Security
Last updated: May 29, 2026
Security is fundamental to TimeTracker. We build our service with the understanding that you trust us with sensitive business data — client names, project details, and billable hours. This page outlines the measures we take to protect that trust.
Infrastructure
TimeTracker is hosted on industry-standard cloud infrastructure with encrypted connections (TLS/HTTPS) for all data in transit. Our database and file storage providers maintain SOC 2 compliance and regular security audits.
Authentication and access control
- Passwords are hashed using strong, one-way encryption — we never store plain-text passwords
- Session tokens are securely managed and expire after inactivity
- Workspace-level permissions ensure team members only access data they are authorised to see
- Role-based access controls allow workspace owners to manage team permissions
Data protection
Data at rest is encrypted using provider-managed encryption. We maintain regular automated backups to protect against data loss. Access to production systems is restricted to authorised personnel and protected by multi-factor authentication.
Application security
We follow secure development practices, including input validation, protection against common web vulnerabilities (such as XSS and CSRF), and regular dependency updates. We use row-level security policies to ensure data isolation between workspaces at the database level.
Monitoring and incident response
We monitor our systems for unusual activity and maintain an incident response process. In the event of a security breach that affects your data, we will notify affected users promptly in accordance with applicable law.
Your responsibilities
You can help keep your account secure by:
- Using a strong, unique password for your TimeTracker account
- Not sharing your login credentials with others
- Reviewing team member access regularly and removing inactive users
- Reporting suspicious activity to us immediately
Report a vulnerability
If you discover a security vulnerability in TimeTracker, please report it responsibly to hello@hundcode.com. We appreciate responsible disclosure and will respond promptly.
Contact us
For security-related questions, contact us at hello@hundcode.com.