Data Flow & Architecture

Last updated: June 30, 2026 — operated by Erbacci LTD · How your data moves through TimeLapse and where it lives.

1. One-line summary

Your Ring snapshots are read on the schedule you set, stored only in a private AWS account in the EU (eu-west-1), and compiled into time-lapse reels you view through short-lived private links. No Ring camera media ever leaves AWS. The only data sent to a third party is the address and content of two transactional emails (delivered by Resend).

2. End-to-end data flow

1 · Link You add TimeLapse in the Ring app and tap "Connect with Ring". A one-way, server-to-server OAuth token exchange links your account. We read your account's verified email from Ring's Users API (GET /v1/users/me) — you never type it. We never see your Ring password.

2 · Capture On your chosen cadence and working-hours window, our backend (AWS Lambda, eu-west-1) requests still snapshots from Ring's recording-derived Image Snapshots API for the cameras you designated. No live video, no audio.

3 · Store Snapshots are written to a private Amazon S3 bucket (all public access blocked, SSE-AES256 at rest). Project/config metadata lives in DynamoDB (encrypted at rest).

4 · Compile A scheduled job stitches your snapshots into daily and cumulative MP4 reels with ffmpeg (deterministic sequencing/encoding only — no AI, no detection).

5 · View The dashboard fetches reels via short-lived presigned URLs (6-hour expiry). Media is never public.

6 · Notify When a reel is ready, a notification email is sent via Resend (address + dashboard link only).

3. Where each data element lives

DataLocationLeaves AWS?
Ring snapshots (JPEG)Private S3, eu-west-1No
Compiled reels (MP4)Private S3, eu-west-1No (only you, via presigned link)
Account ID, email, project configDynamoDB, eu-west-1No
Ring OAuth tokensDynamoDB, eu-west-1 (purged on unlink)No
Email address + message content (reel-ready notice / sign-in code)Sent to Resend to deliver the emailYes — address + text only, never media

4. Authentication (passwordless)

The dashboard credential is an opaque, server-issued session token. There are no passwords anywhere.

5. Media watermark

Ring applies a standard server-side watermark to all camera media — the Ring logo (top-left) plus the device ID, app name, and timestamp (top-right). It is present on every snapshot and therefore appears in the compiled reels. TimeLapse does not add, alter, or remove it.

6. Sub-processors

ProviderPurposeWhat it receives
Amazon Web ServicesCompute (Lambda), storage (S3), database (DynamoDB) — all in eu-west-1All processing and storage of Ring media happens here, and only here.
Resend (resend.com)Transactional email delivery: the "reel is ready" notification and the passwordless sign-in one-time codeRecipient email address + message content (a dashboard link, or a 6-digit code). Never any Ring snapshots, reels, or video.

We share customer data with no other third parties for their own purposes, and we never sell data.

7. Deletion

You can delete your account and all data instantly from the dashboard (Settings → Delete account & data): this purges your snapshots, reels, projects, settings, and Ring tokens/session right away. Disabling TimeLapse from the Ring app also revokes access and stops capture.

8. Contact

info@erbacciltd.com