Time-Check

Anonymous, Secure Calendar Availability Sharing

Share calendar availability across organizations without revealing personal information. Built with enterprise-grade security and zero-knowledge architecture that ensures complete privacy while enabling seamless cross-company scheduling.

Table of Contents

• Overview
• The Service
• iOS App
• Security Features
• How It Works
• Getting Started
• Enterprise Benefits
• Technical Specifications
• Next Steps

Overview

Time-Check solves a critical business problem: checking availability across organizations without sharing sensitive calendar information. Traditional solutions require calendar access, expose personal details, or require complex IT integration. Time-Check provides a secure, anonymous alternative.

The Problem: Companies need to schedule meetings with external partners, but sharing calendar access creates privacy and security risks. Current solutions either expose too much information or are too complex to deploy.

The Solution: Anonymous availability sharing that works across any organization, requires no IT changes, and protects personal privacy through enterprise-grade encryption.

The Service

What Time-Check Does

Time-Check enables secure and anonymous calendar availability checking across organizational boundaries. Here’s what makes it unique:

Cross-Organizational Availability

• No Calendar Access Required: Check availability without accessing anyone’s calendar directly
• Works Across Companies: Share availability between different organizations seamlessly
• No IT Integration: No corporate calendar system changes or API integrations needed
• Universal Compatibility: Works with any calendar system (Exchange, Google Workspace, iCloud, etc.)

Privacy-First Architecture

• Anonymous Requests: No one knows who is checking their availability
• Zero Personal Data: No meeting titles, participants, locations, or personal information shared
• Rolling Device IDs: Anonymous identifiers that change automatically to prevent tracking
• No User Accounts: No registration profiles or persistent user data

Enterprise-Grade Security

• App Transport Security: All network communication secured with TLS 1.3
• End-to-End Encryption: All sensitive data encrypted on user devices before transmission using FIPS 140 algorithms
• Zero-Knowledge Server: Server cannot decrypt or access any calendar information
• Perfect Forward Secrecy: Unique encryption keys for each request, discarded after use
• Compliance Ready: Designed for GDPR, CCPA, and enterprise security requirements

User Experience

• Simple Setup: Email verification and calendar permission - ready in minutes
• Transparent Operation: Works automatically without user intervention
• Privacy Focused: Users control what information is shared and when
• Corporate Ready: Compatible with MDM deployment and corporate security policies

Security Details

Zero-Knowledge Architecture

Time-Check implements a zero-knowledge architecture where the server infrastructure cannot access, decrypt, or analyze any personal calendar information.

Cryptographic Implementation

• Algorithm: NaCl Box (Curve25519 + XSalsa20 + Poly1305)
• Key Exchange: Elliptic Curve Diffie-Hellman (ECDH)
• Symmetric Encryption: XSalsa20 stream cipher with 256-bit keys
• Authentication: Poly1305 message authentication for integrity verification

Security Guarantees

• Confidentiality: Calendar data cannot be accessed by servers or third parties
• Integrity: Availability data cannot be modified in transit
• Authenticity: Responses verified as coming from legitimate users
• Non-repudiation: Cryptographic proof of response validity

Anonymous Identity System

Rolling Device IDs

• Anonymous Identifiers: UUID-based identifiers with no connection to personal identity
• Automatic Rotation: IDs change periodically to prevent long-term tracking
• Request Isolation: Each availability request uses unique anonymous parameters
• No Cross-Correlation: Impossible to link multiple requests to the same user

Email-Based Verification

• Work Email Verification: Users verify their professional email address
• Verification Codes: Time-limited codes sent via email for identity confirmation
• No Email Storage: Email addresses used only for verification, not stored long-term
• Record TTL: Automatic expiration of verification data

Data Protection

Information Minimization

• Availability Only: Only busy/free information extracted from calendars
• No Meeting Details: Titles, participants, locations never accessed or transmitted
• Time-Limited: Only 30-day windows of availability shared
• Granular Control: 15-minute time slots for optimal privacy/utility balance

Secure Data Lifecycle

1. Collection: Calendar availability extracted locally using EventKit
2. Processing: Converted to compressed bitmap format on device
3. Encryption: End-to-end encryption before transmission
4. Storage: Temporary encrypted storage with automatic expiration
5. Retrieval: Encrypted data retrieved only by authorized requestors
6. Deletion: Automatic cleanup and secure memory clearing

Compliance and Standards

Privacy Regulations

• GDPR Compliant: European General Data Protection Regulation compliance
• CCPA Compliant: California Consumer Privacy Act compliance
• Data Minimization: Collects only necessary data for service operation
• Right to Deletion: Automatic data expiration ensures data removal

Security Standards

• SOC 2 Ready: Security controls aligned with SOC 2 Type II requirements
• ISO 27001 Principles: Information security management best practices
• OWASP Guidelines: Web application security framework compliance
• NIST Framework: Cybersecurity framework alignment

How It Works

Step-by-Step Process

1. Anonymous Request Submission

• Alex (Company A) wants to check Joe’s (Company B) availability
• Alex submits request using Joe’s work email address
• Request includes anonymous device ID and desired time range
• No personal information about Alex is revealed to anyone

2. Request Distribution

• Sarah (Company B employee with Time-Check app) checks in
• App receives encrypted requests for colleagues at Company B
• Requests matched to verified email addresses
• No information about requestors is visible to Sarah

3. Local Calendar Processing

• Sarah’s device accesses Joe’s calendar through organizational rules
• App extracts only busy/free time slots using EventKit
• No meeting details (titles, participants, locations) accessed
• Calendar data never leaves the device

4. Encrypted Response Generation

• Availability converted to compressed bitmap format
• Data encrypted using unique keys for this specific request
• Encrypted response stored temporarily on servers
• All processing happens locally on Sarah’s device

5. Secure Response Retrieval

• Alex retrieves encrypted response using their private key
• Only Alex can decrypt the availability information
• Server cannot access decrypted data
• Response expires automatically after retrieval

Technical Flow

Request → Anonymous Routing → Local Processing → Encryption → Temporary Storage → Retrieval → Decryption

This flow ensures that:

• No personal information is exposed at any stage
• Calendar data never leaves user devices unencrypted
• Server infrastructure cannot access sensitive information
• All interactions remain anonymous and unlinkable

Enterprise Benefits

Business Value

Improved Scheduling Efficiency

• Faster Scheduling: Eliminate “email tag” for availability checking
• Reduced Administrative Overhead: Automatic availability processing
• Better Resource Utilization: More efficient meeting scheduling
• Cross-Company Collaboration: Seamless partner and client scheduling

Enhanced Privacy and Security

• No Calendar Exposure: Personal calendar details remain private
• Anonymous Interactions: No tracking or identification of requestors
• Compliance Ready: Built for regulatory compliance (GDPR, CCPA)
• Enterprise Security: Military-grade encryption and security practices

Competitive Advantages

vs. Calendar Sharing

• No Personal Data Exposure: Time-Check never exposes meeting details
• No IT Complexity: Works without calendar system integration

vs. Scheduling Tools

• No Account Requirements: No user accounts or complex setup
• Cross-Organization: Works seamlessly across different companies
• Privacy First: Built for privacy from the ground up

vs. Email Coordination

• Real-Time Availability: Instant availability checking
• No Back-and-Forth: Eliminates scheduling email chains
• Always Current: Reflects real-time calendar changes

Learn More

• How It Works - Detailed technical explanation of the availability sharing process
• iOS App Documentation - Complete technical specifications and user guide for the mobile app
• Security Architecture - Deep dive into cryptographic implementation and security features
• API Reference - Developer documentation for programmatic integration

Privacy and Support

Time-Check is committed to protecting your privacy.

• Privacy Policy - Comprehensive privacy practices and data handling policies
• Usage Guide - Step-by-step guide for using Time-Check effectively
• Support - Get help, report issues, and access community resources

---

© 2025 Isaiah Weiner. All rights reserved.