Effective as of 27 June 2019
- We never sell your personal data to anyone.
- We never share any information about your projects, time entries or customers with anyone without your explicit permission.
- To provide better service, we share some statistical data and some Personal Data with third parties.
- Your data is yours and you can change or delete it at any time.
- We encrypt backups, don’t store credit card numbers on our servers and generally make sure your data is safe.
1. Data Collected
We may collect the following data from you.
Site Usage Data
We collect anonymous data from every visitor of our Site, such as, the website from which the person visited us from, the parts of Site visited, the date and duration of the visit, and information from the device (device type, operating system, screen resolution, language, country you are located in, and web browser type) you used during your visit. We only capture and store a truncated version of the IP address. It is captured and stored in an anonymized format by suppressing the last octet so your full IP address never reaches our servers and we never have access to it.
For more info about the cookies we make use of, please read Cookies Policy.
User Profile Data
When you sign up to TMetric Service, we collect the following information from you: name, email, password, company name, and size. Most of this information can be reviewed and edited on My Profile page of our Service.
When using TMetric Service, you may provide us with the following information: names and emails of your employees/coworkers, projects and tasks you are working on, URLs of your tasks (from third-party web applications), your client names, currency and billing rates.
You can export this information using TMetric reporting system. You can also delete your Workspace data at any time.
User Activity Data
The following information is collected by our desktop applications (macOS, Windows, and Linux):
- applications currently being worked on
- websites you visited
- screenshots of each monitor
- the time you are active
- the operating system you are using
- whether your mouse is actively moving or not
- whether your keyboard is being typed on
What data is collected depends on the workspace and desktop client settings. The activity tracking settings can be changed by a workspace owner or admin.
TMetric Desktop is not a keylogging program. It does not know what you are typing; rather, TMetric Desktop merely records whether your keyboard is active or inactive.
You can disable collection of your activity data from the Activity window of the TMetric Desktop application or on the Activity and Screenshots Capture screen of the web app.
If you choose to upgrade your Workspace to a paid Subscription Plan, we will redirect you to a secure online shop of our merchant provider (2Checkout). They will collect your payment details and billing information.
You may also provide information to be posted on public areas of the Site, or transmitted to other users of the Site or the Service or third parties. Your contributions are posted on and transmitted to others at your own risk. We cannot and do not guarantee that your contributions will not be viewed by unauthorized persons.
2. Use of the Data
We only use your Personal Data to provide you with the Service to communicate with you about the Service or the Site. This includes both automated and manual processing of data.
With respect to any data you may choose to enter or upload to TMetric, we take the privacy and confidentiality of this data seriously. Your data (in the Service) is specifically not shared between accounts or with the public. We employ industry standard techniques to protect against unauthorized access of data that we store, including Personal Data. All off-site backups of your data are securely encrypted.
Please note that if you choose to share data (like sharing invoices with your clients), we are not responsible for any violation of privacy law you may be liable for.
We do not share Personal Data you have provided to us without your consent, unless we believe it’s necessary to:
- carry out a user’s request;
- provide the highest quality of service;
- enforce our Terms of Service, or comply with legal requirements;
- detect, prevent or address fraud, security or technical issues;
- otherwise protect our property, legal rights, or that of others.
Devart may contact you by email. For example, Devart may send you promotional emails relating to TMetric or communicate with you about your use of the Site and Service. If you do not want to receive emails from us, please opt out of receiving emails at the bottom of any TMetric email. Please note that for some emails (for example billing issues), there’s no option to opt-out.
3. Who Has Access to the Data
If you use TMetric in your capacity as an employee, your employer has direct access to your data. If you are an independent contractor, the person or entity with whom you contract has direct access to your data.
Devart employees or contractors may have access your accounts and the information that you have provided for support, maintenance and servicing purposes or for any security-related, technical or billing reasons.
In addition, we may share some of your personal data (name, email, company information) with our sub-processors see (“Sharing of Data”).
4. Where the Data is Stored
Devart stores all your project, time entries, tasks, activity etc. in our database through Microsoft Azure services which are hosted and managed by Microsoft. Database backups are stored in Azure Storage accounts.
Data center is located in the West Europe Azure region (Netherlands). See https://azure.microsoft.com/en-us/global-infrastructure/regions/
You can read more about Microsoft’s security measures here.
5. GDPR compliance
For a detailed list of data sub-processors under The General Data Protection Regulation (GDPR) please see below under “Sharing of Data”.
Your Data Protection Rights Under GDPR
If you are a resident of the European Economic Area, you have the following data protection rights:
- You can object to the processing of your Personal Data, ask us to restrict the processing of your Personal Data, or request portability of your Personal Data. You can exercise these rights by emailing firstname.lastname@example.org.
- You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing emails we send you. To opt-out of other forms of marketing, please contact us by emailing email@example.com.
- Similarly, if we have collected and processed your Personal Data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority.
If you want to request an export or deletion of your personal data, and have a User Account with us, please contact us at firstname.lastname@example.org. Please note that we cannot delete personal data in open Workspaces when you’re not the workspace owner, as this would prevent us from providing the service the workspace owner is paying for (We suggest that you contact the workspace owner of the TMetric Workspace in order to ask them to anonymize or remove your data).
We will respond to Data Subject Rights Requests within the appropriate amount of time.
Data Retention Schedule
In order to accommodate customers who need older data restored, we keep backups for 30 days and cannot delete Personal Data form them as these are stored off-site, encrypted and compressed. Your Personal Data will be automatically deleted along with obsolete backups 30 days after we delete your data from the main database.
Some third party services collect data independently from us, and have incorporated it as part of their service.
We do not store any copies of this data, and Data Subject Requests for this data must be submitted to the third party service, since we do not control the data.
Data Processing Agreement
We do have a Data Processing Addendum (DPA), which meets with GDPR requirements for agreements between Data Controllers (you) and Data Processors (us). We offer this DPA to our customers that operate in the EU.
This document forms part of a contract of service with Devart (as the Data Processor) and our users/customers (as the Data Controllers). The DPA reflects the parties’ agreement with regard to the processing of Personal Data performed using our service.
We provide a copy of DPA upon your request. As a Data Controller, in order to sign this agreement, you must review and digitally sign the copy of the Data Processing Addendum. We will countersign it and provide you with a fully executed downloadable copy via email.
Upon Devart’s receipt of the validly completed and digitally signed agreement, this agreement shall be in full force and effect.
6. Sharing of Data
We don’t share your Personal Data with third parties except as listed below. You may also allow access for other apps (not listed here) to your TMetric account via our API.
We listed below what data these third parties extract exactly. Feel free to check out their own Privacy Policies to find out more.
Site usage tracking
- Google Analytics: no personally identifiable data is shared.
- Hotjar: no personally identifiable data is shared.
Communication when getting started with TMetric, news, special offers relating to the Service and recommendations on how to use the Service
- ActiveCampaign: name, email, company info.
- MailChimp: name, email.
- Hubspot: name, email, company info, and aggregated account statistics.
Online chat and email support
- Kayako: name, email, company info.
- 2Checkout: email, payment information, name, and billing address as we do not store this data ourselves.
Service hosting and data backups
- Microsoft Azure: storing databases, encrypted archives of backup data, and import files. This data is not readable by Microsoft.