Summary

We collect the minimum data needed to run ClockIt. We don't sell your information. We don't show you ads. We use Anthropic's Claude AI to generate insights, and they don't train on your data. We will never share your data with your employer. You can delete your account anytime. Full details below.

This Privacy Policy describes how ClockIt ("we," "us," or "our") collects, uses, and protects your information when you use ClockIt: Shift Tracker (the "App"). ClockIt is operated by Jonathan Bowen, an individual based in North Carolina, United States, with the support of authorized collaborators Alexander Nuttle and Daniel Martinez Moreno (collectively, "the ClockIt team").

By using ClockIt, you agree to the practices described in this policy.

1. Information We Collect

Information You Provide

• Account information: Email address and password when you create an account
• Profile information: Optional details like your location (city/region), workplaces, and any profile data shared by Apple or Google when you sign in with those services (such as a name, if you choose to share it)
• Shift data: Tips, hours worked, hourly rate, notes, mood/sentiment ratings, and other details you log
• Tax information: Workplace withholdings and tax-related settings you choose to enter

Information Collected Automatically

• Backend request logs: When the App communicates with our backend, our database provider (Supabase) records standard request metadata, including your IP address and timestamps, for security and operational purposes
• Push notification token: If you enable push notifications, we store an Expo push token so we can send you the notifications you have opted into
• Authentication metadata: Sign-in timestamps and the auth method you used (email, Apple, or Google) are recorded for account security

We do not currently use any third-party analytics SDK, advertising tracker, or crash reporting service. If we add one in the future, this policy will be updated and you will be notified in-app before it takes effect.

What We Do NOT Collect or Store

• Continuous or background location data
• Contacts, photos, or camera access
• Advertising identifiers (IDFA/AAID)
• Banking, credit card, or social security information
• Biometric data

A note on location: if you tap "Use my current location" during onboarding or in Settings, we request a one-time GPS reading and reverse-geocode it into a city, region, and country. Only those text labels are saved to your profile. The precise GPS coordinates are never stored or transmitted to our servers.

2. How We Use Your Information

• Provide and improve core features (shift tracking, tax estimates, AI insights)
• Generate AI-powered insights and recaps based on your shift history
• Authenticate your account and maintain your session
• Send you notifications you have opted into
• Communicate with you about the App, updates, or beta feedback
• Detect and prevent abuse, fraud, or technical issues
• Comply with legal obligations

Product Communications: With your consent, we may send occasional product updates, tips, or announcements via in-app push notifications. You can opt out at any time in your device's notification settings or by emailing contact@theotterlab.com.

Employer Access: ClockIt is built for shift workers, by shift workers. We will never provide your data to your employer or any third party without your explicit consent, unless required by valid legal process (subpoena, court order). Your shift data, tips, and notes are yours alone.

We do not sell your data to third parties. We do not use your data for advertising. There are no ads inside the App.

3. AI Processing of Your Data

ClockIt uses artificial intelligence to generate insights, recaps, and shift analysis. To do this:

• Shift data (including notes you write) is sent to Anthropic's Claude API for processing
• Anthropic processes this data on our behalf under their data processing terms
• Anthropic does not use your data to train their models when accessed via their API
• For each insight type, we send the shift data relevant to that insight. This may include your full shift history when trend analysis, recaps, or year-over-year insights are involved
• AI processing occurs in the United States

If you do not want your data processed by AI, do not write notes or use AI-powered features.

4. How We Store and Protect Your Data

• Your data is stored securely using Supabase, our database provider, on encrypted servers
• We use industry-standard security practices (HTTPS, encryption at rest, access controls)
• Access to your data is restricted by row-level security. Only you and authorized ClockIt administrators can access your account data
• Currently, administrative access to the App's infrastructure and codebase is held by Jonathan Bowen (operator and lead developer) and his authorized collaborators Alexander Nuttle and Daniel Martinez Moreno. As the team grows, access will be limited to those with operational necessity.
• Authentication is handled by Supabase using industry-standard password hashing for email accounts, or OAuth for Sign in with Apple and Sign in with Google

Data Retention:

• Active accounts: Data retained as long as your account is active
• Deleted accounts: Personal data is removed from our live database immediately when you delete your account, and is purged from routine database backups within 30 days
• Backups: Retained for disaster recovery in accordance with our database provider's standard backup policy

Data Breach Notification: In the event of a data breach that compromises your personal information, we will notify affected users within 72 hours of discovery, in accordance with applicable laws (GDPR, CCPA, state breach notification laws).

No system is 100% secure. We cannot guarantee absolute security, but we take reasonable steps to protect your information.

5. Your Rights and Choices

Regardless of your location, you can:

• Access your data: View everything in the App
• Edit your data: Update shifts, settings, and profile at any time
• Delete your account: Permanently removes all your data from our systems within 30 days
• Export your data: Export your shift history to CSV or PDF directly from Settings (Pro feature), or contact us at contact@theotterlab.com to request a full data export at no cost
• Opt out of notifications: Via your device settings

California & State Privacy Rights (CCPA/CPRA, VCDPA, CPA, etc.)

If you are a resident of California, Virginia, Colorado, Connecticut, Utah, or other states with consumer privacy laws, you have additional rights:

• Right to know what personal information we collect about you
• Right to delete your personal information
• Right to correct inaccurate information
• Right to opt out of the sale or sharing of personal information (we do not sell or share data)
• Right to limit use of sensitive personal information
• Right to non-discrimination for exercising these rights

California "Shine the Light" Law: California residents may request information about the categories of personal information shared with third parties for direct marketing purposes. We do not share personal information with third parties for direct marketing.

To exercise these rights, contact us at contact@theotterlab.com. We will respond within 45 days.

EU/UK Users (GDPR)

If you are in the European Union or United Kingdom, you have additional rights under GDPR:

• Lawful basis: We process your data based on (a) contractual necessity (to provide the App you signed up for) and (b) legitimate interest (to improve the App and prevent fraud)
• Right to data portability: Receive your data in a machine-readable format
• Right to restrict processing: Limit how we use your data
• Right to object: To processing based on legitimate interests
• Right to lodge a complaint: With your local data protection authority

Note: ClockIt is operated from the United States. If you use the App from the EU/UK, your data will be transferred to and processed in the U.S. We rely on appropriate safeguards including standard contractual clauses.

6. Beta Software Notice

ClockIt is currently in beta. The App may contain bugs, errors, or incomplete features. Data loss is possible. Features may change or be removed. Tax estimates and AI insights are for informational purposes only and should not be relied upon for filing taxes, financial planning, or legal decisions.

7. Age Requirement

ClockIt is intended for users 18 years of age and older. We do not knowingly collect personal information from anyone under 18.

If you are under 18, please do not use the App or provide any personal information. If you are a parent or guardian and believe a minor has provided us with information, contact us immediately at contact@theotterlab.com and we will delete the account and all associated data.

8. Third-Party Services

ClockIt relies on the following third-party services to operate:

• Supabase (data storage, authentication, and edge functions) — supabase.com/privacy
• Anthropic (AI processing via Claude API) — anthropic.com/privacy
• Apple (App Store distribution, TestFlight, and Sign in with Apple) — apple.com/privacy
• Google (Google Play distribution and Sign in with Google) — policies.google.com/privacy
• Expo / EAS (app build, deployment, and push notification delivery) — expo.dev/privacy
• GoDaddy (domain hosting) — godaddy.com/legal/agreements/privacy-policy
• Google Workspace (operator email infrastructure; does not process user account data) — policies.google.com/privacy

Each of these services has its own privacy policy. We encourage you to review them.

9. Tracking & Analytics

ClockIt does NOT use:

• Traditional web cookies (mobile app)
• Third-party analytics SDKs (Mixpanel, Amplitude, Firebase Analytics)
• Advertising trackers
• Cross-site tracking

We use:

• Local device storage to maintain your session and cache app data
• Supabase logs for security and operational purposes (not for user profiling)

For details on Apple's App Privacy categories, see our App Store listing.

10. International Users

ClockIt is operated from the United States. If you use the App from outside the U.S., your data will be transferred to and processed in the U.S. By using the App, you consent to this transfer.

11. Changes to This Policy

We may update this Privacy Policy as the App evolves. When we make material changes, we will notify you through an in-app notification at least 7 days before they take effect. The "Last Updated" date at the top of this policy indicates when it was last revised.

12. Contact

Questions about this policy? Reach out directly.

Email: contact@theotterlab.com
Operator: Jonathan Bowen
Location: North Carolina, United States