1 Introduction
Timetracks (the "Company", "we") considers user privacy and data protection a top priority. This policy explains what information we collect, how we use it, and your rights regarding it.
This policy applies to anyone using Timetracks services — business owners, managers, employees, and site visitors. Using the service constitutes consent to this policy.
This policy is written in accordance with the Israeli Privacy Protection Law, 5741-1981, and in the spirit of GDPR principles, respecting user rights over personal information.
2 Information We Collect
We collect three categories of information:
- Customer Data (account owner): Full name, email, phone, company name, business ID (if filled), billing address.
- Employee Data (managed by the customer): Full name, ID number (optional), phone, email, role, work hours, attendance data.
- Technical Usage Data: IP address, browser type, OS, login times, system actions — for security and service improvement.
Important: Regarding employee data — we act as a Data Processor on behalf of the customer (business owner), who is the Data Controller. Responsibility for obtaining employee consent lies with the employer.
3 Use of Information
We use information only for the following purposes:
- Providing the service and managing customer accounts
- Calculating work hours and generating reports
- Collecting payments and issuing invoices
- Technical support and operational communication
- System security and preventing misuse
- Product improvement and new feature development
We do not use information for advertising, do not sell it, and do not process it for marketing research without explicit consent.
4 Sharing with Third Parties
We share information with third parties only in the following cases:
- Infrastructure providers: Hosting provider (Webuzo/AWS), email service — under confidentiality and data protection agreements.
- Payment providers: Bank Hapoalim (Bit), Discount Bank (PayBox), Bank Leumi (transfers) — for payment purposes only.
- Legal requirements: If required by law, court order, or authority investigation.
- Legal defense: In case of suspected terms violation or illegal activity.
We do not sell, rent, or trade personal data in any form.
5 Cookies & Tracking Technologies
The site uses cookies to maintain sessions, remember language preferences, and basic usage analytics.
- Essential cookies: Required for system operation — login session, security, language preferences.
- Analytics cookies: Aggregate and anonymous statistics to improve experience (no personal identification).
- We do not use advertising cookies or social network tracking pixels.
You can disable cookies via browser settings, but some features may not work properly.
6 Data Security
We implement industry-leading security methods:
- Full SSL/TLS encryption (HTTPS) for all communications
- Password hashing with bcrypt (one-way hash)
- Complete separation between customer databases
- Automatic daily backups with 30 versions retained
- SQL injection protection (prepared statements)
- CSRF tokens on all sensitive forms
- Suspicious login attempt monitoring
Even the most secure system is not 100% immune. In case of data breach, we will notify customers within 72 hours as required by law.
7 Data Retention
We retain data as long as the account is active and up to 60 days after subscription cancellation. After this period:
- Customer data: Deleted within 60 days of subscription end
- Invoices and accounting documents: Retained for 7 years as required by Income Tax Law
- Technical logs: Automatically deleted after 90 days
- Backups: Retained up to 30 days from creation, then deleted
8 Your Rights
Under Israeli Privacy Protection Law, you have full rights over your personal information:
- Right of access: Request to see all information stored about you
- Right to rectification: Request to correct inaccurate or outdated information
- Right to deletion: Request to delete your account and data (Right to be forgotten)
- Right to data portability: Receive a copy of all data in CSV/Excel format
- Right to object: Object to certain data processing
To exercise your rights — send a request to privacy@timetracks.co.il. We will respond within 30 days.
9 Employee Monitoring — Employer Obligations
When using the system for employee attendance monitoring, the employer (customer) has legal obligations:
- Notify employee: Required to inform employees that an attendance monitoring system is in place
- Transparency: Detail what data is collected and for what purpose
- Consent: In some cases — written employee consent
- Proportionality: Collect only necessary information, nothing more
- Security: Store data securely and limit access to authorized personnel
Timetracks is only the technology provider. Legal responsibility for notifying employees, obtaining consent and complying with labor laws — lies with the employer.
10 Children's Data
The service is intended for businesses only, not for minors under 18. If we discover we accidentally collected information about a minor under 18 — we will delete it immediately.
Regarding youth employees (ages 16-17) managed in the system — the employer is responsible for ensuring data collection is done with parental consent in accordance with law.
11 Policy Changes
We may update this privacy policy from time to time. Material changes will be sent via email 30 days before they take effect.
The last update date appears at the top of the policy. We recommend reviewing it from time to time.
12 Governing Law
This privacy policy is subject to the laws of the State of Israel. Exclusive jurisdiction for any dispute lies with competent courts in the Central/Tel-Aviv district.
13 Contact Us
For any question, request, complaint or rights exercise regarding privacy:
- Data Protection Officer (DPO): privacy@timetracks.co.il
- General support: support@timetracks.co.il
- Website: https://timetracks.co.il
- Privacy Protection Authority (for complaints): privacy.gov.il