Most recent version: November 05, 2019.
By using RescueTime, you are agreeing to the collection and use of your personal information for the purposes of providing you our product services as described below. We will notify all active accounts of any significant changes to this policy.
Your data is never shared
Your privacy is really important to us. At RescueTime, your data, analyzed, is the product we offer back to you. We are not an ad supported company. Our free service is intended to entice you to premium service. If you have any concerns that aren't covered here, please contact us. Below are the details of this policy:
- We will never sell, rent, or otherwise share your personal information, with or without personally identifying information. Furthermore, we will never share anonymized selections of your individual data. That includes any government (foreign or domestic) unless we are compelled by law. If we are required by law to disclose any of the information collected about you, we will attempt to provide you with notice (unless we are prohibited) that a request for your information has been made in order to give you an opportunity to object to the disclosure. We will attempt to provide this notice by email. We will independently object to overly broad requests for access to information about users of our site.
- We may share information about user behavior in the aggregate only. For example, we could share information like, "which day of the week do people spend the most time in front of their computer?" This type of analysis is used to enrich the product, and to represent our domain expertise to our audiences.
- You can delete your data at any time — all of it, or just a slice of it. You can also delete your account at any time. Deleting your account deletes all your data from our database.
- We won't spam you, ever, either directly or indirectly by sharing of email information. We might occasionally send one-time messages about important RescueTime news. We will likely continue to introduce ways that you can optionally have RescueTime contact you with data that you care about, but you will always be able to turn this on or off.
- For individual accounts, no other user can see any of your data or personal information. We may provide features to allow you to share selections of your data, but this will be voluntary and opt-in only, and handled per-situation, and not buried in a terms of service.
- For team accounts, sharing of data is controlled by the administrator of the account and by default does not allow anyone in the team account access to your data. No one outside of your organization will have access to any of your data. Default team implementations do not permit the sharing of individual data in any form that is not aggregated (eg, your team's average communication per week). When consulting with team implementations, we promote transparency and user driven control.
How do we protect your data?
- Your data is always encrypted in transit. All requests with the RescueTime web app and client apps are encrypted with current best practice SSL configurations.
- Your data is always encrypted at rest. All of our storage uses volume encryption.
- We maintain ongoing vulnerability scanning, respond immediately to security advisories, and stay PCI compliant.
What information does RescueTime collect? How is it used?
Account information includes email address (verification optional), city, state, and country. Optional demographic information includes gender, date of birth, industry, job title, company size, and income may be requested, to enrich the accuracy of our reporting for your work patterns.
RescueTime records information about the currently active application or website on your computer. We record for processing the following information: 1) for time analysis: application name, web site URL, window title, start time of use, end time of use and 2) for distinguishing you and your device: device login name (your system user name), device name, device operating system version, and sometimes the manufacturer. For some inputs, the public internet address you are operating from is saved, for your security (and ours), and for troubleshooting. Like all activity information, it is discarded with account deletion.
We do not (and never will) collect keystrokes, form input, screenshots, window or page body content, or anything nefarious. Before storage for your reports, URLs are trimmed to the site name and sometimes top level directory when a site has distinct web apps. Query strings are discarded. Site controls allow you to selectively delete and ignore forever any item you prefer not be stored.
Cookies and Log Files
RescueTime.com sends a "cookie" to your computer that contains an identifier that is unique to your browser session. We use this cookie to validate your authentication, provide you with a continuous experience, and to record how our site/service is being used. It is not used for marketing purposes.
As is done with most web sites, we log each visit to each web page. A log entry can contain information typically found in the "header" of your web browser's request such as the browser type you used, your Internet Protocol address, and the date and time of day. We may also log your session identifier and the URL of a site that referred you. This log information is important for security, audit, quality improvement, as well as for monitoring the health of our service.
We strongly believe in your right to own and control your personal information within our systems.
Users of RescueTime have: the right to access all information our system collects about them; the right to have that data be portable to other systems; and the right to be forgotton completely by our systems if desired, by deleting your account. We support and accomodate the GDPR act in the EU and DPA in the UK.
RescueTime works with some sub-processors to offer our services. Here is our list of sub-processors.