1. Information We Collect

We collect information you provide directly to us when you create an account, use our Services, or communicate with us. This information may include your name, email address, and any other information you choose to provide.

When you use our integrated services to sign in, we collect:

• Your account ID and email address from connected services
• Access tokens for authentication with Jira, Xurrent/4me, and Microsoft services
• Basic profile information from your connected accounts
• Project and issue data necessary for timesheet management from Jira
• Service request data from Xurrent/4me for time tracking
• Calendar event data from Microsoft Outlook for meeting time allocation
• Worklog and time entry data across all connected platforms

2. How We Use Information

We use the information we collect to provide, maintain, and improve our Services, to develop new products and services, and to protect our users and ourselves.

We may use the information we collect to:

• Create and maintain your account
• Provide the products and services you request
• Respond to your comments, questions, and requests
• Send you technical notices, updates, security alerts, and support messages
• Improve our Services and develop new features
• Authenticate you with Jira, Xurrent/4me, and Microsoft services
• Sync and manage your timesheet data across multiple platforms
• Process and analyze your time tracking patterns for productivity insights
• Generate automated timesheet reports and export scripts
• Map project data between different platforms for unified reporting
• Monitor and analyze trends, usage, and activities in connection with our Services

3. Your Data Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have several rights regarding your personal data:

• Right to erasure (Right to be Forgotten): You can request deletion of your personal data
• Right to rectification: You can request updates to your personal data
• Right to be informed: We will inform you about how we collect and use your data
• Right to data portability: You can request a copy of your data in a machine-readable format
• Right to object: You can object to certain types of processing of your data

To exercise any of these rights, please contact us at [email protected].

4. Data Storage and Processing

To ensure compliance with GDPR and our integrated services' privacy requirements:

• We minimize storage of personal data and retrieve current data from service APIs when possible
• Personal data is stored securely with restricted access and encryption
• We track the age of stored personal data and update it regularly
• We maintain a single source of truth for personal data
• We automatically erase personal data when you disconnect services or revoke consent
• We comply with data retention policies of all integrated platforms
• Time tracking data is processed locally and securely transmitted to connected services

5. Sharing of Information

We do not share personal information with companies, organizations, or individuals outside of our organization except in the following cases:

• With your consent
• With Atlassian's Jira services as necessary to provide timesheet management features
• With Xurrent/4me services for service desk time tracking functionality
• With Microsoft services for calendar integration and meeting time allocation
• For legal reasons, if we have a good-faith belief that access, use, preservation, or disclosure of the information is reasonably necessary to comply with applicable laws, regulations, legal processes, or enforceable governmental requests
• To protect against harm to the rights, property, or safety of our users or the public as required or permitted by law

6. Data Security

We take reasonable measures to help protect information about you from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. Your OAuth tokens and API keys are encrypted and stored securely. We never store your passwords or other sensitive credentials from any connected service.

All data transmission between ChronoWeave and integrated services uses secure HTTPS connections and industry-standard encryption protocols.

7. Third-Party Services

Our Service integrates with multiple third-party platforms including:

• Atlassian's Jira platform for issue tracking and worklog management
• Xurrent/4me for service desk and time tracking
• Microsoft services for Outlook Calendar integration and authentication

When you connect these services, your information is also subject to their respective privacy policies. We encourage you to review each service's privacy policy to understand how they handle your data.

8. Data Retention

We store the information we collect for as long as it is necessary for the purpose(s) for which we originally collected it or for other legitimate business purposes, including to meet our legal, regulatory, or other compliance obligations. You can request data deletion at any time by disconnecting services or contacting support.

9. Children's Privacy

Our Services are not intended for children under the age of 13, and we do not knowingly collect personal information from children under 13. If we learn we have collected personal information of a child under 13, we will delete such information.

10. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top of this Privacy Policy.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us at [email protected].