TimeconeTimeconeSign In

Privacy Policy

Last Updated: January 2025

1. Introduction

Timecone ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our employee time tracking and project management portal (the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, do not use the Service.

2. Information We Collect

2.1 Personal Information

We collect the following personal information:

  • Profile Information: Name, email address, title, role, employee type, department, supervisor information, profile image, and approver designations
  • Authentication Data: Passwords (stored using bcrypt hashing), Azure AD OAuth tokens, and session information
  • HR Information: Financial data (hourly cost), time off settings, vaccine status, payroll ID, exempt status, and work calendar
  • Activity Data: Last active timestamps, login history, and user activity logs

2.2 Timesheet and Project Data

We collect and store:

  • Time entries with project and deliverable assignments
  • Comments and notes associated with time entries
  • Document attachments and expense receipts
  • Timesheet submission and approval history
  • Project and task assignments

2.3 Integration Data

When integrated with third-party systems, we may collect:

  • NetSuite ERP data (clients, projects, resources, personnel)
  • QuickBooks mapping information
  • External HR system data (when configured)

3. How We Use Your Information

We use the collected information for the following purposes:

  • To provide and maintain the Service
  • To authenticate users and manage access to the Service
  • To process timesheet entries and manage project assignments
  • To generate reports and analytics for your organization
  • To send notifications, reminders, and updates related to the Service
  • To sync data with integrated third-party systems (NetSuite, QuickBooks, etc.)
  • To improve and optimize the Service
  • To comply with legal obligations and enforce our terms

4. Third-Party Services

We use the following third-party services that may access your information:

4.1 Authentication Services

  • Azure AD (Microsoft): For single sign-on authentication. Microsoft's privacy policy applies to data processed through Azure AD.

4.2 Business Integration Services

  • NetSuite: ERP integration for syncing projects, resources, and personnel data
  • Azure Blob Storage: Secure document and file storage

4.3 Communication Services

  • SendGrid: Email delivery service for notifications and reminders

4.4 Analytics and Monitoring Services

  • Sentry: Error tracking and performance monitoring
  • Datadog RUM: Real user monitoring and application performance monitoring
  • LogRocket: Session replay and debugging
  • Google Analytics: Page view and usage analytics

These third-party services have their own privacy policies governing the collection and use of your information. We encourage you to review their privacy policies.

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Session Cookies: To maintain your login session (NextAuth session tokens)
  • Organization Cookies: To remember your organization selection in multi-tenant environments (`timecone-org` cookie)

Session tokens are stored in cookies with a default expiration of 7 days (configurable by your organization). You can control cookie settings through your browser preferences, though disabling cookies may limit your ability to use certain features of the Service.

6. Data Storage and Security

6.1 Data Storage

Your data is stored in:

  • MongoDB: Primary database for user profiles, timesheets, projects, and related data
  • Azure Blob Storage: Secure cloud storage for documents, attachments, and files

6.2 Multi-Tenant Architecture

The Service uses a multi-tenant architecture where each organization's data is isolated in separate databases. Your organization's administrators have access to data within your organization's tenant only.

6.3 Security Measures

We implement security measures including:

  • Password encryption using bcrypt hashing
  • Secure HTTPS connections for all data transmission
  • Multi-tenant data isolation
  • Regular security audits and updates
  • Access controls and authentication requirements

7. Data Sharing and Disclosure

We may share your information:

  • With Your Organization: Your employer or organization administrators have access to your timesheet data, profile information, and activity within your organization's tenant
  • With Third-Party Services: As described in Section 4, we share data with third-party services necessary to provide the Service
  • For Legal Compliance: When required by law, court order, or government regulation
  • To Protect Rights: To protect our rights, privacy, safety, or property, or that of our users

We do not sell your personal information to third parties for marketing purposes.

8. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy. When you request account deletion, we use a soft delete mechanism that marks records as deleted while retaining them for a period to comply with legal obligations and for data recovery purposes.

Timesheet and project data may be retained for historical reporting and compliance purposes even after account deactivation, as determined by your organization's policies.

9. Your Rights and Choices

You have the right to:

  • Access: Request access to your personal information
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your account and personal information (subject to legal and organizational requirements)
  • Objection: Object to certain processing of your information
  • Portability: Request a copy of your data in a portable format

To exercise these rights, please contact your organization's administrator or use the contact information provided in Section 11.

Note: Some rights may be limited by your organization's policies or legal requirements. Your organization's administrators may have access to and control over your data within the Service.

10. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights regarding your personal information, please contact:

Privacy Inquiries
Timecone
Email: privacy@timecone.io
(Please contact your organization's administrator for organization-specific privacy inquiries)

Terms of Use|Home