Legal

Privacy policy

Last updated: January 2025

Estimy is built on respect for the people who use it. That applies to your data too. This document explains what we collect, why, and what rights you have over it — in plain language.

This Privacy Policy applies to the Estimy website (estimy.app) and the Estimy time-tracking platform. The data controller is Estimy (contact details in Section 9). By using Estimy, you agree to the practices described here.

We do not sell personal data. We do not use it for advertising. We collect only what is necessary to run the service.

We collect data in three ways:

  • Account registration — name, work email address, company name, and password (stored as a secure hash).
  • Product usage — clock-in / clock-out events, shift schedules, task logs, and timesheet entries created by you or your employees.
  • Contact form — name, work email, company name, team size, and the message you submit when you contact us.

We do not collect continuous location data, screenshots, keystroke logs, or any other passive monitoring data.

  • To provide and maintain the Estimy service for your organisation.
  • To send transactional emails (password resets, billing receipts, usage alerts you configure).
  • To respond to support and sales enquiries submitted via the contact form.
  • To detect and prevent abuse, fraud, and technical errors.
  • To improve the product — using anonymised, aggregated usage patterns only.

We never use your data for advertising, profiling, or to train AI models.

We do not sell, rent, or trade personal data. We share data only with:

  • Infrastructure providers — EU-based hosting and database services required to run Estimy (covered by standard contractual clauses).
  • Transactional email service — only the email address and content required to deliver a specific message.
  • Legal obligation — if required by a court order or applicable law, and only to the extent required.
  • All data is stored on servers located within the European Union.
  • Data in transit is encrypted with TLS 1.2 or higher.
  • Data at rest is encrypted at the storage level.
  • Passwords are stored as salted hashes — we cannot read them.
  • Backups are encrypted and retained for 30 days.

Account data is retained for as long as your subscription is active. After cancellation, data is deleted within 90 days unless you request earlier deletion.

Under the General Data Protection Regulation (GDPR), you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — request deletion of your data ("right to be forgotten").
  • Portability — export your data in a machine-readable format.
  • Object — object to certain types of processing.
  • Restriction — request that we limit how we use your data.

To exercise any of these rights, email us at the address in Section 9. We will respond within 30 days.

This website uses a minimal set of cookies:

  • Session cookies — required to keep you logged in. Deleted when you close the browser.
  • Preference cookies — remember your language and display settings.

We do not use advertising cookies, tracking pixels, or third-party analytics that profile individual visitors.

We may update this policy from time to time. Significant changes will be communicated by email or by a notice in the application at least 14 days before they take effect.

The date at the top of this page always shows when the policy was last revised.

For any questions about this policy or to exercise your data rights, contact us at:

Email: info@estimy.com

We aim to respond to all privacy-related requests within 30 days.

Try Estimy with your team
this week.

No credit card. Cancel anytime. If it doesn't make Monday morning easier, we'd genuinely like to know why.

Hosted in the EU. GDPR-aligned. Your team's data is yours.