Privacy Policy

Data controller

The website is operated by TimeToTest CIC, Company 17163328, Registered in England and Wales. The current data controller is Victor Humenhuk while governance transitions fully to TimeToTest CIC. You can contact us at hello@timetotest.app.

Lawful basis for processing

Under UK GDPR, our lawful basis is legitimate interest under Article 6(1)(f). Our legitimate interest is helping people notify partners and find sexual health support while collecting the minimum information needed to run and protect the service.

The website

The website is static and hosted on Cloudflare Pages. It does not use cookies, analytics, advertising pixels, tracking SDKs, or user accounts.

• Clinic finder: the country and postcode or place name you enter are sent directly from your browser to public geocoding services. UK lookups use postcodes.io. Ireland lookups use Nominatim with Zippopotam as fallback. Australia and New Zealand lookups use Zippopotam with Nominatim as fallback. TimeToTest does not store these searches.
• Feedback: the feedback page opens your email app using a pre-filled mailto link to hello@timetotest.app. There is no server-side feedback form, no server-side email provider, and no website database. If you choose to send the email, your email provider and our mailbox provider process the email in the normal way.
• Hosting logs: Cloudflare may process standard technical request data, such as IP address, browser information, requested URL, and timestamps, to deliver and protect the website.

The mobile app

The mobile app is separate from the static website. It lets people send anonymous STI partner notifications by SMS.

• Phone numbers you select: selected recipient phone numbers are used to deliver the SMS. They are not stored by TimeToTest.
• Contact list: contact names and numbers are read on your device only so you can choose recipients. The full contact list is not uploaded.
• Rate limiting: limited technical data, such as IP address and timestamp, may be processed temporarily to reduce abuse.
• SMS delivery: Twilio processes SMS delivery for the mobile app only. Twilio message log retention is configured to 0 days where supported, although telecom providers may retain operational metadata required by law.

What we do not collect on the website

• No website accounts, logins, or profiles
• No cookies
• No analytics
• No advertising identifiers
• No server-side storage of clinic searches
• No server-side storage of feedback form submissions

Tips and donations

TimeToTest is free to use. Optional tips or donations are handled by the payment provider you choose.

• Apple: optional iOS tips are processed by Apple StoreKit.
• Google: optional Android tips are processed by Google Play Billing.
• Ko-fi: optional external donations are handled by Ko-fi at ko-fi.com/victorhumenhuk.

TimeToTest does not receive or store card details, billing addresses, or other payment credentials.

Third-party services

The main third-party processors and service providers are:

• Cloudflare: website hosting, delivery, security, and Pages Functions.
• Twilio: SMS delivery for the mobile app, not the website.
• Apple: App Store distribution and optional iOS tip processing.
• Google: Google Play distribution and optional Android tip processing.
• Ko-fi: optional external donations.

The clinic finder also contacts postcodes.io, Nominatim, and Zippopotam directly from your browser for geocoding. These services are separate third-party services and receive the lookup query needed to return an approximate location.

Data retention

• Website clinic searches: not stored by TimeToTest.
• Website feedback: not stored by the website. Emails you choose to send are retained in the normal email mailbox until deleted.
• Mobile app phone numbers: not stored by TimeToTest after SMS delivery.
• Mobile app rate-limit data: retained only as long as needed to reduce abuse, normally up to 48 hours.

International transfers

Cloudflare, Twilio, Apple, Google, and Ko-fi may process data outside the UK. Each provider is expected to use appropriate safeguards under UK GDPR, including Standard Contractual Clauses where applicable.

Children's privacy

TimeToTest is not intended for use by anyone under the age of 17. We do not knowingly collect data from children.

Your rights

Under UK GDPR, privacy rights include access, correction, deletion, objection, restriction of processing, and data portability. Because the website does not store personal data, in most website cases there is nothing for TimeToTest to access, correct, or delete. You can contact us about any privacy request at hello@timetotest.app.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Changes to this policy

If this policy changes, the updated version will be posted at this URL with a new "Last updated" date.