zeitick

Privacy Policy

Privacy Policy for zeitick - Learn how we collect, use, and protect your data.

Last Updated: December 2024

Introduction

At zeitick, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application ("App") and related services ("Service").

By using the App, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, do not use the App.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address (required for authentication)
  • Full name
  • Avatar/profile picture (optional)
  • User role (admin, project_manager, standard_user)
  • Account creation and update timestamps

1.2 Time Tracking Data

We collect and store your time tracking data, including:

  • Date, start time, end time, and duration of time entries
  • Project assignments
  • Descriptions and notes
  • Work type (remote, onsite, hybrid)
  • Billable status
  • Invoice linkage (if time entries are invoiced)

1.3 Project & Customer Data

We collect information about your projects and customers:

  • Project Information: Name, description, rates, dates, customer assignments, color coding, and project type (internal vs. customer)
  • Customer Information: Name, email, phone, company name, address (street, city, state, zip, country), tax ID, and notes
  • Project Assignments: User-project relationships and roles

1.4 Invoice Data

We collect invoice-related information:

  • Invoice numbers, issue dates, due dates, and service periods
  • Invoice items (linked to time entries or manual)
  • Subtotal, tax rate, tax amount, and total amounts
  • Currency information (USD, EUR, GBP, CAD, AUD)
  • Invoice status (draft, sent, paid, overdue, cancelled)
  • Notes and terms
  • Customer and company information used in invoices

1.5 Company Information

If you provide company information for invoicing, we collect:

  • Company name, address, and contact information
  • Tax ID and business registration numbers
  • Bank account information
  • Company logo (if uploaded)

1.6 Usage Data & Settings

We collect app settings and preferences:

  • Language preferences (English, German)
  • Theme preferences (light/dark mode)
  • Notification settings
  • Default work day hours
  • Default currency and tax rate

1.7 Device Information

We may collect device information necessary for app functionality, such as device type, operating system version, and unique device identifiers. This information is used to ensure compatibility and improve app performance.

1.8 Authentication Data

Authentication is handled by Supabase Auth. We do not store your password in plain text. Passwords are securely hashed and stored by Supabase.

2. How We Use Information

We use the information we collect to:

  • Provide the Service: Enable time tracking, project management, invoicing, and collaboration features
  • Generate Invoices: Create invoices from your time entries and project data
  • Manage User Accounts: Authenticate users, manage roles and permissions, and handle account settings
  • Enable Collaboration: Support team features, user invitations, and project assignments
  • Improve App Functionality: Analyze usage patterns to enhance features and fix bugs
  • Send Notifications: Provide local notifications for timer reminders and important updates (with your consent)
  • Support and Customer Service: Respond to your inquiries and provide technical support
  • Ensure Security: Detect and prevent fraud, abuse, and security threats
  • Comply with Legal Obligations: Meet legal requirements and respond to lawful requests

3. Data Storage & Security

3.1 Backend Infrastructure

Your data is stored securely using Supabase, a backend-as-a-service platform. Supabase uses PostgreSQL databases with encryption at rest and in transit.

3.2 Row-Level Security (RLS)

We implement Row-Level Security policies that ensure users can only access their own data. This means:

  • Users cannot access other users' data
  • Data is isolated per user account
  • Team collaboration is controlled through explicit project assignments and roles

3.3 Authentication Security

Authentication is handled securely through Supabase Auth using industry-standard practices. Passwords are hashed using secure algorithms and never stored in plain text.

3.4 Data Access Controls

Access to data is controlled through role-based access control (RBAC). Admins have full access, Project Managers can access assigned projects and team data, and Standard Users can only access their own data and assigned projects.

3.5 Data Sync

Your data syncs automatically with our cloud backend. The App supports offline functionality, allowing you to track time without internet connectivity. Data syncs automatically when you reconnect to the internet.

3.6 Security Measures

We implement appropriate technical and organizational measures to protect your data, including encryption, secure authentication, access controls, and regular security assessments. However, no method of transmission over the internet or electronic storage is 100% secure.

4. Data Sharing

4.1 No Sale of Personal Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

4.2 Service Providers

We share data with trusted service providers who assist us in operating the Service:

  • Supabase: Provides backend infrastructure, database services, authentication, and storage
  • These service providers are contractually obligated to protect your data and use it only for the purposes we specify

4.3 User-Initiated Sharing

You may choose to share information through the Service:

  • User Invitations: When you invite team members, we send invitation emails containing invitation tokens
  • Invoices: You can export and share invoices you create. You are responsible for how you share invoices
  • Team Collaboration: Data you enter may be visible to team members based on their roles and project assignments

4.4 Legal Requirements

We may disclose your information if required by law or in response to valid legal requests, such as court orders, subpoenas, or government investigations. We may also disclose information to protect our rights, property, or safety, or that of our users or others.

4.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change in ownership or control.

5. User Rights

You have the following rights regarding your personal information:

5.1 Access

You have the right to access your personal data. You can view most of your data directly in the App. For additional access requests, please contact us.

5.2 Correction

You can update and correct your account information, time entries, projects, and customer data directly in the App. If you need assistance, please contact us.

5.3 Deletion

You have the right to request deletion of your account and associated data. You can delete your account through the App settings or by contacting us. Upon account deletion, we will delete your data in accordance with our data retention policy, typically within 30 days.

5.4 Data Export

You have the right to export your data. The App provides CSV export functionality. For additional export requests, please contact us.

5.5 Opt-Out of Notifications

You can control notification preferences in the App settings. You can disable notifications at any time.

5.6 Withdraw Consent

Where we rely on your consent to process your data, you have the right to withdraw consent at any time. Withdrawing consent may affect your ability to use certain features of the Service.

5.7 Exercising Your Rights

To exercise any of these rights, please contact us at support@zeitick.online. We will respond to your request within a reasonable timeframe and in accordance with applicable data protection laws.

6. Children's Privacy

The App is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information.

If you are between 13 and 18 years old, you must have your parent's or guardian's permission to use the App.

7. International Data Transfers

Your data may be stored and processed in countries other than your country of residence. Supabase infrastructure may be located in various regions. By using the Service, you consent to the transfer of your data to these locations.

We ensure that appropriate safeguards are in place to protect your data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) where applicable.

8. Data Retention

8.1 Active Accounts

We retain your data for as long as your account is active and you are using the Service. We will retain your data to provide the Service and comply with legal obligations.

8.2 Account Termination

Upon account termination, we will delete your data in accordance with our data retention policy. Deletion typically occurs within 30 days of account termination, unless we are required to retain certain data for legal or regulatory purposes.

8.3 Offline Data Retention

Offline data stored on your device is retained for 30 days. After this period, offline data may be automatically deleted if not synced with the cloud backend.

8.4 Legal Requirements

We may retain certain data longer if required by law or for legitimate business purposes, such as resolving disputes, enforcing agreements, or complying with legal obligations.

9. Cookies & Tracking

The App may use local storage and similar technologies to store your preferences and improve functionality. We do not use cookies or tracking technologies on our website for advertising purposes.

If our website uses analytics tools in the future, we will update this Privacy Policy to disclose such usage and provide opt-out options.

10. Third-Party Services

10.1 Supabase

The Service uses Supabase for backend services, including database storage, authentication, and file storage. Supabase's privacy practices are governed by their own privacy policy. We recommend reviewing Supabase's privacy policy to understand how they handle data.

10.2 Apple App Store

If you download the App through the Apple App Store, your use of the App is also subject to Apple's Terms of Service and Privacy Policy. Apple may collect certain information related to your use of the App Store.

10.3 Links to Third-Party Services

The App may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

11. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal information we collect, use, and disclose
  • The right to delete your personal information
  • The right to opt-out of the sale of personal information (we do not sell personal information)
  • The right to non-discrimination for exercising your privacy rights

To exercise these rights, please contact us at support@zeitick.online.

12. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • The right to access your personal data
  • The right to rectification of inaccurate data
  • The right to erasure ("right to be forgotten")
  • The right to restrict processing
  • The right to data portability
  • The right to object to processing
  • Rights related to automated decision-making and profiling

To exercise these rights, please contact us at support@zeitick.online. You also have the right to lodge a complaint with your local data protection authority.

13. Changes to Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

  • Posting the updated Privacy Policy on our website
  • Updating the "Last Updated" date
  • Sending you an email notification (for significant changes)
  • Displaying a notice in the App (for significant changes)

Your continued use of the App after any changes to this Privacy Policy constitutes your acceptance of the updated policy. If you do not agree with the changes, you should stop using the App and may delete your account.

14. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Email: support@zeitick.online
Website: https://zeitick.online

We will respond to your inquiry within a reasonable timeframe and in accordance with applicable data protection laws.