TimeGrid

Privacy Policy

TimeGrid — internal time-tracking platform

Effective: 1 June 2026 — Version 1.0

DevGrid Ltd · Registered in England and Wales, company number 09152186
Registered office: Herston Cross House, 230 High Street, Swanage, Dorset, BH19 2PQ, United Kingdom
Correspondence: 33B Central Hill, London, SE19 1BW, United Kingdom
Data protection contact: privacy@devgrid.co.uk


1. Who We Are and Our Role

DevGrid Ltd (“DevGrid”, “we”, “us”) operates TimeGrid exclusively for its own employees and contractors. In doing so, DevGrid acts as the data controller for all personal data processed through the platform. There is no third-party customer relationship — this is an internal tool and we determine the purposes and means of processing.

2. Data We Collect

Category Examples
Identity & contact Full name, work email address
Account data Role (admin / user), account creation date, last login
Time-tracking data Time entries (start/end times, duration, source), projects, clients, time-off records
Authentication data Magic-link tokens, 2FA status, password hashes, session identifiers
Technical & usage data IP address, browser type and version, operating system, timezone, pages visited
Feedback Mood and free-text feedback submitted via the in-app feedback tool

3. How We Collect Your Data

  • Directly from you — when you log in, create time entries, submit feedback, or update your profile.
  • Automatically — technical and session data collected when you use the platform.
  • From DevGrid administrators — your account may be provisioned by an admin before you first log in.

4. Why We Process Your Data and Our Lawful Basis

Purpose Lawful basis
Operating and securing the platform (authentication, sessions) Legitimate interests in maintaining a secure internal system
Recording and reporting working time for payroll and project billing Performance of the employment/contractor relationship; legal obligation
Providing managers and admins with time reports Legitimate interests in managing workforce and client obligations
Sending system and reminder emails (magic links, reminders) Legitimate interests in operating the platform
Improving the platform (analysing usage and feedback) Legitimate interests in maintaining and improving internal tooling
Complying with legal and regulatory obligations Legal obligation

5. Who Has Access to Your Data

  • You — your own time entries and profile.
  • DevGrid administrators — can view all users' time entries, manage accounts, and generate reports.
  • Service providers — we use a small number of trusted third-party processors:
    • DigitalOcean (UK region) — cloud hosting and database
    • Mailgun (EU region) — transactional email delivery
  • Professional advisers — lawyers, auditors, and accountants where necessary.
  • Regulators and law enforcement — where required by law.

We do not sell your data or share it with third parties for their own purposes.

6. International Transfers

Your data is stored in the United Kingdom. Mailgun processes email delivery data within the EU under standard contractual clauses. We do not transfer your personal data outside the UK/EEA.

7. How Long We Keep Your Data

  • Time entries and reports — retained for 7 years to meet financial and tax record-keeping obligations, then securely deleted.
  • Account and authentication data — retained while you are an active user. After account deactivation, retained for 12 months then deleted.
  • Feedback — retained for 12 months.
  • Technical/session data (logs) — retained for up to 90 days.

8. Keeping Your Data Secure

We implement appropriate technical and organisational measures to protect your personal data, including encrypted connections (TLS), bcrypt password hashing, CSRF protection, HTTP security headers, and session management controls. Access to production systems is limited to authorised DevGrid personnel.

9. Cookies

TimeGrid uses only essential, functional cookies:

  • Session cookie (JSESSIONID) — keeps you logged in during your session. Deleted when you sign out or your browser closes.
  • CSRF token — protects form submissions against cross-site request forgery.

We do not use advertising cookies, third-party analytics, or any tracking cookies.

10. Your Rights

Under UK GDPR you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate or incomplete data.
  • Erasure — ask us to delete your data where there is no compelling reason to retain it.
  • Restriction — ask us to restrict processing in certain circumstances.
  • Objection — object to processing based on legitimate interests.
  • Portability — request your data in a structured, machine-readable format.

To exercise any of these rights, contact us at privacy@devgrid.co.uk. We will respond within one calendar month.

11. Complaints

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

  • Phone: 0303 123 1113
  • Website: https://ico.org.uk/concerns/

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or in-app notice. The current version and effective date are always shown at the top of this page.

13. Contact

For any questions about this Privacy Policy or how we handle your data:
privacy@devgrid.co.uk
DevGrid Ltd, 33B Central Hill, London, SE19 1BW

© 2026 TimeGrid. All rights reserved.
Terms Privacy Acceptable Use