Privacy

What we collect, and why.

Last updated: May 2026

Timeline is a free planner. There is no signup wall, no advertising, and we don't sell or share your data. This page explains exactly what we record and how to turn it off.

Things you publish are public.

When you publish a timeline you get a shareable URL. The timeline JSON behind that URL is hosted on public storage, so anyone with the link can read it. Sharing is the intent of publishing, and the URL itself is the access control. Please avoid putting anything in a timeline that you wouldn't want a stranger to see.

If you sign in.

Sign-in is only required for personal lists and bookmarks. We use GitHub or Google as the identity provider. From them we receive a provider-supplied user identifier (such as an email address or username), a stable user id, and the identity provider name. We store those alongside your bookmarked timeline ids so we can show your dashboard. We never share, sell, or use that identifier for marketing. Sign out at any time from the user menu — that revokes the session cookie immediately.

Analytics.

We run two first-party analytics tools so we can understand how the product is used and fix what isn't working:

• Microsoft Clarity provides heatmaps, click maps, and anonymous session recordings. Clarity does not capture text you type into form fields or the contents of password fields. It honors the browser Do Not Track setting; turn DNT on in your browser and Clarity will not record your sessions.
• Azure Application Insights records pageviews and a small set of product events (for example, "timeline published" or "AI generation succeeded"). Each event is tagged with a random correlation id stored in your browser's localStorage so we can group a single visitor's actions. The id is not tied to your name or email. Clearing site data deletes it, and a new one is generated on your next visit.

No third-party advertising trackers. No Google Analytics. No Facebook pixel.

AI generation.

The "describe your project" prompt is sent to Azure OpenAI to draft a timeline structure. Azure OpenAI does not use prompts to train models and discards inputs after processing. We log the prompt's outcome (success / failure / quota) and store a truncated copy of the prompt text with the associated AI event record.

Cookies.

The only cookie we set ourselves is the OAuth session cookie after you sign in (scoped to next-milestone.com, deleted on sign-out). Third-party SDKs set additional first-party cookies: Microsoft Clarity sets cookies for visitor identification, and the Application Insights browser SDK sets ai_user and ai_session cookies to correlate page-view and error events across requests. None of these cookies contain personally identifiable information.

Get in touch.

Questions, deletion requests, or anything else, please email contact@next-milestone.com.