Advanced Feature

Privacy & Local Data

time.md is local-first: your screen time, browser history, optional input tracking, and exports stay on your Mac unless you export or share them yourself.

Short version

No screen-time telemetry, no browser-history collection, no input-data upload, no advertising SDK.

Legal privacy policy

Plain-English privacy model

time.md runs directly on macOS and stores product data under your user account. It does not operate a backend for your activity data. The app can contact online services for trial, license, payment, and update checks, but those requests do not include your screen time records, browser history, input tracking data, or export contents.

Important distinction: this page explains how the product handles local data. The formal legal policy lives at Privacy.

Local analytics

Foreground app sessions, rollups, browser visits, categories, and optional input analytics are read from or written to local databases.

User-controlled exports

Exports are files you create in a folder you choose. They are not uploaded by time.md.

Minimal entitlement traffic

Trial and license checks send only entitlement fields, app version, and a random local device identifier.

What stays local

  • Raw and rolled-up screen time sessions.
  • Local browser history reads and the optional web-history archive.
  • Optional input tracking data, including keystroke events, cursor events, typed-word aggregates, and heatmap bins if you enable them.
  • Export presets, export history, scheduled-export settings, and generated export files.
  • Blocking rules, active block state, helper diagnostics, and audit events.
  • Category mappings, display preferences, browser settings, and app UI settings.
  • CLI and MCP configuration; tools read the same local databases.

Features that need sensitive data are opt-in or permission-gated. For example, Web History needs access to protected browser files, and Input Tracking is off by default.

What can go online

time.md uses online requests for product entitlement and updates, not behavioral analytics.

Purpose Data involved What is not included
Start or verify a trial Trial token, app version, and a random locally generated device ID. Screen time, browser history, input data, export data.
Validate a paid activation key Activation key, app version, and the random local device ID. Activity records, URLs, keystrokes, cursor data.
Stripe Checkout Payment details are handled by Stripe. time.md may receive a Checkout session ID and entitlement result. Full card numbers are not received by time.md.
Update checks Sparkle may contact the configured appcast URL to check for new versions. Local analytics databases and exports.

The entitlement server stores fulfillment records such as license or trial status, Stripe customer/payment-method references, and a hash of the device identifier. It does not store your time.md activity database.

Storage map

Most product files live here:

~/Library/Application Support/time.md/
File or location Contains
screentime.db Main screen-time usage records and analytics rollups.
screen-time-snapshot.json Readable local snapshot used for quick access and integrations.
web-history.db Optional persisted archive of normalized browser visits.
input-tracking.db Optional input tracking events, typed words, cursor heatmap bins, and aggregates.
blocking-rules.db Website, app, and category block rules plus enforcement state and audit events.
category-mappings.db Local app-to-category mapping data.
export-schedule.json and export settings Scheduled export configuration and recent export metadata.
screen-time-auto.<ext> Formatted auto export in your chosen export destination.
macOS Keychain Activation key or trial token secrets.
UserDefaults Feature toggles, entitlement previews, UI preferences, and permission-related settings.

SQLite may create sidecar files such as -wal and -shm. Treat them as part of the same local database.

macOS permissions

time.md asks for permissions when a feature needs data macOS protects:

Full Disk Access

Required for reliable browser-history reads and some local Screen Time development/import paths.

Input Monitoring

Required before optional keystroke tracking can collect activity. Input Tracking is off by default.

Accessibility

May be requested by macOS flows that observe input or app interaction state.

Administrator approval

Needed to install or upgrade the privileged helper used for system-level website blocking.

Revoking a permission stops or degrades the related feature. It does not upload or delete data by itself.

Exports and sharing

Exports are intentionally powerful. If you export raw sessions, web history, or input-tracking sections, the resulting file can reveal detailed behavior. Review the file before attaching it to an email, committing it to a repository, or putting it inside a synced folder.

Auto export safety: the automatic formatted snapshot excludes raw input sections. Manual custom exports can include sensitive sections when you select them.

Delete your data

  1. Quit time.md

    Quit the app first so SQLite databases and sidecar files are closed.

  2. Delete app data

    Remove the Application Support folder to delete local databases, snapshots, and settings stored there.

    ~/Library/Application Support/time.md/

  3. Delete persisted web history

    Use Settings → Web Browsers → Delete persisted web history or remove web-history.db and its SQLite sidecars after quitting.

  4. Delete input tracking data

    Disable Input Tracking, then use the app’s delete action or remove input-tracking.db and its sidecars.

  5. Delete exports

    Remove manual exports and screen-time-auto.* files from your chosen export directory.

  6. Remove credentials if desired

    Delete time.md trial or activation items from Keychain Access if you want to remove local entitlement secrets.