Privacy Policy

We collect information you provide directly to us, such as when you create an account, use our services, or communicate with us. **Account Information**: When you register, we collect your name, email address, company name, and password. **Usage Data**: We automatically collect information about how you interact with our services, including time tracking data, screenshots (if enabled), activity levels, and app/website usage. **Device Information**: We collect information about the devices you use to access our services, including device type, operating system, and browser type. **Payment Information**: If you subscribe to a paid plan, we collect payment information through our payment processor (Stripe). We do not store your full credit card number.

We use the information we collect to: - Provide, maintain, and improve our services - Process transactions and send related information - Send technical notices, updates, and support messages - Respond to your comments and questions - Monitor and analyze trends, usage, and activities - Detect, investigate, and prevent fraudulent transactions and abuse - Personalize and improve your experience - Comply with legal obligations

We do not sell your personal information. We may share information as follows: **With Your Organization**: Time tracking data is shared with administrators in your organization as configured by your organization's settings. **Service Providers**: We share information with vendors who assist in providing our services (hosting, analytics, customer support). **Legal Requirements**: We may disclose information if required by law or to protect rights, property, or safety. **Business Transfers**: In connection with any merger, acquisition, or sale of assets.

We implement industry-standard security measures to protect your data: - **Encryption**: All data is encrypted in transit (TLS 1.3) and at rest (AES-256) - **Access Controls**: Strict access controls and authentication for all systems - **Regular Audits**: Periodic security assessments and penetration testing - **SOC 2 Compliance**: We maintain SOC 2 Type II certification - **Data Centers**: We use enterprise-grade cloud infrastructure with physical security Despite these measures, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

We retain your information for as long as your account is active or as needed to provide services. **Account Data**: Retained while your account is active, deleted within 30 days of account deletion request. **Time Tracking Data**: Retained according to your plan's data retention period (7 days to unlimited). **Screenshots**: Automatically deleted after the retention period specified in your plan settings. **Logs**: System logs are retained for up to 90 days for security and troubleshooting purposes. You can request deletion of your data at any time through your account settings or by contacting support.

Depending on your location, you may have certain rights regarding your personal information: **Access**: Request a copy of your personal data **Correction**: Request correction of inaccurate data **Deletion**: Request deletion of your personal data **Portability**: Request your data in a portable format **Objection**: Object to certain processing of your data **Restriction**: Request restriction of processing **Withdraw Consent**: Withdraw consent where processing is based on consent To exercise these rights, contact us at privacy@clockeye.ai or through your account settings.