Security & Data Retention

Last updated: 14 November 2025

We Keep Your Data Safe

AbleTime Limited (“AbleTime”, “we”) is committed to safeguarding your data. This page summarizes our operational security, data handling practices, and retention policies.

Infrastructure Overview

Application Hosting

  • Hosted on Vercel with enterprise-grade controls and SOC 2 audited infrastructure.
  • TLS 1.2+ enforced for data in transit; HSTS enabled at the edge.

Data Platform

  • Core data stored with Supabase in the European Economic Area (EEA).
  • Encryption at rest enabled for primary and backup storage.
  • Row-level access is enforced via application RPCs and strict access controls.

Security Measures

  • Encryption: TLS for data in transit; provider-managed encryption at rest.
  • Access Controls: Least-privilege access, MFA for administrative accounts, audit logging.
  • Vulnerability Management: Regular dependency updates and routine vulnerability scans.
  • Backups & DR: Regular backups with tested restore procedures.

Payments and PCI

All payments are processed by Stripe. We do not store or process raw card data on AbleTime systems.

  • Stripe is responsible for PCI DSS compliance for payment processing.
  • Stripe may collect device/network telemetry for fraud prevention (e.g., https://m.stripe.com).

Data Retention & Deletion

We retain data only as long as necessary for the purposes described and to comply with legal obligations, in alignment with GDPR/EU requirements.

  • Account and content data: retained for the life of the account plus a limited period (typically up to 30 days) to support account recovery and lawful requests.
  • You can request earlier deletion by contacting support; we will process requests in accordance with applicable law.
  • System and security logs: retained for a limited period for security and operational purposes.

International Transfers

Data is processed within the EEA. If a transfer is required, we use appropriate safeguards such as Standard Contractual Clauses.

Contact

For security or privacy inquiries, please contact privacy@AbleTime.com or our DPO at dpo@AbleTime.com.

Note: This page provides a high-level summary. For comprehensive details, see our Privacy Policy and Terms of Service.