Privacy Policy

Last Updated: December 16, 2025

TimeTally ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our Jira time tracking application ("Service").

1. Information We Collect

1.1 Data We Access

When you use TimeTally, we access and store:

Data Type	Purpose	Retention
Jira Account ID	User identification	Until app uninstall
Display Name	UI personalization	Until app uninstall
Time Entries	Core functionality	Until deleted or uninstall
Issue Keys	Worklog association	Until deleted or uninstall
Timer State	Pause/resume tracking	Session-based

1.2 Data We Do NOT Collect

• Email addresses (we use Jira Account IDs only)
• Payment information (handled by Atlassian Marketplace)
• Issue content or attachments
• Personal files or documents
• Browser history or cookies outside the app

2. How We Use Your Information

We use your data exclusively to:

• Display your time tracking records
• Generate personal and team reports
• Synchronize with Jira worklogs
• Provide administrator visibility (for authorized users)

3. Data Storage and Security

3.1 Infrastructure

All data is stored on Atlassian Forge infrastructure (AWS), which provides:

• SOC 2 Type II compliance
• ISO 27001 certification
• GDPR compliance mechanisms

3.2 Encryption

• At Rest: AES-256 encryption via Forge Storage
• In Transit: TLS 1.2+ enforced by Atlassian

3.3 Access Controls

• Tenant isolation enforced by Forge platform
• User data accessible only to that user and site administrators
• No cross-tenant data access possible

4. Data Sharing

We do not sell, rent, or share your personal data with third parties.

Your data is only accessible to:

• You: Your own time entries and reports
• Jira Site Administrators: Team overview for management purposes

5. Your Rights

5.1 GDPR Rights (EU Users)

You have the right to:

• Access: Request a copy of your data
• Rectification: Correct inaccurate data
• Erasure: Delete your data ("right to be forgotten")
• Restriction: Limit how we process your data
• Portability: Export your data in CSV format
• Object: Object to specific processing activities

5.2 CCPA Rights (California Users)

California residents have the right to:

• Know what personal information we collect
• Delete personal information
• Non-discrimination for exercising rights

5.3 How to Exercise Your Rights

Contact us at: privacy@quiicks1lver.dev

We will respond within:

• GDPR requests: 30 days
• CCPA requests: 45 days (may extend to 90 days with notice)

6. Data Retention

• Active Use: Data retained while app is installed
• App Uninstall: All data deleted within 24 hours
• Manual Deletion: Individual entries deletable at any time
• Export: CSV export available before deletion

7. Children's Privacy

TimeTally is not intended for users under 16 years of age. We do not knowingly collect data from children.

8. Data Breach Notification

In the event of a data breach affecting your personal data, we will:

• Notify affected users within 72 hours of becoming aware of the breach
• Report to relevant supervisory authorities as required by law
• Provide details about the nature of the breach and remediation steps

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Updating the "Last Updated" date
• Posting a notice in the app (for significant changes)

10. Contact Us

For privacy-related inquiries:

• Email: privacy@quiicks1lver.dev
• General Support: support@quiicks1lver.dev