DevGrid Ltd (“DevGrid”, “we”, “us”) operates TimeGrid exclusively for its own employees and contractors. In doing so, DevGrid acts as the data controller for all personal data processed through the platform. There is no third-party customer relationship — this is an internal tool and we determine the purposes and means of processing.
| Category | Examples |
|---|---|
| Identity & contact | Full name, work email address |
| Account data | Role (admin / user), account creation date, last login |
| Time-tracking data | Time entries (start/end times, duration, source), projects, clients, time-off records |
| Authentication data | Magic-link tokens, 2FA status, password hashes, session identifiers |
| Technical & usage data | IP address, browser type and version, operating system, timezone, pages visited |
| Feedback | Mood and free-text feedback submitted via the in-app feedback tool |
| Purpose | Lawful basis |
|---|---|
| Operating and securing the platform (authentication, sessions) | Legitimate interests in maintaining a secure internal system |
| Recording and reporting working time for payroll and project billing | Performance of the employment/contractor relationship; legal obligation |
| Providing managers and admins with time reports | Legitimate interests in managing workforce and client obligations |
| Sending system and reminder emails (magic links, reminders) | Legitimate interests in operating the platform |
| Improving the platform (analysing usage and feedback) | Legitimate interests in maintaining and improving internal tooling |
| Complying with legal and regulatory obligations | Legal obligation |
We do not sell your data or share it with third parties for their own purposes.
Your data is stored in the United Kingdom. Mailgun processes email delivery data within the EU under standard contractual clauses. We do not transfer your personal data outside the UK/EEA.
We implement appropriate technical and organisational measures to protect your personal data, including encrypted connections (TLS), bcrypt password hashing, CSRF protection, HTTP security headers, and session management controls. Access to production systems is limited to authorised DevGrid personnel.
TimeGrid uses only essential, functional cookies:
We do not use advertising cookies, third-party analytics, or any tracking cookies.
Under UK GDPR you have the right to:
To exercise any of these rights, contact us at privacy@devgrid.co.uk. We will respond within one calendar month.
If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or in-app notice. The current version and effective date are always shown at the top of this page.
For any questions about this Privacy Policy or how we handle your data:
privacy@devgrid.co.uk
DevGrid Ltd, 33B Central Hill, London, SE19 1BW