Privacy policy

Effective 2026-04-22. OtiumWork is operated by Valentine Moroz.

What we collect

• From admins/managers on signup: company name, your name, email, password.
• From employees via the desktop client: active application name, window title bar text, event timestamp, minutes duration, and idle state. Nothing else — no screenshots, no keystrokes, no file contents, no clipboard, no camera/microphone.
• From forms: any project, task, employee, or rule data you enter.
• From your browser: a session cookie (signed, HttpOnly, SameSite=Lax) and a CSRF token cookie.

How we use it

Only to provide OtiumWork's features to you and your company. We do not sell, rent, or trade your data. We do not use your data to train AI models.

Who can see it

• You, and other users at your company according to their role (employee / manager / admin).
• OtiumWork's operator may access data for support or debugging only when you explicitly request it.
• Sub-processors:
  • Anthropic (AI classification, chat, recommendations, digest). Event metadata and aggregates are sent to Anthropic's API when AI features are enabled. Anthropic does not train on API data. See their terms.
  • IONOS (VPS hosting) — stores the database and application files in the EU.
  • Stripe (billing) — stores billing details; never sees your time data.
  • Your configured SMTP provider (if any) — receives the emails we send on your behalf.

How long we keep it

Indefinitely, until your company admin requests deletion or your account is deactivated. You can download everything at any time via /api/me/export.

Your rights (GDPR / CCPA)

Access, portability, correction, deletion. The export endpoint handles access + portability automatically. For deletion, email valentine@valentinemoroz.com.

Changes

If this policy materially changes, we'll notify active admins by email 14 days before the change takes effect.

Contact

Valentine Moroz · valentine@valentinemoroz.com