TimeSubmit
Secure modern workspace
GDPR Compliant

Privacy Policy

How TimeSubmit collects, uses, and protects your personal data.

Last updated: 24 February 2026

1. Introduction

TimeSubmit Ltd ("we", "us", or "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use the TimeSubmit platform ("Service"). We are the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

We collect the following types of data:

2.1 Account Information

When you create an account, we collect your name, email address, organisation name, and role. If you subscribe to a paid plan, we collect billing information (processed securely by our payment provider, Stripe).

2.2 Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, timestamps, and device information (browser type, operating system, IP address).

2.3 Timesheet Data

We store the timesheet entries, project assignments, approval records, and related documents you submit through the Service. This data is owned by you and your organisation.

2.4 Communications

If you contact us via email, our contact form, or support channels, we retain the contents of those communications to respond to your enquiry and improve our Service.

3. Lawful Basis for Processing

We process your personal data on the following legal bases under the UK GDPR:

  • Performance of a contract: processing necessary to provide the Service you have subscribed to.
  • Legitimate interests: improving the Service, preventing fraud, and ensuring security.
  • Consent: where you have given explicit consent, such as for marketing communications.
  • Legal obligation: where we are required by law to process or retain your data.

4. How We Use Your Data

  • To provide, maintain, and improve the Service
  • To process transactions and send billing notifications
  • To respond to your enquiries and support requests
  • To send service-related notifications (e.g. approval alerts)
  • To send marketing communications (only with your consent)
  • To detect, prevent, and address security issues
  • To comply with legal obligations

5. Data Sharing

We do not sell your personal data. We may share data with:

  • Service providers: third-party providers who assist in operating the Service (hosting, payment processing, email delivery), bound by data processing agreements.
  • Your organisation: if you use the Service through an organisation, the organisation administrator may access your timesheet data and account information.
  • Legal requirements: if required by law, regulation, or legal process.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. After account deletion, we retain data for up to 30 days to allow for recovery, after which it is permanently deleted. We may retain certain data longer where required by law (e.g. financial records for up to 7 years).

7. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Role-based access controls
  • Regular security audits and vulnerability assessments
  • Employee security training and access restrictions
  • Incident response procedures

8. Your Rights

Under the UK GDPR, you have the following rights:

  • Right of access: request a copy of the personal data we hold about you.
  • Right to rectification: request correction of inaccurate data.
  • Right to erasure: request deletion of your personal data.
  • Right to restrict processing: request that we limit how we use your data.
  • Right to data portability: receive your data in a structured, machine-readable format.
  • Right to object: object to processing based on legitimate interests or for direct marketing.

To exercise any of these rights, contact us at privacy@timesubmit.com. We will respond within one month, as required by law.

9. Cookies

We use essential cookies required for the Service to function (e.g. session management, authentication). We may also use analytics cookies to understand how the Service is used. You can manage cookie preferences through your browser settings.

10. International Data Transfers

Where data is transferred outside the United Kingdom, we ensure adequate safeguards are in place, such as Standard Contractual Clauses approved by the Information Commissioner's Office (ICO), or transfers to countries with an adequacy decision.

11. Children's Privacy

The Service is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us so we can take appropriate action.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a prominent notice on the Service. The "Last updated" date at the top of this page indicates when the policy was last revised.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

TimeSubmit Ltd

Data Protection Officer

Email: privacy@timesubmit.com

London, United Kingdom

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Terms of Service →|Contact Us →