Privacy Policy

(last updated August 11, 2022)

At Timebook Software, Inc. (“Timebook,” “we,” or “us”), we recognize the importance of protecting your privacy and are committed to communicating transparently regarding our privacy practices.

Please read this privacy policy (“Privacy Policy”) carefully before you start to use the Services, as defined below. By accessing or using the Services in any manner, you accept and agree to be bound by this Privacy Policy. If you do not agree with any terms of this Privacy Policy, you may not access or use the Services for any purpose.

The following sections are covered in this Privacy Policy:

Contact Us

If you have any questions about this Privacy Policy or our information practices, please email us at or write to us at:

Data Protection Officer

Timebook Software, Inc.



This Privacy Policy describes the types of information we may collect from you when you visit or use our “Services,” which is defined as our website at (or any subdomain thereof), mobile or desktop applications, our application programming interfaces, or any content, functionality, or online services offered on or through any of the foregoing.

This Privacy Policy does not apply to any third-party applications or software provided by third parties (“Third Parties”) that integrate with the Services (“Third-Party Services”), or any other third-party products, services or businesses. A list of Third-Parties Services supported by Timebook is available at the following link We advise you to review the privacy policies of the Third Parties but reiterate that we have no control over and assume no responsibility for the content, privacy policies, or practices of any such Third Parties, their sites, or services.

To use the Services, a separate “Service Agreement”, which is defined as our Terms of Service (available here) or a separate written master services agreement, must have been entered into with us by you or an organization with which you are associated (e.g., your employer or another entity or person) (“Related Entity”). This Service Agreement governs delivery, access, and use of the Services, including the processing of any messages, files or other content submitted through Services accounts (collectively, “Entity Data”).

Users granted access to the Services under a Service Agreement are referred to as “Authorized Users.”

For any Related Entity that entered into the Service Agreement, it controls its instance of the Services (its “Workspace”) and any associated Entity Data. In such as case, if you have any questions about specific Workspace settings and privacy practices, please contact the Related Entity whose Workspace you use. If you have received an invitation to join a Workspace but have not yet created an account, you should request assistance from the Related Entity that sent the invitation.

Personal Information We Collect

When an Authorized User accesses the Services, that user or the Related Entity with which that Authorized User is associated, may routinely submit personal information to us (“Personal Information”), which includes the following:

  • Account Information. To create or update your account, you or your Related Entity (e.g., your employer) supplies us with an email address, name, phone number, password, and other similar account information.

  • Payment Information. You or Related Entities that subscribed to a paid version of the Services provide us (or its payment processors) with billing information such as a billing address, credit card, and/or banking information, etc.

  • Usage Information.

    • Interaction Data. When an Authorized User interacts with the Services, metadata is generated that provides additional context about the way Authorized Users work, including the Workspaces, channels, people, features, content and links you view or interact with, the types of files shared and what Third-Party Services are used (if any).

    • Log Data. As is common with online platforms, our servers automatically collect information when you access or use the Services and record it in log files. This log data may include the Internet Protocol (IP) address, the address of the web page visited before using the Services, browser type and settings, the date and time the Services were used, information about browser configuration and plugins, language preferences and cookie data.

    • Device Information. We collect information about the devices Authorized Users use to access the Services, including the device type, software (e.g., operating system, browser, or other applications that are used to access the Services), device settings, application identifiers (IDs), unique device IDs, crash data, etc. The amount and nature of the information we collect may be dependent on the type of device and the settings of the device being used.

    • Location Information. We may use information received from Authorized Users or Related Entities or other third-parties to help us determine or approximate your location, which can help us evaluate and optimize the provision of the Services.

  • User Contributions. You also may provide information, images, and other content to be published or displayed (hereinafter, "posted") on public areas of the Services or transmitted to other users of the Services or third parties (collectively, "User Contributions"). Your User Contributions are posted on and transmitted to others at your own risk. Although you may have the option to set certain permission settings through your account, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other Authorized Users of the Services with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.

  • Cookies. We may use cookies and similar technologies in our Services, as described in the Cookies and Other Tracking Technologies section of this Privacy Policy.

  • Third-Party Services. Our Services provide you with a management center for all your work items. Since many Authorized Users and Related Entities typically rely on several different Third-Party Services to perform their work, we provide the option for Authorized Users and/or Related Entities to integrate the Third-Party Services with our Services. Once connected, the provider of a Third-Party Service, such as a email provider, calendar provider, project management provider, file storage provider, etc., may share certain Personal Information with us. For example, to facilitate the connection, we may receive integration information, such as certain account information of Authorized Users, along with other information that the application makes available to us to enable and support the integration. Authorized Users and Related Entities are solely responsible for and should check the privacy settings and notices in these Third-Party Services to understand what Personal Information may be disclosed to us by the Third Parties. We have no control over and assume no responsibility for the content, privacy policies or practices of any Third Parties or their Third-Party Services. When a Third-Party Service is enabled, we are authorized to connect and access Personal Information made available us. For more information on Third-Party Services,

  • Contact Information. Any contact information that an Authorized User chooses to import (such as an address book from a device or API) is collected when using the Services.

  • Supplemental Data. We may receive data about organizations, industries, lists of companies that are customers, site visitors, marketing campaigns and other matters related to our business from parent corporation(s), affiliates and subsidiaries, our partners, or others that we use to make our own information better or more useful, such as managing our customer base and determining the effectiveness of marketing campaigns. This data may be combined with Personal Information we collect.

  • Other Information. We also receive other information when submitted to Services or in other ways, such as if you contact us for customer support, participate in a survey, focus group, contest, activity or event, apply for a job, enroll in a certification program or other educational program hosted by us or a vendor, interact with our social media accounts or otherwise communicate with us.

How We Use Personal Information

We may use Personal Information we obtain about an Authorized User, or that an Authorized User or Related Entity provides to us:

  • to provide, operate, evaluate, and improve the Services;

  • for billing, account management, and other administrative purposes;

  • to provide and support integrations with Third-Party Services;

  • to analyze trends and statistics regarding use of the Services and transactions conducted using the Services;

  • to develop new products and services;

  • to send and receive electronic messages (e.g., emails, texts, webchat messages, instant messages, etc.) (“Electronic Messages”);

  • to send you the information or materials you requested;

  • to communicate with you about our products, services, offers, and promotions;

  • to provide user support;

  • to maintain records;

  • to comply with applicable legal requirements and industry standards;

  • to adhere to our terms of service, service agreements, and other agreements;

  • to protect against and prevent fraud, unauthorized transactions, claims, and other liabilities, and manage risk exposure, including by identifying potential hackers and other unauthorized users;

  • for any other purpose for which you provide your consent.

Promotional Activities

We may use your information to contact an Authorized User about our goods and services or third-party goods and services that may be of interest. For more information including information for opting out of any such communications, see the Your Choices section of this Privacy Policy.

Non-Personal, Anonymized and De-identified Information

To the extent information not associated with an identified or identifiable natural person, or if Personal Information is anonymized, aggregated or de-identified (“Anonymized Information”) so that it is no longer reasonably associated with an identified or identifiable natural person, we may use it for any business purpose unless otherwise not permitted under the Service Agreement.

How We Share and Disclose Information

We may disclose Personal Information that we collect or you provide (as described in this Privacy Policy):

  • to provide our Services to you;

  • to provide the Services to other Authorized Users or Entities;

  • to share a Workspace or information with other users invited to access and use the Workspace or information;

  • to provide support;

  • to fulfill instructions from Authorized Users or Entities;

  • to enable Third-Party Service integrations;

  • to our subsidiaries and affiliates;

  • to contractors, service providers, and other third parties we use to support our business;

  • to comply with any court order, law, or legal process, including to respond to any government or regulatory request;

  • to enforce or apply our Service Agreement or other legal agreements and rights;

  • if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Timebook, users of the Services, and/or others;

  • for any other purpose which is incidental to the normal use of the Services; and

  • for any other purpose for which we receive user consent.

We also reserve the right to transfer Personal Information and any other information to a buyer or other transferee in the event of a merger, divestiture, restructuring, reorganization, dissolution, sale, or other transfer of some or all of our assets. Should such a sale, merger, or transfer occur, we will use reasonable efforts to direct the transferee to use your information in a manner that is consistent with our Privacy Policy.

We may disclose Anonymized Information about Authorized Users, and information that does not identify any individual user, without restriction.

Data Transfers

The Services are administered by Timebook in the United States. When we obtain information about Authorized Users through their access to or use of the Services or when Authorized Users input or import information to the Services from somewhere other than the United States, we may transfer, process, and store such information in the United States. If you access the Services from outside the United States, you do so on your own initiative, at your sole risk, and you are responsible for compliance with all applicable laws. If you are a non-United States resident and provide us with your Personal Information, or if you use the Services, you consent to the transfer to and processing of such information in the United States, which may have data protection laws less stringent than those in the country in which you reside. Additionally, if any information you provide to us includes the Personal Information of other individuals (e.g., your customers or clients), you confirm that you have all necessary authority and consents to transfer such information to us.

Timebook Vendors

Timebook employs third party companies and individuals to facilitate our Services, process data, perform Services-related services, and assist us in analyzing how the Services is used (“Third Party Vendors”). These Third-Party Providers may have access to your Personal Information for purposes of performing these tasks on our behalf and may have the right to retain and use Personal Information or other information through performance of these tasks on an aggregated and de-identified basis in accordance with the terms of the applicable Third-Party Provider’s privacy policy. We advise you to review the privacy policies of the Third Party Vendors but reiterate that we have no control over and assume no responsibility for the content, privacy policies, or practices of any such Third Parties Vendors, their sites, or services.

Third-Party Vendors include without limitation the following:

  • Cloud Providers. We use cloud services providers to host and secure our Services. These include:

  • Analytics. We may use Third Party Vendors to monitor and analyze the use of our Services.

    • Google Analytics. Google Analytics is an independent web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Services. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. You can learn about Google’s privacy practices at You may opt out of the aggregation and analysis of data collected about you on our Services by Google Analytics by downloading the Google Analytics opt-out browser add-on, available at Please note that if you opt out, analytics companies other than Google Analytics may continue to aggregate and analyze data collected about you on the Services.

  • Payment Processing. We use Third Party Providers to process payment transactions initiated via the Services. Your payment card details are not stored by the Services. If you purchase a subscription to the Services, your payment card details are encrypted and securely stored by our third-party payment processors to enable Timebook to automatically bill your payment card on a recurring basis. We currently use the following third party payment processing services:

  • Other Vendors. We also use Third Party Providers for technical, operational, and other services, including as follows:

Your Choices

We strive to provide you with choices regarding the Personal Information you provide to us. We have created mechanisms to provide you with the following control over your information:

Cookies. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of the Services may then be inaccessible or not function properly.

Electronic Messages from Timebook. Timebook sends alerts, activity updates, billing information, information about products or services, support information, service updates, service notifications, and other items to you via Electronic Messages. Promotional Electronic Messages will contain instructions describing how you can opt out of receiving future promotional communications from us. If you opt out of promotional Electronic Messages, you may continue to receive non-promotional, transactional emails from us.

Accessing and Correcting Personal Information. Your account information and other Personal Information is accessible anytime through and may be reviewed and changed by logging in to your user account. You may also send us an email at to request access to, correct, or delete any Personal Information that you have provided to us. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect. If you delete your User Contributions from the Services, copies of your User Contributions may remain viewable in cached and archived pages or might have been copied or stored by other users.

Privacy Rights. We honor user requests to access, delete, correct, etc., their Personal Information as afforded by various privacy laws and regulations. Please refer to the corresponding sections of this Privacy Policy if you wish to exercise any of those rights.

Do Not Track Signals

Your web browser may let you choose your preference as to whether you want to allow the collection of information about your online activities over time and across different websites or online services. At this time, the Services do not respond to the preferences you may have set in your web browser regarding such collection of your information, and we may continue to collect information in the manner described in this Privacy Policy.

Your California Privacy Rights

Under the CCPA, California consumers have the right to:

  • Request that we disclose to you the Personal Information that we have collected, used, disclosed or sold (“Right to Know”);

  • Request that we delete your Personal Information that we have collected or maintained (“Right to Delete”);

  • Opt out of the sale of your Personal Information; and

  • Not receive discriminatory treatment for exercising your privacy rights.

Right to Know. You may request from us a list of (i) the Personal Information that we have collected about you, and (ii) the categories of third parties to whom we have disclosed your Personal Information. You have the right to up to two (2) access requests each twelve (12) months.

Right to Delete. You may request, at any time, that we delete your information and direct our service providers to delete your information from their records.

Opt-out of sale. Timebook does not sell any Personal Information, even under the broad CCPA definition of a “sale.”

Non-discrimination. We will never discriminate against any California resident who exercises these rights.

Exercising your Privacy Rights

If you would like to exercise your any of the rights outlined in this Privacy Policy or if you have any questions or would like to provide feedback on this Privacy Policy or our privacy practices, please contact us using methods provided in the contact information section above and our privacy team will acknowledge your request within 10 days of receipt and will respond to you within 45 days of receipt.

If exercising any of your rights outlined in this Privacy Policy, please email your request from the email address that matches the email under which your account is registered and include your first and last name in the request. We will use this information to verify your identity and the validity of your request. We reserve the right to ask for additional information if needed to validate the request. We also reserve the right to reject requests that are unduly burdensome or repetitive in nature, or if there are legal obligations to maintain the data due to a dispute, compliance, audit, or other investigation.

Categories of Personal Information Collected

The Personal Information that we may collect, or may have collected from consumers in the preceding twelve months, fall into the following categories established by the CCPA, depending the type of user you are (e.g., buyer, seller, or affiliate) and how you engage with the Services:

  • Identifiers such as your name, email, address, IP address, and IDs

  • Other individual records such as phone number, billing address, credit or debit card information, financial account information, employment information, and physical characteristics. This category includes personal information protected under pre-existing California law (Cal. Civ. Code 1798.80(e)) and overlaps with other categories listed here.

  • Demographics, such as your age range and gender. This category includes data that may qualify as protected classifications under other California or federal laws.

  • Commercial information, including purchases made or considered and purchase histories and tendencies.

  • Internet activity, including your interactions with our Services and what led you to our Services.

  • Sensory visual data, such as pictures posted on Services.

  • Geolocation data provided through your physical address, location enabled services or via your IP address.

  • Professional or employment-related information about the sellers that sell items on the Services or affiliates.

  • Inferences, including information about your interests, preferences, and characteristics.

Your Privacy Rights in Europe, U.K., and other Regions

Basis for Processing

We may process your Personal Information for the purposes described in this Privacy Policy, with your consent; when we have assessed it is necessary for the purposes of the legitimate interests pursued by Timebook or a third party to whom it may be necessary to disclose information; or to comply with a legal obligation. We note that we may send you marketing communications based on our legitimate interests, subject always to your right to opt out of such communications, and we will never share your information with a third party for such third party’s marketing purposes, unless you have specifically consented to us doing so.

Privacy Rights

If you are a resident of the European Union, the U.K., or other foreign or U.S. jurisdictions with privacy regulations that are the same or similar to the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”), you are entitled to certain information and have certain rights, which may include:

  • the right of access to your information.

  • the right to rectify your information if it is incorrect or incomplete.

  • the right to have your information erased (“right to be forgotten”) if certain grounds are met.

  • the right to withdraw your consent to our processing of your information at any time (if our processing is based on consent).

  • the right to object to our processing of your information (if processing is based on legitimate interests).

  • the right to object to our processing of your information for direct marketing purposes.

  • the right to receive your information from us in a structured, commonly used and machine-readable format, and the right to transmit your information to another controller without hindrance from us (data portability).

Data Minimization and Purpose Limitation

We will not process your Personal Information in a way that is incompatible with the purposes for which it has been collected or collect any personal information that is not needed for these purposes.

Exercising Your Privacy Rights

You may contact us at to exercise any of the above rights. We may request specific information from you to confirm your identity, and in some circumstances, we may charge a reasonable fee for access to your information.

Furthermore, if you believe that our processing of your information is inconsistent with your data protection rights under the GDPR and we have not adequately addressed your concerns, you have the right to lodge a complaint with the data protection supervisory authority of your country.

For purposes of the GDPR, we are a “controller” and you are a “data subject.”

Privacy of Children

The Services are not intended for or directed to children. No one under age 13 (or, with respect to residents of Europe or where so required by applicable law, under age 16) (the “Consent Age”) may provide any information to or on the Services. Timebook does not knowingly collect or solicit Personal Information from children under the Consent Age. If you are under the Consent Age, do not use or provide any information through the Services or any of its features, register on, make any purchases through, or use any of the interactive or public comment features of the Services, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received Personal Information from a child under the Consent Age, we will delete that information. If you believe we might have any information from a child under the Consent Age, please contact us at Notwithstanding the foregoing, Timebook may store information about children under the Consent Age in connection with the Services where consented to by the appropriate parent or guardian.


Timebook takes protecting your information seriously and implements reasonable measures to secure Personal Information from accidental loss and from unauthorized access, use, alteration, and disclosure. However, the electronic transmission of information over the Internet is not completely secure. We cannot guarantee that the security measures we have in place to safeguard the information we store and process will never be defeated or fail, or that such measures will always be sufficient or effective. Any transmission of information is at your own risk. When you click a link to a third-party site, you will be leaving our services and we don’t control or endorse what is on third-party sites.

We note that the safety and security of your information also depends on the vigilance of users like you. Where we have given Authorized Users (or where they have chosen) a password for access to the Services, they are responsible for keeping their passwords confidential. Authorized Users should not share their passwords with anyone and we urge all Authorized Users to be careful about what information they share on the Services.

Data Retention

We store some information indefinitely for legal and operational purposes, such as technical support, abuse prevention, and compliance. Other data such as web server logs are only kept as long as space is available for them. We take measures to delete your Personal Information or keep it in a form that does not permit identifying you unless such information is necessary to resolve disputes or enforce our agreements.

The retention period for data retained is determined by various criteria such as the type of user, the product serviced, and the nature of our relationship. The retention period can be lengthened or shortened based on the cancellation or re-enrollment of our services with products. The retention period can also be modified based on internal changes in auditing requirements and/or mandatory retention periods provided by law and statute of limitations.

Updates to Our Privacy Policy

We reserve the right to change this Privacy Policy at any time. If we make a material change to this Privacy Policy, we will make an effort to communicate these changes to you via email or by posting a notification on the Services. The date this Privacy Policy was last revised is at the top of this page. We encourage you to review this Privacy Policy periodically to check for any updates or changes.