Cookie Policy
policies-public/cookies.mdCookie Policy
Effective date: 2026-05-28 Last updated: 2026-06-30 Last reviewed: 2026-06-30 Version: 1.0
TimerOS is operated by Vezoft (a company registered in Bulgaria under company number (EIK) 202823109, with its registered office in Kardzhali, Bulgaria) ("Vezoft"). This Cookie Policy explains the cookies and similar storage technologies that TimerOS uses across all of its delivery surfaces: the marketing website and product pages (https://timeros.ai), the corporate website (https://vezoft.com), the authenticated web console (dashboard), the per-tenant client portal, the desktop application, and the Android companion application.
If you want to understand how we process personal data more generally, see the Privacy Policy.
What is a cookie?
A "cookie" is a small text file that a website stores in your browser. We also use related technologies — localStorage, sessionStorage, the desktop application's local secure key-value store, and the mobile application's native secure storage (Android Keystore-backed) — which we treat the same way as cookies for the purpose of this notice and the ePrivacy Directive.
Cookies we set
Public marketing website (https://timeros.ai) and corporate website (https://vezoft.com)
At the date above, our public websites set no third-party tracking cookies, no analytics cookies, no advertising cookies, and no behavioural-profiling cookies. We use no Google Analytics, Meta Pixel, HubSpot, LinkedIn Insight, or similar.
The only storage the marketing pages set is a single functional preference key:
| Name | Purpose | Type | Duration |
|---|---|---|---|
theme (localStorage) |
Remember your light/dark mode preference on the marketing pages | Essential / functional | Persistent until you clear it |
We show a consent banner on first visit. Because the only storage currently set is the strictly-necessary / functional theme key, no consent is required for it under the ePrivacy Directive (Directive 2002/58/EC as amended); the banner is the mechanism by which we will obtain consent before setting any non-essential cookie or storage in the future.
Authenticated web console (dashboard, on timeros.ai) and per-tenant client portal (https://portal.timeros.ai)
Once you log in, the authenticated console and the client portal use localStorage to keep you logged in (storing an auth token) and to remember preferences:
Name (timeros_ prefix) |
Purpose | Type | Duration |
|---|---|---|---|
timeros_access_token |
Short-lived access token used to authenticate API requests | Strictly necessary | 15 minutes |
timeros_refresh_token |
Used to obtain a new access token without re-login | Strictly necessary | 7 days |
timeros_tenant_id |
Identifies which workspace you are signed into | Strictly necessary | Until logout |
timeros_employee |
Cached profile (name, role, permissions) for instant UI rendering | Strictly necessary | Until logout |
timeros_entitlements |
Cached feature-tier flags | Strictly necessary | Until logout |
theme, sidebar_collapsed, language |
UI preferences | Functional | Persistent |
Under the ePrivacy Directive, strictly-necessary storage that is required to provide a service the user explicitly requested does not require consent. The above storage is needed for the authenticated app to work and is set only after you log in.
Desktop application
The desktop application stores the same set of keys in localStorage (scoped to the app's local webview) and uses a local key-value store for non-sensitive UI state. It does not store activity classifications, window titles, or AI inputs anywhere on disk; those are processed in memory and discarded.
Mobile application (Android companion)
The Android application is a companion dashboard for reviewing and managing your workspace — it does not track time and does not run the activity classifier (those are Windows-desktop-only). It does not use browser cookies. Instead it uses native Android storage to keep you logged in and remember preferences:
| Storage location | Stored content | Type | Duration |
|---|---|---|---|
Android EncryptedSharedPreferences (Keystore-backed) |
Access token, refresh token, tenant ID, cached employee profile and entitlements | Strictly necessary | Cleared on logout or app uninstall |
Android DataStore |
UI preferences (theme, language, expanded panels) | Functional | Persistent until cleared |
| Firebase Cloud Messaging (FCM) device token, when the Customer has enabled in-app push notifications | An opaque per-installation identifier issued by Google to deliver push notifications | Strictly necessary for the push-notification feature; see Sub-processors for the Google LLC entry | Rotated by Google; cleared on app uninstall |
The companion application does not include any third-party analytics SDK, advertising SDK, or behavioural-profiling SDK. It does not track your activity outside the app, and it does not request the operating system's advertising identifier (Android Advertising ID / IDFA). An iOS companion application is planned but not yet active; when it launches, its equivalent storage (Keychain Services for secure items, UserDefaults for preferences, APNs device token via Apple) will be described here.
Third-party cookies
None at the date above.
If you visit one of our blog posts or marketing pages and click an embedded link to a third-party service (YouTube, LinkedIn, GitHub), that third party may set its own cookies under its own policy.
How to control cookies
You can clear cookies and storage from your browser at any time. In most browsers:
- Chrome: Settings → Privacy and security → Clear browsing data
- Firefox: Settings → Privacy & Security → Cookies and Site Data
- Safari: Settings → Privacy → Manage Website Data
Clearing the storage keys above will log you out of TimerOS. The app will work normally after you log back in.
Do Not Track
Our public website respects Do Not Track to the extent that we set no tracking anyway. Once we add analytics or any cross-site signal, we will honour Do Not Track and Global Privacy Control headers from EU and California visitors.
Changes
We update this policy if our cookie usage changes. The "Last updated" date at the top reflects the latest change.
Contact
Data controller: Vezoft (EIK 202823109), with registered office in Kardzhali, Bulgaria (see Imprint for the full registered address). Email: privacy@timeros.ai