Privacy Policy
Last updated: June 2026
Time-Pop is a local-first application. Your time tracking data is stored on your device by default. This policy explains what we collect, when, and why.
Data we collect
Personal Mode (no account): No data is collected. All records remain on your device. No network requests are made.
Pro / Enterprise (with account): We collect your email address for authentication, and sync your time entry records (project, activity, duration) to our cloud infrastructure to enable multi-device access and team reporting. We use Supabase hosted in the EU (Frankfurt, Germany).
Data we never collect
We do not collect keystrokes, screenshots, clipboard content, application usage, browsing history, location data, or any other behavioural monitoring data. This applies to all users in all modes.
Data retention and deletion
You can export or delete your data at any time via the app settings. For enterprise organisations, admins can configure retention policies. Deletion is permanent and we do not retain backups beyond 30 days.
GDPR
We comply with the UK GDPR and EU GDPR. Our lawful basis for processing is contract performance (providing the service you've signed up for). Enterprise customers can request a Data Processing Agreement (DPA). Contact enterprise@time-pop.com.
Contact
Questions about this policy: support@time-pop.com