Privacy Policy

We collect the following categories of personal information:

a) Account Information

• Email address and password (collected when you create an account)
• Display name (if provided)
• Profile photo (if uploaded)
• Source: Provided directly by you

b) Time Tracking & Business Data

• Time entries (dates, durations, descriptions, hourly rates)
• Client information (names, email addresses, phone numbers, addresses, notes)
• Project information (names, descriptions, budgets, statuses)
• Invoice data (amounts, line items, payment status, due dates)
• Business information (business name, address, logo, payment terms)
• Source: Provided directly by you through use of the Service

c) Team & Collaboration Data

If using Teams features:

• Team membership information
• Role assignments and permissions
• Shared client and project data within your team
• Source: Provided by you or your team owner/administrator

d) Financial & Transaction Data

• Subscription plan and billing status
• Payment method details (processed and stored by Stripe; we do not store full card numbers)
• Transaction history
• Source: Provided by you through payment processors

e) Device & Usage Data

• Device type, operating system, and version
• App version
• IP address
• Browser type (for web app)
• General usage patterns (features used, session duration)
• Crash reports and error logs
• Source: Collected automatically when you use the Service

f) Sensitive Personal Information

Under CCPA/CPRA, the following data we collect may be classified as sensitive personal information:

• Account login credentials (email and password combination)
• Financial account information (payment details processed through Stripe)

We use sensitive personal information only for the purposes of providing the Service to you, processing your payments, and maintaining account security. We do not use sensitive personal information for profiling or advertising purposes.

We use your information for the following business purposes:

• Providing the Service: Storing your time entries, managing clients, generating invoices, and enabling team collaboration
• Account Management: Creating and maintaining your account, authenticating your identity, and managing your subscription
• Payment Processing: Processing subscription payments and invoice payments through Stripe
• Communication: Sending transactional emails (invoice notifications, payment confirmations, subscription updates, team invitations) and responding to support requests
• Service Improvement: Analyzing usage patterns to improve features, fix bugs, and enhance the user experience
• Security: Detecting and preventing fraud, abuse, and unauthorized access
• Legal Compliance: Complying with applicable laws, regulations, and legal processes

We do NOT use your information for:

• Behavioral advertising or ad targeting
• Selling to third parties
• Building advertising profiles
• Purposes unrelated to providing the Service

We do NOT sell your personal information. We do NOT share your personal information for cross-context behavioral advertising.

We disclose personal information to the following categories of service providers solely for the purpose of providing the Service:

a) Cloud Infrastructure & Data Storage

• Firebase / Google Cloud Platform: Database hosting, authentication, cloud functions, file storage
• Data shared: All account and business data stored in our database

b) Payment Processing

• Stripe: Subscription billing, invoice payment processing
• Data shared: Name, email, payment method details, transaction amounts
• RevenueCat: Subscription management and analytics for iOS in-app purchases
• Data shared: Anonymous subscriber ID, subscription status, transaction data

c) Email Delivery

• Resend: Transactional email delivery (invoices, team invitations, notifications)
• Data shared: Email addresses, email content

d) Hosting & Delivery

• Vercel: Web application hosting
• Data shared: IP addresses, browser information (standard web server logs)
• Apple: iOS app distribution via App Store
• Data shared: App usage data per Apple's privacy practices

e) Legal Requirements

We may disclose your information if required to do so by law, court order, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

All service providers are contractually obligated to use your data only for the purposes of providing their services to us and are prohibited from selling or sharing your data for their own purposes.

We retain your personal information for as long as your account is active or as needed to provide the Service to you. Specific retention periods:

• Account Information: Retained while your account is active. Deleted within 30 days of account deletion request.
• Time Tracking & Business Data: Retained while your account is active. Free tier users: 90 days of active history accessible in-app; full history retained in database until account deletion.
• Financial & Transaction Data: Retained for 7 years after the transaction date for tax and legal compliance purposes.
• Device & Usage Data: Retained for up to 24 months, then aggregated or deleted.
• Crash Reports: Retained for up to 12 months.

When you delete your account, we will delete or anonymize your personal information within 30 days, except for data we are required to retain for legal or compliance purposes.

We offer a free tier of the Service and may periodically offer promotional pricing (such as introductory rates for new subscribers or free trial periods). These offers are not designed to discriminate based on the exercise of privacy rights. The value of the personal information collected through these programs is reasonably related to the overall value of the Service provided to you. You may opt out of promotional offers at any time without affecting your access to the Service.

We implement reasonable technical and organizational security measures to protect your personal information, including:

• Encryption of data in transit (TLS/HTTPS)
• Encryption of data at rest (via Firebase/Google Cloud)
• Secure authentication with hashed passwords
• Access controls limiting employee access to personal data
• Regular security reviews of our infrastructure

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Your information may be transferred to and processed in the United States, where our servers and service providers are located. If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in a country with different data protection laws than your jurisdiction.

The Service is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe we have collected information from a child under 16, please contact us.

The Service may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access.

The Service does not currently respond to "Do Not Track" browser signals. However, we do not engage in cross-site tracking or behavioral advertising.

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending an email notification to the address associated with your account (for material changes)

We will update this policy at least every 12 months, even if no substantive changes are made, as required by California law. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.