Privacy Policy

Effective date: 26th April 2026

This Privacy Policy explains how All Timed Out (“we”, “us”, or “our”) collects, uses, stores, and protects personal information when you use our website, services, and the ATO Growth Engine platform.

This policy applies to:

  • the All Timed Out website;
  • the ATO Growth Engine application;
  • membership, subscription, and billing-related activity connected to our services; and
  • contact forms, account access, and related communications.

1. Who we are

All Timed Out provides software and related services, including the ATO Growth Engine platform.

If you have questions about this Privacy Policy or how your information is handled, you can contact us via our website.

2. Information we collect

We may collect and process the following categories of information:

Information you provide directly

  • name;
  • email address;
  • phone number;
  • messages sent through our contact forms;
  • workspace, account, or onboarding information submitted when using our services;
  • billing or subscription-related information supplied during signup or checkout.

Account and workspace information

  • account login details;
  • workspace membership and user role information;
  • workspace settings and preferences;
  • basic account activity associated with platform access and administration.

Technical and usage information

  • IP address;
  • browser type and device information;
  • pages viewed and site interactions;
  • app usage, access logs, and operational activity associated with use of the platform.

Authentication information

If you use supported third-party sign-in methods, such as Google or Microsoft, we may receive limited account information from that provider, such as your name, email address, and basic account identifier, in order to authenticate access.

3. How we use your information

We use personal information where necessary to:

  • provide and operate our website and services;
  • create and manage accounts, subscriptions, and workspaces;
  • process plan selection, membership access, and related billing workflows;
  • provide support and respond to enquiries;
  • send service-related communications;
  • maintain platform security, integrity, and performance;
  • improve our services, workflows, and user experience;
  • comply with legal and regulatory obligations.

4. Billing and subscription information

When you start a paid plan or trial through our website, certain information is used to process membership, subscription, and workspace provisioning. This may include your name, email address, selected plan, and billing-related information.

Payment processing may be handled through third-party systems or plugins used to manage subscriptions, membership access, and checkout. We do not store full payment card details unless explicitly stated by the payment provider or processor involved.

5. Contact forms and communications

If you contact us through our website, we use the information you provide to respond to your enquiry and manage related communication. We may keep a record of these messages for support, service, and business administration purposes.

6. Workspace and platform data

ATO Growth Engine is a workspace-based platform. Information submitted within the platform may include account details, workspace records, user membership data, operational settings, and other content entered by users as part of normal use of the service.

We process this information to operate the platform, provide access, support core features, and maintain security and service continuity.

7. AI-supported features

The platform may include AI-assisted features designed to support workflow, summaries, and other operational tasks. Information submitted to such features may be processed to generate responses or support functionality within the platform.

We aim to limit processing to what is necessary for the relevant feature and service operation.

8. Legal bases for processing

Where applicable, we process personal information on one or more of the following bases:

  • to perform a contract or take steps before entering into a contract;
  • for our legitimate interests in operating, improving, and securing our services;
  • to comply with legal obligations;
  • with your consent, where consent is the appropriate basis.

9. Sharing information

We may share information with trusted third parties where necessary to operate our services, including providers involved in:

  • website hosting and infrastructure;
  • app hosting and technical operations;
  • payment processing and membership management;
  • authentication and sign-in services;
  • email delivery, security, analytics, and support tools.

We do not sell personal information to third parties.

10. Data retention

We keep personal information only for as long as reasonably necessary for the purposes set out in this Privacy Policy, including providing services, maintaining records, resolving disputes, enforcing agreements, and meeting legal, regulatory, or tax obligations.

11. Security

We take reasonable technical and organisational measures to protect personal information against unauthorised access, misuse, loss, disclosure, or alteration. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

12. Your rights

Depending on where you are located, you may have rights in relation to your personal information, including the right to request access, correction, deletion, restriction, objection, or portability, subject to applicable law.

To make a privacy-related request, please contact us at [INSERT CONTACT EMAIL].

13. Cookies and similar technologies

Our website and services may use cookies or similar technologies for functionality, security, performance, analytics, and user experience. You can usually control cookies through your browser settings.

To manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents, we use the consent tool “Real Cookie Banner”. Details on how “Real Cookie Banner” works can be found at https://devowl.io/rcb/data-processing/.

The legal basis for the processing of personal data in this context are Art. 6 (1) (c) GDPR and Art. 6 (1) (f) GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the related consents.

The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we will not be able to manage your consents.

14. Third-party services and links

Our website or services may contain links to third-party websites, tools, or services. We are not responsible for the privacy practices of those third parties, and you should review their own privacy policies where relevant.

15. International data handling

Depending on the tools and service providers we use, your information may be processed in countries other than your own. Where applicable, we take reasonable steps to ensure appropriate safeguards are in place.

16. Children’s privacy

Our services are intended for business and professional use and are not directed to children. We do not knowingly collect personal information from children.

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, operations, or legal obligations. The updated version will be published on this page with a revised effective date.

18. Contact

If you have questions about this Privacy Policy or your personal information, please contact:

All Timed Out