Privacy & Security
CatchTime takes your privacy seriously. Here's how we keep your data safe.
What We Collect
CatchTime only collects:
- The name of the app you're currently using
- Window titles (to help distinguish work context)
- Usage duration
- Website URLs and page titles in your browser (requires extension)
CatchTime does NOT:
- Capture screenshots
- Record keystrokes
- Read file contents
- Record audio or video
- Access contacts, messages, or call logs
Local First
All data is stored locally on your device first:
- Desktop data is stored in the app's private directory
- Android data is sandboxed — other apps cannot access it
- The app works fully offline without cloud sync
Cloud Sync Security
If you enable cloud sync:
- All data transfers use HTTPS encryption
- Server-side Row Level Security (RLS) ensures you can only access your own data
- Your password is never stored on the server (managed by the authentication service)
Device Security
- View all logged-in devices in Settings
- Remotely log out or wipe any device
- Get notified on other devices when a new device logs in
Account Management
- Export all your data at any time
- Permanently delete your account in Settings — all cloud data will be removed
- Deletion is irreversible, so please be cautious
Third-Party Services
CatchTime uses the following third-party services:
- Supabase: Cloud storage and sync (servers in Sydney, Australia)
- DeepSeek: AI analysis and report generation (proxied through our server, your data is not exposed directly)
- Sentry: Error monitoring (crash logs only, no personal data)