Privacy Policy

Your privacy matters to us. This policy explains how Clocktopus collects, uses, and protects your personal information.

Last updated: January 2025

Who We Are

Clocktopus is operated by Blastin (ABN 79 162 409 041), an Australian business.

For privacy inquiries, contact us at: support@blastin.com.au

Information We Collect

We collect information necessary to provide our time tracking service:

Account Information

  • Name and email address
  • Profile picture (if provided via Google sign-in)
  • Timezone and working hours preferences
  • Secondary email addresses (for commit linking)

Time Tracking Data

  • Time entries with dates and durations
  • Commit metadata (SHA, author email, repository URL, commit message)
  • Project associations

Technical Information

  • IP address and browser user agent (for session security)
  • Cookie preferences
  • Usage analytics (via Google Analytics)

How We Use Your Information

We use your information for the following purposes:

  • Service provision: Operating the time tracking functionality
  • Authentication: Verifying your identity and maintaining secure sessions
  • Commit linking: Matching git commits to your account using your email addresses
  • Communications: Sending verification emails, notifications, and service updates
  • Analytics: Understanding how our service is used to improve it
  • Marketing: Sending promotional emails (only with your explicit consent)

Third-Party Services

We use the following third-party services to operate Clocktopus:

Google OAuth

For authentication. We receive your name, email, and profile picture from Google when you sign in.

Google Analytics

For understanding usage patterns. You can opt out via our cookie consent banner.

Google Ads

For measuring advertising effectiveness. With your consent, we track when visitors sign up after clicking an ad. No personal information is shared with Google for advertising purposes.

Amazon Web Services (AWS)

Our infrastructure provider for hosting and email delivery (AWS SES).

Neon

Our database provider. Your data is stored securely in their infrastructure.

Data Storage & Security

Data Location

Your data is primarily stored in Australia (AWS ap-southeast-2 region). Some third-party services may process data in other locations. By using Clocktopus, you consent to your data being transferred internationally where necessary to provide the service.

Security Measures

  • Encrypted data transmission (HTTPS/TLS)
  • Secure authentication via OAuth 2.0
  • Session-based access control
  • Regular security updates

Data Retention

We retain your data for as long as your account is active. When you delete your account:

  • Immediate deletion: All your personal data, time entries, and preferences are permanently deleted
  • No grace period: Deletion is immediate and cannot be undone
  • Backup purging: Data is removed from our backup systems

Your Rights

Depending on your location, you may have the following rights:

All Users

  • Access: Request a copy of your personal data
  • Correction: Update inaccurate personal information
  • Deletion: Delete your account and all associated data
  • Export: Download your data in a portable format

European Union (GDPR)

If you are in the EU, you have additional rights under GDPR:

  • Right to restrict processing
  • Right to object to processing
  • Right to data portability
  • Right to withdraw consent at any time
  • Right to lodge a complaint with your local data protection authority

Legal basis: We process your data based on contract performance (to provide the service), legitimate interests (analytics, security), and consent (marketing emails, cookies).

California (CCPA)

If you are a California resident:

  • We do not sell your personal information.
  • You have the right to know what data we collect about you
  • You have the right to request deletion of your data
  • You have the right to non-discrimination for exercising your rights

Australian Privacy Act

As an Australian business, we comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988:

  • APP 1: Open and transparent management of personal information
  • APP 5: Notification of collection at or before the time of collection
  • APP 6: Use or disclosure only for the purpose of collection
  • APP 12: Access to personal information upon request
  • APP 13: Correction of personal information

Contact & Updates

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the service.

For privacy-related inquiries or to exercise your rights, contact us at: support@blastin.com.au

Privacy Policy | Clocktopus