Privacy
Last updated June 15, 2026 · Jump to changes
Simply put
No account required.
Open the app and start tracking immediately. No sign-ups.
No name, no email.
TimeRetain never asks for your identifying details.
Local by default.
Your work stays on your device. Clearing your browser storage wipes your data.
End-to-end encrypted sync.
Optional. Decrypted only by a 24-word key you hold. There is no master key.
No cookies. Minimal analytics.
TimeRetain collects privacy-first product analytics: limited page-view statistics and a single daily active-user signal. No third parties.
Self-serve delete.
One click wipes everything from your device and the encrypted server.
Always collected
On every visit, regardless of how you use the app.
Always collected
On every visit, regardless of how you use the app.
Personal data — access & error logs
Your IP address and the requests your browser makes are kept in standard server logs for 30 days, then deleted. Used only for security and debugging. What you searched for, typed, or submitted never enters these logs.
Product analytics — not linked to you
- Page views: The pages you open, plus basic visitor details like region, device, browser, screen size, and browser performance statistics.
- Active user: When you have saved ten stopwatches, TimeRetain tracks that “an active user loaded the app.”
TimeRetain is not able to follow you from one day to the next, build a profile, or connect usage patterns to you personally.
Everything stays on TimeRetain’s servers via self-hosted Plausible. No third-party tracking.
Why collect product analytics?
TimeRetain doesn’t track who you are or what you store. The daily active user signal, alongside limited visitor statistics, is enough to understand roughly how many people use TimeRetain, where it’s popular, and which pages are useful — without profiles, accounts, cross-day tracking, detailed database logs, or compromising your privacy.
When you enable Sync
Only if you decide to sync data between devices.
When you enable Sync
Only if you decide to sync data between devices.
Sync is off by default. With Sync on, TimeRetain stores an encrypted copy of your data on its servers. This allows you to seamlessly use multiple devices. Only your 24-word login key decrypts it. Lose the key, lose the data — there is no master key. Keep it somewhere safe, e.g. a password manager like Bitwarden (free).
When you send feedback
Only if you share ideas or report bugs.
When you send feedback
Only if you share ideas or report bugs.
You can optionally share feedback. If you decide to, your message can include personal details. It’s sent to and stored in Linear under Linear’s Privacy Policy in a European data region and kept until you ask for it to be deleted at hi@timeretain.com.
Data retention at a glance
- 30 daysAccess & error logs
- 365 daysProduct analytics
- Until you deleteEncrypted sync data
- Until you askFeedback
Good to know
No cookies.
Your browser’s local storage is used only to run the app and save your data and preferences on your device.
Hosted in Germany.
TimeRetain runs on Hetzner Cloud servers in Germany.
Deletion is one-click.
Delete my data removes everything from your device, plus any encrypted Sync data on TimeRetain’s servers.
How changes work.
The date at the top always reflects the latest update. You’ll see an in-app notice for any impactful change.
Contact
TimeRetain is built and operated by an independent developer. For privacy or data inquiries, reach out at hi@timeretain.com.
Changes to this Privacy Policy
June 15, 2026
Previously, TimeRetain tracked specific usage events. It now only tracks pages visited and whether someone is an active user.
April 17, 2026
Redesigned the privacy page for even further clarity and conciseness.
March 29, 2026
- Rewrote privacy policy for clarity and conciseness.
- Added a full list of product usage events collected.
- Added this section.