Legal, Data Protection and Governance
The governing text for privacy, lawful use, user rights, data handling, and operational accountability
This page sets out how Time Machine Project handles personal data, platform records, user rights, legal boundaries, ethical safeguards, and the operational governance required to preserve continuity, accountability, and trust.
Article I: Legal and Governance Standing
Purpose: To establish the standing of this page as the governing text for privacy, lawful use, and operational accountability below the Project Constitution.
Section 1. Standing
This page sets out the platform’s governing position on privacy, lawful use, data handling, and operational accountability.
Section 2. Constitutional Consistency
This page operates in alignment with the Project Constitution and supports the platform’s broader commitment to traceability, continuity, disciplined participation, and governed authority.
Section 3. Public and Operational Function
This page serves both as public-facing notice and as an operational standard for how personal data and platform records are handled.
Section 4. No Waiver of Rights or Duties
Nothing on this page removes any legal rights held by individuals or any legal obligations binding on the platform.
Article II: Categories of Data and Platform Records
Purpose: To define the principal categories of personal data and project records processed through the platform.
Section 1. Identity and Contact Data
The platform may process identity and contact data such as names, email addresses, usernames, and related registration details.
Section 2. Application and Participation Data
The platform may process data submitted through register interest forms, onboarding, membership, role assignment, participation history, and related governance processes.
Section 3. Platform Activity Data
The platform may process session, access, communication, submission, review, decision, and status-history data required for secure and traceable operation.
Section 4. Work and Artefact Association Data
The platform may process records linking users to Programs, Workstreams, Tasks, Artefacts, communications, reviews, and decisions.
Section 5. Data Minimisation
Time Machine Project seeks to collect only the personal data reasonably required to operate the platform, assess participation, support governance, preserve continuity, and maintain security.
Article III: Lawful Basis and Purpose of Processing
Purpose: To explain why the platform processes personal data and the lawful grounds on which that processing is undertaken.
Section 1. Operational Purpose
Personal data is processed to assess interest, administer access, organise participation, support governance, preserve continuity, maintain security, and operate the platform responsibly.
Section 2. Lawful Processing
Processing is carried out only where there is an identified lawful basis, including where necessary for legitimate interests, requested pre-membership steps, platform administration, legal obligation, or another lawful ground appropriate to the specific activity.
Section 3. Purpose Limitation
Personal data is not collected or retained on the basis that it may be useful at some undefined future point. Processing must remain connected to a defined platform purpose.
Section 4. Transparency
Where personal data is collected from an individual, the platform aims to explain what is being collected, why it is being collected, and how it may be used or retained.
Article IV: Access, Security, and Operational Safeguards
Purpose: To define how access to personal data and platform records is restricted, protected, and governed.
Section 1. Role-Based Access
Access to platform records and personal data is restricted according to role, operational need, and governed authority.
Section 2. Security Measures
The platform applies proportionate technical and organisational safeguards to protect personal data and operational records against unauthorised access, misuse, loss, or inappropriate alteration.
Section 3. Session and Access Control
Authentication, session handling, and access control exist to support legitimate use of the platform and to protect governance-critical functions.
Section 4. Traceability
Where required for continuity, review, security, or accountability, the platform may retain traceable records of access, communication, status changes, review activity, and governance events.
Article V: Retention, Deactivation, Deletion, and Historical Continuity
Purpose: To define how long data may be kept and how the platform distinguishes between deactivation, deletion, and preservation of historical records.
Section 1. Retention Principle
Personal data is retained only for as long as it is reasonably required for the purpose for which it was collected, or for a lawful and justifiable continuation of that purpose.
Section 2. Deactivation
Where a user ceases to participate, platform access may be removed or the user account may be deactivated without immediate destruction of all related records.
Section 3. Deletion
Where appropriate and lawful, personal account data may be deleted following review of the request, the processing purpose, the platform’s obligations, and the need to preserve limited records for security, legal, or governance reasons.
Section 4. Historical Continuity
The platform may retain project history, governance records, review history, status changes, work relationships, and other records necessary to preserve continuity, accountability, and the intelligibility of prior work.
Section 5. No Blanket Promise of Erasure
Time Machine Project does not treat deletion as an automatic or total removal of every historical record in every circumstance. Requests are considered in light of legal rights, lawful obligations, system integrity, and the platform’s duty to preserve a defensible historical record where required.
Article VI: User Rights and Requests
Purpose: To explain the principal rights individuals may exercise in relation to their personal data and how the platform handles requests.
Section 1. Access
Individuals may request access to the personal data held about them, subject to lawful limits and verification of identity where appropriate.
Section 2. Rectification
Individuals may request correction of inaccurate or incomplete personal data.
Section 3. Erasure
Individuals may request erasure of personal data where the legal conditions for erasure are met. The platform considers such requests seriously, but the right to erasure is not absolute and may not require deletion of all related historical or governance records.
Section 4. Restriction and Objection
Where applicable, individuals may request restriction of processing or object to certain forms of processing.
Section 5. Request Handling
Requests relating to privacy, data rights, correction, restriction, or deletion should be submitted through the contact route designated by the platform. The platform may require information sufficient to verify identity and assess the request responsibly.
Article VII: Anonymisation, Pseudonymisation, and Project Continuity
Purpose: To define how the platform separates personal identity from retained work and historical records where appropriate.
Section 1. Anonymisation
Where personal identity is no longer required, the platform may anonymise records so they no longer identify the individual.
Section 2. Pseudonymisation
Where the platform must preserve continuity, security, or governance traceability while reducing direct identifiability, records may instead be pseudonymised.
Section 3. Continued Existence of Work
Where a person leaves the platform, work products, review history, project structure, and related non-personal records may remain where this is necessary to preserve project continuity, intelligibility, and accountability.
Section 4. Separation of Person and Project Record
The platform seeks, where reasonably possible, to distinguish a person’s continuing identity data from the retained historical record of work, governance, and project development.
Article VIII: Communication, Submission, and Intellectual Property Boundaries
Purpose: To define the legal and operational boundaries that apply to submitted material, platform communications, and project-related content.
Section 1. User Submissions
Information, messages, applications, work contributions, and related materials submitted to the platform may be stored, reviewed, and related to work, governance, or decision processes where relevant to the platform’s operation.
Section 2. Intellectual Property Position
Unless and until more specific contribution terms are adopted, contributors remain responsible for submitting only material they are entitled to submit, and the platform must hold at least the rights reasonably necessary to review, store, relate, and govern that material within the platform.
Section 3. No Assumption of Acceptance
Submission of material to the platform does not by itself create membership, endorsement, employment, publication, or adoption into official work.
Section 4. Communication as Record
Where communication supports review, coordination, decision, governance, or continuity, it may be retained as part of the platform’s operational record.
Article IX: Ethical Position and Standards of Conduct
Purpose: To define the ethical posture of the platform in relation to participation, data handling, restraint, and seriousness of use.
Section 1. Ethical Seriousness
Time Machine Project treats privacy, data handling, attribution, review, and governance as ethical as well as operational matters.
Section 2. Respect for Persons
Personal data should be handled fairly, proportionately, and with respect for the legitimate interests and rights of the people to whom it relates.
Section 3. Data Restraint
The platform seeks not to invite, collect, or retain unnecessary sensitive personal data. Users should not submit personal data about themselves or others beyond what is reasonably required.
Section 4. No Guarantee of Scientific, Legal, or Professional Correctness
The platform supports serious collaborative work, but does not guarantee that submitted content is complete, correct, safe, lawful to rely upon, or suitable for professional, safety-critical, or regulated use without further review.
Section 5. Responsible Use
Use of the platform should be serious, lawful, non-abusive, and directed toward constructive mission-related contribution rather than disruption, misuse, extraction of personal data, or bad-faith activity.
Article X: Complaints, Review, and Change Control
Purpose: To define how privacy concerns, complaints, and future changes to this page are handled.
Section 1. Contact Route
Questions, concerns, and requests relating to privacy, data handling, deletion, or correction should be directed to the contact route designated by the platform.
Section 2. Review
This page should be reviewed periodically and updated where required by legal development, operational change, governance improvement, or platform maturity.
Section 3. Complaints
Individuals who remain dissatisfied after raising a concern with the platform may also have the right to complain to the relevant supervisory authority.
Section 4. Change Control
Updated versions of this page supersede prior versions from the date of publication, subject always to any legal rights or obligations that continue to apply to earlier processing activities.