Last updated: Jan 12, 2021

Terms of Service

1. Introduction

Welcome to (“Company,” “we,” “our,” “us”)!

These Terms of Service (“Terms,” “Terms of Service”) govern your use of our website located at (together or individually “Service”) operated by

Our Privacy Policy also governs your use of our Service and explains how we collect, safeguard and disclose information that results from your use of our web pages.

Your agreement with us includes these Terms and our Privacy Policy (“Agreements”). You acknowledge that you have read and understood Agreements and agree to be bound.

If you do not agree with (or cannot comply with) Agreements, then you may not use the Service, but please let us know by emailing at so we can try to find a solution. These Terms apply to all visitors, users, and others who wish to access or use Service.

2. Communications

Using our Service, you agree to subscribe to newsletters, marketing or promotional materials, and other information we may send. However, you may opt-out of receiving any or all of these communications from us by following the unsubscribe link or emailing

3. Purchases

If you wish to purchase any product or service made available through Service (“Purchase”), you may be asked to supply certain information relevant to your Purchase including but not limited to your credit or debit card number, the expiration date of your card, your billing address, and your shipping information.

You represent and warrant that:

  • You have the legal right to use any card(s) or another payment method (s) in connection with any Purchase
  • The information you supply to us is true, correct, and complete.

We may employ third-party services to facilitate payment and the completion of Purchases. By submitting your information, you grant us the right to provide the information to these third parties subject to our Privacy Policy.

We reserve the right to refuse or cancel your order at any time for reasons including but not limited to product or service availability, errors in the description or price of the product or service, error in your order, or other reasons.

We reserve the right to refuse or cancel your order if fraud or an unauthorized or illegal transaction is suspected.

4. Contests, Sweepstakes, and Promotions

Any contests, sweepstakes, or other promotions (collectively, “Promotions”) made available through Service may be governed by rules separate from these Terms of Service. Please review the applicable regulations and our Privacy Policy if you participate in any Promotions. If the Promotion conflicts with these Terms of Service restrictions, Promotion rules will apply.

5. Subscriptions

Our Services are billed on a subscription basis ("Subscription(s)"). You will be billed in advance on a recurring and periodic basis ("Billing Cycle"). Billing cycles will be set depending on the type of subscription plan you select when purchasing a Subscription.

At the end of each Billing Cycle, your Subscription will automatically renew under the same conditions unless you cancel it or cancels it. You may cancel your Subscription renewal either through your online account management page or by contacting the customer support team.

A valid payment method is required to process the payment for your subscription. You shall provide with accurate and complete billing information that may include but not be limited to full name, address, state, postal or zip code, telephone number, and valid payment method information.

By submitting such payment information, you automatically authorize to charge all Subscription fees incurred through your account to any such payment instruments.

Should automatic billing fail to occur for any reason, timeTracko reserves the right to terminate your access to the Service with immediate effect.

6. Free Trial

timeTracko may, at its sole discretion, offer a Subscription with a free trial for a limited time ("Free Trial").

You may be required to enter your billing information to sign up for Free Trial.

If you do enter your billing information when signing up for Free Trial, you will not be charged by until Free Trial has expired. On the last day of the Free Trial period, unless you canceled your Subscription, you will be automatically charged the applicable Subscription fees for the type of Subscription you have selected.

At any time and without notice, timeTracko reserves the right to (i) modify Terms of Service of Free Trial offer or (ii) cancel such Free Trial offer.

7. Fee Changes

timeTracko, in its sole discretion and at any time, may modify Subscription fees for the Subscriptions. Any Subscription fee change will become effective at the end of the then-current Billing Cycle.

timeTracko will provide you with reasonable prior notice of any change in Subscription fees to allow you to terminate your Subscription before such change becomes effective.

Your continued use of Service after the Subscription fee change comes into effect constitutes your agreement to pay the modified Subscription fee amount.

8. Refunds

We issue refunds for Contracts within 30 days of the Contract’s original purchase.

9. Content

Our Service allows you to post, link, store, share and otherwise make available certain information, text, graphics, videos, or other material (“Content”). You are responsible for Content that you post on or through Service, including its legality, reliability, and appropriateness.

By posting Content on or through Service, You represent and warrant that: (i) Content is yours (you own it) and/or you have the right to use it and the right to grant us the rights and license as provided in these Terms, and (ii) that the posting of your Content on or through Service does not violate the privacy rights, publicity rights, copyrights, contract rights or any other rights of any person or entity. We reserve the right to terminate the account of anyone found to be infringing on a copyright.

You retain any of your rights to any Content you submit, post, or display on or through Service and are responsible for protecting those rights. We take no responsibility and assume no liability for Content you or any third party posts on or through Service. However, by posting Content using Service, you grant us the right and license to use, modify, publicly perform, publicly display, reproduce, and distribute such Content on and through Service. You agree that this license includes the right to make your Content available to other users of Service, who may also use your Content subject to these Terms.

timeTracko has the right but not the obligation to monitor and edit all users’ content.

Besides, Content found on or through this Service is the property of or used with permission. You may not distribute, modify, transmit, reuse, download, repost, copy, or use said Content, whether in whole or in part, for commercial purposes or personal gain, without express advance written permission from us.

10. Prohibited Uses

You may use Service only for lawful purposes and in accordance with Terms. You agree not to use Service:

  • In any way that violates any applicable national or international law or regulation.
  • To exploit, harm, or attempt to exploit or harm minors in any way by exposing them to inappropriate content or otherwise.
  • To transmit, or procure the sending of, any advertising or promotional material, including any “junk mail,” “chain letter,” “spam,” or any other similar solicitation.
  • To impersonate or attempt to impersonate Company, a Company employee, another user, or any other person or entity.
  • In any way that infringes upon others’ rights or is illegal, threatening, fraudulent, or harmful, or in connection with any unlawful, illegal, fraudulent, or harmful purpose or activity.
  • To engage in any other conduct that restricts or inhibits anyone’s use or enjoyment of Service, or which, as determined by us, may harm or offend Company or users of Service or expose them to liability.

Additionally, you agree not to:

  • Use Service in any manner that could disable, overburden, damage, or impair Service or interfere with any other party’s use of Service, including their ability to engage in real-time activities through Service.
  • Use any robot, spider, or other automatic device, process, or means to access Service for any purpose, including monitoring or copying any of the material on Service.
  • Use any manual process to monitor or copy any of the material on Service or for any other unauthorized purpose without our prior written consent.
  • Use any device, software, or routine that interferes with Service’s proper working.
  • Introduce any viruses, trojan horses, worms, logic bombs, or other material which is malicious or technologically harmful.
  • Attempt to gain unauthorized access to, interfere with, damage, or disrupt any parts of Service, the server on which Service is stored, or any server, computer, or database connected to Service.
  • Attack Service via a denial-of-service attack or a distributed denial-of-service attack.
  • Take any action that may damage or falsify the Company rating.
  • Otherwise, attempt to interfere with the proper working of Service.

11. Analytics

We may use third-party Service Providers to monitor and analyze our service’s use.

12. No Use By Minors

Service is intended only for access and use by individuals at least eighteen (18) years old. By accessing or using Service, you warrant and represent that you are at least eighteen (18) years of age and with the full authority, right, and capacity to enter into this agreement and abide by all of the terms and conditions of Terms. If you are not eighteen (18) years old, you are prohibited from both the access and usage of Service.

13. Accounts

When you create an account with us, you guarantee that you are above the age of 18 and that the information you provide us is accurate, complete, and current at all times. Inaccurate, incomplete, or obsolete information may result in your account’s immediate termination of Service.

You are responsible for maintaining your account and password’s confidentiality, including but not limited to the restriction of access to your computer and/or account. You agree to accept responsibility for any and all activities or actions that occur under your account and/or password, whether your password is with our Service or a third-party service. You must notify us immediately upon becoming aware of any breach of security or unauthorized use of your account.

You may not use as a username the name of another person or entity, or that is not lawfully available for use, a name or trademark that is subject to any rights of another person or entity other than you, without appropriate authorization. You may not use as a username any offensive, vulgar, or obscene name.

We reserve the right to refuse service, terminate accounts, remove or edit content, or cancel orders at our sole discretion.

14. Intellectual Property

Service and its original content (excluding Content provided by users), features, and functionality will remain the exclusive property of and its licensors. Service is protected by copyright, trademark, and other foreign countries’ laws. Our trademarks may not be used in connection with any product or service without the prior written consent of timeTracko.

15. Copyright Policy

We respect the intellectual property rights of others. Our policy is to respond to any claim that Content posted on Service infringes on the copyright or other intellectual property rights (“Infringement”) of any person or entity.

If you are a copyright owner or authorized on behalf of one, and you believe that the copyrighted work has been copied in a way that constitutes copyright infringement, please submit your claim via email to, with the subject line: “Copyright Infringement” and include in your claim a detailed description of the alleged Infringement as detailed below, under “DMCA Notice and Procedure for Copyright Infringement Claims.”

You may be held accountable for damages (including costs and attorneys’ fees) for misrepresentation or bad-faith claims on the infringement of any Content found on and/or through Service on your copyright.

16. DMCA Notice and Procedure for Copyright Infringement Claims

You may submit a notification pursuant to the Digital Millennium Copyright Act (DMCA) by providing our Copyright Agent with the following information in writing (see 17 U.S.C 512(c)(3) for further detail):

  • an electronic or physical signature of the person authorized to act on behalf of the owner of the copyright’s interest;
  • a description of the copyrighted work that you claim has been infringed, including the URL (i.e., web page address) of the location where the copyrighted work exists or a copy of the copyrighted work;
  • identification of the URL or other specific location on Service where the material that you claim is infringing is located;
  • your address, telephone number, and email address;
  • a statement by you that you have a good faith belief that the disputed use is not authorized by the copyright owner, its agent, or the law;
  • a statement by you, made under penalty of perjury, that the above information in your notice is accurate and that you are the copyright owner or authorized to act on the copyright owner’s behalf.

You can contact our Copyright Agent via email at

17. Error Reporting and Feedback

You may provide us either directly at or via third-party sites and tools with information and feedback concerning errors, suggestions for improvements, ideas, problems, complaints, and other matters related to our Service (“Feedback”). You acknowledge and agree that:

  • you shall not retain, acquire or assert any intellectual property right or other rights, title or interest in or to the Feedback;
  • Company may have developed ideas similar to the Feedback;
  • Feedback does not contain confidential information or proprietary information from you or any third party, and
  • Company is not under any obligation of confidentiality with respect to the Feedback.

In the event the transfer of the ownership to the Feedback is not possible due to applicable mandatory laws, you grant Company and its affiliates an exclusive, transferable, irrevocable, free-of-charge, sub-licensable, unlimited, and perpetual right to use (including copy, modify, create derivative works, publish, distribute and commercialize) Feedback in any manner and for any purpose.

18. Links To Other Websites

Our Service may contain links to third-party websites or services that are not owned or controlled by timeTracko.

timeTracko has no control over and assumes no responsibility for the content, privacy policies, or practices of any third-party websites or services. We do not warrant the offerings of any of these entities/individuals or their websites.

You acknowledge and agree that the company shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods, or services available on or through any such third-party websites or services.

We strongly advise you to read the terms of service and privacy policies of any third-party websites or services that you visit.

19. Disclaimer Of Warranty

These services are provided by the company on an “as is” and “as available” basis. Company makes no representations or warranties of any kind, express or implied, as to the operation of their services, or the information, content, or materials included therein. You expressly agree that your use of these services, their content, and any services or items obtained from us is at your sole risk.

Neither company nor any person associated with the company makes any warranty or representation with respect to the completeness, security, reliability, quality, accuracy, or availability of the services. Without limiting the foregoing, neither company nor anyone associated with company represents or warrants that the services, their content, or any services or items obtained through the services will be accurate, reliable, error-free, or uninterrupted, that defects will be corrected, that the services or the server that makes it available are free of viruses or other harmful components or that the services or any services or items obtained through the services will otherwise meet your needs or expectations.

Company hereby disclaims all warranties of any kind, whether express or implied, statutory, or otherwise, including but not limited to any warranties of merchantability, non-infringement, and fitness for particular purpose.

The foregoing does not affect any warranties which cannot be excluded or limited under applicable law.

20. Limitation Of Liability

Except as prohibited by law, you will hold us and our officers, directors, employees, and agents harmless for any indirect, punitive, special, incidental, or consequential damage; however it arises (including attorneys’ fees and all related costs and expenses of litigation and arbitration, or at trial or on appeal, if any, whether or not litigation or arbitration is instituted), whether in an action of contract, negligence, or other tortious action, or arising out of or in connection with this agreement, including without limitation any claim for personal injury or property damage, arising from this agreement and any violation by you of any federal, state, or local laws, statutes, rules, or regulations, even if company has been previously advised of the possibility of such damage. Except as prohibited by law, if there is liability found on the part of the company, it will be limited to the amount paid for the products and/or services, and under no circumstances will there be consequential or punitive damages. Some states do not allow the exclusion or limitation of punitive, incidental, or consequential damages, so the prior limitation or exclusion may not apply to you.

21. Termination

We may terminate or suspend your account and bar access to Service immediately, without prior notice or liability, under our sole discretion, for any reason whatsoever and without limitation, including but not limited to a breach of Terms.

If you wish to terminate your account, you may simply discontinue using Service.

All provisions of Terms which by their nature should survive termination shall survive termination, including, without limitation, ownership provisions, warranty disclaimers, indemnity, and limitations of liability.

22. Governing Law

According to Australia’s laws, these Terms shall be governed and construed, which governing law applies to an agreement without regard to its conflict of law provisions.

Our failure to enforce any right or provision of these Terms will not be considered a waiver of those rights. If any provision of these Terms is held to be invalid or unenforceable by a court, these Terms’ remaining provisions will remain in effect. These Terms constitute the entire agreement between us regarding our Service and supersede and replace any prior agreements we might have had between us regarding Service.

23. Changes To Service

We reserve the right to withdraw or amend our Service and any service or material we provide via Service, in our sole discretion without notice. We will not be liable if for any reason all or any part of Service is unavailable at any time or for any period. From time to time, we may restrict access to some parts of the Service, or the entire Service, to users, including registered users.

24. Amendments To Terms

We may amend the Terms at any time by posting the amended terms on this site. It is your responsibility to review these Terms periodically.

Your continued use of the Platform following the posting of revised Terms means that you accept and agree to the changes. You are expected to check this page frequently, so you know any changes, as they are binding on you.

By continuing to access or use our Service after revisions become effective, you agree to be bound by the revised terms. If you do not agree to the new terms, you are no longer authorized to use Service.

25. Waiver And Severability

No waiver by Company of any term or condition outlined in Terms shall be deemed a further or continuing waiver of such term or condition or a waiver of any other term or condition, and any failure of Company to assert a right or provision under Terms shall not constitute a waiver of such right or provision.

If any provision of Terms is held by a court or other tribunal of competent jurisdiction to be invalid, illegal, or unenforceable for any reason. In that case, such provision shall be eliminated or limited to the minimum extent such that the remaining provisions of Terms will continue in full force and effect.

26. Acknowledgement

By using service or other services provided by us, you acknowledge that you have read these terms of service and agree to be bound by them.

27. Contact Us

Please send your feedback, comments, requests for technical support by email:

Last updated: Jan 12, 2021

Privacy Policy

1. Introduction

Welcome to timeTracko.

timeTracko (“us,” “we,” or “our”) operates (from now on referred to as “Service”).

Our Privacy Policy governs your visit to and explains how we collect, safeguard and disclose information that results from your use of our Service.

We use your data to provide and improve Service. By using Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as in our Terms and Conditions.

Our Terms and Conditions (“Terms”) govern all use of our Service and, together with the Privacy Policy, constitutes your agreement with us (“Agreement”).

2. Definitions

SERVICE means the website operated by timeTracko.

PERSONAL DATA means data about a living individual who can be identified from that data (or from that and other information either in our possession or likely to come into our possession).

USAGE DATA is data collected automatically either generated by the use of Service or Service infrastructure itself (for example, the duration of a page visit).

COOKIES are small files stored on your device (computer or mobile device).

DATA CONTROLLER means a natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed. For this Privacy Policy, we are a Data Controller of your data.

DATA PROCESSORS (OR SERVICE PROVIDERS) means any natural or legal person who processes the data on behalf of the Data Controller. We may use various Service Providers’ services to process your data more effectively.

THE USER is the individual using our Service. The User corresponds to the Data Subject, the subject of Personal Data.

3. Information Collection and Use

We collect several different types of information for various purposes to provide and improve our Service to you.

4. Types of Data Collected

Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally, identifiable information may include, but is not limited to:

  • Email address
  • First name and last name
  • Phone number
  • Address, Country, State, Province, ZIP/Postal code, City
  • Cookies and Usage Data

We may use your Data to contact you with newsletters, marketing or promotional materials, and other information that may be of interest to you. You may opt out of receiving any of these communications from us by following the unsubscribe link.

Usage Data

We may also collect information that your browser sends whenever you visit our Service or access Service by or through any device (“Usage Data”).

This Usage Data may include information such as your computer’s Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When you access Service with a device, this Usage Data may include information such as the type of device you use, your unique device ID, the IP address of your device, your device operating system, the type of Internet browser you use, unique device identifiers and other diagnostic data.

Tracking Cookies Data

We use cookies and similar tracking technologies to track our service’s activity, and we hold certain information.

Cookies are files with a small amount of data that may include a unique anonymous identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies are also used, such as beacons, tags, and scripts, to collect and track information and improve and analyze our Service.

You can instruct your browser to refuse all cookies or indicate when a cookie is being sent. However, if you do not accept cookies, you may not use some of our service portions.

Examples of Cookies we use:

  • Session Cookies: We use Session Cookies to operate our Service.
  • Preference Cookies: We use Preference Cookies to remember your preferences and various settings.
  • Security Cookies: We use Security Cookies for security purposes.
  • Advertising Cookies: Advertising Cookies are used to serve you with advertisements that may be relevant to you and your interests.

Other Data

While using our Service, we may also collect the following information: sex, age, date of birth, place of birth, passport details, citizenship, registration at the place of residence and actual address, telephone number (work, mobile), details of documents on education, qualification, professional training, employment agreements, NDA agreements, information on bonuses and compensation, information on marital status, family members, social security (or other taxpayer identification) number, office location, and other data.

5. Use of Data

timeTracko uses the collected data for various purposes:

  • to provide and maintain our Service;
  • to notify you about changes to our Service;
  • to allow you to participate in interactive features of our Service when you choose to do so;
  • to provide customer support;
  • to gather analysis or valuable information so that we can improve our Service;
  • to monitor the usage of our Service;
  • to detect, prevent and address technical issues;
  • to fulfill any other purpose for which you provide it;
  • to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;
  • to provide you with news, special offers, and general information about other goods, services, and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information;
  • in any other way we may describe when you provide the information;
  • for any other purpose with your consent.

6. Retention of Data

We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent required to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or improve our service’s functionality, or we are legally obligated to retain this data for longer periods.

7. Transfer of Data

Your information, including Personal Data, may be transferred to – and maintained on – computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.

If you are located outside Australia and choose to provide information to us, please note that we transfer the data, including Personal Data, to Australia and process it there.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

timeTracko will take all the steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy, and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place, including the security of your data and other personal information.

8. Disclosure of Data

We may disclose personal information that we collect, or you provide:

Business Transaction

If our subsidiaries or we are involved in a merger, acquisition, or asset sale, your Personal Data may be transferred.

Other cases. We may disclose your information also:
  • To our subsidiaries and affiliates;
  • To contractors, service providers, and other third parties we use to support our business;
  • To fulfill the purpose for which you provide it;
  • To include your company’s logo on our website;
  • For any other purpose disclosed by us when you provide the information;
  • with your consent in any other cases;
  • If we believe disclosure is necessary or appropriate to protect the Company’s rights, property, or safety, our customers, or others.

9. Security of Data

Your data’s security is important to us but remember that no transmission method over the Internet or electronic storage method is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

10. Your Data Protection Rights Under General Data Protection Regulation (GDPR)

If you are a European Union resident (EU) and European Economic Area (EEA), you have certain data protection rights covered by GDPR.

We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.

If you wish to be informed what Personal Data we hold about you and if you want it to be removed from our systems, please email us at

In certain circumstances, you have the following data protection rights:

  • the right to access, update, or to delete the information we have on you;
  • the right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete;
  • the right to object. You have the right to object to our processing of your Personal Data;
  • the right of restriction. You have the right to request that we restrict the processing of your personal information;
  • the right to data portability. You have the right to be provided with a copy of your Personal Data in a structured, machine-readable, and commonly used format;
  • the right to withdraw consent. You also have the right to withdraw your consent at any time where we rely on your consent to process your personal information;

Please note that we may ask you to verify your identity before responding to such requests. Please note, we may not be able to provide Service without some necessary data.

You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. Please contact your local data protection authority in the European Economic Area (EEA) for more information.

11. Your Data Protection Rights under the California Privacy Protection Act (CalOPPA)

CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law’s reach stretches well beyond California to require a person or company in the United States (and conceivable the world) that operates websites collecting personally identifiable information from California consumers to post a conspicuous privacy policy on its website stating exactly the data being collected and those individuals with whom it is being shared and to comply with this policy.

According to CalOPPA, we agree to the following:

  • users can visit our site anonymously;
  • our Privacy Policy link includes the word “Privacy” and can easily be found on the homepage of our website;
  • users will be notified of any privacy policy changes on our Privacy Policy Page;
  • ers can change their personal information by emailing us at

Our Policy on “Do Not Track” Signals:

We honor Do Not Track signals and do not track plant cookies or use advertising when a Do Not Track browser mechanism is in place. Do Not Track is a preference you can set in your web browser to inform websites you do not want to track.

You can enable or disable Do Not Track by visiting your web browser’s Preferences or Settings page.

12. Your Data Protection Rights under the California Consumer Privacy Act (CCPA)

If you are a California resident, you are entitled to learn what data we collect about you, ask to delete your data, and not to sell (share) it. To exercise your data protection rights, you can make certain requests and ask us:

0.1 What personal information we have about you. If you make this request, we will return to you:

  • The categories of personal information we have collected about you.
  • The categories of sources from which we collect your personal information.
  • The business or commercial purpose for collecting or selling your personal information.
  • The categories of third parties with whom we share personal information.
  • The specific pieces of personal information we have collected about you.
  • A list of categories of personal information that we have sold, along with the category of any other company we sold it to. If we have not sold your data, we will inform you of that fact.
  • A list of categories of personal information that we have disclosed for a business purpose, along with the category of any other company we shared it with.

Please note, you are entitled to ask us to provide you with this information up to two times in a rolling twelve-month period. When you make this request, the information provided may be limited to the personal information we collected about you in the previous 12 months.

0.2. To delete your personal information. If you make this request, we will delete the personal information we hold about you regarding the date of your request from our records and direct any service providers to do the same. In some cases, deletion may be accomplished by de-identifying the information. If you choose to delete your personal information, you may not use certain functions that require your personal information to operate.

0.3. To stop selling your personal information. We don’t sell or rent your personal information to any third parties for any purpose. We do not sell your data for monetary consideration. However, under some circumstances, a transfer of personal information to a third party, or within our family of companies, without monetary consideration may be considered a “sale” under California law. You are the only owner of your Personal Data and can request disclosure or deletion at any time.

If you submit a request to stop selling your personal information, we will stop making such transfers.

Please note, if you ask us to delete or stop selling your data, it may impact your experience with us. You may not be able to participate in certain programs or membership services that require the usage of your personal information to function. But in no circumstances will we discriminate against you for exercising your rights.

To exercise your California data protection rights described above, please send your request(s) by email:

Your data protection rights, described above, are covered by the CCPA, short for the California Consumer Privacy Act. To find out more, visit the official California Legislative Information website. The CCPA took effect on 01/01/2020.

13. Service Providers

We may employ third-party companies and individuals to facilitate our Service (“Service Providers”), provide Service on our behalf, perform Service-related services or assist us in analyzing how our Service is used.

These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

14. Analytics

We may use third-party Service Providers to monitor and analyze our service’s use.

15. CI/CD Tools

We may use third-party Service Providers to automate our service’s development process.

16. Behavioral Remarketing

We may use remarketing services to advertise on third-party websites to you after visiting our Service. Our third-party vendors and we use cookies to inform, optimize and serve ads based on your past visits to our Service.

17. Payments

We may provide paid products and/or services within Service. In that case, we use third-party services for payment processing (e.g., payment processors).

We will not store or collect your payment card details. That information is provided directly to our third-party payment processors, whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express, and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

18. Links to Other Sites

Our Service may contain links to other sites not operated by us. If you click a third-party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

19. Children’s Privacy

Our Services are not intended for use by children under the age of 18 (“Child” or “Children”).

We do not knowingly collect personally identifiable information from children under 18. If you become aware that a child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verifying parental consent, we remove that information from our servers.

20. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

We will let you know via email and a prominent notice on our Service before the change becomes effective and update “effective date” at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when posted on this page.

21. Contact Us

If you have any questions about this Privacy Policy, please contact us by email:

Effective as of April 1, 2021

Cookies Policy

1. Introduction

Like most companies, timeTracko uses automatic data collection tools, such as cookies, web beacons, and other device identification technologies, to operate our services and website. We use these tools to understand how you use our services and website, for advertising purposes, and to discover what is useful to our users.

This Cookie Notice explains how we use Cookies when:

  • You visit any of our websites that link to this Cookie Notice (such as or interact with any timeTracko online advertising or marketing emails;
  • You use any of our mobile apps; or
  • You use timeTracko products and services deployed by your organization.

This applies to all timeTracko users and to all timeTracko platforms and services, including our apps, websites, features, and other services (collectively, the “timeTracko Platform”). When we talk about “timeTracko,” “we,” “our,” or “us,” in this notice, we are referring to MyStaff LLC and its group companies, including timeTracko.

Some cookies that we use at timeTracko will collect personal information about you or information that becomes personal information if we combine it with other data. Any personal information that we collect will be used in accordance with our Privacy Policy.

2. What Are Cookies?

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer or other device(s). Cookies send data back to the originating website on each subsequent visit or share data with another website that recognizes that cookie. Unless you have adjusted your browser settings so that it will refuse cookies, our system will issue cookies as soon as you visit or use the timeTracko Platform.

There are different types of cookies that vary by who sets them and for how long they endure, for example:

  • First-party cookies are those that are set directly by timeTracko;
  • Third-party cookies are set on our behalf, for example, by advertisers and data analytics companies;
  • Session cookies only last only as long as your browser is open and are deleted automatically once you close your browser;
  • Persistent cookies survive after your browser is closed, allowing for the recognition of your device when you open your browser and browse the Internet again.

3. Types of Cookies We Use and Why

When you visit or interact with the timeTracko Platform, we use first- and third-party cookies for a variety of purposes:

  • Essential Cookies: Some cookies are required for technical reasons in order for our website, app, and product to operate, and we refer to these as “essential” cookies.
  • Functional Cookies: Cookies enable us to track how our users and prospects use and interact with our website, app, or other services. This allows us to enhance and tailor the user experience, recognize your device, and secure your access to our services. We refer to these as “functional” cookies.
  • Advertising Cookies: We use cookies to let us know how well our online advertising works. These cookies allow us to deliver more targeted online advertising and marketing campaigns.
  • Analytical Cookies: Cookies also enable us to conduct analytics about online campaigns we are running as well as the usage and performance of our Platform.

4. How You Can Manage Cookies

You have many rights and controls when it comes to managing cookies. Please note, though, that if you reject all cookies, this may impact the functionality of and your experience with the timeTracko Platform. This may worsen your overall user experience since it will no longer be personalized to you. It may also stop you from saving customized settings, like login information.

Cookie Preferences: You can exercise your cookie preferences by setting or amending your browser controls. Most web browsers allow you to:

  • Accept or reject all cookies;
  • Manage cookies on a site-by-site basis; or
  • Manage cookies on a cookie-type basis.

Web browser manufacturers maintain help pages that provide details on how you can make cookie preference choices:

For browsers not listed above, you should consult the documentation provided by your browser manufacturer.

5. Learn More About Cookies

If you would like to know more about cookies and how to manage them, including information about what cookies have been set on your device, All About Cookies is a useful resource as is Your Online Choices (for EU residents).

6. Do Not Track (DNT) Signals

Some web browsers, such as Internet Explorer, Firefox, and Safari, may give you the ability to enable a “Do Not Track” feature that sends signals to the websites you visit, indicating that you do not want your online activities tracked. This is not the same as blocking or deleting cookies, because browsers with a “Do Not Track” feature enabled may still accept cookies.

There is currently no industry standard for how companies should respond to DNT signals, although one may be developed in the future. As a result, we do not respond to DNT signals at this time. If we do so in the future, we will describe how in this Cookie Notice.

7. Changes to This Notice

We may update this notice from time to time in response to changing technologies, industry practices, regulatory requirements, or for other purposes. Please visit this Notice regularly to stay up to date on our use of cookies. The date at the top of this Notice tells you when it was last updated.

8. Contact Us

We encourage you to contact us if you have any comments or questions about this Notice or our related privacy practices. You may reach us at

Last updated: Jan 12, 2021

Affiliate Terms

Affiliate Agreement

Please read the terms specified below:

The affiliate agreement provided herein contains terms of service between us (“timeTracko”) and you (“Affiliates”), which must be abided by while using the offered service of the affiliate program. The terms and conditions are indeed legally binding terms regarding your application as well as participation in timeTracko affiliate program. We request not to use the program if you do not concur with this agreement. By signing up and participating in this affiliate program, we corroborate that you have read all the terms and conditions of timeTracko affiliate program, and you accept to comply with these terms.


Referred customers: They are new and unique customers who are referred via the affiliate link provided by the affiliates.

Dashboard: It contains all the affiliate data such as transactions, revenues and payments, providing an easier means to view affiliate’s statistics.

Referral link/affiliate link/URL: Affiliate links are used by the advertiser to record the traffic sent to their website. They are specific URLs, which is provided in the dashboard that contains the IDs or usernames of specific affiliates.

Commission Threshold: Prior to receiving payment from timeTracko, an affiliate must accrue the specified amount, which is referred to as commission threshold.

Qualified Sale: If an affiliate successfully makes a customer purchase any of timeTracko plans, then it is referred to as qualified sales.

Sub-IDs: Sub IDs are non-unique values that are used by the publisher to gain insight on which affiliate links or platforms or pages lead to conversions. Sub IDs values will be stored whenever affiliate links are clicked and then will be returned in the conversion report.

Enrollment Procedure

To participate in the affiliate program, you must certify to timeTracko that;

  • You are an individual.
  • You are 18 years of age or older.
  • You are not using this program for any unauthorized or illegal purposes.
  • You must not be violating any sorts of rules and regulations set by timeTracko. The agreement will be declared as null and void if found so.

1. Registration

To join the affiliate program of timeTracko, the user has to sign up as an affiliate. While registering, the user must fill up the application form with all the required information. The detailed process will be as per software’s provision. If anyone wishes to cancel participation, he/she can delete the affiliate account.

Once the account is successfully registered, the user is solely responsible for any sorts of activities that occur on that particular account.

2. Affiliate Approval/Denial

Once you complete the registration process, the details of the form will be assessed by our associate teams. Along with the provided details in the application form, the associate team will authenticate the provided platform for advertisement. Most importantly, the request will be declared unqualified or will be rejected if the requirements regarding the provided advertisement platform are not met.

  • Incomplete/New Website: We will not be accepting those applications where the provided websites that do not point to the precise destination. In addition to this, those websites which are brand new, newly registered or contain misleading links will not be accepted because we prioritize the websites that are in the optimal position to refer sales.
  • Invalid Website’s URL: The team assessing your application may require the information on your statistics, previous projects, promotional plans and current campaigns so that they can appropriately qualify the websites. You may supply this information in the description field of the application. However, it doesn’t guarantee the authenticity of your advertising platform. Therefore, you have to carefully provide the URL so that we will be able to uncover the adequate history of your website.
  • Inconsistent Content: We will check the information provided on your website, social network, blogs and ensure that these are registered in your name. The application request will be denied if the contents in your platforms are inconsistent, not professional, contains vulgarity and adult content, which is completely unethical. If you have previously promoted some other product, then we will check the method and content used to promote them.
  • Poor Traffic: Almost every network wants to enrol those affiliates who possess websites that are already established. Likewise others, we will check the traffic of your website and evaluate its value. We will deny the application request if your website’s traffic ranks low and doesn’t meet our traffic standards.
  • Limited Organic Followers in Social Networks: timeTracko affiliate programs also allow affiliates to use their social profiles for promoting the product. However, the profile must be well established, and the channels must allow their users to post affiliate tracking URLs. While assessing the profile, we will keep an account of factors like creation date of profile, engagement and above all number of organic followers. We believe that the profile with a multitude of followers will help the product to reach a large audience which will indeed help in each other’s growth.

Affiliate Dashboard and Affiliate URL

Once approved to be a timeTracko affiliate, you will find a link/navigation bar which will take it to your dashboard. Your dashboard will serve as an admin page. Your dashboard will provide you with information on your sales, commissions, revenue etc.

In your dashboard, you will find a referral link/affiliate link/URL which you can use on your platforms. The platforms can be your websites, blogs, social networks, emails which you intend to use for advertisement purposes. You can use only those platforms that are registered in your name. The provided affiliate link will be unique to you only. Whenever any visitors open the URL, the cookie file is saved in the cache for 60 days and companies/ customers’ need to make a purchase within this time. You can also assign Sub-IDs if you are making advertisements with multiple platforms. It will help you and us to identify which of your platforms is generating maximum traffic.


You will be receiving 30% commission on every successful signup made by your referred customers. The commission will only become payable once you reach the commission threshold (details provided in Payment->Threshold section below). The affiliate period of your referred customers, who make purchases through your unique affiliate link, lasts 9 months after their first payment.

timeTracko also offers Two-Tier affiliate commissions where you will be receiving a commission of 10% if anyone decides to be a timeTracko affiliate by signing up through your affiliate link. You will be receiving 10% commission of their valid sales for (9 Months).

You will not be eligible for a commission if;

  • The signups are made by you or your household.
  • You refer customers who are currently or previously using timeTracko.


Form of Payment:

For each successful sign up made by the customer through the affiliate link, we will pay your earnings from the affiliate program as per the agreed payment rates. Since we only support PayPal, you must have a PayPal account for this purpose.

Once we receive the submitted request by you, the payment is made in AUD within a week. Make sure you provide us with the correct details and payment methods so that the transactions can be made without any hindrance.


To be eligible for receiving the payments, you must make 3 successful referrals as our premium client and must have a minimum $100 affiliate balance.

Payment Duration

Your affiliate commission will be paid once your referred customer completes the refund duration of 30 days. The payment is processed in the second week of the month.

For instance, if a sale is earned in Jan, it will be processed within the second week of March.

Payment Error

As mentioned earlier, the detail of the payment should be provided precisely. In contrary to this, we will have to hold your earnings. In addition, the supplied contact details should be accurate, and you have to make sure that your payment request is successfully submitted. Besides, affiliates are liable for all the costs of converting the amount from Australia into your preferred currency.


Affiliates are obliged to pay all sorts of taxes on the payments made by us, wherever levied. We will provide you with all the legal documentation regarding the deduction or withholding.


After you are approved as a timeTracko affiliate and you start making sales; we will check all of your sites to check the method you adopted.

We will ensure:

  • No misleading content or illegal method is used to promote the product
  • The site, where affiliate URL is inserted, is not linked with content that is deemed offensive.
  • If timeTracko brand is used in your keywords or Meta description while promoting timeTracko using Google Ads.
  • If the provided timeTracko logo is edited or tampered.
Last updated: Jan 12, 2021

Security and Compliance

timeTracko Protects Your Data

We work towards improving our security every single day at timeTracko. To do so properly, we follow the best security practices. These include:

  • Encrypted data transfer (HTTPS)
  • Email verification
  • A strong password management policy
  • Internal system logging
  • Network and overall infrastructure security
  • Physical security
  • Two-factor authentication (2fa)

External Audits and Security

At timeTracko, we do our best to provide the best security to our customers. Because of that, we integrate and work with external companies that help us to carry out regular penetration testing, patching, and security audits to identify any possible issues and resolve them within a short period of time.

timeTracko is working with an external penetration testing partner - NetSparker for regular weekly / monthly security scans and penetration testing which guarantees the highest possible level of security.

Backups and Reliability

Our backups are done on a daily basis, which guarantees consistency and a quick reaction from our side in case data restoration is needed.

Incident Management

In case of a data breach, we have a procedure in place that dictates how and when to make a responsible disclosure to the affected parties, with the first communication occurring within 72 hours of our becoming aware of the incident.

Software Development Security

timeTracko uses a Git version control system. Changes to timeTracko’s code base go through a suite of automated tests before being reviewed and sent through a round of manual testing. When code changes pass through the automated testing system, they are first pushed to a staging environment where employees test the changes before they’re pushed to our production servers. Changes that are critical, due to security or for other reasons, are fast-tracked to production while still being tested thoroughly.

Confidentiality & Employee Access

We strictly regulate our employees’ access to the data you and your users store with Access is limited to those few employees who need it for troubleshooting or support.

No employees ever access customer accounts unless required for troubleshooting or support. When working on a support issue, we do our best to respect your privacy as much as possible and only access the files and settings needed to resolve your issue

Screenshot Security

Screenshots are an optional timeTracko feature. If activated, the screenshots feature will take and store screenshots of your employees’ monitors at the time interval that you specify.

If you use the screenshots feature, you can rest assured that the screenshots and all other data are stored securely. All communication to the server is secured by SSL encryption. Files on the server are encrypted to provide an extra level of security for company data. The servers are located in secure enterprise data center facilities with 24/7 monitoring and hosting support.

Billing Information Protection

When you sign up for a paid account on timeTracko, we do not store any of your credit card information.

All credit card transactions are processed using Stripe’s secure encryption, which is the same level of encryption used by leading banks. Card information is transmitted, stored, and processed securely on a PCI-compliant network.

Last updated: Jan 12, 2021

GDPR Compliance

What it is, what we are doing, and what you can do

The GDPR became enforceable on May 25, 2018, and increased oversight for global privacy rights and compliance. We, at timeTracko, have embraced GDPR requirements and this guide is intended to help our customers understand timeTracko’s GDPR posture. It is not intended as a thorough treatise on GDPR application and should be read with this in mind.

What is the GDPR?

The General Data Protection Regulation (the “GDPR”) is a European data protection and privacy law adopted April 14, 2016, which became officially enforceable beginning on May 25, 2018. The two (2) year delay between adoption and enforcement was intended to give organizations time to prepare before enforcement.

The GDPR is an ambitious attempt to strengthen, harmonize, and modernize EU data protection law and enhance individual rights and freedoms, consistent with the European understanding of privacy as a fundamental human right. The GDPR regulates, among other things, how individuals and organizations may obtain, use, store, and erase personal data. It replaced a prior European Union privacy directive known as Directive 95/46/EC (the “Directive”), which had been the basis of European data protection law from 1995 to early 2018. Unlike its predecessor, the GDPR applies immediately throughout the European Union (“EU”) across all member states without the need for further member state legislative action.

Since mid-May 2018, the GDPR has been in force and there is no further “grace period.” It is important that organizations impacted by the GDPR are now compliant with its provisions.

How does the GDPR work?

There are many principles and requirements introduced by the GDPR, so it is important to review the GDPR in its entirety to ensure a full understanding of its requirements and how they may apply to your organization. While the GDPR preserves many principles established by the Directive, it introduces several important and ambitious changes. Here are a few that we believe are particularly relevant to timeTracko and our customers:

1. Expansion of scope

The GDPR applies to all organizations established in the EU or processing data of Data Subjects, thus introducing the concept of extraterritoriality, and broadening the scope of EU data protection law well beyond the borders of just the EU.

2. Expansion of definitions of personal data and special categories of data.

3. Expansion of individual rights

Data Subjects have several important rights under the GDPR, including the right to be forgotten, the right to object, the right to rectification, the right of access, and the right of portability. Your organization must ensure that it can accommodate these rights if it is processing the personal data of Data Subjects.

  • Right to be forgotten:An individual may request that an organization delete all data on that individual without undue delay.

  • Right to object:An individual may prohibit certain data uses.

  • Right to rectification:Individuals may request that incomplete data be completed or that incorrect data be corrected.

  • Right of access:Individuals have the right to know what data about them is being processed and how.

  • Right of portability:Individuals may request that personal data held by one organization be transported to another.

4. Stricter consent requirements

Consent is one of the fundamental legal bases of the GDPR, and organizations must ensure that consent is obtained in accordance with the GDPR’s requirements. Your organization will need to obtain consent from its subscribers and contacts for every usage of their personal data unless it can rely on a separate legal basis. The route to compliance is to obtain explicit consent. Keep in mind that:

  • Consent must be specific to distinct purposes.
  • Silence, pre-populated boxes, or inactivity do not constitute consent; data subjects must explicitly opt-in to the storage, use, and management of their personal data.
  • Separate consent must be obtained for different processing activities, which means your organization must be clear about how the data will be used when consent is obtained.

5. Strict processing requirements:

Individuals have the right to receive “fair and transparent” information about the processing of their Personal Data, including:

  • Contact details for the data controller.
  • Purpose of the data: This should be as specific (“purpose limitation”) and minimized (“data minimization”) as possible. Your organization should carefully consider what data it is collecting and why, and be able to validate that to a regulator.
  • Retention period: This should be as short as possible (“storage limitation”).
  • Legal basis: An organization cannot process personal data just because it wants to. It must have a “legal basis” for doing so, such as where the processing is necessary to the performance of a contract, an individual has consented (see consent requirements above), or the processing is in the organization’s “legitimate interest.”

Whom does it affect?

As mentioned above, the territorial scope of the GDPR is very broad. The two most common GDPR territorial conditions for application are, the GDPR applies (1) to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not; and (2) to the processing (a) the offering of goods or services , irrespective of whether a payment of the data subject is required , to such data subjects in the Union; or (b) the monitoring of their behavior as far as their behavior takes place within the Union. The latter is the GDPR’s introduction of the principle of “extraterritoriality” – meaning, the GDPR applies to any organization processing personal data of data subjects —regardless of where it is established, and regardless of where its processing activities take place. This means the GDPR could apply to any organization anywhere in the world, and all organizations should perform an analysis to determine whether or not they are processing the personal data of EU citizens. The GDPR also applies across all industries and sectors.

Here are a few definitions that will aid in understanding the GDPR’s broad scope.

What is a “data subject”?

The GDPR defines a Data Subject within its definition of “Personal Data” discussed below. A Data Subject is an identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, psychological, genetic, mental, economic, cultural or social identity of that natural person.

A Data Subject is not limited to EU Citizenship. The impact of this is apparent in the territorial application of the GDPR described above. An organization processing personal data in the context of an establishment in the EU means personal data processing of any identifiable natural person regardless of the natural person’s physical location – provided the processing is in the context of the establishment. An organization not established in the EU, but offering goods or services to a Data Subject located within the EU also comes under the GDPR. Note that in this instance, in addition to its application to a natural person, it also requires that the natural person be physically present in the EU.

What is considered “personal data”?

The GDPR defines Personal Data as any information relating to an identified or identifiable natural individual; meaning, information that could be used, on its own or in conjunction with other data, to identify a Data Subject. Consider the extremely broad reach of this definition. Personal Data now includes not only data that is commonly considered to be personal in nature (e.g., social security numbers, names, physical addresses, email addresses), but also data such as IP addresses, behavioral data, location data, biometric data, financial information, and much more. This means that, for timeTracko users, information that an organization collects about its subscribers and contacts will be considered Personal Data under the GDPR. It’s also important to note that even Personal Data that has been “pseudonymized” can be considered Personal Data if the pseudonym can be linked to any particular individual, so due care should be made when evaluating its application. Classification of data as Personal Data under the GDPR will require Organizations to comply with certain duties and obligations relating to what can broadly be termed transparency involving the use of that Personal Data – and this includes its security.

Special Categories of data, such as health information or information that reveals a person’s racial or ethnic origin, will require even greater protection under the GDPR. An organization should not store data of this nature within its timeTracko account.

What does it mean to “process” data?

Processing under the GDPR is “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.” Basically, if your organization is collecting, managing, using or storing any personal data of Data Subjects, it is processing EU personal data within the meaning prescribed by the GDPR. This means, for example, that if any of its timeTracko lists contain the email address, name, or other personal data of any Data Subject, then your organization is processing EU personal data under the GDPR. Application of the GDPR, of course, is contingent on meeting the threshold territorial requirements explained above.

Keep in mind that even if your organization does not believe its business will be affected by the GDPR, the GDPR and its underlying principles may still be important to it. European law tends to set the trend for international privacy regulation, and increased privacy awareness now may give it a competitive advantage later.

Who processes Personal Data under the GDPR?

If an organization ‘processes’ personal data, it does so as either a Controller or a Processor, and there are different requirements and obligations for each. A Controller is the organization that determines the purposes and means of processing personal data. A Controller also determines the specific personal data that is collected from a data subject for processing. A Processor is the organization that processes the data on behalf of the controller. Think of the Processor as a service provider or vendor in the relationship.

The GDPR has not changed the fundamental definitions of Controller and Processor found in the Directive, but it has expanded the responsibilities of each party. Controllers will retain primary responsibility for data protection (including, for example, the obligation to report data breaches to data protection authorities); however, the GDPR does place some direct responsibilities on the Processor, as well. It is important to understand whether your organization is acting as a Controller or a Processor, and to familiarize yourself with your responsibilities accordingly.

In the context of the timeTracko application and our related services, in the majority of circumstances, our customers are acting as the Controller. Our customers, for example, decide what information from their contacts or subscribers is uploaded or transferred into their timeTracko account. How timeTracko processes Personal Data is addressed below.

How does timeTracko comply with the GDPR?

timeTracko takes GDPR compliance very seriously and started GDPR preparation well before its effective date. As part of this process, we reviewed (and updated where necessary) all of our internal processes, procedures, systems, and documentation to ensure that we were ready when the GDPR went into effect. Compliance is not a static accomplishment, mandating monitoring vigilance in the face of changed circumstances and legal requirements.

One recent change involves the Court of Justice of the European Union (“CJEU”) ruling in what is referred to as the Schrems II decision. This decision revolves around the transfer of Personal Data from EU member states to third-party countries, such as the United States. The GDPR, like the Directive, does not contain any specific requirement that the Personal Data of EU citizens be stored only in EU member states. Rather, the GDPR requires that certain conditions be met before Personal Data is transferred outside the EU, identifying a number of different legal grounds that organizations can rely on to perform such data transfers. One legal ground for transferring Personal Data set out in the GDPR is an “adequacy decision.” An adequacy decision is a decision by the European Commission that an adequate level of protection exists for the Personal Data in the country, territory, or organization where it is being transferred. The Schrems II decision invalidated the adequacy decision for transatlantic data transfer to the United States known as Privacy Shield II. Another impact resulting out of this decision involved the use of ‘standard contractual clauses’ (SCCs) between the controller or processor and the controller, processor or the recipient of the personal data in the third country or international organization. SCCs are a commonly relied upon legal ground under the heading ‘appropriate safeguards’ where transfer of personal data may only occur if appropriate safeguards are in place and that enforceable data subject rights and effective legal remedies are available. Where the CJEU upheld the validity of this safeguard, it established certain conditions for its use.

timeTracko is committed to complying with the results of the Schrems II decision, and any other legal mandates in the future and is monitoring developments – in particular with respect to European Data Protection Board guidance publications and Supervisory Authority opinions.

As is our policy, we stand ready to address any requests made by our customers related to their expanded individual rights under the GDPR. Generally speaking, these include:

  • Right to be forgotten:You may terminate your timeTracko account at any time.

  • Right to object:You may opt out of inclusion of your data in any data science projects.

  • Right to rectification:You may access and update your timeTracko account settings at any time to correct or complete your account information. You may also contact timeTracko at any time to access, correct, amend or delete information that we hold about you.

  • Right of access:Our Privacy Policy describes what data we collect and how we use it. If you have specific questions about particular data, you can contact for further information at any time.

  • Right of portability:You may request that we export your account data to a third party at any time.

How does timeTracko process Personal Data?

timeTracko, just like any other business, currently uses third-party Sub-processors to provide various business functions like business analytics, cloud infrastructure, email notifications, payments, and customer support. Prior to engaging with any third-party Sub-processor, timeTracko performs due diligence to evaluate their defensive disposition and executes an agreement requiring each Sub-processor to maintain minimum acceptable security practices. We’ve listed our Suprocessors on a separate page. We will keep this page up-to-date, please check back regularly to get updates on all changes.

Do you need to comply with the GDPR?

As detailed above, the GDPR has broad extra-territorial reach and due consideration should be given to its application in your organization’s business. We cannot stress enough that you should consult with legal and other professional counsel regarding the full scope of your organizations’ compliance obligations under the GDPR.

What happens if you do not comply?

Non-compliance with the GDPR can result in enormous financial penalties. Sanctions for non-compliance can be as high as 20 Million Euros or 4% of global annual turnover, whichever is higher.

Where should I start?

We’ve included the table below to help our customers think about GDPR and their responsibilities AND how timeTracko factors into the equation. This list is neither exclusive nor exhaustive.

Last updated: Jan 12, 2021

HIPAA Compliance


The purpose of this policy is to establish requirements for the proper handling of protected health information (PHI) through the adoption of an information privacy and security management process for timeTracko. Such a process is required as a means of managing the privacy and security of PHI under the HIPAA Privacy Rule, the HIPAA Security Rule §164.308(a)(1), to comply with any other applicable information security regulations, and to protect the overall security of the organization.

The process includes the analysis and management of risks, the implementation of secure systems and applications, the use of security incident procedures to learn from prior issues, information system usage audits and activity reviews, regular security evaluations and regulation compliance assessments, training for all staff using electronic information systems, and documentation of compliance activities.

This policy defines the technical controls and security configurations that users and information technology (IT) administrators are required to implement in order to ensure the integrity and availability of the data environment at timeTracko. It serves as a central policy document with which all employees and contractors must be familiar and defines actions and prohibitions that all users must follow. The policy provides IT managers within timeTracko with policies and guidelines concerning the acceptable use of timeTracko technology equipment, email, internet connections, voicemail, future technology resources, and information processing.


This policy document defines common security requirements for all timeTracko personnel and systems that create, maintain, store, access, process, or transmit information. This policy also applies to information resources owned by others, such as contractors of timeTracko, entities in the private sector, and cases where timeTracko has a legal, contractual, or fiduciary duty to protect said resources while in timeTracko custody. In the event of a conflict, the more restrictive measures apply. This policy covers the timeTracko network system which consists of various hardware, software, communication equipment, and other devices designed to assist timeTracko in the creation, receipt, storage, processing, and transmission of information. This definition includes equipment connected to any timeTracko domain or VLAN, either hardwired or wirelessly, and includes all stand-alone equipment that is deployed by timeTracko at its office locations or at remote locales.

The policy requirements and restrictions defined in this document shall apply to network infrastructures, databases, external media, encryption, hardcopy reports, slides, models, wireless, telecommunication, conversations, servers, and any other methods used to convey knowledge and ideas across all hardware, software, and data transmission mechanisms. This policy must be adhered to by all timeTracko employees or temporary workers at all locations and by contractors working with timeTracko as subcontractors.

Each of the policies defined in this document is applicable to the task being performed – not just to specific departments or job titles.

timeTracko shall establish procedures to create and maintain an information security management process to ensure the confidentiality, integrity, and availability of protected health information (PHI), other personal and private information as required by law or regulations, and essential business information. The policy and procedures include the following sections:

  • Assigned Privacy and Security Responsibility
  • HIPAA Privacy Rule Compliance
  • Risk Assessment, Risk Analysis, and Risk Management
  • Information Security and Compliance Evaluation
  • Implementation of Secure Systems and Applications
  • Information System Usage Audits and Activity Reviews
  • Backup and Disaster Recovery
  • Information Security Incidents
  • Training
  • Sanctions for Policy Violations
  • Documentation

Assigned Privacy and Security Responsibility

§164.530(a) of the HIPAA Privacy Rule and §164.308(a)(2) of the HIPAA Security Rule each require the designation of a single individual with the responsibility for the development and implementation of the policies and procedures required for compliance. timeTracko will assign the security officer responsibility for all matters relating to the safeguarding of the privacy and security of personal or private information to the chief technology officer (CTO). The security officers may delegate activities to the information security team (IST). This individual or team (as appropriate) will be responsible for ensuring that all personal or private information is protected against reasonably anticipated threats or hazards to the security and integrity of the information and against reasonably anticipated improper uses.

The HIPAA security officer will be the initial point of contact in any security compliance inquiry.

The HIPAA security officer will have oversight for:

  • Ensuring that all policies and procedures required under applicable standards and regulations are established and maintained over time.
  • Monitoring the appropriate and consistent implementation of policies and procedures.
  • Ensuring that all members of the workforce, contractors, and business associates are aware of and abide by the policies and procedures.
  • Monitoring and analyzing security alerts and information and ensuring proper follow-up action.
  • The investigation of information security incidents and/or breaches.
  • The administration of user accounts, including additions, deletions, and modifications, and monitoring and controlling all access to data.
  • Ensuring that any security weaknesses discovered in the course of security incidents or security evaluations will be prioritized for correction and corrected.
  • Ensuring that the analyses and documentation required by applicable standards and regulations, and/or timeTracko’s security policies and procedures, are carried out fully and completely.

The HIPAA privacy officer will be responsible for receiving any complaints about HIPAA compliance and will be the initial point of contact in any privacy compliance inquiry.

HIPAA Privacy Rule Compliance

timeTracko and its staff shall treat all PHI as confidential information and only access the minimum necessary to perform their job functions. PHI shall not be used or disclosed in any way other than as indicated in the business associate agreements as agreed to by timeTracko.

In the event that timeTracko does retain and manage data that is considered to be part of a patient’s designated record set in a medical record, timeTracko will develop policies and procedures to satisfy the individual rights defined in the HIPAA Privacy Rule § 164.520-528 as necessary and appropriate.

In the event of any improper disclosures in violation of the HIPAA Privacy Rule, steps will be taken to limit and mitigate any harmful effects of such disclosures per §164.530(f). The policy on training and documentation for compliance with the HIPAA Privacy Rule is integrated with that for compliance with the HIPAA Security Rule and the HIPAA Breach Notification Rule.

Risk Assessment, Risk Analysis, and Risk Management

timeTracko shall regularly, at least annually, evaluate its information security-related policies and procedures to ensure that they meet the requirements of the HIPAA Security Rule and HIPAA Breach Notification Rule (§164.300et seq.and §164.400et seq.). A compliance evaluation shall also be required whenever there is a change in environmental or operational conditions that may affect the security of PHI.

Risks shall be mitigated and managed by timeTracko to the best of its abilities, within reasonable and appropriate constraints of cost, staff ability, and hardware and software capabilities, according to a regularly developed and updated risk management plan based on the risk analysis.

The risk analysis and assessment shall be reviewed and updated whenever there are material changes in systems or operations controlled by timeTracko or significant changes in the security environment in which timeTracko operates, no less frequently than once every year.

Information Security and Compliance Evaluation

timeTracko shall develop procedures to establish regular, periodic evaluations of the information security-related technical measures, policies, and procedures in place at the organization to ensure that they continue to meet the requirements of HIPAA Security Rule §164.308(a)(8). The period of review shall be at least annual and determined according to the organization’s information systems risk analysis and its consideration of best practices. Evaluations shall be documented for regulatory compliance and to provide direction to the organization in the execution of its security management process and plans.

Implementation of Secure Systems and Applications

It is the policy of timeTracko to implement and maintain systems and applications using secure best practices, whether developed in-house or procured from an external vendor. Procedures shall be developed to address:

  • Documentation requirements
  • Default passwords and parameters
  • Password suppression and account lockout
  • Automatic logoff
  • Wireless access
  • Configuration standards
  • Administrative access
  • Patch management
  • Vulnerability management
  • Software development practices
  • Change control
  • Platform security
  • Web-based software and applications
  • Application security
  • Application backup and restoration
  • Security configurations for desktop and laptop computers.

timeTracko shall have procedures to track changes to networks, systems, and workstations including software releases and software vulnerability patching in information systems that contain electronic protected health information (ePHI). Change tracking allows the information technology (IT) department to efficiently troubleshoot issues that arise due to an update, new implementation, reconfiguration, or other changes to the system.

Information System Usage Audits and Activity Reviews

timeTracko implements hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain electronic protected health information (ePHI). Audit controls are technical mechanisms that track and record computer activities. An audit trail determines if a security violation occurred by providing a chronological series of logged computer events that relate to an operating system, an application, or user activities.

timeTracko shall establish a process for conducting, on a periodic basis, at least annually, an operational review of system activity including, but not limited to, user accounts, system access, file access, security incidents, audit logs, and access reports. timeTracko shall conduct an internal review of records of system activity on a regular basis to minimize security violations.

Backup and Disaster Recovery

It is the policy of timeTracko to prepare for contingencies and ensure an appropriate response to emergencies or other occurrences that may damage systems that contain electronic confidential information, such as protected health information (PHI), and maintain usable copies of electronically held confidential information for use in such responses, if appropriate, as required by HIPAA Security Rule §164.308(a)(7) and by other applicable state or federal regulations. Information not required to be maintained shall be disposed of according to the defined procedures.

Contingency plans must take into account the criticality of applications/systems and data and the effects of short-term interruptions (such as brief power or system failures) and long-term disruptions (such as a loss of facilities or an epidemic).

Procedures shall be established that are sufficient to restore lost or damaged data with a useful duplicate, including the definition of which file systems to back up, the frequency of backups and media rotation, off-site storage requirements, the documentation and labeling of storage media, and the regular testing of backed-up data to ensure adequacy.

Backup and restoration procedures for electronic media and information systems containing critical data must be tested according to the frequency and practices as established in the individual system backup plans.

timeTracko management shall maintain a detailed disaster recovery policy (DRP). This plan addresses the hardware and software configurations and detailed recovery procedures. Plans and procedures shall be sufficient to ensure the restoration of lost data and system access, including a full range of information and activities needed to assure that the plan and its implementation will be effective.

Information Security Incidents

timeTracko shall have in place an information security incident response policy, including procedures for the reporting, processing, and response to suspected or known information security incidents in order to investigate, mitigate, and document such incidents so that security violations may be reported and handled promptly, using an orderly process known to all workforce members, according to the HIPAA Breach Notification Rule and the HIPAA Security Rule §164.308(a)(6).


timeTracko shall establish an information privacy and security awareness and training program for the purpose of ensuring that all workforce members, including management, are aware of the organization’s security policies and procedures and general principles of information security, as required by the HIPAA Privacy Rule and the HIPAA Security Rule §164.308(a)(5). Training must be provided to new staff before access to PHI is permitted and must be provided to all staff at least annually. Procedures shall include a definition of when training is to occur, for whom, and what training content, documentation, and acknowledgment will be provided.

Sanctions for Policy Violations

As appropriate, any member of the workforce who does not comply with the security policies and procedures of timeTracko or who otherwise misuses or misappropriation personal or private information will be subject to disciplinary action according to the organization’s disciplinary procedures. Workforce members in violation of security policies and procedures may be subject to:

  • A verbal warning
  • A notice of disciplinary action placed in personnel files
  • The removal of system privileges
  • Termination of employment and/or contract penalties
  • Civil or criminal penalties which may include notifying law enforcement officials, regulatory accreditation, and licensure organizations
  • Other sanctions as identified in the organization’s disciplinary procedures.


timeTracko shall document any policies and procedures implemented under the requirements of the HIPAA Privacy Rule, the HIPAA Security Rule, the HIPAA Breach Notification Rule, and other applicable information security regulations. timeTracko shall also document any actions, activities, and assessments required to be performed under applicable HIPAA regulations under the requirements of the policies enacted in support of such regulations.