Hours at Work

Privacy Policy

Last updated: 2026-05-21 (placeholder)

Replace this template. This is placeholder text — your privacy counsel's policy must live here before you collect a single signup. Update jurisdiction-specific notices (GDPR / CCPA / etc.) as required.

What we collect

Account: name, email, password hash, subdomain. Usage: timesheet entries you submit. Operational: IP for rate limiting; audit-log timestamps. We do not sell any of this data. (Counsel: replace with a complete data-collection inventory.)

How we use it

To run your timesheet workspace. To send approval / submission notifications you have opted into. (Counsel: replace with full lawful-basis section.)

Subprocessors

Stripe (billing), Resend or SendGrid (email — operator-selectable). Hosting and DB live on operator-controlled infrastructure. (Counsel: maintain a current subprocessor list with country of processing.)

Your rights

Export your data anytime from the in-app reports. Request deletion by emailing privacy@hoursatwork.com. (Counsel: GDPR Art. 15-22 / CCPA §1798.105 obligations.)