Privacy Policy

1. Overview

TimeQuorum, LLC ("TimeQuorum," "we," "us," or "our") operates the TimeQuorum time tracking platform (the "Service"). This Privacy Policy describes how we collect, use, store, and share information about you when you use the Service, visit our website at timequorum.com, or communicate with us.

This Policy applies to all users of the Service, including Workspace Owners, team members invited to a workspace, and visitors to our website. If you are a team member using TimeQuorum through your employer's or organization's workspace, please be aware that the Workspace Owner may also have access to your activity within that workspace.

By using the Service, you agree to the collection and use of information in accordance with this Policy. If you do not agree to this Policy, please do not use the Service.

2. Data We Collect

2.1 Account and Registration Data

When you create an account or register a workspace, we collect:

First and last name
Email address
Password (stored as a cryptographic hash — we never store plaintext passwords)
Company or organization name
Subdomain chosen for your workspace

2.2 Profile and Settings Data

As you configure your account, we may collect:

Timezone and locale preferences
User role and permissions within your workspace
Notification and communication preferences

2.3 Time Tracking and Workspace Data

The core purpose of the Service is time tracking. When you use the Service, we collect and store:

Time entries: start time, end time, duration, description, associated project, task, and client
Project records: project names, statuses, billing rates, and associated clients
Client records: client names, contact details you enter
Task and class records created within your workspace
Invoice data: invoice line items, amounts, client billing details you enter, payment status
Team member records: names, email addresses, roles, and activity within the workspace
Audit log events: who performed which actions and when, for audit-enabled plan tiers

2.4 Billing and Payment Data

When you subscribe to a paid plan, we collect billing-related information. Payment processing is handled by Stripe, Inc. TimeQuorum does not store your full payment card number. We receive and store only:

Billing name and email address
Billing address (for tax purposes)
Last four digits of the payment card on file (provided by Stripe)
Subscription and payment history records

Your complete card details are transmitted directly to and stored by Stripe in accordance with their Privacy Policy and PCI DSS standards.

2.5 Usage and Technical Data

When you access the Service, we automatically collect certain technical information:

IP address and approximate geographic location (country/region)
Browser type and version
Operating system and device type
Pages visited, features used, and timestamps of activity
Session identifiers and authentication token metadata
HTTP request logs (method, path, response status, response time)

2.6 Communications Data

If you contact us by email or submit a support request, we retain the content of that communication and your contact details to respond and to improve the Service.

2.7 Data Summary Table

Data Category	Examples	Legal Basis
Account data	Name, email, company, hashed password	Contract performance
Time tracking data	Entries, projects, clients, tasks	Contract performance
Billing data	Billing address, last 4 digits, payment history	Contract performance, legal obligation
Usage/technical data	IP, browser, session logs	Legitimate interests (security, analytics)
Communications	Support emails, feedback	Legitimate interests (support)

3. How We Use Your Data

We use the information we collect for the following purposes:

3.1 Providing and Operating the Service

Creating and managing your account and workspace
Processing subscription payments and managing billing
Delivering the time tracking, reporting, and invoicing features
Authenticating users and maintaining session security
Enforcing subscription plan limits and entitlements

3.2 Communication

Sending transactional emails (account verification, password resets, billing receipts, subscription notices)
Notifying you of material changes to the Service, pricing, or these policies
Responding to support requests and inquiries
Sending product update announcements and feature announcements (you may opt out at any time)

3.3 Security and Abuse Prevention

Detecting, investigating, and preventing fraudulent activity, unauthorized access, and policy violations
Monitoring system performance and reliability
Maintaining audit logs for compliance purposes

3.4 Legal Compliance

Complying with applicable law, regulation, or valid legal process
Collecting and remitting applicable sales and use taxes
Maintaining business records as required by law

3.5 Service Improvement

Analyzing aggregate usage patterns to improve the Service (using anonymized or aggregated data)
Conducting internal research on feature adoption and performance

We do not use your Customer Data (time entries, project records, client information) to train machine learning or AI models, or for any purpose other than operating the Service for your benefit.

4. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data to third parties. We share data only in the following limited circumstances:

4.1 Service Providers (Sub-Processors)

We work with trusted third-party service providers who process data on our behalf. These providers are contractually bound to use your data only as directed by us and in accordance with this Policy:

Provider	Purpose	Data Shared
Stripe, Inc.	Payment processing	Billing name, email, address, payment card details
Infrastructure / hosting provider	Cloud hosting, database storage	All application data (stored encrypted at rest)
Transactional email provider	Delivery of account emails	Name, email address, email content

4.2 Workspace Owners and Administrators

If you are a team member of a workspace, the Workspace Owner and users with administrative roles in that workspace can view your time entries, project activity, and user profile within that workspace. This is fundamental to the Service's collaborative functionality.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in good faith belief that such action is necessary to: (a) comply with a legal obligation or lawful government request; (b) protect the rights or property of TimeQuorum; (c) prevent fraud or address security threats; or (d) protect the personal safety of Service users or the public.

4.4 Business Transfers

If TimeQuorum, LLC is involved in a merger, acquisition, sale of assets, or bankruptcy proceeding, your information may be transferred as part of that transaction. We will notify you via email and a prominent notice on the Service before your data is transferred and becomes subject to a different privacy policy.

4.5 With Your Consent

We may share your data with third parties not described above when we have your explicit consent to do so.

5. Data Retention

We retain your data for as long as your account is active and as necessary to provide the Service. Specific retention periods:

Active account data (time entries, projects, settings): Retained for the duration of your subscription, plus 90 days after account closure to allow for export.
Billing and tax records: Retained for a minimum of 7 years from the date of the transaction, as required by U.S. tax law (including South Carolina tax requirements).
Server and access logs: Retained for up to 90 days for security monitoring purposes.
Support communications: Retained for up to 3 years after the last interaction.
Deleted account data: Permanently deleted within 90 days of account deletion or cancellation, except where retention is required by law.

After the applicable retention period, data is permanently deleted or anonymized so that it can no longer be associated with you.

6. Security

We implement industry-standard technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption of data in transit using TLS (HTTPS for all connections)
Encryption of data at rest for database storage
Password storage using strong cryptographic hashing (passwords are never stored in plaintext)
Access controls limiting employee access to customer data to those who require it to perform their job functions
Regular security reviews and vulnerability assessments
Payment card data handled entirely by Stripe, a PCI DSS Level 1 certified provider

No method of electronic storage or transmission is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security. In the event of a data breach that affects your rights and freedoms, we will notify affected users and relevant authorities as required by applicable law.

7. Cookies and Tracking

7.1 What We Use

TimeQuorum uses cookies and similar technologies for the following purposes:

Authentication cookies: Session tokens that keep you signed in during your session. These are strictly necessary for the Service to function.
Preference cookies: Remembering settings such as timezone and display preferences.

We do not use third-party advertising cookies or cross-site tracking cookies. We do not participate in ad networks or behavioral advertising.

7.2 Managing Cookies

You can control cookies through your browser settings. Disabling authentication cookies will prevent you from logging in to the Service. Disabling preference cookies may affect your user experience but will not prevent basic functionality.

8. Your Rights and Choices

Depending on your location, you may have the following rights with respect to your personal data:

8.1 Access and Portability

You have the right to request a copy of the personal data we hold about you and to export your Customer Data (time entries, projects, reports) at any time through the Service's built-in export functions. For a full data export, contact [email protected].

8.2 Correction

You may update your account information (name, email, company) at any time through your profile settings in the Service.

8.3 Deletion

You may request deletion of your account and associated personal data by contacting [email protected]. We will process deletion requests within 30 days. Note that we are required to retain certain billing and tax records for 7 years as described in Section 5.

8.4 Objection and Restriction

You may object to or request that we restrict the processing of your personal data in certain circumstances. Contact us at [email protected] to make such a request.

8.5 Opt-Out of Marketing

You may opt out of marketing and product announcement emails at any time by clicking the "unsubscribe" link in any such email, or by updating your notification preferences in the Service. Opting out of marketing emails does not affect transactional emails related to your account or subscription.

8.6 Workspace Data Controlled by Your Organization

If you access the Service as a team member of a workspace owned by your employer or another organization, that organization is the data controller for your workspace activity. Data requests related to that workspace should be directed to your Workspace Owner. TimeQuorum will assist organizations in processing member data requests where required.

9. International Users and GDPR

TimeQuorum, LLC is based in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those of your home country.

9.1 European Economic Area, UK, and Switzerland

If you are located in the EEA, UK, or Switzerland, we process your personal data on the following legal bases under the GDPR and equivalent regulations:

Performance of a contract: Processing necessary to provide the Service you have signed up for.
Legal obligation: Processing required to comply with applicable law (e.g., tax record retention).
Legitimate interests: Processing for security, fraud prevention, and service improvement, where our interests do not override your fundamental rights.
Consent: Where we rely on consent (e.g., marketing emails), you may withdraw it at any time.

EEA, UK, and Swiss users also have the right to lodge a complaint with your local supervisory authority.

9.2 Data Transfers

When we transfer personal data from the EEA, UK, or Switzerland to the United States, we use Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized transfer mechanisms, to ensure your data receives an adequate level of protection.

10. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal data without parental consent, please contact us at [email protected] and we will take steps to remove that information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and by posting the updated Policy with a new effective date. We encourage you to review this Policy periodically.

Your continued use of the Service after the effective date of the updated Policy constitutes your acceptance of the changes. If you do not agree to the updated Policy, please stop using the Service and contact us to request account deletion.

12. Contact Us

For privacy-related questions, requests, or concerns, please contact our Privacy team:

TimeQuorum, LLC — Privacy

South Carolina, United States

Email: [email protected]

General support: [email protected]

We aim to respond to all privacy requests within 30 days.

Contents