Privacy Notice

Last updated: May 18, 2026

Short version: Tempo keeps your data on your Mac. We don't run a cloud for it. Nothing about what you monitor, schedule, or automate leaves your device because of us.

What Tempo stores locally

Every event Tempo ingests — calendar entries, reminders, webhook alerts, script results, whatever you connect — is stored in a local SQLite database under ~/Library/Application Support/Tempo/. Attachments, configuration, tokens, scores, and logs live in the same directory. This data never leaves your Mac through Tempo.

If you back up your Mac (Time Machine, Kopia, Arq, etc.) or keep that folder on an external/cloud-synced drive, backups and sync follow whatever service you chose. That is your decision and your trust relationship with that service, not ours.

What Tempo sends to the network

Tempo is designed to sit on your LAN. The app itself makes these outbound network calls, and no others:

• Update checks (Sparkle) — Tempo asks downloads.tempoapp.app whether a newer version exists. This request carries your current Tempo version and your IP address (unavoidable for any HTTPS request). We don't correlate it with an identity, we don't store it beyond Cloudflare's standard access logs, and no other data is sent.

That's the full list. Tempo v1 does not ship with telemetry, third-party analytics, crash reporting SDKs, ad networks, or tracking pixels. If future versions introduce opt-in telemetry, it will be off by default, announced in release notes, and described in detail here before activation.

Local audit log

Tempo writes a local audit log of automatic actions (auto-acknowledgement, auto-dismissal, score installation, configuration restore, ingestion drops). The log lives in the same ~/Library/Application Support/Tempo/ directory and is never transmitted. Its purpose is to give you a paper trail of what the app did on your behalf — useful for diagnosing surprises and for the support bundle export, which you can review and trim before sending if you ever file a bug report.

What Tempo does not collect

• Event contents (what your calendars, reminders, scripts, or webhooks say)
• The list of sources you have connected
• Your Mac's name, serial number, or device identifiers
• Contacts, files, or other system data beyond what you explicitly grant via macOS permission dialogs (EventKit only in v1)
• Any form of behavioural profiling

macOS permissions

On first use of certain features, macOS will ask for permission: Calendar and Reminders (EventKit) only. Tempo reads only the data you grant. You can revoke any permission in System Settings → Privacy & Security at any time; Tempo handles revocation gracefully and stops reading from that source.

Other macOS integrations (HomeKit, Focus, Health) are reserved for future versions of Tempo and are not requested in v1.

Third parties that touch your data

Only two, and only indirectly:

• Cloudflare serves tempoapp.app (this site), downloads.tempoapp.app (app downloads and update feed), and any related subdomains. When your browser or Tempo connects to these, Cloudflare sees the request — the same way it sees any of the millions of sites it serves. We use Cloudflare's analytics to understand aggregate download, update-check, and site-visit patterns (counts by version, page section, country, referrer source, time): no IP retention beyond serving the response, no cookies, no tracking pixels, no client-side JavaScript beacon, no fingerprinting, no correlation with any identity. Cloudflare may process this data in non-EU jurisdictions under Standard Contractual Clauses (SCCs) approved by the European Commission.
• Your chosen third-party sources. If you connect Tempo to a Google Calendar, a Home Assistant webhook, or any other external service, Tempo talks to that service on your behalf. Whatever those services collect is between you and them.

Your rights under GDPR and similar laws

Because Tempo stores data exclusively on your Mac, the usual rights (access, rectification, erasure, portability, restriction) are satisfied directly by you: the database is a file you own. To erase everything, delete the ~/Library/Application Support/Tempo/ directory and uninstall the app. We have nothing stored on our side to delete.

If you enabled opt-in telemetry, the counters we received are non-identifiable by design. If you still want them removed, contact us at privacy@tempoapp.app and we'll purge matching rows from the telemetry store.

EU/EEA residents have the right to lodge a complaint with their national data protection authority if they believe their personal data is being handled improperly. The Italian authority is the Garante per la Protezione dei Dati Personali.

Who is the data controller

The data controller for tempoapp.app and the Tempo application is Caereforge, an independent software publisher based in Italy, currently operating as an individual author pending company registration. Contact for any privacy matter: privacy@tempoapp.app.

Postal correspondence: send a message to the privacy email above and we will respond with a postal address suitable for formal communication, on request. Because Tempo collects no personal data on our side, there is no data subject access request to fulfil — your local ~/Library/Application Support/Tempo/ folder is the complete record.

Security

Tempo stores authentication tokens for external services (per-provider ingestion tokens, OAuth tokens for calendar providers if added, etc.) in the macOS Keychain — not in the app's preferences or database. If you move your Tempo folder to another Mac, tokens do not travel with it; you reconfigure them on the new machine.

Children

Tempo is a general-purpose macOS utility intended for adults. It does not knowingly collect information from or target minors.

Changes to this notice

If this Privacy Notice changes in any substantive way, the updated date at the top will change, and we'll note the change in the release notes of the Tempo version that introduced the reason for the update.

Contact

privacy@tempoapp.app