Privacy Policy

Last updated: November 9, 2025

1. Introduction

Welcome to Staffbase Time Tracking ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our time tracking application.

2. Information We Collect

2.1 Personal Information

We collect the following personal information:

  • Name and email address (through Google authentication)
  • Profile information and display name
  • User role and organizational hierarchy information
  • Time zone and regional preferences

2.2 Time Tracking Data

  • Customer account information and assignments
  • Activity categories and time entries
  • Entry dates, durations, and notes
  • Staged and submitted entries

2.3 Google Calendar Data

If you choose to integrate your Google Calendar:

  • Calendar events within specified date ranges
  • Event titles, descriptions, start and end times
  • Access and refresh tokens (encrypted and stored securely)

2.4 Usage Information

  • Log data and usage patterns
  • Device information and browser type
  • IP addresses and access times

3. How We Use Your Information

We use your information to:

  • Provide and maintain the time tracking service
  • Authenticate your identity and manage your account
  • Process and store your time entries
  • Generate analytics and reports for your tracked time
  • Import calendar events to streamline time entry creation
  • Enable team management and hierarchical viewing features
  • Improve and optimize the Service
  • Communicate with you about the Service
  • Ensure security and prevent fraud

4. Data Storage and Security

Your data is stored securely in our database hosted on Neon (PostgreSQL). We implement industry-standard security measures including encryption in transit (HTTPS/TLS), encrypted storage of sensitive tokens, role-based access controls, and regular security updates. However, no method of transmission over the internet or electronic storage is 100% secure.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

  • Within Your Organization: Managers and supervisors can view time entries of their direct and indirect reports
  • Service Providers: Third-party services that help us operate (Google for authentication, Neon for database hosting, Vercel for hosting)
  • Legal Requirements: If required by law or to protect our rights
  • Business Transfers: In connection with any merger, sale, or acquisition

6. Google Calendar Integration

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We only access your calendar data when you explicitly request to import events. You can disconnect this integration at any time from your dashboard, which will delete stored access tokens.

7. Your Data Rights

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and data
  • Export: Download your time tracking data in CSV format
  • Revoke Access: Disconnect Google Calendar integration at any time
  • Object: Object to processing of your information

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. Time entry data is retained for record-keeping and analytics purposes. When you delete your account, we will delete or anonymize your personal information within 30 days, except where required by law to retain it longer.

9. Cookies and Tracking

We use essential cookies for authentication and session management. These are necessary for the Service to function properly. We do not use advertising or tracking cookies from third parties.

10. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically for any changes.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: hello@rahulbatra.com

Built by Rahul Batra

14. Consent

By using our Service, you consent to this Privacy Policy and agree to its terms.

← Back to Dashboard