Rockachopa/Timmy-time-dashboard
1
0
Fork 2
Code Issues Pull Requests 1 Actions 4 Packages Projects Releases Wiki Activity
Files
ab4b2f938d44aa86db76f3ec11db7e8e2d1ce632
Timmy-time-dashboard/src/dashboard/templates/legal/privacy.html
Claude (Opus 4.6) 92dfddfa90
Some checks failed
Tests / lint (push) Has been cancelled
Details
Tests / test (push) Has been cancelled
Details
[claude] Legal Foundation — ToS, Privacy Policy, Risk Disclaimers (#815) (#1334)
2026-03-24 02:32:25 +00:00

201 lines
10 KiB
HTML
Raw Blame History

{% extends "base.html" %}
{% block title %}Privacy Policy — Timmy Time{% endblock %}
{% block content %}
<div class="legal-page">
<div class="legal-header">
<div class="legal-breadcrumb"><a href="/" class="mc-test-link">HOME</a> / LEGAL</div>
<h1 class="legal-title">// PRIVACY POLICY</h1>
<p class="legal-effective">Effective Date: March 2026 &nbsp;·&nbsp; Last Updated: March 2026</p>
</div>
<div class="legal-toc card mc-panel">
<div class="card-header mc-panel-header">// TABLE OF CONTENTS</div>
<div class="card-body p-3">
<ol class="legal-toc-list">
<li><a href="#collect" class="mc-test-link">Data We Collect</a></li>
<li><a href="#processing" class="mc-test-link">How We Process Your Data</a></li>
<li><a href="#retention" class="mc-test-link">Data Retention</a></li>
<li><a href="#rights" class="mc-test-link">Your Rights</a></li>
<li><a href="#lightning" class="mc-test-link">Lightning Network Data</a></li>
<li><a href="#third-party" class="mc-test-link">Third-Party Services</a></li>
<li><a href="#security" class="mc-test-link">Security</a></li>
<li><a href="#contact" class="mc-test-link">Contact</a></li>
</ol>
</div>
</div>
<div class="legal-summary card mc-panel">
<div class="card-header mc-panel-header">// PLAIN LANGUAGE SUMMARY</div>
<div class="card-body p-3">
<p>Timmy Time runs primarily on your local machine. Most data never leaves your device. We collect minimal operational data. AI inference happens locally via Ollama. Lightning payment data is stored locally in a SQLite database. You can delete your data at any time.</p>
</div>
</div>
<div class="card mc-panel" id="collect">
<div class="card-header mc-panel-header">// 1. DATA WE COLLECT</div>
<div class="card-body p-3">
<h4 class="legal-subhead">1.1 Data You Provide</h4>
<ul>
<li><strong>Chat messages</strong> — conversations with the AI assistant, stored locally</li>
<li><strong>Tasks and work orders</strong> — task descriptions, priorities, and status</li>
<li><strong>Voice input</strong> — audio processed locally via browser Web Speech API or local Piper TTS; not transmitted to cloud services</li>
<li><strong>Configuration settings</strong> — preferences and integration tokens (stored in local config files)</li>
</ul>
<h4 class="legal-subhead">1.2 Automatically Collected Data</h4>
<ul>
<li><strong>System health metrics</strong> — CPU, memory, service status; stored locally</li>
<li><strong>Request logs</strong> — HTTP request paths and status codes for debugging; retained locally</li>
<li><strong>WebSocket session data</strong> — connection state; held in memory only, not persisted</li>
</ul>
<h4 class="legal-subhead">1.3 Data We Do NOT Collect</h4>
<ul>
<li>We do not collect personal identifying information beyond what you explicitly configure</li>
<li>We do not use tracking cookies or analytics beacons</li>
<li>We do not sell or share your data with advertisers</li>
<li>AI inference is local-first — your queries go to Ollama running on your own hardware, not to cloud AI providers (unless you explicitly configure an external API key)</li>
</ul>
</div>
</div>
<div class="card mc-panel" id="processing">
<div class="card-header mc-panel-header">// 2. HOW WE PROCESS YOUR DATA</div>
<div class="card-body p-3">
<p>Data processing purposes:</p>
<ul>
<li><strong>Service operation</strong> — delivering AI responses, managing tasks, executing automations</li>
<li><strong>System integrity</strong> — health monitoring, error detection, rate limiting</li>
<li><strong>Agent memory</strong> — contextual memory stored locally to improve AI continuity across sessions</li>
<li><strong>Notifications</strong> — push notifications via configured integrations (Telegram, Discord) when you opt in</li>
</ul>
<p>Legal basis for processing: legitimate interest in operating the Service and fulfilling your requests. You control all data by controlling the self-hosted service.</p>
</div>
</div>
<div class="card mc-panel" id="retention">
<div class="card-header mc-panel-header">// 3. DATA RETENTION</div>
<div class="card-body p-3">
<table class="legal-table">
<thead>
<tr>
<th>Data Type</th>
<th>Retention Period</th>
<th>Location</th>
</tr>
</thead>
<tbody>
<tr>
<td>Chat messages</td>
<td>Until manually deleted</td>
<td>Local SQLite database</td>
</tr>
<tr>
<td>Task records</td>
<td>Until manually deleted</td>
<td>Local SQLite database</td>
</tr>
<tr>
<td>Lightning payment records</td>
<td>Until manually deleted</td>
<td>Local SQLite database</td>
</tr>
<tr>
<td>Request logs</td>
<td>Rotating 7-day window</td>
<td>Local log files</td>
</tr>
<tr>
<td>WebSocket session state</td>
<td>Duration of session only</td>
<td>In-memory, never persisted</td>
</tr>
<tr>
<td>Agent memory / semantic index</td>
<td>Until manually cleared</td>
<td>Local vector store</td>
</tr>
</tbody>
</table>
<p>You can delete all local data by removing the application data directory. Since the service is self-hosted, you have full control.</p>
</div>
</div>
<div class="card mc-panel" id="rights">
<div class="card-header mc-panel-header">// 4. YOUR RIGHTS</div>
<div class="card-body p-3">
<p>As the operator of a self-hosted service, you have complete rights over your data:</p>
<ul>
<li><strong>Access</strong> — all data is stored locally in SQLite; you can inspect it directly</li>
<li><strong>Deletion</strong> — delete records via the dashboard UI or directly from the database</li>
<li><strong>Export</strong> — data is in standard SQLite format; export tools are available via the DB Explorer</li>
<li><strong>Correction</strong> — edit any stored record directly</li>
<li><strong>Portability</strong> — your data is local; move it with you by copying the database files</li>
</ul>
<p>If you use cloud-connected features (external API keys, Telegram/Discord bots), those third-party services have their own privacy policies which apply separately.</p>
</div>
</div>
<div class="card mc-panel" id="lightning">
<div class="card-header mc-panel-header">// 5. LIGHTNING NETWORK DATA</div>
<div class="card-body p-3">
<div class="legal-warning">
<strong>⚡ LIGHTNING PRIVACY CONSIDERATIONS</strong><br>
Bitcoin Lightning Network transactions have limited on-chain privacy. Payment hashes, channel identifiers, and routing information may be visible to channel peers and routing nodes.
</div>
<p>Lightning-specific data handling:</p>
<ul>
<li><strong>Payment records</strong> — invoices, payment hashes, and amounts stored locally in SQLite</li>
<li><strong>Node identity</strong> — your Lightning node public key is visible to channel peers by design</li>
<li><strong>Channel data</strong> — channel opens and closes are recorded on the Bitcoin blockchain (public)</li>
<li><strong>Routing information</strong> — intermediate routing nodes can see payment amounts and timing (not destination)</li>
</ul>
<p>We do not share your Lightning payment data with third parties. Local storage only.</p>
</div>
</div>
<div class="card mc-panel" id="third-party">
<div class="card-header mc-panel-header">// 6. THIRD-PARTY SERVICES</div>
<div class="card-body p-3">
<p>When you configure optional integrations, data flows to those services under their own privacy policies:</p>
<ul>
<li><strong>Telegram</strong> — messages sent via Telegram bot are processed by Telegram's servers</li>
<li><strong>Discord</strong> — messages sent via Discord bot are processed by Discord's servers</li>
<li><strong>Nostr</strong> — Nostr events are broadcast to public relays and are publicly visible by design</li>
<li><strong>Ollama</strong> — when using a remote Ollama instance, your prompts are sent to that server</li>
<li><strong>Anthropic Claude API</strong> — if configured as LLM fallback, prompts are subject to Anthropic's privacy policy</li>
</ul>
<p>All third-party integrations are opt-in and require explicit configuration. None are enabled by default.</p>
</div>
</div>
<div class="card mc-panel" id="security">
<div class="card-header mc-panel-header">// 7. SECURITY</div>
<div class="card-body p-3">
<p>Security measures in place:</p>
<ul>
<li>CSRF protection on all state-changing requests</li>
<li>Rate limiting on API endpoints</li>
<li>Security headers (X-Frame-Options, X-Content-Type-Options, CSP)</li>
<li>No hardcoded secrets — all credentials via environment variables</li>
<li>XSS prevention — DOMPurify on all rendered user content</li>
</ul>
<p>As a self-hosted service, network security (TLS, firewall) is your responsibility. We strongly recommend running behind a reverse proxy with TLS if the service is accessible beyond localhost.</p>
</div>
</div>
<div class="card mc-panel" id="contact">
<div class="card-header mc-panel-header">// 8. CONTACT</div>
<div class="card-body p-3">
<p>Privacy questions or data deletion requests: file an issue in the project repository or contact the service operator directly. Since this is self-hosted software, the operator is typically you.</p>
</div>
</div>
<div class="legal-footer-links">
<a href="/legal/tos" class="mc-test-link">Terms of Service</a>
<span class="legal-sep">·</span>
<a href="/legal/risk" class="mc-test-link">Risk Disclaimers</a>
<span class="legal-sep">·</span>
<a href="/" class="mc-test-link">Home</a>
</div>
</div>
{% endblock %}
Reference in New Issue View Git Blame Copy Permalink