Privacy Policy
Last updated: April 6, 2026
1. Overview
CommonTime ("we", "our", "the service") is a group scheduling tool available at https://commontime.cc. This Privacy Policy explains what data we collect when you use CommonTime, how we use it, and your rights with respect to that data.
CommonTime is designed to require no account or login for basic use. We collect only what is necessary to operate the scheduling service.
2. Data We Collect
2.1 Poll content (Supabase)
When you create a scheduling poll, we store the following in our database (hosted on Supabase):
- Poll title (entered by the organizer)
- Proposed date and time slots
- Participant display names (entered by participants themselves)
- Availability selections per participant
- An optional organizer edit code (a random token, not a password)
We do not collect email addresses, phone numbers, or any other personally identifying information as part of the poll flow. Participant names are self-reported and may be pseudonyms.
2.2 Analytics (PostHog)
We use PostHog to collect anonymized product analytics. This includes:
- Page views and navigation paths
- Feature interaction events (e.g., poll created, slot selected)
- A/B test participation flags
- Approximate geographic region (country level, derived from IP)
- Browser type, device type, and screen size
PostHog events do not contain poll titles, participant names, or any content you enter into polls unless you explicitly submit a feedback form. IP addresses are not stored by us beyond what PostHog processes for approximate geolocation.
2.3 Cookies and local storage
We use cookies and browser local storage for the following purposes:
- PostHog analytics cookie — a randomly generated anonymous identifier that persists your session across page visits so we can count unique visitors and measure funnel conversion. This cookie contains no personal information.
- Recent polls (local storage)— poll IDs you have created or joined are stored locally in your browser so the "Recent polls" list works. This data never leaves your device.
- Edit code (local storage) — if you create a poll, your organizer edit code is stored locally so you can return to edit the poll without re-entering the code. This is stored only on your device.
We do not use advertising cookies, tracking pixels, or third-party cookies beyond PostHog.
2.4 Cookie consent
On your first visit, CommonTime displays a cookie consent banner. You can accept all cookies, decline non-essential cookies, or customize your preferences by category:
- Strictly Necessary — required for the site to function. These cookies cannot be disabled.
- Analytics — help us understand how visitors use CommonTime. We use self-hosted PostHog — no data leaves our infrastructure. These are only enabled with your consent.
- Functional — enable enhanced features like timezone detection and preference persistence. These are only enabled with your consent.
Your preferences are stored in a first-party cookie named ct_cookie_consent, which expires after 1 year. You can change your preferences at any time using the "Cookie Settings" link in the footer.
2.5 Error monitoring (Sentry)
We use Sentry to capture application errors. Sentry reports may include browser information, the page URL where an error occurred, and error stack traces. Sentry reports do not contain poll content or participant names.
3. How We Use Your Data
- To operate the scheduling service and display polls to participants
- To allow organizers to edit and manage their polls
- To understand how the product is used and improve it (analytics and error monitoring)
- To run A/B tests on product features in order to improve user experience
We do not sell your data. We do not use your data for advertising. We do not share poll content with third parties beyond the processors listed in Section 5.
4. Data Retention
Poll data (titles, participant names, availability selections) is retained indefinitely unless you request deletion (see Section 6). We may implement automatic expiry of inactive polls in a future update; if we do, we will update this policy.
PostHog analytics data is retained on our self-hosted infrastructure for up to 12 months, after which events are purged. Sentry error data is retained for 90 days.
Local storage data (recent polls, edit codes) remains on your device until you clear your browser storage or we remove it programmatically.
5. Third-Party Processors
We use the following third-party services to operate CommonTime. Each acts as a data processor on our behalf:
Supabase
Database and backend hosting. Stores poll content. Data is hosted in the EU (Frankfurt, eu-central-1) region. Supabase Privacy Policy
PostHog (self-hosted)
Product analytics and A/B testing. We run a self-hosted instance of PostHog on our own infrastructure (Google Cloud, EU region). Analytics data is not sent to PostHog Inc. and remains within our controlled environment. No data leaves our infrastructure to a third-party analytics processor.
Sentry
Error monitoring. Receives error reports containing browser metadata and stack traces. Sentry Privacy Policy
6. Your Rights (GDPR and Similar Laws)
If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with applicable data protection laws, you have the following rights:
- Access — you may request a copy of any personal data we hold about you.
- Deletion — you may request that we delete your poll data (including participant names and availability selections) at any time.
- Portability — you may request your poll data in a machine-readable format (JSON).
- Correction — you may request that inaccurate data be corrected.
- Objection — you may object to processing based on our legitimate interests.
Because CommonTime does not require accounts, we identify polls and participants by poll ID and participant name. To exercise your rights, contact us at the address in Section 8 and include the poll URL and participant name so we can locate the relevant records.
6b. Data Processing Addendum (DPA)
For detailed information about how we process personal data, our sub-processors, international data transfers, and technical security measures, please refer to our Data Processing Addendum.
7. Security
All data is transmitted over HTTPS. Database access is restricted by Supabase Row-Level Security policies. We do not store passwords for anonymous users. Edit codes are random tokens and are not linked to your identity.
No method of transmission or storage is 100% secure. If you have a security concern, please contact us immediately at contact@commontime.cc.
8. Contact
For data requests, questions about this policy, or any privacy-related concerns, contact us at:
We will respond to data access or deletion requests within 30 days.
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of CommonTime after changes are posted constitutes acceptance of the revised policy.
We use cookies to improve CommonTime. No advertising cookies, no third-party tracking. Privacy Policy