Privacy Policy

This policy explains what data Online Alarm ("we", "us", "the service") collects when you use online-alarm.com, why we collect it, who we share it with, and the rights you have over it. We try to keep it plain so you do not need a lawyer to read it. If anything here is unclear, write to support at online-alarm dot com.

Who We Are

Online Alarm is the operator of online-alarm.com and the related time tools (alarm, timer, stopwatch, clock, world clock, meeting planner, study timer, countdown pages, calculators). The service is operated from Fethiye, Turkey. For questions about this policy or to exercise your rights described below, contact us at support at online-alarm dot com.

Data We Collect

We collect three categories of data. (1) Account data: if you sign up, we store your email address, a hashed password (we never see the password itself), the date you created the account, your preferred language and timezone, your email-verified status, and a two-letter country code derived from your network connection (see Country Detection below). If you sign in with Google, we additionally store a record linking your Google account id to your account, along with the OAuth tokens Google returns; we use the tokens only to authenticate you on return visits. We do not import your Google name or profile picture. (2) Tool data when signed in: alarms (label, time, ringtone, timezone), world-clock cities, meeting-planner locations, and tool preferences you save. (3) Anonymous tool data: when you are not signed in, alarms, lap times, timer presets, study-timer routines, and similar tool state are stored only in your browser (local storage). They never reach our servers.

Cookies and Local Storage

We use a small number of essential cookies. The session cookie keeps you signed in. The CSRF and XSRF-TOKEN cookies protect forms from cross-site abuse. Cloudflare, which proxies our traffic, may set its own bot-management cookie (commonly named __cf_bm) and a Turnstile challenge cookie on sign-up and sign-in forms; these are used to tell humans apart from automated traffic and are not used for tracking or advertising. We do not use advertising, analytics, or marketing cookies on the site today. Tool state for anonymous visitors is held in your browser's local storage, which is data on your device that we cannot read.

Server Logs

Our servers and our infrastructure provider (Cloudflare) automatically record basic request information: the IP address of the request, the user-agent string sent by your browser, the page or API path you asked for, the response status, and a timestamp. We use logs to debug errors, investigate abuse, and keep the service running. We retain logs only as long as needed for those purposes, typically no more than 30 days, after which they are rotated and discarded.

Country Detection

When you sign up and when you create an alarm, we record a two-letter ISO country code derived from the CF-IPCountry header that Cloudflare adds to incoming requests. We use it for service operation (default language guess, abuse investigation, and aggregated country-level usage stats), not for advertising or tracking. We do not store your IP address alongside your account or alarms; we store only the two-letter code.

Third Parties That Process Your Data

We use a small set of vendors to operate the service. Cloudflare proxies our traffic and provides bot protection (Turnstile) on sign-up and sign-in forms; Cloudflare may see your IP and basic request metadata. Resend sends transactional email (account verification, password reset); to send these emails we share your email address with Resend. Google handles authentication when you choose "Continue with Google"; Google may share your name, profile picture, and verified email with us, subject to Google's own policies. We do not sell your personal data to anyone. We do not share it with marketing networks.

Advertising

The site does not show ads today. If we add ads in the future, the most likely provider is Google AdSense. When that happens, Google and its partners may use cookies and device identifiers to show personalized or non-personalized ads, and this policy will be updated to describe how to opt out. You can read Google's advertising practices at policies.google.com/technologies/ads, and adjust your ad personalization at adssettings.google.com.

How We Use Your Data

We use account data to identify you when you sign in, sync your saved tool data across devices, and send you account-related email (verification, password reset). We use tool data to provide the tools themselves (an alarm with no time would not be useful). We use server logs to keep the service running and investigate problems. Under the GDPR, our legal bases are: contract (running the account you asked for), legitimate interest (keeping the service secure and operational), and consent (where the law requires it, such as marketing email, which we currently do not send).

How Long We Keep It

Account data and saved tool data are kept as long as your account exists. Server logs are kept for up to 30 days. Anonymous local-storage data stays on your device until you clear it (we cannot delete it for you). When you delete your account, we remove your data within 30 days, except for the minimum required to defend against fraud or comply with legal requests.

Your Rights

If you are in the EU/EEA, the UK, Turkey (under KVKK), or another region with similar privacy law, you have the right to ask us for a copy of your data, to correct it, to delete it, to restrict or object to certain processing, and to take it elsewhere (data portability). Your profile page already lets you export everything tied to your account as a JSON download, and delete your account (after re-entering your password). For anything those buttons do not cover, write to support at online-alarm dot com and we will respond within 30 days. You also have the right to complain to your local data protection authority (in Turkey, the KVKK; in the EU, your national supervisory authority; in the UK, the ICO).

Children

The service is not directed at children under 13. We do not knowingly collect data from anyone under 13. If you believe a child has created an account, write to support at online-alarm dot com and we will delete it.

International Data Transfers

We operate from Turkey. Our infrastructure providers (notably Cloudflare, Resend, and Google) are based in the United States and operate globally; using the service inherently involves data flowing to and from those providers. Each of those providers publishes its own data-transfer safeguards (the European Commission's standard contractual clauses, the UK addendum, and similar mechanisms) which we benefit from when we use their services. If you would like more detail about a specific provider's safeguards, write to support at online-alarm dot com.

Security

Connections to the site are encrypted with HTTPS. Passwords are stored as bcrypt hashes, not in plain text. We follow standard practices to keep the service secure, but no system on the internet can be guaranteed perfectly secure. If you believe your account has been compromised, change your password and write to support at online-alarm dot com.

Changes to This Policy

We may update this policy when we add new features, work with new processors, or to reflect changes in the law. The "Last updated" date at the top of this page changes whenever we do. For material changes that affect what we collect or how we use it, we will tell you by email at the address on your account (if you have one) before the change takes effect.

Contact

Privacy questions, data requests, or anything else covered by this policy: support at online-alarm dot com. We aim to respond within 30 days.