Privacy Policy

Effective date: March 24, 2026

This Privacy Policy explains, in extensive and intentionally detailed language, how TimeDrop (“TimeDrop”, “we”, “our”, “us”) handles information in connection with your use of https://timedrop.work and any related pages, dashboards, tools, generated documents, support channels, and connected service functionality.

By creating an account, logging in, using a free or paid feature, opening generated files, submitting support requests, or otherwise interacting with the service, you acknowledge that your information is collected, processed, retained, disclosed, and deleted as described in this document, subject to applicable law and operational necessity.

1. Scope and Interpretation

This policy applies to personal information, account records, workspace records, operational telemetry, and related metadata processed through TimeDrop. It should be read together with our Terms & Conditions and any notices presented at account creation, login, checkout, or support submission.

For the avoidance of doubt, where this policy refers to “processing,” that term includes collection, recording, organization, storage, adaptation, retrieval, consultation, use, transmission, restriction, deletion, and destruction of data across production systems, backups, and security monitoring workflows.

2. General Processing Principles

We process information for practical service operation, service continuity, account security, billing administration, abuse prevention, and technical reliability. We do not process personal data for unrelated advertising resale programs and do not monetize customer client lists by selling them to third-party advertisers.

Where feasible and consistent with the service model, we apply data minimization, purpose limitation, and access controls. However, because infrastructure systems and support operations require records for diagnostics and continuity, some data may remain in system logs or backups for finite retention windows even after user-facing deletion actions are initiated.

3. Information We Collect

In order to provide the service in a reliable and predictable manner, we collect the following categories of data:

• Account data: email address, name (optional), authentication details.
• Workspace data: client names, hourly rates, tracked time sessions, project and invoice details.
• Generated files: invoice PDFs stored in Cloudflare R2.
• Technical data: basic request metadata, logs, device/browser data, and abuse-prevention signals.
• Support data: messages submitted through support/help channels.

These categories may include user-provided information, system-generated records, inferred operational data required for fraud controls, and event-level logs needed to maintain product stability and account integrity.

4. How We Use Your Data

We use your information solely as necessary to provide, maintain, support, secure, and improve TimeDrop functionality in accordance with our business model and technical architecture. Typical use cases include, without limitation, the following:

• Creating and securing your account and authenticated sessions.
• Operating timer tracking, project records, client records, and invoice generation workflows.
• Storing, retrieving, and serving generated PDF invoices.
• Processing subscription lifecycle events and billing status through Freemius.
• Providing support, troubleshooting service defects, and enforcing anti-abuse safeguards.

We do not sell your personal data. We do not sell your client list, project records, invoice records, or related workspace information to third-party advertisers.

5. Services and Infrastructure

• Application layer: Next.js web application and related APIs.
• Primary data store: MongoDB for account, client, rate, tracked-time, and invoice-associated records.
• File storage: Cloudflare R2 for generated invoice PDF files.
• Payment processing: Freemius for checkout, subscription state, and payment event handling.

6. Data Sharing and Disclosures

We share data with third-party processors only to the extent reasonably necessary for infrastructure hosting, database operations, storage, payment processing, authentication workflows, and customer support tooling. Such disclosures are made for service operation, not data brokerage or advertising resale.

We may additionally disclose relevant data when required by law, regulation, legal process, enforceable governmental request, or when such disclosure is reasonably necessary to protect users, investigate fraud, defend legal claims, or preserve platform integrity.

7. Retention Periods

We retain account and workspace information for as long as required to provide services, process subscriptions, support account access, resolve disputes, and comply with legal obligations. Retention periods may vary by data category, operational necessity, and regulatory context.

Backups, archival snapshots, and security logs may persist for limited cycles before final deletion, even where live account records have been removed from active datasets.

8. Data Deletion Requests

You may request permanent deletion of your account and associated data, including client records, tracked sessions, and invoice-related records, by contacting support through the website using your account email details.

After verifying ownership and request authenticity, we will process deletion within a commercially reasonable period, subject to technical constraints, fraud prevention controls, and legal retention obligations. During processing windows, some records may remain temporarily in backup systems pending scheduled purge routines.

9. Security and Safeguards

We implement administrative, technical, and organizational safeguards designed to reduce unauthorized access, accidental disclosure, misuse, alteration, or destruction of data. Notwithstanding these safeguards, no online system can guarantee absolute or uninterrupted security.

10. International Transfers

Depending on your location and the geographic distribution of our providers, your data may be processed in jurisdictions different from your own. By using the service, you understand and accept that cross-border transfers may occur as part of normal infrastructure operation.

11. Children's Data

TimeDrop is not directed to children under 13, or any higher minimum age required under local law. We do not knowingly solicit or intentionally collect personal data from children in violation of applicable requirements.

12. Policy Revisions

We may update this Privacy Policy periodically to reflect legal, technical, or operational changes. Updated versions become effective upon posting unless a later effective date is specifically indicated.

13. Contact and Requests

For privacy questions, access requests, correction requests, or deletion requests, contact us through the support/help channel available on the website.