Privacy Policy
Last updated: January 31, 2026
Our Privacy Commitment
Your privacy is our top priority. Here's our commitment to you:
- We will never sell your data. Not now, not ever. Your personal information and time tracking data are yours alone.
- We collect only what we need. We only gather information necessary to provide you with our time tracking service.
- You control your data. You can export, modify, or delete your data at any time.
- Transparency first. We clearly explain what data we collect and why, with no hidden practices.
Introduction
Nowaster ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our time tracking application and services (the "Service").
Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the Service.
Information We Collect
1. Account Information
When you create an account via OAuth providers, we collect:
- Email address
- Display name/username
- Avatar/profile picture URL (from your OAuth provider)
- OAuth provider identifier (Google, GitHub, or Discord)
- User role (user or admin)
2. Time Tracking Data
To provide our core time tracking functionality, we collect:
- Time tracking sessions (start time, end time, duration)
- Categories and tags you create to organize your time
- Optional descriptions and notes on your time entries
- Session templates you create for recurring activities
3. Authentication & Security Data
To secure your account and sessions, we collect:
- Refresh tokens (stored as encrypted hashes with expiration dates)
- Device information (user agent string, IP address) associated with login sessions
- API tokens (if you create them for integrations)
- Token usage timestamps for security monitoring
4. Social & Sharing Features (Optional)
If you choose to use social features, we collect:
- Friend connections and requests (including optional introduction messages)
- Activity feed events when you share completed sessions
- Reactions/interactions with feed events
- Notifications related to friend requests and social interactions
5. Preferences & Settings
- Privacy visibility settings (who can see your activity: friends, groups, or public)
- UI preferences (stored locally in browser cookies, such as sidebar state)
6. Analytics & Performance Data
We use Vercel Analytics and Speed Insights to improve our service. This may collect:
- Page views and navigation patterns
- Performance metrics (page load times, errors)
- General usage statistics (aggregated and anonymized when possible)
How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the time tracking service
- Authenticate your identity and manage your account security
- Store and display your time tracking data, categories, and tags
- Enable social features like friend connections and activity sharing (if you opt in)
- Send notifications about friend requests, reactions, and system updates
- Improve and optimize our service performance
- Respond to your support requests and communications
- Detect, prevent, and address technical issues and security threats
- Comply with legal obligations and enforce our Terms of Service
Data Storage & Security
Your data is stored securely in a PostgreSQL database. We implement industry-standard security measures including:
- Encrypted storage of sensitive authentication tokens
- Secure HTTPS connections for all data transmission
- Regular security updates and monitoring
- Access controls limiting who can view your data
However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.
Data Sharing & Disclosure
We Never Sell Your Data
We have never sold user data to third parties, and we never will. Your time tracking information, personal details, and usage patterns are not for sale. Period. This is a core principle of Nowaster that will not change.
We may share your information only in the following limited circumstances:
With Your Consent
When you choose to share your activity feed with friends or make it public, that information becomes visible according to your privacy settings.
Service Providers
We may share data with third-party service providers who help us operate our service:
- OAuth providers (Google, GitHub, Discord) for authentication
- Vercel for hosting and analytics
Legal Requirements
We may disclose your information if required by law or in response to valid legal requests (subpoenas, court orders, etc.)
Your Privacy Rights
Depending on your location, you may have the following rights:
- Access: Request a copy of the personal data we hold about you
- Correction: Request corrections to inaccurate or incomplete data
- Deletion: Request deletion of your account and associated data
- Data Portability: Request your data in a structured, machine-readable format
- Objection: Object to certain processing of your data
- Withdrawal of Consent: Withdraw consent for data processing where we rely on consent
To exercise these rights, please contact us using the information in the "Contact Us" section below.
Cookies
We use cookies and similar technologies for:
- Authentication: Session cookies to keep you logged in
- Preferences: Storing your UI preferences (like sidebar state)
- Analytics: Vercel analytics cookies (if enabled)
You can control cookies through your browser settings, but disabling certain cookies may limit functionality of the Service.
Third-Party Services
Our Service integrates with third-party OAuth providers for authentication:
- Google OAuth
- GitHub OAuth
- Discord OAuth
These services have their own privacy policies. We encourage you to review their privacy practices:
Data Retention
We retain your personal information for as long as your account is active or as needed to provide you services. When you delete your account, we will delete your personal data, except where we are required to retain it for legal compliance or legitimate business purposes.
Inactive accounts may be deleted after a reasonable period of inactivity, with advance notice when possible.
Children's Privacy
Our Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us. If we discover that we have collected personal information from a child under 13, we will promptly delete such information.
International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country. By using our Service, you consent to the transfer of your information to these countries.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date.
We encourage you to review this Privacy Policy periodically for any changes. Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy.
Contact Us
If you have questions or concerns about this Privacy Policy or our privacy practices, please contact us:
- Via GitHub: Open an issue
GDPR Compliance (EU Users)
If you are located in the European Economic Area (EEA), you have certain data protection rights under the General Data Protection Regulation (GDPR). We process your personal data based on the following legal bases:
- Contract Performance: Processing necessary to provide our services
- Legitimate Interests: Improving our service and security
- Consent: For optional features like social sharing
- Legal Obligation: Compliance with applicable laws
This privacy policy is effective as of the date stated above and will remain in effect except with respect to any changes in its provisions in the future.