Noko Time Tracking

Privacy Policy

At Noko, we collect and manage data according to the following Privacy Policy (last update March 31, 2019).

TL;DR

  • Your data is yours & you can change or delete it at any time.
  • We never share any information about your projects, entries or customers, with anyone unless you explicitly allow us to.
  • To provide better service, we share some statistical data and some personal information with third parties.
  • You can opt out of sharing your email address with the tools we use to track errors and performance issues; however if you do we can't proactively contact you if you run into an error. To opt-opt, go to the Privacy tab in Settings & Profile.
  • You're welcome to use content blocking software (e.g. to remove analytics tags); however be aware that this may interfere with our ability to track errors and performance issues that affect your account.
  • We encrypt backups, don't store credit card numbers on our servers and generally make sure your data is safe.
  • When legally required, or when we suspect fraud, we may share data with law enforcement.
  • If you have questions, or want to export or delete your data, please write to support@nokotime.com.

Privacy Policy

By using NokoTime.com (the “Website”) and/or a Noko account (the “Service”), you agree to the terms of this Privacy Policy and the Terms of Service. The Service is designed and operated by Slash7 LLC (“Slash7”). Please read the Terms of Service in their entirety, and refer to those for definitions and contacts.

GDPR compliance and Privacy Shield

For a detailed list of data sub-processors under the GDPR please see below under "Sharing of Data".

Your Data Protection Rights Under The General Data Protection Regulation (GDPR)

If you are a resident of the EEA, you have the following data protection rights:

  • You can object to the processing of your personal information, ask us to restrict the processing of your personal information, or request portability of your personal information. You can exercise these rights by emailing support@nokotime.com.
  • You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing emails we send you. To opt-out of other forms of marketing, please contact us by emailing support@nokotime.com.
  • Similarly, if we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
  • You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.
Right to Access, Correct, Update, or Request Deletion of Data

If you want to request an export or deletion of your personal data, and have an account with us, please contact us at support@ nokotime.com. Please note that we cannot delete personal data in open accounts when you’re not the account owner, as this would prevent us from providing the service the account owner is paying for (We suggest that you contact the account owner of the Noko account in question to ask them to anonymize or remove your data).

In order to accommodate customers who need older data restored, we keep backups indefinitely and cannot delete personal data form them as these are stored off-site, read-only and heavily encrypted and compressed. If we do have access or restore data to our production systems or for purposes of debugging, any deletions of personal data will be applied retroactively or the personal data will be anonymized.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

International data transfers

GDPR includes provisions on international data transfer mechanisms. In order to comply with these provisions we have certified under the EU-U.S. and Swiss-U.S. Privacy Shield frameworks (please see below for details).

Data Retention and Deletion Schedules

Application Data and Backups

Backups are securely encrypted and stored as defined in our Privacy Policy.

In order to accommodate customers who need older data restored, we keep backups indefinitely and cannot delete personal data form them as these are stored off-site, read-only and heavily encrypted and compressed. If we do have access or restore data to our production systems or for purposes of debugging, any deletions of personal data will be applied retroactively or the personal data will be anonymized.

Purchase Records and Invoices for our Services and Products

We keep copies of all purchasing records for tax and auditing purposes.

Personal Metadata

We keep personal metadata, given that the user allows us to process their data, which can be controlled by going to the Privacy tab in Settings & Profile.

When a user opts-out of a type of data processing we prevent additional data from being sent to the relevant data controllers. Every quarter, we contact our data processors with a list of users who have opted out of allowing us to process their personal data in the specific manner that we use their tools.

We will also respond to Data Subject Rights Requests within the appropriate amount of time

Metadata collected by 3rd-party services

Some 3rd party services collect data independently from us, and have incorporated it as part of their service.

We do not store any copies of this data, and Data Subject Requests for this data must be submitted to the 3rd party service, since we do not control the data.

Slash 7’s Internal Business Data

We keep all internal business data as long as it’s relevant, and internal business data may include the data listed above.

Data Processing Agreement

We do have a Standard Data Processing Addendum (DPA), which meets with GDPR requirements for agreements between Data Controllers (you) and Data Processors (us). We offer this DPA to our customers that operate in the EU. The DPA offers contractual terms that meet GDPR requirements and reflect our data privacy and security commitments to our clients. To ensure no inconsistent or additional terms are imposed on us beyond that reflected in our standard DPA and model clauses, we cannot agree to sign customers’ DPAs. We're a small team so we can't offer individual changes to the DPA since we do not have a legal team on staff. Any changes to the standard DPA would require legal counsel that would be cost prohibitive, increase our prices and would put an undue burden on our other customers. The DPA is a part of our Terms of Service. By agreeing to our terms of service, you are automatically accepting our DPA and do not need to sign a separate document.

EU-U.S. and Swiss-U.S. Privacy Shield Frameworks

Slash7 LLC complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Slash7 LLC has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

Slash7 is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Slash7 complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Slash7 is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Slash7 may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the Privacy Shield Principles, Slash7 LLC commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Slash7 LLC at:

Thomas Fuchs, Owner, thomas@slash7.com.

Slash7 LLC has further committed to refer unresolved Privacy Shield complaints to an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, you may visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint (free of charge). To facilitate fast and convenient resolution of complaints, you agree to participate in on-line dispute resolution through JAMS Online Mediation (Endispute).

Under certain conditions, Privacy Shield provides the right to invoke binding arbitration when other dispute resolution procedures have not provided resolution. This is described in Annex I to the Privacy Shield.

Data Collected

We collect anonymous data from every visitor of the Website to monitor traffic and fix bugs. For example, we collect information like web requests, the data sent in response to such requests, the Internet Protocol address, the browser type, the browser language, and a timestamp for the request.

For the Service, we ask you to register an account, log in and provide certain information (such as names and email addresses of your team members, your company name and address and your credit card information) in order to be able to store your time tracking data and invoices, as well as periodically automatically bill you & charge your card (credit card numbers are never stored on Slash7 servers, but are securely transmitted and stored with our payment provider).

We use cookies to store session information for your convenience. Cookies must be enabled to use the Website and the Service.

In order to take advantage of certain features of the Service, you may also choose to provide us with other personal information, such as your picture, but your decision to utilize these features and provide such data will always be voluntary.

Use of the Data

We only use your personal information to provide you with the Service to communicate with you about the Service or the Website. This includes both automated and manual processing of data.

With respect to any data you may choose to enter or upload to the Service, we take the privacy and confidentiality of this data seriously. Your data (in the Service) is specifically not shared between accounts or with the public. We employ industry standard techniques to protect against unauthorized access of data that we store, including personal information. All off-site backups of your data are securely encrypted.

Please note that if you choose to share data (like sharing invoices with your clients), we are not responsible for any violation of privacy law you may be liable for.

We do not share personal information you have provided to us without your consent, unless:

  • doing so is appropriate to carry out a user’s request;
  • we believe it's necessary in order to provide the highest quality of service;
  • we believe it's needed to enforce our Terms of Service, or that is legally required;
  • we believe it's needed to detect, prevent or address fraud, security or technical issues;
  • otherwise protect our property, legal rights, or that of others.

Noko is operated from the United States. If you are visiting the Website from outside the U.S., you agree to any processing of any personal information you provide us according to this policy.

Noko may contact you by email. For example, Noko may send you promotional emails relating to Noko or communicate with you about Noko use of the Noko Website and Service. If you do not want to receive email from Noko, please opt out of receiving emails at the bottom of any Noko email. Please note that for some emails (for example billing issues), there's no option to opt-out.

Sharing of Data

We don't share your personal information with third parties except as listed below. Other then the information outlined below, only aggregated, statistical data is periodically transmitted to external services to help us improve the Noko Website and Service.

For client-side analytics and tracking beacons, you're welcome to use content blocking software; just be aware that this may influence our ability to identify errors and performance problems in your account. We can't guarantee that Noko will work as intended when browser extensions alter the HTML, CSS or JavaScript code we transmit (however, we don't take any active steps to prevent you from using extensions, including content blockers).

We currently use Customer.io (mailing lists), Helpscout (support desk), Stripe (billing service and credit card vault), Google Apps (mail server for support questions), Google Analytics, Facebook Ad Analytics, ScoutApp (performance monitoring), Postmark (transactional emails), Honeybadger (error tracking), Datadog (performance monitoring), PayPal (if you let customers pay invoices via PayPal), Quickbooks (if you set up the QuickBooks Online integration); as well as 3rd-party apps that you specifically allow access to your Noko account via our API.

We listed below what data these third parties extract exactly. Feel free to check out their own Privacy Policies to find out more.

Communication when getting started with Noko, about new features, special offers relating to the service and recommendations on how to use the app:

  • Customer.io: your name, email and aggregated account statistics (privacy policy)

Providing email support:

  • Google Apps: email correspondence with you when you contact support (privacy policy)
  • Helpscout: your name, email and aggregated account statistics (privacy policy)

Tracking errors and measuring performance:

  • Datadog: aggregated account statistics (privacy policy)
  • Google Analytics: no personally identifiable data is shared (privacy policy)
  • Facebook Ad Analytics: no personally identifiable data is shared (privacy policy)
  • ScoutApp: your email (so we can contact you when there are performance issues) and aggregated account statistics (privacy policy)
  • Honeybadger: your email (so we can contact you when there are performance issues) and aggregated account statistics (privacy policy)
  • Papertrail: log files, does not include passwords or credit card information (privacy policy)

Transactional emails (Reports, Billing-related emails, etc.):

  • Postmark: your name and email and account data inside emails (privacy policy)

Provisioning of application features:

  • DocRaptor: generating downloadable PDF reports (privacy policy)
  • PayPal: names and emails, invoice total and description if enabled for specific invoices (privacy policy)
  • Quickbooks: names and emails and entry data for anything you specifically export to your Quickbooks Online account (privacy policy)
  • Stripe: your email and credit card information, as we do not store your credit card data ourselves (privacy policy)

Service hosting and data backups

  • Amazon AWS: storing encrypted archives of backup data, avatars and import files. This data is not readable by Amazon AWS. (privacy policy)
  • DigitalOcean: hosting of Noko servers and databases including all customer data, but does not include credit card information. Some data, like passwords, is always encrypted by industry standard measures. (privacy policy)
  • KeyCDN: hosting of Application avatars (privacy policy)

Additionally, Slash7 uses third party vendors that provide the necessary hardware, software, networking, storage and other technology required to run the Website and the Service. While Slash7 owns the rights to the Noko Website and Service, you retain all rights to the data you enter into Noko.

In other to provide the Service, we also share data with services that help us track errors and bugs, keep backups of log files and identify performance issues.

We employ and contract with people and other entities that perform certain tasks on our behalf and who are under our control (our “Agents”). We may need to share personal information with our Agents in order to provide products or services to you. Unless we tell you differently, our Agents do not have any right to use Personal Information or other information we share with them beyond what is necessary to assist us. You hereby consent to our sharing of Personal Information with our Agents.

If Slash7 is acquired or merged with an other company, or Slash7 sells the Noko Website and Service to an other company, or if Slash7 goes out of business or enters bankruptcy, user information may be transferred to a third party. You acknowledge that such transfers may occur, and that any acquirer of Slash7 or its assets may continue to use your personal information as set forth in this policy.

Changes to the Privacy Policy

We may amend this Privacy Policy from time to time. Use of information we collect now is subject to the Privacy Policy in effect at the time such information is used. If we make any significant changes in the way we collect or use information, we will notify you by posting an announcement on the Website or sending you an email. A user is bound by any changes to the Privacy Policy when he or she uses the Services after such changes have been first posted.

Questions

Should you have any question or concern, please write to support@ nokotime.com, or write to:

Slash7 LLC
PO Box 411
Pipersville, PA 18947
United States

If you need to contact a data privacy officer, please use the contact information above.

Change Log

  • Version 3.1, June 24, 2020. Update 3rd-party services.
  • Version 3.0, March 31, 2018. Name change ("Noko", "NokoTime.com").
  • Version 2.0, May 22, 2018. Update 3rd-party services; GDPR.
  • Version 1.8, November 3, 2017. Add EU-U.S. and Swiss-U.S. Privacy Shield Frameworks section. Update postal address. Update used 3rd-party services.
  • Version 1.7, December 3, 2016. Update business postal address.
  • Version 1.6, February 2, 2016. Remove Safe Harbor as the underlying agreements between the US and EU are no longer in place.
  • Version 1.5, September 6, 2015. Remove Firehose Chat, add Delighted and TraceView. Explicitly mention that it's totally fine to use content blocking software.
  • Version 1.4, January 6, 2015. Remove Mixpanel as we no longer use it.
  • Version 1.3, September 16, 2014. Update to include Firehose Chat and Close.io.
  • Version 1.2, April 29, 2014. Updated to include Google Analytics.
  • Version 1.1, October 27, 2013. Updated section on data sharing as we're now using Mixpanel.
  • Version 1.0, January 23, 2013. Initial release.