Privacy policy

By using ManicTime, you are agreeing to the collection and use of your personal information for the purposes of providing you our product services as described below. We will notify all active accounts of any significant changes to this policy.

Your data is never shared

We will never sell, rent, or otherwise share your personal information, with or without personally identifying information. Furthermore, we will never share anonymized selections of your individual data. If we are required by law to disclose any of the information collected about you, we will attempt to provide you with notice (unless we are prohibited) that a request for your information has been made in order to give you an opportunity to object to the disclosure. We will attempt to provide this notice by email. We will independently object to overly broad requests for access to information about users of our site.
You can also delete your account at any time. Deleting your account permanently deletes all your data from our database.
We won't spam you. We might occasionally send one-time messages about important ManicTime news, improvements of the product and security enhancements. You will always be able to unsubscribe.
Sharing of data is controlled by the administrator of the account and by default does not allow anyone in the account access to your data. No one outside of your organization will have access to any of your data.

How do we protect your data?

Your data is always encrypted in transit. All requests with the ManicTime web app and client apps are encrypted with current best practice SSL configurations.
Your data is always encrypted at rest. All of our storage uses volume encryption.

What information does ManicTime collect? How is it used?

Account information includes email address, first and last name. For easier recollection and for help with assigning your time to tasks and projects, ManicTime records the following information:

Device usage - application name, URL, window title, start time of use, end time of use. In some cases, also full path of the file you are working on in application.
Location and Phone calls (Android)
Screenshots (Windows, Mac, Linux)
For distinguishing you and your device: IP, your system user name, device name, device operating system version.

Cookies and Log Files

ManicTime.com sends a "cookie" to your computer that contains an identifier that is unique to your browser session. We use this cookie to validate your authentication, provide you with a continuous experience, and to record how our site/service is being used. It is not used for marketing purposes.

As is done with most web sites, we log each visit to each web page. A log entry can contain information typically found in the "header" of your web browser's request such as the browser type you used, your Internet Protocol address, and the date and time of day. We may also log your session identifier and the URL of a site that referred you. This log information is important for security, audit, quality improvement, as well as for monitoring the health of our service.

You can delete your account at any time

We would hate to see you go, but it's an option. All your data will be deleted along with your account.

Security of the ManicTime Infrastructure

Infrastructure and Platform: Secure Foundations

We’ve built ManicTime with security in mind, from hardware and networks to how we deploy our services.

ManicTime is made up of two main parts:

The Client: This runs on your device (Windows, Mac, Linux, Android, iOS) and automatically tracks how you use your device.
The Cloud Service: This processes the data from the client and provides analytics.

The Client Application Platform

For desktop systems (Windows, OS X, and Linux), the ManicTime client is built with cross-platform tools. It securely communicates with our servers, manages settings, and tracks time. We keep the client up to date and apply security fixes regularly.

The ManicTime client keeps your device, account, and data secure with features like:

Secure connections: All data sent between the client and server is encrypted using HTTPS.
Privacy controls: You control what data is tracked and can adjust settings to meet your privacy needs.
Frequent updates: We regularly update the client and notify you when an update is needed.

The Cloud Service Platform

ManicTime’s data processing, reporting, and account management run on Microsoft Azure, which provides strong security for both physical infrastructure and network protection.

We use secure, open-source software to ensure the platform is safe, constantly updated, and resilient. Azure’s global data centers and compliance certifications (like GDPR and HIPAA) ensure your data is safe, backed up, and always available.

All interactions with our platform are done securely using HTTPS or SSH, and our testing environments are similarly protected.

ManicTime’s cloud service manages user settings, processes, and reports your data. Key security features include:

Secure connections: All communication with the cloud service is encrypted via HTTPS.
Login options: Users can create a ManicTime-specific password and enable two-factor authentication.
Data control: Users can delete their accounts and remove all their history at any time.
Data separation: Each user’s data is isolated and protected, ensuring no unauthorized access.
Audit logs: All important activities are logged and tracked to provide accountability.

Compliance with HIPAA, HITECH, and More

Some clients require compliance with regulations like HIPAA, which deals with the security of sensitive health information.

Is it needed?

Users can configure ManicTime to avoid tracking any windows, URLs, or taking screenshots of applications that contain patient data or other sensitive health information. By properly adjusting these settings, you can prevent ManicTime from inadvertently capturing protected health information (PHI), thus ensuring compliance with HIPAA regulations.

ManicTime and HIPAA Compliance

ManicTime meets several key requirements for HIPAA compliance by ensuring that sensitive data is protected through various security measures:

Secure transmission: All data between the client and the service is encrypted.
Physical security: Azure data centers are monitored and access-controlled.
Access control: Only authorized personnel can access the system, and all access is tracked for auditing purposes.
Disaster recovery: Azure provides full disaster recovery, ensuring data is safe and backed up.
Breach Notification: In compliance with the HITECH Act, ManicTime is committed to notifying customers promptly in the event of any security breach that may affect sensitive data.

While ManicTime provides several layers of security and compliance, users must configure the application to prevent the capture of protected health information (PHI) when tracking data, such as by excluding applications that contain patient data.

At this time, ManicTime has not contracted an audit firm to provide third party validation of compliance.