Privacy Policy

Effective as of 7 October 2021

Your privacy is of the utmost importance at Devart. This Privacy Policy describes how we collect and manage your data.

By using tmetric.com (the “Site”) and/or registering a TMetric User Account (using the Service), you agree to the terms of this Privacy Policy and the Terms of Service. TMetric is designed and operated by Devart Ltd. (“Devart”, or “We”, “Our”, or “Us”). Please read the Terms of Service in their entirety, and refer to those for definitions and contacts.

  • We never sell your personal data to anyone.
  • We never share any information about your projects, time entries or customers with anyone without your explicit permission.
  • To provide better service, we share some statistical data and some Personal Data with third parties.
  • Your data is yours and you can change or delete it at any time.
  • We encrypt backups, don’t store credit card numbers on our servers and generally make sure your data is safe.


To exercise any of the rights mentioned in this Privacy Policy and/or in the event of questions or comments relating to the use of Personal Data please write to [email protected]

1. Data Collected

We may collect the following data from you.

Site Usage Data

We collect anonymous data from every visitor of our Site, such as, the website from which the person visited us from, the parts of Site visited, the date and duration of the visit, and information from the device (device type, operating system, screen resolution, language, country you are located in, and web browser type) you used during your visit. We only capture and store a truncated version of the IP address. It is captured and stored in an anonymized format by suppressing the last octet so your full IP address never reaches our servers and we never have access to it.

Cookies

We use cookies to process details of the visitor’s behavioral patterns upon visiting our Site. This is done to provide you with a better experience, and to facilitate the use of certain functions. Cookies are small data files transferred onto computers or devices by sites for record-keeping purposes and to enhance functionality on our Site.

For more info about the cookies we make use of, please read Cookies Policy.

User Profile Data

When you sign up to TMetric Service, we collect the following information from you: name, email, password, company name, and size. Most of this information can be reviewed and edited on the My Profile page of our Service.

Workspace Data

When using TMetric Service, you may provide us with the following information: names and emails of your employees/coworkers, projects and tasks you are working on, URLs of your tasks (from third-party web applications), your client names, currency and billing rates.

You can export this information using the TMetric reporting system. You can also delete your Workspace data at any time.

User Activity Data

The following information is collected by our desktop applications (macOS, Windows, and Linux):

  • applications currently being worked on
  • websites you visited
  • screenshots of each monitor
  • the time you are active
  • the operating system you are using
  • whether your mouse is actively moving or not
  • whether your keyboard is being typed on

What data is collected depends on the workspace and desktop client settings. The activity tracking settings can be changed by a workspace owner or admin. 

TMetric Desktop is not a keylogging program. It does not know what you are typing; rather, TMetric Desktop merely records whether your keyboard is active or inactive.

You can disable collection of your activity data from the Activity window of the TMetric Desktop application or on the Activity and Screenshots Capture screen of the web app.

Payment Information

If you choose to upgrade your Workspace to a paid Subscription Plan, we will redirect you to a secure online shop of our merchant provider (Verifone). They will collect your payment details and billing information.

Feedback

You may also provide information to be posted on public areas of the Site, or transmitted to other users of the Site or the Service or third parties. Your contributions are posted on and transmitted to others at your own risk. We cannot and do not guarantee that your contributions will not be viewed by unauthorized persons.

We use a third party chat service on the Site. This service is governed by its own privacy policy you may find in section 6.

This Privacy Policy also applies to information that you provide to us in email, text, and other messages.

2. Use of the Data

We only use your Personal Data to provide you with the Service to communicate with you about the Service or the Site. This includes both automated and manual processing of data.

With respect to any data you may choose to enter or upload to TMetric, we take the privacy and confidentiality of this data seriously. Your data (in the Service) is specifically not shared between accounts or with the public. We employ industry standard techniques to protect against unauthorized access of data that we store, including Personal Data. All off-site backups of your data are securely encrypted.

Please note that if you choose to share data (like sharing invoices with your clients), we are not responsible for any violation of privacy law you may be liable for.

We do not share Personal Data you have provided to us without your consent, unless we believe it’s necessary to:

  • carry out a user’s request;
  • provide the highest quality of service;
  • enforce our Terms of Service, or comply with legal requirements;
  • detect, prevent or address fraud, security or technical issues;
  • otherwise protect our property, legal rights, or that of others.

Devart may contact you by email. For example, Devart may send you promotional emails relating to TMetric or communicate with you about your use of the Site and Service. If you do not want to receive emails from us, please opt out of receiving emails at the bottom of any TMetric email. Please note that for some emails (for example billing issues), there’s no option to opt-out.

3. Who Has Access to the Data

If you use TMetric in your capacity as an employee, your employer has direct access to your data. If you are an independent contractor, the person or entity with whom you contract has direct access to your data.

Devart employees or contractors may have access your accounts and the information that you have provided for support, maintenance and servicing purposes or for any security-related, technical or billing reasons.

In addition, we may share some of your personal data (name, email, company information) with our sub-processors see (“Sharing of Data”).

4. Where the Data is Stored

Devart stores all your project, time entries, tasks, activity etc. in our database through Microsoft Azure services which are hosted and managed by Microsoft. Database backups are stored in Azure Storage accounts.

Data center is located in the West Europe Azure region (Netherlands). See https://azure.microsoft.com/en-us/global-infrastructure/regions/

You can read more about Microsoft’s security measures here.

5. GDPR compliance

For a detailed list of data sub-processors under The General Data Protection Regulation (GDPR) please see below under “Sharing of Data”.

Your Data Protection Rights Under GDPR

If you are a resident of the European Economic Area, you have the following data protection rights:

  • You can object to the processing of your Personal Data, ask us to restrict the processing of your Personal Data, or request portability of your Personal Data. You can exercise these rights by emailing [email protected].
  • You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing emails we send you. To opt-out of other forms of marketing, please contact us by emailing [email protected].
  • Similarly, if we have collected and processed your Personal Data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.
  • You have the right to complain to a data protection authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority.

If you want to request an export of your personal data, and have a User Account with us, please contact us at [email protected]. If you want to delete your personal data, you can do it yourself from the My Profile page by clicking the Delete Account button. When your personal data is deleted, your activity tracking data will be anonymized and left, but it won't be linked to your account. If you want this data to also be deleted, contact the owner of your workspace. If you are an owner and you delete your account, then the whole workspace with all the input data in it will also be deleted. 

We will respond to Data Subject Rights Requests within the appropriate amount of time.

Data Retention Schedule

In order to accommodate customers who need older data restored, we keep backups for 30 days and cannot delete Personal Data from them as these are stored off-site, encrypted and compressed. Your Personal Data will be automatically deleted along with obsolete backups 30 days after we delete your data from the main database.

Some third party services collect data independently from us, and have incorporated it as part of their service.

We do not store any copies of this data, and Data Subject Requests for this data must be submitted to the third party service, since we do not control the data.

Data Processing Agreement

We do have a Data Processing Addendum (DPA), which meets with GDPR requirements for agreements between Data Controllers (you) and Data Processors (us). We offer this DPA to our customers that operate in the EU.

This document forms part of a contract of service with Devart (as the Data Processor) and our users/customers (as the Data Controllers). The DPA reflects the parties’ agreement with regard to the processing of Personal Data performed using our service.

We provide a copy of DPA upon your request. As a Data Controller, in order to sign this agreement, you must review and digitally sign the copy of the Data Processing Addendum. We will countersign it and provide you with a fully executed downloadable copy via email.

Upon Devart’s receipt of the validly completed and digitally signed agreement, this agreement shall be in full force and effect.

6. Sharing of Data

We don’t share your Personal Data with third parties except as listed below. You may also allow access for other apps (not listed here) to your TMetric account via our API.

We listed below what data these third parties extract exactly. Feel free to check out their own Privacy Policies to find out more.

Site usage tracking

  • Google Analytics: no personally identifiable data is shared.
  • Hotjar: no personally identifiable data is shared.

Communication when getting started with TMetric, news, special offers relating to the Service and recommendations on how to use the Service

Online chat and email support

  • Kayako: name, email, company info.

Service Fees

  • Verifone: email, payment information, name, and billing address as we do not store this data ourselves.

Service hosting and data backups

  • Microsoft Azure: storing databases, encrypted archives of backup data, and import files. This data is not readable by Microsoft.

7. Revisions to this Privacy Policy

We may revise this Privacy Policy from time to time and all updates will be posted on this page. The most current version of this Privacy Policy will govern our practices for collecting, processing, and disclosing personal data.