TimeBend

— PRIVACY

Our

Policies

Last Updated: June 2026

This Privacy Policy explains how Cenizas Labs (“Cenizas Labs,” “we,” “us,” or “our”), the company that operates the TimeBend platform (“TimeBend” or the “Service”), collects, uses, shares, and protects your information — throughout your journey, from the moment you visit our site, through reviewing, approving, and paying for your project, to delivery and hosting.

For account, billing, and site-usage data, Cenizas Labs acts as the data controller. Where the inputs you submit contain personal data about your own customers or end users, you are generally the controller and we act as a processor on your behalf — see Section 18 and our Data Processing Agreement.

This Policy works alongside our Terms of Service; please read both. If you have any questions, contact us at privacy@cenizaslabs.com

01

When You Visit the Site

  • When you browse TimeBend.ai, we automatically collect basic technical data — such as browser type, device information, IP address, and pages visited — to understand how users interact with the Service and to keep it secure.
  • We use cookies and similar technologies to maintain your session, remember your preferences, and analyze usage. You can manage cookies through your browser settings, and we honor recognized opt-out signals where required (see Section 16).

02

Account Signup and Login

  • When you create an account, we collect your name, email address, organization details (if you register on behalf of one), and authentication credentials to set up and secure your profile.
  • Your account activity — including login history and session data — is logged to protect against unauthorized access and keep your projects secure.

03

Submitting Your Project Prompt

  • When you describe what you want to build, we collect your prompt text, project name, system type, and requirements (your “Inputs”) to process your request through our Engine.
  • Your Inputs remain your intellectual property. They are processed solely to generate and deliver your project and are never sold or shared for advertising or marketing purposes.

04

Reviewing Your Generated Project

  • The data document, architecture, and specifications generated from your Inputs are stored securely in your account workspace for your review.
  • Feedback or change requests you submit during review are used to refine your project. We do not use this feedback or your project data to train AI models (see Section 9).

05

Viewing and Approving the Cost

  • Before payment, we display a full cost estimate based on your project scope. No payment information is collected at this stage — only your approval decision is recorded.
  • Your approval is logged with a timestamp as confirmation that you reviewed and agreed to the quoted price before proceeding.

06

Payment and Billing

  • Payment is processed securely by trusted, PCI-compliant third-party payment providers. We collect only billing confirmation and transaction records — full card numbers are never stored on our systems.
  • A record of your purchase, plan, and payment confirmation is retained for billing support, refund handling, and legal compliance.

07

Project Delivery and Source Code

  • Once payment is confirmed, your generated source code, architecture, and project assets are delivered to your account. You own all delivered Outputs from the moment of delivery.
  • You can download your source code or export your project at any time. We do not retain rights to your delivered project beyond what is needed to provide the Service.

08

Hosting and Your Live Application

  • If you host your application on TimeBend infrastructure, we collect hosting logs, uptime metrics, and operational telemetry to maintain reliability, security, and performance.
  • Your live application remains under your control. You may take it offline, download the source, or migrate to another host at any time — no lock-in.

09

AI Processing of Your Data

  • We use AI systems — our own Engine and trusted AI service providers — to analyze your Inputs and generate your project. Any third-party AI providers act as our sub-processors under data processing agreements, and we apply data minimization to limit what is shared.
  • No training on your data. We do not use your Inputs, Outputs, or generated code to train, fine-tune, or improve our own or any third party’s machine-learning models. Your content is processed solely to provide the Service to you.
  • The Service generates outputs through automated processing. These outputs are provided for your review and do not produce legal or similarly significant effects about you, and you remain responsible for reviewing them before use.

10

How We Share Data

  • We do not sell your personal information. We share data only with service providers essential to delivering the Service — such as cloud hosting, AI processing, payment processing, and monitoring providers — each bound by confidentiality and data-protection obligations.
  • Where we act as a processor, we make a current list of sub-processors available on request and give notice of material changes as described in any applicable Data Processing Agreement.
  • We disclose data to legal authorities only when required by law, regulation, or valid legal process, or to protect the rights, safety, and security of our users, the public, or Cenizas Labs.
  • We may use or share aggregated or de-identified information that does not identify you in order to operate, secure, and analyze usage of the Service.

11

Legal Bases for Processing (EEA and UK)

  • Where the GDPR or UK GDPR applies, we process personal data on one or more of these legal bases: performance of our contract with you (providing the Service); our legitimate interests (operating, securing, and analyzing the Service and preventing fraud); your consent (for example, for certain cookies or optional communications), which you may withdraw at any time; and compliance with our legal obligations.

12

International Data Transfers

  • Cenizas Labs is based in the United States and may process and store data in the United States and other countries. Where we transfer personal data across borders, we use appropriate safeguards — such as Standard Contractual Clauses or other lawful transfer mechanisms — to protect it.

13

Data Retention

  • We retain account and project data while your account is active and delete or de-identify it within a reasonable period after closure. Consistent with our Terms of Service, you may export your projects for 30 days after termination.
  • Usage and hosting logs are typically retained for up to 12 months. We may keep limited records longer where required for legal, tax, billing-dispute, or compliance purposes. You may request early deletion at any time, subject to those obligations.

14

Security

  • Data in transit is encrypted using TLS, and access to your account and stored data is restricted through secure authentication and role-based controls.
  • We carry out continuous monitoring, audit logging, and periodic security reviews to detect and respond to threats. If a breach affects your personal data, we will notify you and the relevant authorities as required by applicable law.
  • No method of transmission or storage is completely secure. You are responsible for keeping your account credentials confidential and for notifying us of any suspected unauthorized use.

15

Your Privacy Rights

  • Depending on where you live, you may have rights to access, correct, export (port), delete, or restrict the processing of your personal data, to object to certain processing, and to withdraw consent.
  • To exercise a right, contact privacy@timebend.ai. We aim to acknowledge requests within 5 business days and to respond within the period required by applicable law (for example, within 30 days under the GDPR or 45 days under the CCPA, subject to permitted extensions). We will not require you to justify your request, and we will not discriminate against you for exercising your rights.
  • If we cannot fulfill a request, we will explain why, and you may have the right to appeal or to complain to a regulator (see Section 16).

16

Region-Specific Disclosures

  • EEA and UK. We rely on the legal bases in Section 11 and the transfer safeguards in Section 12. You have the right to lodge a complaint with your local data protection authority. Contact privacy@timebend.ai for any GDPR or UK GDPR request.
  • California (CCPA/CPRA). In the preceding 12 months we may have collected identifiers, account and contact details, commercial and transaction information, internet and device activity, and the contents of your Inputs. We do not sell or “share” personal information as those terms are defined under California law, and we do not use sensitive personal information beyond providing the Service. You may exercise your rights to know, delete, correct, and limit, we honor opt-out preference signals such as Global Privacy Control, and you may use an authorized agent to submit requests.
  • Other regions. If you are located elsewhere — for example, in jurisdictions with laws such as India’s Digital Personal Data Protection Act — you may have similar rights. Contact us and we will honor the rights that apply to you.

17

Children’s Privacy

  • The Service is intended for users who are at least 18 years old and is not directed to children. We do not knowingly collect personal data from anyone under 18.
  • If you believe a minor has provided us with personal data, contact privacy@timebend.ai and we will delete it.

18

Controller, Processor, and Enterprise (DPA)

  • For account, billing, and site-usage data, Cenizas Labs is the data controller. Where your Inputs contain personal data about your own customers or end users, you are the controller and we act as your processor, handling that data only to provide the Service and on your instructions.
  • Enterprise customers and others who require one can enter into a Data Processing Agreement with us, which (where signed) governs our processing of personal data, including the use of sub-processors and international transfers.

19

Changes to This Policy

  • We may update this Policy periodically. Material changes will be notified via email or in-platform notice at least 14 days before they take effect.
  • Continued use of the Service after the effective date constitutes acceptance of the updated Policy.

20

Contact Us