Timetracker Privacy & Security Policy
1. Introduction
Timetracker is committed to protecting your privacy and ensuring the security of your data. This policy explains what data we collect, why we collect it, how we use and protect it, and your rights regarding your personal information.
2. Roles & Data Ownership
- User data (e.g., time logs, client/project information): You, as the account owner, are the data controller. We act as your data processor, meaning we store and process your data strictly under your instruction.
- Account-related information (your name, email, billing details): We act as data controller — we collect it from you to provide our service, comply with legal obligations, and support you.
3. What Data We Collect
| Purpose | Data Collected | Legal Basis |
|---|---|---|
| Account creation | Name, email, country, company name | Contractual necessity |
| Billing | Subscription plan, payment info (e.g., credit card, VAT number) | Contractual necessity |
| Usage & support | Activity logs, error reports | Legitimate interest (for service improvement) |
| Marketing | Email (opt-in) | Consent |
4. Cookies & Tracking
We use cookies, web beacons, and analytics tools (e.g., Google Analytics) to understand usage trends, optimize site experience, and for marketing purposes. You may adjust your cookie preferences at any time.
5. Data Sharing & Sub-processors
We may share your data with trusted third-party service providers to deliver Timetracker services:
- Hosting infrastructure: e.g., AWS or Azure (region‑specific)
- Payments: Payment processor (e.g., Stripe)
- Support tool: e.g., Help Scout or Zendesk
- Analytics: Google Analytics
Each provider operates independently and has its own privacy practices. We only engage providers with strong privacy and security measures.
We do not sell your personal data.
6. Security Measures
- Encryption: All communications are SSL/TLS-encrypted. Data at rest is encrypted using industry standards.
- Secure infrastructure: Hosted on secure cloud platforms like AWS/Azure, with multi-region replication and hardware redundancy.
- Access controls: Only authorized personnel have access to data, using restricted, logged, and audited systems.
- Backups & reliability: Regular backups (multiple times an hour) ensure minimal data loss and 99%+ uptime.
- Certifications: We hold ISO 27001 certification and undergo quarterly security assessments.
7. Access & Use of User Data
Our support team may access your data only for troubleshooting, through secure VPN and logged sessions. Users are notified of all access events via audit trails.
8. Data Retention & Deletion
- Account data is retained for active subscription periods.
- Upon termination, data is permanently erased from production systems and backups after 30 days.
- We may retain anonymized usage data or as required by law.
9. Your Rights
GDPR / CCPA / Similar laws
- Access, correct, export, or delete your personal data
- Object to processing or withdraw consent
- Request restriction of processing
- Lodge a complaint with a supervisory authority
Requests will be processed promptly, typically within 30 days (or 45 days under CCPA for US residents). We may need to verify your identity to proceed with your requests.
10. Data Breach Notification
We maintain an incident-response policy. Should a breach occur, we will notify affected users without undue delay and comply with applicable data-breach notification laws.
11. International Data Transfers
Data may be transferred and processed globally (e.g., US, EU). When transferring data outside jurisdictions such as the EEA, we protect it through mechanisms like Standard Contractual Clauses.
12. Policy Updates
We may update this policy from time to time. Users will be notified of significant changes via email or in-app message.
13. Contact Us
If you have any questions about this policy or wish to exercise your rights, please email privacy@timetracker.in.
Summary
Timetracker respects your ownership of data, uses strong security measures, limits access, provides transparency on data handling, and complies with major data protection laws. Let me know if you'd like to add details specific to your business!