← Home
About Terms Privacy

Privacy Policy

Last updated: 1 March 2026

1. Introduction

Timeshed ("we", "us", "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the Timeshed platform ("the Service").

This policy is written in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using Timeshed, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

Timeshed is the data controller responsible for your personal data. If you have any questions about this policy or how we handle your data, you can contact us at the details provided in Section 14.

3. Age Restriction

Timeshed is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under the age of 18. If we become aware that we have collected data from a person under 18, we will take steps to delete that data promptly.

If you are under 18, you are not authorised to use this Service. Please do not register or submit any personal information.

4. What Data We Collect

We may collect and process the following personal data:

4.1 Information you provide directly

  • Account information: Name, email address, and password when you register
  • Profile information: Phone number, language preference, and company details
  • Employment data: Clock-in/out times, schedules, task assignments, and project participation
  • Communications: Messages sent through the platform's chat feature
  • Fitness data: Exercise logs and fitness goals (only if you choose to use this feature)
  • Study data: Course enrolments, progress, and notes

4.2 Information collected automatically

  • Session data: Session identifiers for authentication purposes
  • Log data: IP address, browser type, and access times for security and diagnostic purposes
  • Cookies: Essential cookies required for the Service to function (see Section 9)

5. Lawful Basis for Processing

Under the UK GDPR, we process your personal data on the following lawful bases:

  • Contract (Article 6(1)(b)): Processing is necessary to provide you with the Service you have registered for
  • Legitimate interests (Article 6(1)(f)): For security monitoring, fraud prevention, and improving the Service
  • Consent (Article 6(1)(a)): Where you have given explicit consent, such as opting into optional features like fitness tracking
  • Legal obligation (Article 6(1)(c)): Where we are required to process data to comply with UK law

6. How We Use Your Data

We use your personal data for the following purposes:

  • To create and manage your account
  • To provide the core features of the Service (time tracking, scheduling, task management, etc.)
  • To authenticate your identity and maintain session security
  • To enable communication between users within the same organisation
  • To generate reports and analytics for your organisation
  • To maintain the security and integrity of the platform
  • To respond to support requests or enquiries

We do not use your data for advertising, profiling for marketing purposes, or automated decision-making that produces legal or similarly significant effects.

7. Data Sharing

We do not sell, rent, or trade your personal data to any third party.

Your data may be shared in the following limited circumstances:

  • Within your organisation: Managers and administrators within your company on Timeshed may access relevant employment data (e.g. schedules, clock times, task assignments)
  • Legal requirements: If we are required to disclose data by law, regulation, or legal process under UK jurisdiction
  • Service protection: To protect the rights, safety, or security of Timeshed, our users, or the public

We do not use third-party analytics services, advertising networks, or data brokers.

8. Data Storage and Security

Your data is stored on independent infrastructure located in Europe. We do not store data in the United States, China, or Russia.

We implement appropriate technical and organisational measures to protect your data, including:

  • Encryption of data in transit (HTTPS/TLS)
  • Password hashing using industry-standard algorithms
  • Access controls and authentication requirements
  • Regular security reviews

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. Cookies

Timeshed uses essential cookies only. These are strictly necessary for the Service to function and include:

  • Session cookie: Maintains your authenticated session while you use the platform
  • CSRF token cookie: Protects against cross-site request forgery attacks

We do not use tracking cookies, analytics cookies, or advertising cookies. Because our cookies are strictly necessary for the Service, consent is not required under the Privacy and Electronic Communications Regulations 2003 (PECR).

10. Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

  • Right of access: You can request a copy of the personal data we hold about you
  • Right to rectification: You can request that we correct inaccurate or incomplete data
  • Right to erasure: You can request that we delete your personal data (subject to any legal obligations we may have to retain it)
  • Right to restrict processing: You can request that we limit how we use your data in certain circumstances
  • Right to data portability: You can request your data in a structured, commonly used, machine-readable format
  • Right to object: You can object to processing based on legitimate interests
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, please contact us using the details in Section 14. We will respond to your request within one calendar month, in accordance with UK GDPR requirements.

11. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you request account deletion, we will delete your personal data within 30 days, except where we are required by law to retain certain records.

Anonymised or aggregated data that cannot identify you may be retained indefinitely for analytical purposes.

12. International Transfers

Your data is stored within Europe and is not transferred to countries outside the UK or European Economic Area. In the unlikely event that a transfer becomes necessary in the future, we will ensure appropriate safeguards are in place in accordance with UK GDPR requirements.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

If we make material changes that affect how we process your personal data, we will notify you through the platform.

14. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or have a complaint about how we handle your data, you can contact us at:

Email: privacy@timeshed.com

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:

© 2026 TimeShed. All rights reserved.

About Terms of Service Privacy Policy