Timesheets ← Back to home

Privacy Policy

Last updated: March 25, 2026

1. Introduction

Timesheets ("we", "our", or "us") is committed to protecting the personal information of the organisations and individuals who use our platform. This Privacy Policy explains what data we collect, how we use it, and the choices you have.

By creating an account or using Timesheets, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Account data: When you register, we collect your name, email address, and a hashed password. Organisation administrators may also provide an organisation name.

Usage data: We collect time entries, project and activity records, timer sessions, approval submissions, schedule entries, and invoices that you create within the platform.

Kiosk data: If you use Kiosk Mode, we store a kiosk identifier and a hashed PIN per user to authenticate on-site clock-ins.

Audit logs: Actions such as creating, editing, or deleting records are logged with a timestamp and the user who performed the action.

Technical data: We may collect standard server logs including IP address, browser type, and pages visited for security and diagnostic purposes.

3. How We Use Your Information

  • To provide and operate the Timesheets platform.
  • To authenticate users and maintain session security.
  • To generate reports, invoices, and other outputs you request.
  • To send transactional emails (e.g. invitations, password resets).
  • To maintain audit trails required for compliance.
  • To improve and maintain the reliability of the service.

We do not sell your data to third parties. We do not use your data for advertising.

4. Multi-Tenancy & Data Isolation

All data within Timesheets is scoped to an organisation. Users in one organisation cannot access data belonging to another. Organisation administrators control who is invited to their organisation and what permissions those users have.

5. Data Retention

We retain your data for as long as your account is active or as needed to provide you services. If you close your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal or compliance purposes.

6. Third-Party Services

We use the following third-party services to operate the platform:

  • SendGrid — for transactional email delivery. Email addresses are shared with SendGrid only to the extent required to send messages you have requested.
  • Microsoft SQL Server — as the underlying database engine for storing your data.

7. Security

We take reasonable technical and organisational measures to protect your data, including hashed password storage, HTTPS transport encryption, and role-based access controls. No system is completely secure, and we encourage you to use a strong, unique password.

8. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, or delete your personal data. To make a request, please contact us using the details below. We will respond within 30 days.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email. Continued use of the platform after changes are posted constitutes acceptance of the revised policy.

10. Contact

If you have any questions about this Privacy Policy, please contact us at privacy@timesheets.app.