Logo

timeliberate

Privacy Policy

Effective Date: October 1, 2025
Last Updated: October 1, 2025

1. Introduction

Welcome to timeliberate ("we," "us," or "our"). We provide a software-as-a-service platform that includes an application installed on devices to capture screenshots and monitor system activity. We are committed to protecting your privacy and personal data with the highest standards of security and transparency.

This Privacy Policy explains how we collect, use, process, and protect your personal information when you use our platform and installed application. We comply with the European Union's General Data Protection Regulation (GDPR) and India's Digital Personal Data Protection Act (DPDP) 2023.

Important Notice: Our software captures visual data from your screen and collects system information from installed devices. Please read this policy carefully to understand what data we collect and how it's used.

2. Contact Information

Data Controller: timeliberate

Email: [email protected]

3. What Personal Data We Collect

3.1 Account and Profile Information

  • Account Information: Name, email address, username, password
  • Organization Details: Company name, role, department (for enterprise users)
  • Contact Information: Phone number, business address (if provided)

3.2 Visual and Screen Data

  • Screenshots: Periodic captures of screen content as configured by administrators
  • Screen Activity: Active applications, window titles, website URLs visited
  • Visual Content: Any information visible on screen during capture, which may include:
    • Document content and text
    • Images and graphics displayed
    • Application interfaces and data
    • Personal information accidentally captured in screenshots

3.3 Device and System Information

  • Device Data: Computer name, hardware specifications, operating system details
  • Installation Data: Application version, installation date, configuration settings
  • System Activity: Running processes, installed applications, system performance metrics
  • Network Information: IP address, network configuration, connectivity status

3.4 Usage and Behavioral Data

  • Activity Logs: Login times, session duration, feature usage
  • Performance Data: Application response times, error logs, crash reports
  • User Interactions: Clicks, keyboard activity patterns (without capturing actual keystrokes)

3.5 Location Data (if applicable)

  • IP-based Location: Approximate location based on IP address
  • Device Location: GPS coordinates (only if explicitly enabled and consented to)

4. How We Collect Your Data

We collect data through:

  • Installed Application: Our software application installed on your device
  • Automated Screenshots: Periodic screen captures as configured by your administrator
  • System Monitoring: Continuous monitoring of device and application activity
  • Web Dashboard: Information you provide through our web-based management portal
  • API Integrations: Data from connected third-party applications (with permission)

5. Why We Use Your Personal Data

5.1 Core Service Functions

  • Monitoring and Analytics: Providing workplace productivity insights and monitoring
  • Screenshot Analysis: Analyzing captured screens for productivity metrics and compliance
  • Reporting: Generating activity reports and productivity dashboards
  • Time Tracking: Monitoring work hours and activity levels

5.2 Security and Compliance

  • Data Loss Prevention: Detecting potential data breaches or unauthorized access
  • Compliance Monitoring: Ensuring adherence to company policies and regulations
  • Fraud Detection: Identifying suspicious or unauthorized activities
  • Security Auditing: Maintaining logs for security investigation purposes

5.3 Service Management

  • Account Management: Creating and maintaining user accounts and profiles
  • Technical Support: Providing customer support and troubleshooting
  • Platform Improvement: Enhancing software functionality and user experience
  • Performance Optimization: Improving application performance and reliability

6. Legal Basis for Processing

6.1 For Employee Monitoring (GDPR)

  • Legitimate Interest: Workplace productivity monitoring, security, and compliance
  • Consent: Where required by local employment laws
  • Contract Performance: Fulfilling employment obligations and workplace policies

6.2 For General Platform Use

  • Consent: For non-essential features and marketing communications
  • Contract Performance: To provide our monitoring services as agreed
  • Legal Obligation: To comply with applicable laws and regulations

6.3 Special Considerations for Visual Data

Given the sensitive nature of screenshot data, we ensure:

  • Clear notification before installation and data collection begins
  • Granular consent for different types of monitoring
  • Regular consent review and renewal processes

7. Employee Rights and Workplace Monitoring

7.1 Workplace Transparency

  • Employees have the right to know what monitoring is in place
  • Clear notification will be provided before monitoring begins
  • Regular updates on monitoring scope and purposes

7.2 Proportionality

  • Monitoring is limited to what is necessary for legitimate business purposes
  • We do not monitor personal activities outside work hours (unless explicitly configured)
  • Screenshot frequency and scope can be adjusted based on role and requirements

7.3 Employee Access Rights

  • Employees can request access to their monitoring data
  • Right to explanation of any automated decision-making based on monitoring data
  • Ability to dispute inaccurate monitoring records

8. Data Minimization and Screenshot Handling

8.1 Screenshot Data Minimization

  • Selective Capture: Only capturing screens during configured work hours
  • Content Filtering: Automatic detection and blurring of sensitive information where possible
  • Retention Limits: Screenshots are retained only for the minimum necessary period
  • Access Controls: Strict controls on who can view screenshot data

8.2 Sensitive Information Protection

  • Personal Data Detection: Automated systems to identify and protect personal information in screenshots
  • Financial Data Protection: Special handling for screenshots containing financial information
  • Healthcare Data: Enhanced protection for any healthcare-related information captured
  • Redaction Capabilities: Ability to redact sensitive information from stored screenshots

9. Data Sharing and Disclosure

9.1 Within Your Organization

  • Screenshot and monitoring data is accessible only to authorized personnel in your organization
  • Data access is controlled by your organization's administrators
  • We provide tools for your organization to manage data access and permissions

9.2 Service Providers

We may share data with trusted service providers for:

  • Cloud Storage: Secure storage of screenshots and monitoring data
  • Analytics Processing: Analysis of productivity and activity data
  • Technical Support: Resolving technical issues and platform maintenance

9.3 Legal Requirements

We may disclose data when required by law, but we will:

  • Notify your organization where legally permitted
  • Limit disclosure to the minimum necessary
  • Challenge overly broad requests where appropriate

10. Data Security for Visual Content

Given the sensitive nature of screenshot data, we implement enhanced security measures:

10.1 Encryption

  • End-to-End Encryption: Screenshots are encrypted during capture, transmission, and storage
  • Advanced Encryption Standards: AES-256 encryption for all visual data
  • Key Management: Secure encryption key management and rotation

10.2 Access Controls

  • Multi-Factor Authentication: Required for accessing visual data
  • Role-Based Access: Granular permissions based on job roles and responsibilities
  • Audit Trails: Complete logging of who accesses visual data and when

10.3 Data Isolation

  • Tenant Isolation: Complete separation of data between different organizations
  • Secure Storage: Screenshots stored in hardened, monitored environments
  • Regular Security Audits: Frequent security assessments and penetration testing

11. Data Retention

11.1 Screenshot Data

  • Default Retention: Screenshots retained for 30-90 days unless configured otherwise
  • Extended Retention: May be retained longer for compliance or legal requirements
  • Automatic Deletion: Automated deletion of screenshots after retention period expires

11.2 System and Activity Data

  • Activity Logs: Retained for 6-12 months for operational purposes
  • Device Information: Retained while device is actively monitored
  • Performance Data: Aggregated data may be retained longer for trend analysis

11.3 Account Data

  • User Accounts: Retained while account is active and for 30 days after deactivation
  • Organization Data: Retained according to enterprise agreement terms

12. International Data Transfers

  • Primary Storage: Data is primarily stored and processed in India
  • Cross-Border Transfers: If data is transferred internationally, we ensure appropriate safeguards
  • Data Localization: Options available for organizations requiring data to remain in specific jurisdictions

13. Your Rights and Controls

13.1 Access and Portability

  • Data Access: Request copies of your monitoring data and screenshots
  • Data Export: Receive your data in a structured, machine-readable format
  • Regular Reports: Access to regular reports of your activity data

13.2 Correction and Deletion

  • Data Correction: Request correction of inaccurate monitoring records
  • Deletion Rights: Request deletion of personal data (subject to legitimate business needs)
  • Account Deletion: Completely remove your account and associated data

13.3 Processing Controls

  • Opt-Out Rights: Limited opt-out options for non-essential monitoring features
  • Consent Withdrawal: Withdraw consent for processing based on consent
  • Objection Rights: Object to processing based on legitimate interests

13.4 Notification Rights

  • Monitoring Alerts: Right to be notified when monitoring begins or changes
  • Data Breach Notification: Immediate notification of any security incidents affecting your data
  • Policy Changes: Advance notice of significant privacy policy changes

14. Consent Management for Monitoring

14.1 Initial Consent

  • Clear, specific consent obtained before installing monitoring software
  • Separate consent for different types of monitoring (screenshots, activity tracking, etc.)
  • Easy-to-understand explanation of what data is collected and why

14.2 Ongoing Consent

  • Regular consent review and renewal processes
  • Easy withdrawal of consent where legally permissible
  • Granular consent controls for different monitoring features

15. Children's Privacy

Our monitoring software is not intended for use on devices used by children under 16. If our software is installed on a device used by a child, special protections apply:

  • Enhanced consent requirements from parents/guardians
  • Limited data collection and retention
  • Additional security measures for any data collected

16. Automated Decision-Making

16.1 Productivity Scoring

  • Transparency: Clear explanation of how scores are calculated
  • Human Review: Right to human review of automated decisions
  • Challenge Process: Ability to dispute automated assessments

16.2 Alert Systems

  • False Positive Management: Processes to handle and correct false alerts
  • Appeal Rights: Right to appeal automated flagging decisions
  • Regular Algorithm Review: Regular review and improvement of automated systems

17. Data Breach Response

  • Immediate Response: Immediate action to secure data and prevent further breach
  • Rapid Notification: Notification to supervisory authorities within 72 hours
  • User Notification: Direct notification to affected users without undue delay
  • Remediation: Comprehensive remediation and prevention measures

18. Third-Party Integrations

If you connect third-party applications:

  • Limited Access: Third parties receive only necessary data for integration functionality
  • Separate Consent: Separate consent required for each integration
  • Data Control: You maintain control over what data is shared with integrations

19. Jurisdiction-Specific Rights

19.1 European Union (GDPR)

  • All rights under GDPR including data portability and right to be forgotten
  • Right to lodge complaints with local Data Protection Authority
  • Enhanced protections for special categories of personal data

19.2 India (DPDP Act)

  • Rights under Digital Personal Data Protection Act 2023
  • Right to correction, erasure, and data portability
  • Right to nominate a data fiduciary for deceased persons

20. Updates to This Policy

  • Regular Reviews: This policy is reviewed and updated regularly
  • Significant Changes: Major changes communicated via email and platform notifications
  • Version Control: Previous versions available upon request
  • Continued Use: Continued use after changes constitutes acceptance

21. Contact Us

General Privacy Inquiries