Protecting your data and privacy

We developed Timely to help you better understand your personal data – not to hand it out to other people. Here’s how we keep your data safe and private; for the full legal long read, check out our Privacy Policy.

How it all works

Timely solves the pain and inaccuracy of manual time tracking by automatically capturing everything you work on. To do that, it collects basic information — namely, the title and active timestamp of web and desktop applications. Unlike some time tracking tools, Timely offers user privacy by design, meaning all the information Timely collects stays completely private to you.

The basics of Memory explained

Your data and you

You remain in complete control of your personal information within our systems – with the right to access, download and remove any of it at any point.

You must actively opt into automatic tracking by installing the Memory app
The Memory Tracker only tracks the page titles and timestamps of active apps
Tracked activity is uploaded to your Memory timeline, which only you can see
You can permanently delete any tracked activity from our servers
You can download and delete your data, or remove your account, at any point

Your data and your colleagues

By offering user-level privacy by design, Timely is a time tracking tool teams can actually trust. We will never let anyone you work with access or take screenshots of your private data.

Nobody can ever access your private Memory timeline
We will never support covert monitoring tactics, like screenshots or remote control
The information colleagues see comes from your public timesheet
You control what data appears on your timesheet
AI timesheet entries are never shared without your review and approval

Your data and us

We are constantly working to fortify and update our systems based on the best security practices available. We will never sell your data to third parties or use it to serve you ads.

Learn more about our sub-processors and cookies policy.

Data is securely stored on ISO 27001-certified AWS servers in Europe
Data transfer is encrypted using SSL encryption (HTTPS)
Data backups are destroyed after one week
Card transactions are processed using Stripe’s bank-level security encryption

While our backend engineers may need to access your data to help you fix a problem, they will only ever do so after securing your consent.

Common questions and answers
What type of information does Timely capture?

By itself, Timely doesn’t actively capture anything. You can choose to download our Memory app to automatically track the time you spend in web and desktop apps. Additionally, you can choose to connect native integrations to pull in information from the other apps you use at work. On our website, you can choose to accept or reject basic cookies that help us understand and improve your experience (see our cookie policy).

How does the Memory app work? What data does it collect?

The Memory app enables automatic time tracking in Timely. It doesn’t have full access to everything going on inside your computer; it only requests basic information about the applications you use—namely, page titles, file path and timestamps of apps you are actively using. Each individual activity—or “memory”— is then uploaded to your private timeline inside Timely, which only you can access. You need to download the Memory app to use it, and you control when you want to turn it “on” or “off”.


Here's an example of raw Memory data from time spent using Google Chrome:

{"id":null,"timestamp":"2017-07-18T09:08:51.000+02:00","app":"Google Chrome","window":"nl-classifier - API Reference | IBM Watson Developer Cloud","detail":"https://www.ibm.com/watson/developercloud/natural-language-classifier/api/v1/#create_classifier","name":"ibm.com","detected_app":"Google Chrome"}

Read more on what Memory captures here

Can Memory track incognito website activity?

Memory can’t track time spent in “private” or “incognito” browser windows, unless you use Firefox (which, unfortunately, is built in a way that makes it impossible to block tracking). Memory doesn’t track the actual content of web pages or what you actually read, see, or write—it’s only built to record how long you actively spend on a specific website or application.

Do you take screenshots or track keystrokes?

Timely is not an employee monitoring software. We will never support employee screenshots, keystroke monitoring or any other invasive surveillance tactics. See our Privacy Promise for a slice of our thinking.

Can my boss or colleagues see my memories?

No. Your memories are completely private to you—only you can see your private activity timeline. Your colleagues and managers can only see the time entries you publicly log to your timesheet. Even if you link memories to a public time entry, they will remain private.

What do you use my data for?

Your memory data exists to help you minimize timesheet admin, create accurate invoices, and report transparently on all of your time. Our machine learning team only use encrypted, anonymized data sets to develop and improve our software. We don’t sell your data, or use it for marketing or advertising purposes. A carefully selected group of sub-processors that we partner with can require access to certain personal data. We only grant this when it is absolutely necessary to the provision of our service and only ever enter into fully GDPR-compliant data processing agreements.

What about Timely’s native integrations with third-party apps? What data is shared?

Timely’s native integrations let you pull information from other work apps, like email inboxes and calendars, into your private timeline. To do this, Timely requests limited access to third-party apps. Timely’s Gmail integration, for example, will record the subject line and a snippet (the first line from the email you worked on) to your private timeline to provide a detailed log of your daily communication. Timely can only access the basic information that Gmail allows, and never sends any of your private memory data to connected third-party apps.

Where and how do you store my data? Is it encrypted?

Your data is securely transferred and stored on IOS 27001-certified Amazon Web Services (AWS) servers in Europe. All communication between the server and your browser, mobile or desktop, and across our internal system, is encrypted using SSL/TLS encryption (HTTPS), with an SSL certificate issued by Comodo. Our database is also completely encrypted.

Amazon is one of the world's largest providers of hosting software; they spend massive resources on security and conduct ongoing risk and security assessments. In the web world, they're the safety standard. AWS is Privacy Shield-certified, so the transfer of data to it is in compliance with EU law. For the long read, check out their security policies here.

Can Timely employees see my data?

Only our Chief Data Protection Officer, Deputy Data Protection Officer (DPO) and Head of Growth can access the databases used to store information from Memory products. Connecting to the database is only possible from AWS EC2 instances created and monitored by our DPO. All data is protected by an internal auditing system (SQL audit logging) and DPO approval is required for database access (which is only granted as read-only). SQL audit logging captures the name of the individual accessing data, the purpose of access, the data accessed, the date and time of access and DPO approval. Individual developers can only access a subset of the tables for the data required to perform their tasks. Specific employees are only granted access to your account whenever we receive your permission to do so for troubleshooting, or any other needs that you request or require.

What about my passwords and card details?

Timely doesn’t process, store or transmit personal information (like your name, email, unique ID number or IP address). Card transactions are processed using Stripe’s bank-level security encryption, and passwords via a one-way hashing algorithm (Bcrypt). Memory uses Amazon S3 to store files like profile pictures, invoices and generated reports, and file paths are randomly generated SHA1 keys.

Do you run daily data backups?

Yes. Memory backs up data every day, and each backup is kept for a period of one week before being destroyed.

Can I delete data that I don’t want on your server?

Absolutely. You can delete memories either individually from your private timeline or in bulk from your Settings page, where you can also download all of your stored data at any point.

What security do you you have in place to protect my data?

We are constantly working to fortify and update our systems based on the best security practices available. We use the latest and most up-to-date software packages and libraries to prevent any security vulnerabilities and possible attacks. All user inputs and data collection is filtered through multiple possible security attacks rules before it is received on the server for processing. We follow industry standard coding practices and review processes while developing our applications. We also follow a periodic password rotation policy for all our internal and external tokens and keys.

All of our privacy program policies and procedures—including staff security training, escalation and reporting processes, and security incident response plans—are maintained and regularly reviewed by our Data Protection Officer (dpo@timelyapp.com). In the event of a system incident or breach, we have a dedicated Emergency Response Team ready, which consists of members of our QA, Support, Backend, and Operations teams.