Privacy Policy
Last updated: May 8, 2026
1. Introduction
WorklogMate ("we", "our", or "us") is a web application that syncs time tracking entries to project management worklogs. This Privacy Policy explains what data we collect, how we use it, and your rights over it.
2. Data We Store
The following data is stored in our database on your behalf:
| Data | Purpose | Retention |
|---|---|---|
| Email, name, sign-in provider | Identity / authentication | Until account deleted |
| Toggl API token (AES-256-GCM encrypted) | Authenticate Toggl API calls | Until Toggl disconnected or account deleted |
| Jira OAuth tokens and selected Jira site | Authenticate Jira API calls | Until Jira disconnected or account deleted |
| Atlassian account ID and reporting timestamps | Comply with Atlassian Personal Data Reporting requirements | Until Jira disconnected, Atlassian requests erasure, or account deleted |
| Connected service names and emails | Track which services are connected | Until disconnected or account deleted |
| Custom mapping rules | Auto-map Toggl entries to Jira issues | Until user deletes |
| Preferred Jira project keys | Filter Jira search results | Until user deletes |
| Sync history and per-worklog technical audit data (issue key, action, duration, timestamps, Toggl entry IDs, Jira worklog ID, and errors) | Show what was synced, skipped, updated, or failed | Until cleared or account deleted |
| Default date range preference | UI convenience | Until changed or account deleted |
Not stored in sync history: Toggl descriptions, Jira issue descriptions, and Jira worklog comments/notes. These pass through server memory only for the sync request and are not persisted in the audit log.
3. Third-Party Services
We integrate with the following third-party services:
| Service | Purpose | Privacy Policy |
|---|---|---|
| Supabase | Authentication and database | supabase.com/privacy |
| OAuth sign-in | policies.google.com/privacy | |
| Toggl Track | Fetching time entries | toggl.com/legal/privacy |
| Atlassian (Jira / Tempo) | OAuth and worklog creation | atlassian.com/legal/privacy-policy |
4. Data Processing
We use Supabase, Toggl Track, and Atlassian as data processors. These services process user data on our behalf under Data Processing Agreements compliant with GDPR Article 28. You may request a copy of our DPA with any processor by contacting us.
5. Your Data Rights (GDPR)
Under GDPR and similar data protection laws, you have the following rights:
- Right to Access: You can request a copy of all personal data we hold about you.
- Right to Rectification: You can request that we correct inaccurate or incomplete data.
- Right to Erasure: You can request deletion of your data (Right to be Forgotten). We will erase all data within 30 days, except where legally required to retain (e.g., tax records). Account deletion from Settings erases data immediately.
- Right to Data Portability: You can request your data in a portable format (e.g., CSV or JSON).
- Right to Object: You can object to certain types of data processing, such as direct marketing.
- Right to Restrict Processing: You can request that we limit how we process your data while you resolve a dispute.
To exercise any of these rights, please contact us at info@worklogmate.com with your request. We will respond within 30 days (or as required by law).
6. Data Retention
We retain personal data only as long as necessary to provide the Service and comply with legal obligations. When you delete your account, we erase all associated data within 30 days, except: (1) automated backups (erased within 30 days), (2) data required by law (tax, fraud prevention). Toggl entries and Jira issue content are never stored.
7. Contact
For any privacy-related questions or to exercise your rights, please open an issue on our GitHub repository or email us at info@worklogmate.com.