Client SDKs that do not receive user data
Section titled “Client SDKs that do not receive user data”Some SDKs are included to run client features locally, load images, process media, handle networking, render UI, or export files. These SDKs may process data on the device as part of the feature you use, but Timemark does not intentionally send user data to those SDK vendors through the SDK integration.
They are not listed above as data recipients unless they also transmit data to a provider or destination.
| Platform | SDKs and libraries | Used for |
|---|---|---|
| iOS | Alamofire, RealmSwift, Kingfisher, YYText, DSF_QRCode, SnapKit, MJRefresh, MagazineLayout, CocoaLumberjack, DeviceKit, SSZipArchive, ZIPFoundation, AEXML, UTMConversion, JZLocationConverter | Networking, local database, image cache, rich text, QR code generation, layout, refresh controls, device model detection, ZIP/XML export, coordinate conversion, and app logging |
| Android | AndroidX CameraX, SenseTime STMobileJNI, Huawei CameraKit, OPPO CameraUnit, Xiaomi camera SDK, global-nnpackage, JCodec, ExoPlayer, Glide, Coil, Luban, uCrop, PhotoView, OkHttp, Retrofit, RxJava, Gson, Fastjson, MMKV, EventBus, LiveEventBus, React Native, Google Play App Update, Google Play Review, ZXing, AndroidAutoSize, SmartRefreshLayout, ImmersionBar, CalendarView, ReLinker, LSParanoid | Camera, media processing, video, image loading/compression/crop/view, networking, JSON, local storage, event bus, React Native screens, in-app update/review, QR code, UI, native library loading, and app hardening |
Linked storage and webhooks
Section titled “Linked storage and webhooks”When you connect Cloud Backup, Team Sync, SharePoint, Google Drive, OneDrive, or webhooks, you direct Timemark to send data to that destination. After delivery, access to that copy is managed in the destination service.
Deleting a photo, file, or record in Timemark does not delete copies already synced to linked storage or sent to a webhook endpoint.