Skip to content

Privacy is the architecture, not a feature.

Time-Pop was built from the ground up as a local-first application. Your data sovereignty is guaranteed by how the software works — not by a privacy policy you have to trust us to follow.

Six privacy principles

01

Local-first storage

Time entries are written to a SQLite database on your device. Cloud sync is opt-in, not the default. If you never enable sync, nothing leaves your machine.

02

No telemetry, ever

We do not collect crash reports, usage analytics, or behavioural data. The app makes no network requests in Personal Mode unless you explicitly connect to cloud sync.

03

GDPR data residency

When cloud sync is enabled, data is stored on Supabase infrastructure in the EU. You retain full ownership. Export or delete your data at any time — no restrictions.

04

Transparent record keeping

Employees can see exactly what is recorded about them. There are no hidden fields, no background captures, no screenshot or keystroke monitoring of any kind.

05

Minimal data surface

We record: project, activity category, and duration. We do not record: URLs, applications used, screenshots, keystrokes, location, or any background process data.

06

Append-only audit log

The v1 data schema uses a CRDT append-only log. Records are immutable once written — no silent edits, no data loss, full history preserved.

Technical architecture

For security reviewers and technical evaluators

Local database (Personal Mode)

All time entries are stored in a local SQLite database managed by the Drift ORM. The database file is written to the application's standard data directory on your device (Windows: %APPDATA%\TimePop). No network connection is required to create, read, or export records. The app makes zero outbound requests in this mode.

SQLite via Drift ORMCRDT append-only logNo network requests

Cloud sync (Pro & Enterprise — opt-in)

When sync is enabled, time entry records are replicated to Supabase Postgres hosted in the EU (Frankfurt). Authentication uses passwordless email OTP — no passwords stored. All data in transit uses TLS 1.3. Row-level security policies ensure users can only access their own data, and org admins can only access records within their organisation.

Supabase (EU-West)TLS 1.3 in transitPasswordless authRow-level securityGDPR Article 25

What we never capture

Time-Pop has no access to and makes no attempt to record: keystrokes, clipboard content, screenshots, window titles, application focus events, file system activity, network traffic, location data, biometrics, or any other form of behavioural monitoring. Architecture documentation and a codebase audit session are available to enterprise evaluators under NDA — contact us for a security review package.

Exactly what we store

Full inventory of every data field Time-Pop touches

Data fieldStored locallySynced to cloudPurpose
Project nameYes — localYes — if sync enabledTime entry attribution
Activity categoryYes — localYes — if sync enabledUtilisation reporting
Time durationYes — localYes — if sync enabledBilling and payroll
Device hostnameIdentifier onlyYes — for multi-device syncSync deduplication
User emailYes — if signed inYes — auth token onlyAccount authentication
Keystrokes / typingNeverNeverN/A
ScreenshotsNeverNeverN/A
Location dataNeverNeverN/A
Application usageNeverNeverN/A
Crash / error reportsNeverNeverN/A

Security review requests

Enterprise customers can request a full security review package including architecture documentation, data processing agreements, and a codebase audit session.