Privacy Policy

At TimeSentry, we are committed to protecting your privacy, and we have created this Privacy Policy as part of our Terms of Service to explain what information we collect, how your information is collected, and how we may use it on our website, including timesentry.ai, timesentry.azurewebsites.net, our collected platforms, and other websites and services that we operate.

As you will see in the Policy, we only use the information collected to improve our services for our users. If after reviewing the Policy you have any further questions, please contact us at info@timesentry.ai

1. Definitions

• When we say, “we,” “our,” or “us,” we’re referring to TimeSentry, Inc. including our company, our employees, directors, officers, affiliates, and subsidiaries.
• When we say “you” or “your,” we are referring to the person or entity that’s registered with us to use the TimeSentry Services.
• When we say “Terms,” we mean our Terms of Service, which includes our Privacy Policy.
• When we say “Websites,” we mean our websites located at timesentry.ai, timesentry.azurewebsites.net and all subdomains and sites associated with those domains, and other websites that we operate now and in the future.
• When we say “Services,” we mean our Websites, Application Programming Interfaces (APIs), applications, our content, and various third-party services that make up TimeSentry.
• When we say “TimeSentry,” we mean our Websites and Services collectively.
• When we say “information,” we mean all of the different forms of data that you provide us and that we collect from you from your use of the Services, your software, and your devices.

2. Information We Collect

• Information you provide to us: When you register for and use TimeSentry, you are providing us with information, which we collect. This information may include your name, billing and mailing address, email address, phone number, and credit card information. We use a third-party intermediary to manage credit card processing. This intermediary is not permitted to store, retain, or use your billing information for any purpose except for credit card processing on our behalf.
• Information from your use of Services: This information may include IP Address, location information, date and time, browser type, and any other action you might have taken to use and while using the Services.
• Cookies: When you use TimeSentry, we store "cookies," which are strings of code, on your computer. We use those cookies to collect information about when you visit our Website, when you use the Services, your browser, your operating system, and other similar information. Most browsers allow you to block and delete cookies. However, if you block our cookies, our Services may not work properly.
• Third Party Cookies: The use of cookies by third parties is not covered by our Privacy Policy. We do not have access or control over these cookies. Third parties use session ID cookies to make it easier for you to navigate our Websites. We use third-party services to provide the necessary hardware, software, networking, storage, and related technology required to run and improve our Services.
• Web Beacons: Our third party partners may employ web beacons to track online user movement to help us better understand what content is effective. Web beacons are tiny graphics with a unique identifier that are embedded in websites and in newsletter emails. With web beacons, our third party partners may collect information about you, such as your IP address, your browser or email client type, and other similar details. We use the data from our third party partners to improve our services.
• Information collected through third-party APIs: This information may include items such as calendar entries, emails, messages, or metadata from connected project management software.

3. How We Use and Share Your Information

• To automate your timesheet.
• To create and manage your account.
• To bill you for services and to process payments. This may involve sharing information with service providers such as Stripe.
• To provide and enhance customer support.
• To improve our Services, our products, and to personalize your experience.
• To understand your needs and interests better.
• To send you updates, alerts, and communications about our services. You can opt-out by following the unsubscribe link in our emails.
• To enforce our terms, protect our operations or users, investigate fraud, and respond to government requests.
• When required by law or legal processes, such as subpoenas or court orders, or to establish or exercise our legal rights or defend against legal claims.
• To transfer or share your information:
  • For user-facing features, with your explicit consent.
  • For security purposes, like investigating abuse.
  • During mergers, acquisitions, or asset sales, with your prior consent.
• Regarding human access to your data:
  • We restrict human access, unless:
    • You give us specific consent.
    • For security, like bug investigations.
    • It's mandated by law.
    • The data is aggregated for internal operations per legal standards.
• When sharing with subprocessors, partners, or service providers, like Google, Microsoft, and Stripe.
• When the data doesn't identify you, or when it's aggregate information.
• We will share information with your consent, after providing notice, or under the terms of reorganization, merger, or company sale.

4. Google API Services Disclosure

TimeSentry's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Google User Data We Access (Data Accessed)

Depending on the features you enable, TimeSentry may request the following Google user data via OAuth:

• Gmail (sensitive / restricted scopes): message metadata (sender, recipients, subject, timestamps, message IDs) and message bodies if you enable content analysis for time capture.
• Google Calendar: event details (title, description, start/end, attendees, calendar IDs).
• Google Chat (sensitive / restricted scopes): message metadata and message content in the spaces you authorize.

Exact scopes requested are shown on the Google OAuth consent screen at connect time and can be revoked at any time in your Google Account. (See Google Account → Security → Third-party access.)

How We Use Google User Data (Data Usage)

We use Google user data only to provide the features you've enabled and for no other purpose:

• Automated time capture: Parse eligible emails, calendar events, files, or chat messages to create time entries and suggested narratives.
• Context & attribution: Link activity to clients/projects/matters and apply your billing rules.
• User experience: Show you your own messages/events/files and derived time suggestions inside TimeSentry.
• Operations & security: Ephemeral processing, error handling, abuse prevention, and service reliability.

We do not use Google user data to build advertising profiles, for targeted ads, or to determine credit-worthiness. These uses are prohibited under Google's policy.

Data Sharing

We do not sell or transfer Google user data to third parties except:

• Service providers (sub-processors) strictly necessary to operate TimeSentry (e.g., hosting, logging, monitoring). These providers act on our instructions under data-processing agreements.
• Legal requirements when we are compelled by law (e.g., valid subpoena).
• With your explicit direction (e.g., you export or sync entries to a third-party system).

We do not share Google user data with advertising platforms, data brokers, or information resellers, and we do not allow human access to restricted-scope data except in the limited cases allowed by Google policy (with consent, security/abuse review, legal requirement, or aggregated/anonymous internal operations).

Storage & Protection (Security)

• Persistence: By default, TimeSentry does not persist Gmail message bodies or attachments obtained via Google APIs. Calendar/Drive/Chat content is processed ephemerally to generate time entries. We may store derived artifacts (e.g., a time entry narrative, IDs that link an event to a matter) inside TimeSentry.
• Secrets & transport: OAuth tokens are encrypted at rest; all data in transit uses TLS. Access is role-based and logged.
• Environment: Production environments are hardened and monitored; we conduct regular vulnerability management and least-privilege reviews.

Data Retention & Deletion

• Google user data: If not persisted (as above), it is processed ephemerally and not retained by TimeSentry after completion of the task.
• Derived data: Time entries and related records you approve are retained until you delete them or close your account, subject to legal obligations.
• Your controls: You can disconnect Google at any time via the TimeSentry integrations page or your Google Account. You may request deletion of your TimeSentry account and data by emailing privacy@timesentry.ai; we will complete deletion within 30 days except where retention is required by law or legitimate business needs (e.g., fraud prevention, accounting).
• Revocation: If you revoke Google access, TimeSentry will cease accessing your Google data immediately and will remove any active tokens.

Your Choices

• Revoke TimeSentry's Google access at any time in your Google Account Security settings.
• Manage scopes during connection; we only request scopes necessary for the features you choose.

Hosting & Availability of This Policy

This privacy policy is hosted at https://timesentry.ai/privacy, is publicly accessible without login, and is linked from our home page and from our Google OAuth consent screen, as required by Google's verification program.

5. Training of AI models

We use AI models to help you automate your timesheet. In this process, we collect information on an opt-in basis which may include: your billing guidelines, preferred entry styles, calendar entries, email messages, and content from connected project management software. In addition, we collect additional metadata as provided by connected data sources. This information is used to prompt AI models in order to create time records.

In some cases this information we collect input directly by the the user, while in other cases we access such information via third-party APIs, such as Google Workspace API or Microsoft Graph API.

Information collected via the Google Workspace API is not stored, nor is it used to develop, improve, or train generalized AI and/or ML models.

Information collected via the Microsoft Graph API is not stored, nor is it used to develop, improve, or train generalized AI and/or ML models.

After our AI models have created time records, such time records as well as user feedback are stored and may be used to improve our internal algorithms and prompts.

6. Public Information and Third Parties

• Third Parties: We are not responsible and this Privacy Policy does not cover your use of any third-party widgets, features, or websites or links to third-party websites or services. We encourage you to read the privacy policy of any third-party site you visit or service you use carefully.
• Public Information: Please be aware that if you share information publicly on our Services, it may be indexable by search engines.

7. Security

We have implemented reasonable security mechanisms to protect your information from loss, misuse and unauthorized access, disclosure, alteration and destruction. We use encryption technology for credit card numbers and passwords. However, please remember that no security system is impenetrable. We cannot guarantee the security of our databases or the databases of the third parties with which we may share such information, nor can we guarantee that the information you supply will not be intercepted while being transmitted over the Internet. We are not responsible for the actions of third parties.

8. California Consumer Privacy Act (CCPA)

If you are a California resident, please refer to the California Consumer Privacy Act (CCPA) Notice for more information about our practices and requests you may make under the CCPA.

9. Correcting and Updating Information

If you are our customer and would like to access or delete information that you provided, you may do this by signing in to TimeSentry and making the change or by emailing us at info@timesentry.ai. We will respond to your request within 30 days. We may decline to process unreasonable requests or requests that are not otherwise required by local law.

We retain your information and data that we process on your behalf as long as your account is active, as needed to provide our Services, and as necessary to comply with our legal obligations and resolve disputes.

We have no direct relationship with third parties with whom our users may interact using the Services. Any such party who would like to amend or delete data which may be stored in the Services should direct his or her request to the applicable TimeSentry user acting as the “data controller” for such information.

Any such party who no longer wishes to be contacted by a TimeSentry user, should contact that TimeSentry user directly.

10. Updates to this Privacy Policy

We reserve the right to modify this privacy statement at any time, so please review it frequently. If we make material changes to this policy, we will notify you here and by email.

11. Children's Privacy

TimeSentry is intended for business use and is not directed to children under 13. We do not knowingly collect personal information from children.

12. Effective Date

This Privacy Policy has the same Effective Date as our Terms.

13. Questions

Questions or requests (including access, correction, or deletion): privacy@timesentry.ai

Mailing address: TimeSentry, Inc., 43 Maujer St. #2, Brooklyn, NY 11206, United States.

Effective date: [Insert date]