Securing your data and privacy

We’ve built timegram to help you understand your personal work data without sharing it with others until you’re ready to do so. See how we ensure your data’s safety and privacy.

Read our Privacy Policy for complete legal information.

How timegram works

timegram addresses the inaccuracies and hassles of manual time tracking by capturing all your daily activities and time spent on them automatically. It collects basic details like the title, URL, and active timestamp of web and desktop applications. Unlike most time tracking tools in the market, timegram puts user privacy at the top, ensuring all collected information remains solely accessible to you until you choose specific parts of it to share with others.

See how the Highlights App Works

Your Data in timegram

You have full control over your personal data within our systems. You can access, review, and delete any of your information whenever you want at all levels, including admins and users.

Install Highlights App

You need to install the Highlights App (desktop app) for automatic tracking

Tracking mechanism

The Highlights app only records the titles, URLs, and timestamps of active apps

Data is Kept Private to You

Your tracked activity is uploaded to your private Highlights app tracker screen

Erase Your Private Data

Easily erase tracked activity or delete your account anytime.

Your Data in timegram

timegram offers user-level privacy by design and hence is the trusty time tracking tool for everyone. We ensure that your colleagues can never access or see your private data.

Your Data, Complete Privacy

No one can access your private Highlights app tracker other than you

Privacy-First Tracking

We don't support undercover monitoring tactics like screenshots, webcam shots, mouse tracking, or keystroking remote control

Your Data, Complete Privacy

No one can access your private Highlights app tracker other than you

Your Data and timegram

We continually strive to strengthen and update our systems according to the best security practices. We will NEVER sell or use your data to third parties to serve ads.

ISO-Certified Servers

Data is securely stored on ISO 27001-certified GCP servers in the US

End-to-End Encryption

Data transfer is encrypted using SSL encryption (HTTPS)

Ironclad Transaction Security

Card transactions are processed using Paddle’s bank-level security encryption

While our backend engineers may need to access your data to help you fix a problem, they will only ever do so after securing your consent.

Frequently Asked Questions

What type of information does timegram capture?

timegram itself doesn't actively capture any data. However, by downloading our Highlights app, you can automatically track the time spent on web and desktop apps. You can also opt to connect native integrations to pull in details from other work apps.

How does the Highlights app work? What data does it collect?

The Highlights app functions as an automatic time tracker within timegram. It doesn't access all activities on your computer; it only requests basic details about the apps you use—specifically, page titles, file paths, and timestamps of actively used apps. Each individual activity—or “Highlight”— is then added to your private tracker section in timegram, which only you can view. The Highlights app needs to be downloaded for use, and you control when to activate or deactivate it.

Can the Highlights app track incognito website activity?

Highlights app can't monitor time spent in "private" or "incognito" browser windows, except in Firefox (due to its design that makes blocking tracking impossible). Highlights app doesn't record the actual content of web pages or what you read, see, or write—it's solely designed to track how long you actively spend on a specific website or application.

Do you take screenshots or track keystrokes?

timegram is not an employee surveillance tool. We will never endorse employee screenshots, keystroke monitoring, or other invasive spying tactics. Please refer to our is timegram safe? page for more insight into our thinking.

Can my boss or colleagues see my Highlights?

No. Your Highlights are entirely private to you—only you can view your private activity timeline. Your colleagues and managers can only see the time entries you publicly log to your timesheet. Even if you link Highlights to a public time entry, they will remain private.

What do you use my data for?

Your Highlights data is intended to help you reduce timesheet admin, generate accurate invoices, and report transparently on your time. We don't sell your data or use it for marketing or advertising purposes.

Where and how do you store my data? Is it encrypted?

Your data is securely transferred and stored on IOS 27001-certified GCP servers in the US. All communication between the server and your browser, mobile or desktop, and across our internal system, is encrypted using SSL/TLS encryption (HTTPS), with an SSL certificate issued by Comodo. Our database is completely encrypted.

Can timegram employees see my data?

Only our CEO and Head of Engineering can access the databases storing information from the Highlights app tracker. Connecting to the database is only possible from GCP EC2 instances created and monitored by Head of Engineering.

What about my passwords and card details?

timegram does not process, store, or transmit personal information (like your name, email, unique ID number, or IP address). Card transactions are processed using Paddle’s bank-level security encryption, and passwords via a one-way hashing algorithm (Bcrypt). Highlights app uses Google Cloud to store files like profile pictures, invoices, and generated reports, and file paths are randomly generated SHA1 keys.

Are you GDPR compliant?

Yes. We fully comply with GDPR, DSGVO, and SOC2.

What security do you have in place to protect my data?

We consistently strive to strengthen and update our systems based on the best security practices available. We utilize the most recent software packages and libraries to prevent any security vulnerabilities and potential attacks. All user inputs and data collection are filtered through multiple possible security attack rules before they reach the server for processing. We follow industry-standard coding practices and review processes while developing our applications. We also adhere to a periodic password rotation policy for all our internal and external tokens and keys.