← Back to HexTimerLast updated: 2025-05-27

Privacy Policy

This Privacy Policy describes how HexTimer (“we”, “us”, or “our”) collects, uses, and protects your personal information when you use our time-tracking web application available at https://hextimer.com.

1. What is HexTimer?

HexTimer is a web-based time-tracking and habit-building application. It allows users to create custom categories (such as Work, Study, Workout), track time spent on each activity, set daily objectives, and review their history via a calendar view. HexTimer also offers an optional Pomodoro timer mode. Some features require a free account; a Premium subscription unlocks unlimited categories, history saving, and an ad-free experience.

2. Data Controller

The data controller responsible for your personal data is the operator of HexTimer. You can reach us at contact@hextimer.com.

3. Data We Collect

Account Data

When you register, we collect your name and email address. If you register via Google OAuth, we also receive your profile picture URL from Google. Passwords are stored as salted hashes — we never store your password in plain text.

Usage Data (Timer & History)

We store the categories you create, the time you track, your daily history records, and your timer sessions. This data is the core functionality of the application and is strictly associated with your account.

Subscription & Payment Data

Premium subscriptions and donations are processed by Stripe, a third-party payment processor. We do not store your credit card number or full payment details. We only store your subscription plan type, its expiry date, and a Stripe customer/session ID for verification purposes.

Analytics Data (Google Analytics — only with consent)

Only if you accept cookies, we load Google Analytics (GA4) to collect anonymous usage statistics such as page views, session duration, and feature interactions. Google Analytics uses cookies and may process data in the United States. No analytics scripts are loaded before you give consent. You can withdraw consent at any time by clearing site data or declining cookies in the consent banner.

Feedback

If you submit feedback via the in-app form, we store the message text and associate it with your user ID to prevent spam and follow up if needed. Feedback records are retained even if your account is deleted.

Advertising (Google AdSense — free plan only)

Free-plan users see display ads served by Google AdSense. AdSense may use cookies to show personalized ads based on your browsing activity. Premium users do not see ads. Consult Google's Privacy Policy for details.

4. How We Use Your Data

  • To create and manage your account and authenticate your identity.
  • To provide core time-tracking functionality (categories, timers, history).
  • To process Premium subscriptions and donations via Stripe.
  • To send transactional emails (email verification, password reset).
  • To analyze usage patterns and improve the app (only with your consent, via Google Analytics).
  • To respond to your feedback and support requests.
  • To prevent fraud, abuse, and unauthorized access.

5. Legal Basis for Processing

We process your personal data under the following legal bases (GDPR Art. 6 / LGPD Art. 7):

  • Contract performance — processing account data and timer data to deliver the service you signed up for.
  • Consent — loading Google Analytics cookies only after you explicitly accept in the consent banner.
  • Legitimate interest — security logging, fraud prevention, and service reliability.

6. Data Retention

We retain your personal data for as long as your account is active. When you delete your account, all categories, history, timers, and subscription data are permanently removed. Feedback records and free-trial usage flags are kept to prevent abuse. Analytics data held by Google is subject to Google's retention policy.

7. Your Rights

Depending on your jurisdiction (GDPR — EU/EEA, LGPD — Brazil), you have the following rights regarding your personal data:

  • Right of access — request a copy of the data we hold about you.
  • Right to rectification — correct inaccurate data (change your name or password in Profile settings).
  • Right to erasure — delete your account and all associated data directly from the app (Profile → Delete Account).
  • Right to data portability — request your data in a machine-readable format.
  • Right to withdraw consent — decline or withdraw cookie consent at any time by clearing site storage.
  • Right to object — object to processing based on legitimate interests.

To exercise any right not covered by in-app features, contact us at contact@hextimer.com.

8. Third-Party Services

ServicePurposePolicy
Google AnalyticsUsage analytics (consent-based)View
Google AdSenseAdvertising (free plan users)View
Google OAuthOptional social sign-inView
StripePayment processingView

9. Data Security

We implement industry-standard security measures, including HTTPS-only communication, bcrypt password hashing, JWT-based authentication with token blacklisting, and rate limiting on sensitive endpoints. While we take reasonable precautions, no method of transmission over the internet is 100% secure.

10. International Data Transfers

Our servers may be located outside your country. By using HexTimer, you consent to your data being transferred to and processed in the countries where our servers and third-party providers (such as Stripe and Google) operate. We ensure that appropriate safeguards are in place for such transfers.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected in the “Last updated” date at the top of this page. Continued use of HexTimer after any changes constitutes your acceptance of the revised policy.

12. Contact

For any questions, requests, or complaints regarding this Privacy Policy or our data practices, please contact us at: contact@hextimer.com

← Return to HexTimer