Trust & security
How OtiumWork handles your data. Updated 2026-04-22.
What we do
✓ Opt-in
✓ Employee-reviewable
✓ TLS 1.3 in transit
✓ EU-hosted option
✗ No screenshots
✗ No keystroke capture
OtiumWork captures only the active application name and the window title bar text (e.g. "Proposal Q4 — Excel"). We do not capture keystrokes, mouse clicks, clipboard, file contents, or screenshots. Employees can see and correct every event we recorded about them on their My Events page.
Data at rest
- Each customer's data lives in a dedicated SQLite database file on a single VPS. Files are readable only by the application's service account (Unix permissions 0600).
- Passwords are hashed with scrypt via
werkzeug.security. We never store plaintext passwords. - SMTP credentials and other secrets live in the company table. The database file is backed up nightly encrypted.
- Password-reset tokens are stored only as SHA-256 hashes — we cannot reverse them.
Data in transit
- The web app is served over HTTPS (Let's Encrypt, auto-renewing).
- HSTS is enabled when the app runs in production mode.
- The desktop client posts events over HTTPS with a company-specific bearer token.
- CSRF protection on every state-changing form (Flask-WTF).
Access & isolation
- Every API query is scoped by
company_id. There is no code path that returns events, projects, or employees from another tenant. - Employees see only their own events. Managers see their direct reports plus the team table. Admins see the whole company.
- Hourly rates and dollar figures are never shown on employee-facing pages.
- Admin actions (settings changes, role updates, overrides) are logged to an append-only
audit_logtable.
Your rights
- Every user can download everything OtiumWork has about them at any time via /api/me/export (JSON).
- Admins can deactivate an employee's account, which stops event ingestion immediately.
- Permanent deletion on request — email valentine@valentinemoroz.com.
AI usage
When AI features are enabled (classification, chat, optimization recommendations, weekly digest), event metadata and aggregates are sent to Anthropic's API. Anthropic does not train on API data. We never send employee names alongside personal or sensitive content — only window titles, app names, and aggregate statistics.
Questions? valentine@valentinemoroz.com or submit feedback.