This Privacy Policy describes how Worklog Tracker collects, uses, and protects your personal information.
1. Introduction
Worklog Tracker ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our internal project management platform that integrates with Atlassian/Jira for worklog tracking and team productivity analytics.
By using our service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.
2. Information We Collect
2.1 Personal Information
Name (first name and last name)
Email address
Password (stored securely using bcrypt hashing)
Email verification status
Organization affiliation
2.2 Professional Information
User role (Manager, Developer, or Admin)
Department (software engineering, venture capital, graphic design, communication)
Employment type (permanent, intern, contractor, consultant)
Organization ID and related organizational data
2.3 Atlassian/Jira Integration Data
When you authenticate using Atlassian OAuth or configure Jira API integration, we collect:
Atlassian account ID
Atlassian email address and display name
Atlassian avatar URL
OAuth access tokens and refresh tokens (encrypted and securely stored)
Jira organization details (organization name, domain, API tokens)
Worklog data synchronized from your Jira account
2.4 Activity and Usage Data
Last login timestamps
Online status and check-in records
Worklog entries and time tracking data
Project assignments and progress
Dashboard usage and interaction data
2.5 Authentication and Security Data
Authentication methods (password or Atlassian OAuth)
We use the collected information for the following purposes:
Service Provision: To provide, maintain, and improve our worklog tracking and project management services
Authentication: To authenticate users, manage accounts, and secure access to the platform
Integration: To synchronize data with Atlassian/Jira and maintain OAuth connections
Analytics: To generate productivity reports, performance metrics, and team analytics
Communication: To send email notifications, worklog reminders, and project updates based on your preferences
User Management: To manage user invitations, role assignments, and organizational structure
Security: To detect and prevent fraud, unauthorized access, and other security issues
Compliance: To comply with legal obligations and enforce our terms of service
4. Data Sharing and Disclosure
4.1 Third-Party Services
We integrate with the following third-party services that may process your data:
Atlassian/Jira: When you authenticate via OAuth or use Jira API integration, your data is shared with Atlassian in accordance with their privacy policy. We only access worklog data necessary for the service functionality.
Email Service Providers: We use email service providers (via SMTP) to send notifications and account-related emails. These providers process email addresses and message content.
Database Hosting: Your data is stored in MongoDB databases hosted by third-party cloud providers. These providers have access to encrypted data for storage purposes.
4.2 Organizational Sharing
Within your organization, managers and administrators may have access to aggregated worklog data, productivity metrics, and team performance analytics. Individual user data is only shared within your organization for legitimate business purposes related to project management and team coordination.
4.3 Legal Requirements
We may disclose your information if required by law, court order, or government regulation, or to protect our rights, property, or safety, or that of our users or others.
5. Data Security
We implement industry-standard security measures to protect your information:
Password Encryption: Passwords are hashed using bcrypt with 12 salt rounds before storage
OAuth Tokens: Atlassian OAuth tokens are encrypted and stored securely. Access tokens are refreshed automatically to maintain security
Secure Communication: All data transmission is encrypted using HTTPS/TLS protocols
Session Management: We use secure, HTTP-only cookies and JWT tokens for session management
Database Security: Database connections are secured, and sensitive data is encrypted at rest
Access Controls: Role-based access control ensures users only access data appropriate to their role
Regular Security Updates: We regularly update our security practices and dependencies to address vulnerabilities
While we implement strong security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data to the best of our ability.
6. Data Retention
We retain your information for the following periods:
Account Data: Retained for as long as your account is active or as needed to provide services
Worklog Data: Retained for historical reporting and analytics purposes
Temporary Tokens: Password reset tokens, email verification tokens, and invitation tokens expire automatically after their designated time period (typically 1 hour to 7 days)
OAuth State: Temporary OAuth state records are automatically deleted via TTL indexes after expiration
Deactivated Accounts: Data may be retained for a reasonable period after account deactivation for legal and operational purposes
7. Your Rights and Choices
You have the following rights regarding your personal information:
Access: You can access and review your personal information through your account dashboard
Correction: You can update your profile information, email address, and notification preferences at any time
Deletion: You can request deletion of your account and associated data by contacting your organization's administrator
Password Management: You can change your password at any time through account settings
OAuth Disconnection: You can disconnect your Atlassian account at any time, which will revoke access tokens
Notification Preferences: You can customize email notification settings in your account preferences
Data Export: You can request a copy of your data in a machine-readable format
8. Cookies and Session Data
We use cookies and similar technologies for the following purposes:
Authentication: Secure HTTP-only cookies store session information for authenticated access
Session Management: JWT tokens stored in secure cookies maintain your login session
Security: Cookies help prevent unauthorized access and protect against CSRF attacks
Preferences: Your notification and display preferences may be stored locally
You can control cookies through your browser settings. However, disabling cookies may affect the functionality of our service.
9. Children's Privacy
Our service is designed for professional use within organizations and is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us immediately.
10. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using our service, you consent to the transfer of your information to these countries. We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: privacy@worklogtracker.com
Organization Administrator: Contact your organization's administrator for account-related requests
Support: For technical support or account issues, please reach out to your organization administrator or use the support channels provided within the application.