Data security and GDPR

Trust lies at the center of our software. We want Timely to enable people; not cheat or spy on them – and there would be absolutely no substance to our business if it did. Your data belongs to you alone, and we want to keep it that way. This page details the things we do to protect your data.

Your data, your rules

As the owner of your data, you can do any of the following at any point:

  • Download and check everything Timely has on file for you.
  • Permanently delete all your stored data from Timely.
  • Turn the Memory app on or off (and therefore start or stop tracking).
  • Grant or revoke Timely’s access to integrated apps.
  • Contact our dedicated data protection officer.

Only you can see your
privately tracked data.

Data sharing in Timely is built on a model of employee consent. Your boss and colleagues can see the final time sheet you approve, but they can never access your tracked Memory data. No screenshots, geo-tagging or weird mouse monitoring – employers can never infringe an employee’s right to data privacy in Timely.

Your Memory data is securely stored.

All Timely user data is stored on IOS 27001-certified AWS servers based in Europe, via our sub-suppliers and sub-processors, Amazon and Heroku (Salesforce). Both of these companies are Privacy Shield Certified and satisfy the world’s strictest standards on data protection, as laid out under European law. We are fully compliant with the GDPR, DSGVO and SOC2, and do not use any sub-suppliers outside the EU/EEA-area.

We don’t – and never will – do anything creepy with your data.

We will never use your Memory data to sell you ads, sell your data to third parties or data brokers, or do anything else so unethical and self-destructive. All the data our AI engineers see is fully anonymized; they can’t determine anyone’s identity from the data they use to train Timely's algorithms. Our data protection officer is the only individual theoretically able to see all data, and our Support team will always ask for your consent before accessing your account to fix a problem.

What Timely tracks

Timely’s Memory app doesn’t have full access to everything going on inside your computer. It only records the page titles and timestamps of apps you are actively using. It won’t track this information on “private” or “incognito” browser windows, unless you use Firefox (which is built in a way that unfortunately makes it impossible to block tracking).

It doesn’t track the actual content within those pages. So, it can record how long you spend on a specific website, but not the details of what you actually read, see or write.

We do have a few bespoke integrations for popular work tools like Google Calendar and GitHub, which give you more specific details on elements of your work — like the title of emails you sent, meetings you attended and locations where you worked from. But these integrations are not active by default; you decide whether to grant Timely access to them.

The Memory app never takes screenshots. Users wishing to track idle time on desktop can opt into mouse and keystroke movement tracking. This data is only ever used for idle detection and stays confidential to the individual.

The Memory app icon on your taskbar indicates whether your computer activity is being tracked or not.
The screenshot (taken from sequel Pro) shows what a few seconds of activity in a Slack window looks like. This is how your data is represented in the database.

How your data is handled

Data encryption

Data stored by Timely that (can) contain confidential business or customer information of the customers/partners is encrypted.

SSL encryption

All communication between the server and the client (browser, mobile and desktop) is encrypted by using SSL encryption (HTTPS). The SSL certificate is issued by Comodo.

Critical data

We don’t store your credit card details; all payments and processing is handled by external services, like Stripe. Your passwords are stored using one-way encryption using the Bcrypt hashing algorithm — never in plain text.

Files storage

Timely uses Amazon S3 to store files like profile pictures, invoices and generated reports. The file paths are randomly generated un-guessable keys.

Deletion of data

When you delete your account, or submit a data deletion request, all the data associated with your profile will be deleted within 7 days. This includes all the activity data tracked by the Memory application.

Backup

Timely backs up data every day, but the backup is kept for a period of 5 days before it is destroyed.

Want more information?

See our terms and conditions, for a full read of our policy on data handling, processing and storage. If you still have questions, check out these data FAQs or send a query to support@timelyapp.com.