Legal and Compliance
Security
Security Policy Security Updates Data in Motion Data at Rest and Retention Security Partners Security Innovations

Privacy Policy

1. Introduction & Scope

Welcome to WebWork Time Tracker!

This Privacy Policy explains how WebWork Time Tracker, Inc. ("Company," "We," "Us," "WebWork") collects, processes, uses, shares, and protects your Personal Data when you use our services. This policy applies to all users of WebWork Time Tracker, including its desktop applications, web application, mobile applications, Chrome extension, and associated services (collectively, the "Product").

This Privacy Policy outlines:

  • The types of Personal Data we collect and how we obtain it.
  • Why and how we process your data.
  • Your rights regarding your data under GDPR, CCPA/CPRA, and other applicable laws.
  • Who we share your data with and under what circumstances.
  • How we protect and store your data.
  • How you can contact us regarding privacy matters.

BY ACCESSING OR USING THE PRODUCT, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO THIS PRIVACY POLICY. IF YOU DO NOT AGREE, YOU MUST REFRAIN FROM USING THE PRODUCT.

2. Definitions

  • Company, We, Us, WebWork: WebWork Time Tracker, Inc., a Delaware corporation (address: 530 Divisadero St PMB 848, San Francisco, CA 94117, USA), including its assigns and affiliates.
  • Website: The official website of WebWork available at www.webwork-tracker.com
  • Product: The WebWork website and WebWork time tracker, which includes desktop, web, mobile applications, and a Chrome extension, enabling employers to monitor employees/freelancers and helping users improve their productivity and chat applications for desktop and mobile.
  • Workspace Owner: The individual or entity that creates a workspace, invites members, and has administrative control. It can also refer to an individual user who monitors their own performance.
  • Workspace Member: A user who has been invited by the Workspace Owner or another Workspace Member to join a workspace, typically for the purpose of monitoring or participating in the workspace's activities.
  • You, User: Any individual or entity that accesses, registers for, or uses the Product, including but not limited to Workspace Owners and Workspace Members.
  • Personal Data: Any information relating to an identified or identifiable natural person, such as name, email address, IP address, device information, usage data, and location data, as applicable.
  • Processing: Any operation performed on Personal Data, including collection, storage, use, sharing, modification, or deletion.
  • Third-Party Service Providers: Companies or organizations that process Personal Data on behalf of WebWork, such as payment processors, analytics providers, cloud storage providers, and customer support platforms.
  • Cookies & Tracking Technologies: Digital tracking methods, such as cookies, pixels, and analytics tools, that collect information about how Users interact with the Website and Product.

3. Types, Sources, and Purposes of Personal Data Collected

We collect Personal Data from multiple sources, including direct input from Users, automated tracking technologies, and third-party integrations. The categories of Personal Data we collect, the sources from which we obtain it, and the purposes for which we process it are outlined below.

3.1 Sources of Personal Data

  • Directly from Users: When you register, create a workspace, update account settings, interact with support, or communicate with us.
  • Automatically Collected Data: When you use the Product, we collect data through cookies, system logs, tracking technologies, and activity monitoring tools.
  • From Workspace Owners or Other Workspace Members: If your employer requires you to use WebWork, they may provide us with your details to manage the workspace and enable tracking features. This may include individuals responsible for managing the workspace.
  • From Third-Party Integrations: If you integrate WebWork with other tools (e.g., project management software, cloud storage), we may collect relevant data from those services.

3.2 Categories of Data Collected

Account & Contact Information

  • Name, email address, profile avatar, workspace details, job title.
  • Account credentials.
  • Subscription and billing details (processed by third-party payment providers).

Usage Data

  • Time-tracking logs: Work hours, session duration, tracked tasks, project data.
  • Activity monitoring:Screenshots (if enabled by Workspace Owner), mouse clicks, keystroke activity, app and website usage logs.
  • Geolocation data (for mobile users if location tracking is enabled).

Device & Technical Information

  • Device type:Operating system, browser version, IP address, local time zone.
  • Network connection details (for performance and security monitoring).

Communications & Interactions

  • Customer support inquiries and responses.
  • Team chat messages (if applicable and encrypted).
  • Notifications and messages from WebWork regarding account activity.

Marketing & Analytics Data

  • Website visit history: Referral sources, pages viewed, engagement metrics.
  • User feedback and survey responses.

3.3 Purposes of Data Collection & Processing

  • Service Provision: To enable core functionalities like time tracking, reporting, workspace management, and productivity analytics.
  • Performance Optimization: To enhance user experience, optimize system performance, and troubleshoot technical issues.
  • Security & Fraud Prevention: To detect unauthorized access, prevent misuse, and protect accounts from fraudulent activities.
  • Regulatory Compliance: To comply with legal obligations, tax regulations, and enforce our Terms of Service.
  • Customer Support & Communication: To respond to inquiries, provide assistance, and send service-related notifications.
  • Marketing & User Engagement: To send updates, feature announcements, and promotional content (with consent).
  • Data Analysis & Research: To improve our services, develop new features, and analyze trends.

We do not use Personal Data for automated decision-making or profiling that significantly affects Users without human oversight. Any optional data collection (e.g., for marketing) will be subject to your consent.

4. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we must have a lawful basis for processing your Personal Data. The legal bases on which we rely include:

4.1 Contractual Necessity

We process Personal Data to provide the Product and related services that Users request. This includes:

  • Creating and managing user accounts.
  • Processing transactions and subscriptions.
  • Providing customer support and responding to inquiries.
  • Enabling time tracking, reporting, and productivity analytics.
  • Managing and maintaining workspace functionalities.

4.2 Legitimate Interests

We process Personal Data based on our legitimate interests, provided these interests do not override your rights. These include:

  • Improving and enhancing the Product.
  • Ensuring security, preventing fraud, and monitoring for misuse.
  • Analyzing usage data to develop new features.
  • Providing relevant notifications and service updates.
  • Marketing our services to existing customers (where permitted).

4.3 User Consent

Where required, we obtain your explicit consent before processing certain types of Personal Data. This applies to:

  • Marketing communications and promotional materials.
  • Cookies and tracking technologies (where applicable).
  • Location tracking (for mobile applications).
  • Certain data-sharing practices with third parties.

You can withdraw your consent at any time by adjusting your preferences in account settings or by contacting us at [email protected]

4.4 Compliance with Legal Obligations

We process Personal Data when required to comply with legal and regulatory requirements, including:

  • Tax, accounting, and compliance reporting.
  • Responding to law enforcement or government requests.
  • Complying with EU and U.S. data protection laws.

5. Data Sharing & Third Parties

We do not sell or rent your Personal Data. However, we may share your information in specific situations as outlined below.

5.1 Sharing with Service Providers

We may engage third-party service providers to assist in delivering our services. These providers process Personal Data strictly on our behalf and in accordance with contractual agreements. This includes:

  • Payment Processors to process transactions securely.
  • Cloud Storage and Hosting Providers to ensure data availability and redundancy.
  • Analytics and Performance Tools to improve the Product and enhance user experience.
  • Customer Support Platforms to provide assistance and manage inquiries efficiently.
  • Marketing and Communication Services to deliver updates, promotions, and user engagement tools.

For a full and regularly updated list of our subprocessors, please visit:

Time Tracker Subprocessors List

5.2 Sharing with Workspace Owners

If you use WebWork under an employer-managed workspace, the Workspace Owner and other authorized members with managing permissions may have access to Personal Data, including:

  • Time tracking data, productivity analytics, and reports.
  • Screenshots and application/website usage logs (if enabled by the Workspace Owner).
  • Account and workspace activity logs.

Workspace Owners are responsible for managing the data of their workspace members in compliance with applicable laws.

5.3 Compliance with Legal Obligations

We may disclose Personal Data if required by law, including:

  • To comply with legal processes, subpoenas, or government requests.
  • To protect the rights, safety, and security of WebWork, its users, or the public.
  • To enforce our Terms of Service or investigate policy violations.

5.4 Business Transfers and Mergers

If WebWork undergoes a merger, acquisition, reorganization, or asset sale, your Personal Data may be transferred to the acquiring entity. We will notify you of any such change and provide you with the opportunity to opt out if applicable.

5.5 Aggregated and Anonymized Data

We may share aggregated, non-personally identifiable data with third parties for statistical, research, and business analysis purposes. This data does not contain identifiable Personal Data and is used strictly to improve services.

6. Data Subject Rights (GDPR)

Under the General Data Protection Regulation (GDPR), individuals in the European Economic Area (EEA) have the following rights concerning their Personal Data:

6.1 Right to Access

You have the right to request access to the Personal Data we process about you. Upon verification of your identity, we will provide a copy of your Personal Data and details regarding how it is processed.

6.2 Right to Rectification

If any Personal Data we hold about you is inaccurate or incomplete, you have the right to request corrections or updates. You can update some of your Personal Data directly within your account settings.

6.3 Right to Erasure (“Right to be Forgotten”)

You have the right to request the deletion of your Personal Data when:

  • The data is no longer necessary for its original purpose.
  • You withdraw consent (where applicable).
  • You object to the processing, and there are no overriding legitimate grounds.
  • The data has been unlawfully processed.
  • Deletion is required to comply with legal obligations.

Please note that some data may be retained for legal, compliance, or security reasons.

6.4 Right to Restriction of Processing

You have the right to request that we restrict the processing of your Personal Data in the following cases:

  • If you contest the accuracy of the data (for a period allowing us to verify it).
  • If processing is unlawful, but you prefer restriction over deletion.
  • If we no longer need the data, but you require it for legal claims.
  • If you object to processing, pending verification of our legitimate grounds.

6.5 Right to Data Portability

You have the right to receive a structured, commonly used, and machine-readable copy of your Personal Data that you have provided to us, and you may request that we transfer it to another service provider where technically feasible.

6.6 Right to Object

You may object to our processing of your Personal Data where:

  • Processing is based on legitimate interests or public interest.
  • Data is used for direct marketing purposes.

If you object to processing for marketing purposes, we will stop processing your data for such purposes immediately.

6.7 Right to Withdraw Consent

If we process your Personal Data based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out before the withdrawal.

6.8 Right to Lodge a Complaint

If you believe your rights have been violated, you have the right to lodge a complaint with a data protection authority in your country of residence within the EEA.

6.9 How to Exercise Your Rights

To exercise any of the above rights, you can submit a request via email to [email protected] with the subject line “Data Rights Request”.

We will respond to valid requests within one month (or as required by law). If additional time is needed, we will notify you of the extension.

7. Consumer Data Rights (CCPA/CPRA)

If you are a California resident, you have specific rights regarding your Personal Data under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). These rights allow you to request access, deletion, correction, and control over how your data is shared.

7.1 Right to Know and Access

You have the right to request details about the categories of Personal Data we collect, the sources of that data, the purposes for collecting or selling it, and the categories of third parties with whom we share your data. Upon request, we will provide:

  • The categories and specific pieces of Personal Data we have collected about you.
  • The sources from which we collect Personal Data.
  • The business or commercial purposes for which we collect or share Personal Data.
  • The categories of third parties with whom we share Personal Data.

7.2 Right to Request Deletion

You may request that we delete Personal Data we have collected about you, subject to certain legal exceptions, such as when the data is required:

  • To complete a transaction or fulfill a contract.
  • For security purposes or fraud prevention.
  • To comply with a legal obligation.
  • For internal uses that align with user expectations.

7.3 Right to Correct Inaccurate Information

You have the right to request that we correct any inaccurate Personal Data we hold about you. We will take reasonable steps to ensure data accuracy upon request.

7.4 Right to Opt-Out of Sale or Sharing of Personal Data

WebWork does not sell your Personal Data. However, under the CPRA, you may opt out of certain data-sharing practices for advertising or marketing purposes. If applicable, you may exercise your opt-out rights through the provided account settings or by contacting us.

7.5 Right to Limit Use of Sensitive Personal Information

If WebWork processes any sensitive Personal Data, such as financial information or geolocation data, you have the right to limit its use to only what is necessary to provide the requested services.

7.6 Right to Non-Discrimination

You have the right not to be discriminated against for exercising your privacy rights. We do not deny services, charge different prices, or provide a lower level of service based on privacy choices.

7.7 How to Exercise Your Rights

To exercise your CCPA/CPRA rights, you may:

  • Submit a request via email to [email protected] with the subject line “CCPA Data Request”.
  • Access your account settings to manage certain data preferences.
  • Contact our support team for further assistance.

We will respond to valid requests within 45 days (or as required by law). If additional time is needed, we will notify you of the extension.

8. Non-Discrimination Statement

WebWork Time Tracker respects and upholds your rights regarding Personal Data under applicable privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA/CPRA). We are committed to ensuring that Users who exercise their privacy rights are not subject to unfair treatment.

We do not:

  • Deny access to our Product or services based on privacy rights exercised.
  • Charge different prices or impose penalties for exercising data protection rights.
  • Provide a lower quality of service or functionality to those who exercise their rights.
  • Discriminate against any User for opting out of data processing or limiting data sharing.

However, in some cases, certain features or functionalities may require data collection. If a User chooses to limit data processing, some services may become unavailable. This limitation is only applied when necessary to fulfill contractual or legal obligations.

If you believe you have experienced discrimination related to your privacy rights, please contact us at [email protected]

9. Data Retention Policy

We retain Personal Data for as long as necessary to provide the Product and related services, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary based on the type of data, its purpose, and regulatory requirements.

9.1 General Retention Periods

  • User Account Data: Retained as long as the account remains active. If an account is inactive for 6 months, it may be deleted unless required for legal or compliance purposes.
  • Billing and Payment Data: Retained for 7 years to comply with financial regulations.
  • Support and Communication Data: Retained for 3 years after the last user interaction for quality assurance and legal compliance.
  • Usage and Analytics Data: Retained for up to 2 years in an anonymized form for service improvements.

9.2 Account Deletion and Data Removal

Users can request account deletion at any time by contacting [email protected]

  • Personal Data is removed or anonymized, except where retention is required by law.
  • Workspace-related data may remain accessible to Workspace Owners per their retention policies.
  • Certain records, such as invoices and compliance logs, may be retained as required by applicable laws.

9.3 Exceptions and Legal Obligations

  • Required by law enforcement, regulatory authorities, or legal claims.
  • Necessary to maintain security, prevent fraud, or enforce agreements.
  • Needed to resolve disputes or ensure ongoing service functionality.

10. International Data Transfers

WebWork Time Tracker operates globally, and Personal Data may be transferred to and processed in countries outside of your jurisdiction, including the United States and other locations where our servers, service providers, or partners operate. These countries may have different data protection laws than your country of residence.

10.1 Safeguards for International Transfers

  • Standard Contractual Clauses (SCCs): We use SCCs approved by the European Commission to legally transfer data from the European Economic Area (EEA), the United Kingdom, and Switzerland to other countries.
  • Adequacy Decisions: When applicable, we transfer data to countries recognized by the European Commission as having adequate data protection laws.
  • Other Legal Mechanisms: Where necessary, we rely on explicit user consent or contractual agreements to ensure lawful data transfers.

10.2 Data Protection Measures

  • Ensure encryption and secure storage to prevent unauthorized access.
  • Limit access to authorized personnel and service providers with contractual obligations to protect your data.
  • Regularly review our data transfer policies to maintain compliance with evolving regulations.

10.3 Your Rights Regarding International Transfers

  • Request a copy of the safeguards applied to your Personal Data.
  • Object to certain transfers based on legitimate grounds.
  • Lodge a complaint with a data protection authority if you believe your data is not being handled lawfully.

For further details on international data transfers, please contact us at [email protected]

11. Data Security Measures

We prioritize the security of your Personal Data and implement industry-standard security measures to protect against unauthorized access, loss, alteration, or misuse. Our security framework includes technical, administrative, and organizational safeguards designed to ensure data confidentiality, integrity, and availability.

12. Disclaimers and Limitation of Liability

The Product is provided on an "as is" and "as available" basis without warranties of any kind, whether express or implied. WebWork Time Tracker does not warrant that:

  • The Product will operate uninterrupted, error-free, or secure.
  • The Product will be free from viruses or other harmful components.
  • Any data or results obtained from using the Product will be accurate or reliable.

To the fullest extent permitted by law, we disclaim all warranties, including but not limited to implied warranties of merchantability, fitness for a particular purpose, and non-infringement.

To the fullest extent permitted by law, WebWork Time Tracker and its affiliates, officers, directors, employees, agents, and partners shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to: loss of profits, revenue, data, business opportunities, or goodwill; damages resulting from Product downtime, delays, or errors; unauthorized access, hacking, data breaches, or security incidents.

Our total liability for any claim relating to the use of the Product shall not exceed the amount paid by the User (if any) for the use of the Product in the last 12 months. If no payment was made, liability shall be limited to $100 USD or the lowest amount permitted under applicable law.

Some jurisdictions do not allow the exclusion or limitation of liability for incidental or consequential damages, so some of the above limitations may not apply to you. In such cases, our liability shall be limited to the maximum extent permitted by law.

13. Use of Artificial Intelligence (AI) Instruments

WebWork may use AI-powered features to enhance functionality, such as productivity insights. AI processing is subject to the same privacy and security safeguards as other data processing activities.

14. Cookies & Tracking Technologies

WebWork Time Tracker may use cookies and other tracking technologies to enhance user experience, analyze site traffic, and personalize content.

For more information on how we use cookies and how you can manage your preferences, please refer to our Cookie Policy.

15. Children's Privacy

WebWork Time Tracker is not intended for children under the age of 18, and we do not knowingly collect or process Personal Data from individuals under this age. If you are a parent or guardian and believe that your child has provided Personal Data to us, please contact us immediately and we will take appropriate action to remove the information.

  • We do not knowingly solicit, collect, or store Personal Data from children under 18.
  • We comply with applicable children’s privacy laws, including COPPA and GDPR.
  • If we discover that we have unintentionally collected data from a child under 18, we will promptly delete it.
  • If you suspect that a minor has registered without appropriate consent, please contact us at

[email protected]

16. Updates to the Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements, business practices, or technological advancements. When we make changes, we will:

  • Post the updated Privacy Policy on our website with a new Effective Date.
  • Provide notice of significant changes via email or within the Product where required by law.
  • Obtain user consent for material changes affecting how we process Personal Data, where required by applicable laws.

Users are encouraged to review this Privacy Policy periodically to stay informed about how we handle Personal Data. Continued use of the Product after an update constitutes acceptance of the revised Privacy Policy.

17. Contact Information & Complaints

If you have any questions, requests, or complaints about this Privacy Policy or how we process your data, please contact us through one of the following methods:

  • Email: [email protected]
  • Mailing Address: WebWork Time Tracker, Inc., 530 Divisadero St PMB 848, San Francisco, CA 94117, USA

Last updated: 24 February, 2025