Privacy at Timely

Skip to FAQs
What managers can see
Slide across
What users can see
Slide across

No assumptions. No surprises. Just private by design.

Your data stays private, by default

Learn more

You control who sees what

Learn more

We don't sell, rent or monetize your data

Learn more

When we can see your data (and why)

Learn more

Your data stays private, by default

When you track time in Timely, that data belongs to you. Not your boss, not your teammates, not us. Unless you’ve chosen to share it, it stays completely private – even from your own admin.

This isn’t just a policy – it’s how the product is built. From the moment you start using Timely, your data is shielded by default. Every timeline, every hour, every note you log is only visible to you, until you choose to make it visible to someone else.

We’ve deliberately structured the platform this way because it leads to better, more honest time data. People track more accurately when they know they’re not being watched. Teams build trust when privacy boundaries are clear.

You can always choose to share data when it makes sense – with a manager, a project lead, or your whole team. But that decision is yours to make. We just make it easy to manage. No assumptions. No surprises. Just private by design.

This setup supports

  • More accurate logging – because people track without fear of judgement
  • Better data quality – because nothing is manipulated or distorted for someone else’s view
  • Stronger team trust – because privacy is respected from the start

By default:

  • Only you can see your personal timeline
  • No one can access your logged hours, comments, or entries without your permission
  • Project and report visibility is limited to the people you’ve shared it with
  • Our team can’t access your data unless you’ve explicitly invited us to help

You control who sees what

Privacy only works if you’re in charge of it. That’s why Timely gives you full control over how your data is shared – not just whether it’s visible, but who sees it, when, and in what context.

Everything you track in Timely starts out private. From there, you decide what’s visible to others. You can share a full timeline, open up specific projects to team members, or restrict access to sensitive work. Timely’s permissions are designed to give you clarity, flexibility and control – whether you’re an individual contributor or managing a team of hundreds.

With built-in visibility settings, you can:

  • Keep your timeline completely private
  • Share selected entries, projects or reports with specific teammates
  • Allow managers to view hours without exposing personal details
  • Control who can edit, export or approve tracked time
  • Restrict access to budgets, billing rates or internal project data
  • See at a glance what’s private and what’s shared
Admins also get tools to manage visibility across the workspace, but they can’t override private data settings unless a user has granted access. It’s a true balance of control – enough flexibility to support real-world collaboration, with strong boundaries to protect individual privacy.

This structure isn’t just about protecting data – it’s about building trust. When people know they’re in control, they track more honestly. When teams know their privacy is respected, adoption improves. And when time data is shared purposefully, it actually helps people work better together.
Control supports accuracy. Accuracy supports insight. And that’s what good time tracking is really for.

We don't sell or rent your data

This one’s simple: we don’t make money from your data. We never have, and we never will.

We’re not in the business of advertising or reselling data. Timely is a paid product – our revenue comes from your subscription, not from trading your information. That’s a deliberate choice, and it means your interests always come first.

We use your data in exactly one way: to provide you with a service that you have chosen.

There are some cases where we process anonymised, aggregated data to understand product performance or guide improvements. For example, we might look at how often a feature is used across all accounts, or where users drop off in setup. But that data is stripped of anything personal. We can’t tie it back to you, your team, or your business.
You pay for a time tracking product. That’s what we give you. No distractions, no secondary motives – just a secure space to track and understand your time.

Hears what that means in practice:

  • We don’t sell data to third parties – ever
  • We don’t allow ad platforms to track you inside Timely
  • We don’t use your data for marketing, unless you’ve explicitly opted in
  • We don’t share your usage data unless you’ve given us permission

When we can see your data (and why)

By default, no one at Timely can access your data. Our staff don’t have standing access to your timeline, your team’s hours, or your project history. And that’s exactly how it should be.

We’ve designed our internal systems to prevent unnecessary access. If a Timely team member needs to view your data – for example, to help resolve a technical issue – they need to follow a strict process. That includes getting your permission, logging the reason for access, and limiting it to a specific timeframe.

In both cases, our access is:

  • Time-limited – we only retain it for as long as it’s needed
  • Purpose-specific – no browsing or general access
  • Auditable – every access is logged and reviewed
  • Revocable – you can remove access instantly
This approach means you get responsive, effective support without sacrificing control. It also protects your business from silent, unrequested intervention - no one at Timely can quietly “look around” inside your account. If something goes wrong, you’ll know exactly what we’re doing to fix it.
You pay for a time tracking product. That’s what we give you. No distractions, no secondary motives – just a secure space to track and understand your time.

There are only two scenarios where we may see customer data:

1) You’ve asked us for support and given explicit permission

  • You’ve contacted us about an issue, and we need to inspect your workspace to help
  • You’ll always be told what we need to access and why
  • You can withdraw access at any time

2) We’re resolving a technical incident that affects your account. There are only two scenarios where we may see customer data:

  • This could be a bug, a data integrity issue, or a potential breach
  • Only specific engineering and security staff are authorised to respond
  • All actions are recorded and reviewed internally
    What we collect – and why
    Where your data is stored
    3rd party usage

    What we collect – and why

    We only collect the data we need to provide a reliable, secure, and useful time tracking service. No extras. No surveillance. Just what’s required to run your account, support your team, and improve the product.

    You’ll always know what data we collect and why it’s needed. And we make sure you stay in control of it – with the ability to access, export or delete it whenever you want.

    We group the data we collect into three types:

    1. Data you give us

    This is the information you or your team provide when setting up your workspace and using the product. It includes:

    • Name, email, role, and team structure
    • Workspace name and preferences
    • Time entries, projects, tags, notes, and task details
    • Billing information and payment details (if applicable)

    Why we collect it:
    To create and manage your workspace, assign users to teams and projects, process payments, and power core features like reporting and invoicing.

    2. Data generated by usage

    This is automatically collected as you use the platform. It includes:

    • Device and browser type
    • IP address (for security and fraud detection)
    • Feature usage patterns (e.g. how often you open Reports)
    • Session length and app performance metrics
    • Error messages or crash data

    Why we collect it:
    To maintain platform stability, monitor performance, and guide product improvements. For example, we may see that a button is rarely used or a page takes too long to load – but we don’t tie that data to your name unless you’ve asked for help.

    3. Data from integrations

    If you connect Timely to another tool (like Google Calendar, Outlook, Zoom or project management software), we collect the data required to make that integration work.

    Why we collect it:
    To automatically generate memory data, provide accurate time suggestions, and reduce the manual effort required to track time. Integration data is never shared outside your account.

    We never collect:

    • Audio, video or screen recordings
    • Keystroke monitoring or hidden activity tracking
    • Any content from third-party tools unless you’ve actively connected them
    • Billing information and payment details (if applicable)

    And we don’t use cookies or scripts to track behaviour across other websites or tools. What happens in Timely stays in Timely.

    We don’t use cookies or scripts to track behaviour across other websites or tools. What happens in Timely stays in Timely.

    Where your data is stored

    All customer data is securely stored in the European Union. We use Amazon Web Services (AWS) to host Timely, which provides world-class physical and digital security standards, along with automatic redundancy, scaling, and recovery.

    We’ve chosen AWS’s EU data centres because:

    • They’re highly secure and fully compliant with GDPR
    • They provide the flexibility and performance our customers expect
    • They allow us to guarantee data residency within European legal frameworks

    Where international transfers do occur, we use:

    • Standard Contractual Clauses (SCCs)
    • Data Processing Agreements
    • Vendor security assessments and ongoing monitoring

    If you connect Timely to another tool (like Google Calendar, Outlook, Zoom or project management software), we collect the data required to make that integration work.

    And we don’t use cookies or scripts to track behaviour across other websites or tools. What happens in Timely stays in Timely.

    Where international transfers do occur, we use:

    • Standard Contractual Clauses (SCCs)
    • Data Processing Agreements
    • Vendor security assessments and ongoing monitoring

    If you connect Timely to another tool (like Google Calendar, Outlook, Zoom or project management software), we collect the data required to make that integration work.

    Your data doesn’t travel. It stays exactly where it’s supposed to.

    If we use third parties, we do it safely

    To run Timely effectively, we work with a small number of trusted third-party vendors – also known as sub-processors. These include services for hosting, customer support, communications, and analytics.

    We choose these vendors carefully, and we don’t give them access to your data unless:

    • They’re critical to delivering the service
    • They meet our security and privacy standards
    • We’ve signed a binding Data Processing Agreement with themThey’ve passed our internal risk assessment process

    Every sub-processor must:

    • Handle data securely and responsibly
    • Limit access to only what’s needed
    • Support GDPR and international data protection obligationsNotify us immediately of any issues or breaches

    We keep an up-to-date list of our sub-processors here (or on request). If we change that list, we’ll notify you ahead of time.   

    We also never use subcontractors that monetise your data, sell insights, or provide user profiling services. Our third-party relationships are strictly functional – to support performance, availability and customer service. Nothing else.

    If you ever have concerns about a vendor we use, we’re happy to talk it through and share the protections we’ve put in place.
    3 ovals, outline white, no fill color, overlapping.

    Privacy FAQs

    Skip to the top

    Privacy philosophy and user control

    01. What is Timely’s approach to privacy?

    Timely is private by design. Everything you track starts off as private to you - not visible to teammates, managers, or even workspace admins. We built the product this way because privacy leads to more honest tracking, better data quality, and stronger team trust. You choose what to share, when to share it, and with whom.

    02. How does Timely communicate privacy to new users?

    Privacy is front and centre from the moment someone starts using Timely. We explain what’s private, what can be shared, and how data visibility works at every stage - from onboarding walkthroughs to in-app tooltips. Users are never surprised about who can see their data.

    03. What control do users have over their personal data in Timely?

    Users control everything. You can choose to keep your entire timeline private or selectively share projects, entries or reports. You can delete memories, revoke permissions, and manage visibility settings at any time. We also provide full access to export or delete your data whenever you want.

    04. Are the “memories” tracked by Timely private?

    Yes. All memories are private by default. Only you can see the memory data on your timeline unless you explicitly choose to share an entry. No one else – not your manager, not Timely’s team – has access unless you give it.

    05. Can users control when the Memory app tracks their activities?

    Yes. You can pause or stop tracking at any time. The Memory app runs locally on your machine and gives you full control over when it’s active. Nothing is ever tracked without your consent, and you can always see exactly what’s been captured.

    06. Can users customize what the Memory app tracks?

    Absolutely. You can adjust what sources the Memory app connects to, such as specific calendars, apps or websites. You can also ignore certain tools or domains, and only collect data that’s actually useful to you.

    07. Can users delete memories they don’t want to keep?

    Yes. Any memory can be deleted with one click. It’s instantly removed from your timeline and isn’t recoverable. You’re in complete control of what stays and what goes.

    08. Does Timely use screenshots or monitoring tactics?

    No. Timely doesn’t take screenshots, record keystrokes, or monitor your activity in the background. We don’t believe in surveillance - our model is built on trust and transparency, not micromanagement.

    I’m missing features that were available during my trial. What can I do?

    During the free trial, you can access all of Timely's features. However, they may not be included in the final plan you choose to subscribe to.  

    If you realize you're missing something crucial after subscribing, reach out to our Success team who can explain our plans and any in-app "upgrade" messages you may have encountered.

    Manager and admin visibility

    01. What information can managers and admins see about users’ activities?

    Managers and admins can only see what users choose to share. Private timelines, notes and individual entries are never visible unless shared. Admins can manage project-level visibility and reporting access, but they can’t override your personal privacy settings. You’ll always know what’s visible and what’s not.

    02. How should companies introduce Timely to address privacy concerns?

    Be open about how Timely works. Make it clear that timelines are private by default, that users stay in control of their data, and that the platform is built for trust - not surveillance. When people understand that no one’s watching over their shoulder, they’re more likely to adopt it and use it honestly.

    03. How does Timely handle sensitive industry data?

    We treat all customer data with the same high standard of care - whether you’re a design studio, legal firm, or global enterprise. Data is encrypted end-to-end, stored in secure EU data centres, and isolated by account. Access is tightly controlled, and support is always request-driven. Sensitive data stays private and protected.

    I’m missing features that were available during my trial. What can I do?

    During the free trial, you can access all of Timely's features. However, they may not be included in the final plan you choose to subscribe to.  

    If you realize you're missing something crucial after subscribing, reach out to our Success team who can explain our plans and any in-app "upgrade" messages you may have encountered.

    Data collection and usage

    01. What specific data does the Memory app collect?

    The Memory app captures timestamped activities from connected tools - like websites visited, files opened, calendar events, and meetings. It never records what you typed, said, or showed on your screen. It only logs metadata like document titles or meeting names to help you remember what you worked on.

    02. What information does the Memory app capture from documents?

    Just the document title and the application used. For example, it might show “ProjectProposal.docx – Microsoft Word”. It doesn’t access the content inside the file or store any text. The goal is to help you jog your memory - not to copy or index what you’re doing.

    03. What data does Timely collect, and why?

    We collect:

    • Info you give us: name, email, time entries, projects, billing details

    • Info from usage: browser type, IP, performance metrics

    • Data from integrations: calendar events, task activity

    We use this data to power the app, improve features, and support your workspace. Nothing is sold, monetised, or tracked outside Timely.

    04. Does Timely sell user data?

    No. We don’t sell or rent your data. Our revenue comes from subscriptions – not ads. We’ve deliberately kept our business model simple so your data always stays yours.

    I’m missing features that were available during my trial. What can I do?

    During the free trial, you can access all of Timely's features. However, they may not be included in the final plan you choose to subscribe to.  

    If you realize you're missing something crucial after subscribing, reach out to our Success team who can explain our plans and any in-app "upgrade" messages you may have encountered.

    Compliance and data storage

    01. Is Timely GDPR compliant?

    Yes. We’re fully GDPR compliant and operate with strict data minimisation, access control, and user rights frameworks. You can access, update, export or delete your data at any time. Our Data Processing Agreement lays out exactly how we handle your information.

    02. What is GDPR and how does it relate to Timely?

    GDPR is a European privacy law that gives people more control over their personal data. It applies to any company handling EU data – including Timely. GDPR is built into how Timely works: from data consent and processing limits to access rights and secure storage.

    03. Where is Timely’s data stored?

    All customer data is stored in Amazon Web Services (AWS) data centres in the European Union. These facilities meet global security standards and are fully GDPR compliant. We don’t move your data outside the EU unless you’ve explicitly agreed to it.

    04. What security certifications does Timely have?

    Timely is ISO 27001:2022 certified. This means our information security management practices have been independently audited against the most recognised global standard. We run regular internal audits and third-party reviews to maintain compliance.

    05. Who at Timely can access customer data?

    By default, no one at Timely can access your data. If you ask us for help, we’ll request permission first and only access what’s needed – for a limited time, with full audit logs. In the case of a technical issue or potential breach, only authorised engineers can investigate, and all actions are logged.

    I’m missing features that were available during my trial. What can I do?

    During the free trial, you can access all of Timely's features. However, they may not be included in the final plan you choose to subscribe to.  

    If you realize you're missing something crucial after subscribing, reach out to our Success team who can explain our plans and any in-app "upgrade" messages you may have encountered.