← Back to home

Security

Last updated: May 29, 2026

Security is fundamental to TimeTracker. We build our service with the understanding that you trust us with sensitive business data — client names, project details, and billable hours. This page outlines the measures we take to protect that trust.

Infrastructure

TimeTracker is hosted on industry-standard cloud infrastructure with encrypted connections (TLS/HTTPS) for all data in transit. Our database and file storage providers maintain SOC 2 compliance and regular security audits.

Authentication and access control

  • Passwords are hashed using strong, one-way encryption — we never store plain-text passwords
  • Session tokens are securely managed and expire after inactivity
  • Workspace-level permissions ensure team members only access data they are authorised to see
  • Role-based access controls allow workspace owners to manage team permissions

Data protection

Data at rest is encrypted using provider-managed encryption. We maintain regular automated backups to protect against data loss. Access to production systems is restricted to authorised personnel and protected by multi-factor authentication.

Application security

We follow secure development practices, including input validation, protection against common web vulnerabilities (such as XSS and CSRF), and regular dependency updates. We use row-level security policies to ensure data isolation between workspaces at the database level.

Monitoring and incident response

We monitor our systems for unusual activity and maintain an incident response process. In the event of a security breach that affects your data, we will notify affected users promptly in accordance with applicable law.

Your responsibilities

You can help keep your account secure by:

  • Using a strong, unique password for your TimeTracker account
  • Not sharing your login credentials with others
  • Reviewing team member access regularly and removing inactive users
  • Reporting suspicious activity to us immediately

Report a vulnerability

If you discover a security vulnerability in TimeTracker, please report it responsibly to hello@hundcode.com. We appreciate responsible disclosure and will respond promptly.

Contact us

For security-related questions, contact us at hello@hundcode.com.