Privacy Policy

1. Data Controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) is:

Timesheets.pro is operated in accordance with German data protection law (GDPR/DSGVO). For any privacy-related inquiries, please contact us using the details above.

2. What Data We Collect

2.1 Account Data (upon registration)

When you create an account, we collect:

• Email address (required for login and communication)
• Password (stored encrypted — never in plain text)

2.2 Usage Data (Guest Mode)

In guest mode, all data (timestamps, job clocks, timesheet entries) is stored exclusively in your browser's localStorage. No data is transmitted to our servers.

2.3 Technical Data

We automatically collect minimal technical data required for site operation:

• IP address (processed transiently and immediately anonymised)
• Browser data (for compatibility purposes only — not stored persistently)

3. How We Use Your Data

We use your personal data exclusively for the following purposes:

• Service delivery — managing your account and timesheet entries
• Security — protecting your account from unauthorised access
• Legal obligations — compliance with German and EU law

We do not use your data for advertising, profiling, or sharing with third parties for marketing purposes.

4. Legal Basis for Processing (GDPR)

• Contract Performance (Art. 6(1)(b) GDPR): Providing the time-tracking service you requested
• Legitimate Interest (Art. 6(1)(f) GDPR): Security and fraud prevention
• Consent (Art. 6(1)(a) GDPR): Marketing communications (where you have opted in)
• Legal Obligation (Art. 6(1)(c) GDPR): Compliance with applicable laws

5. Data Sharing and Third Parties

We do not sell your personal data. Data is only shared in the following limited circumstances:

5.1 Service Providers

• Supabase: Authentication and database services (EU data centres, GDPR-compliant, Data Processing Agreement in place)

5.2 Legal Requirements

We may disclose your data if required by German or EU law, court orders, or to protect our legal rights and the safety of our users.

6. International Data Transfers

The majority of our data processing occurs within the European Union:

• Supabase: EU data centres — fully GDPR-compliant

All third-party services we use comply with GDPR requirements and provide adequate protection for your data.

7. Your Rights Under GDPR

As a data subject, you have the following rights:

• Right of Access (Art. 15): Request a copy of your personal data
• Right to Rectification (Art. 16): Correct inaccurate or incomplete data
• Right to Erasure (Art. 17): Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing (Art. 18): Limit how we use your data
• Right to Data Portability (Art. 20): Receive your data in a machine-readable format
• Right to Object (Art. 21): Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at anchalgupta.chp@gmail.com. We will respond within 30 days.

8. Data Security and Storage

We implement appropriate technical and organisational measures to protect your data:

• Encryption: All data transmission uses SSL/TLS encryption
• Access Control: Access to personal data is limited to authorised personnel only
• Data Minimisation: We collect only the data strictly necessary for our services
• Password Hashing: Passwords are never stored in plain text

9. Data Retention

We retain your data only as long as necessary for the purposes outlined in this policy:

• Account data: Until account deletion or withdrawal of consent
• Guest data (localStorage): Stored in your browser only — you can delete it at any time via your browser settings
• Log data: Maximum 30 days, then automatically deleted

10. Cookies and Tracking

We use only functional localStorage entries necessary for the operation of the service (e.g. session management). No tracking cookies, advertising cookies, or third-party cookies are used.

You can delete all stored data at any time via your browser settings.

11. Changes to This Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. Significant changes will be communicated via:

• Email notification to registered users
• A notice on the website homepage
• An updated "Last updated" date at the top of this page

12. Contact and Complaints

For any privacy-related questions, requests, or complaints, contact us:

Supervisory Authority

You have the right to lodge a complaint with the German Federal Commissioner for Data Protection and Freedom of Information (BfDI):