logo

Privacy policy

By using ManicTime, you are agreeing to the collection and use of your personal information for the purposes of providing you our product services as described below. We will notify all active accounts of any significant changes to this policy.

How your data is shared

  1. We will never sell or rent your personal information. We share it only with the subprocessors listed in our Data Processing Agreement, who process it on our behalf under contract. If we are required by law to disclose any of the information collected about you, we will attempt to provide you with notice (unless we are prohibited) that a request for your information has been made in order to give you an opportunity to object to the disclosure. We will attempt to provide this notice by email. We will independently object to overly broad requests for access to information about users of our site.
  2. You can also delete your account at any time. Deleting your account removes your data immediately from our production database; copies held in backups are removed within one week.
  3. We won't spam you. We might occasionally send one-time messages about important ManicTime news, improvements of the product and security enhancements. You will always be able to unsubscribe.
  4. Sharing of data is controlled by the administrator of the account and by default does not allow anyone in the account access to your data. No one outside of your organization has access to your data, other than the subprocessors that operate the service on our behalf (listed in our Data Processing Agreement).

How do we protect your data?

  1. Your data is always encrypted in transit. All requests with the ManicTime web app and client apps are encrypted with current best practice SSL configurations.
  2. Your data is always encrypted at rest, using AES-256 encryption.

Where your data is stored and who processes it

ManicTime Cloud is hosted on Microsoft Azure in the United States (East US and East US 2 regions), including database backups. Where we process personal data on your organization's behalf, we act as a data processor; our current subprocessors and international-transfer safeguards are set out in our Data Processing Agreement.

What information does ManicTime collect? How is it used?

Account information includes email address, first and last name. For easier recollection and for help with assigning your time to tasks and projects, ManicTime records the following information:
  1. Device usage - application name, URL, window title, start time of use, end time of use. In some cases, also full path of the file you are working on in application.
  2. Location and Phone calls (Android)
  3. Screenshots (Windows, Mac, Linux)
  4. For distinguishing you and your device: IP, your system user name, device name, device operating system version.

Cookies and Log Files

ManicTime.com sends a "cookie" to your computer that contains an identifier that is unique to your browser session. We use this cookie to validate your authentication, provide you with a continuous experience, and to record how our site/service is being used. It is not used for marketing purposes.

As is done with most web sites, we log each visit to each web page. A log entry can contain information typically found in the "header" of your web browser's request such as the browser type you used, your Internet Protocol address, and the date and time of day. We may also log your session identifier and the URL of a site that referred you. This log information is important for security, audit, quality improvement, as well as for monitoring the health of our service.

You can delete your account at any time

We would hate to see you go, but it's an option. Your data is removed immediately from our production database along with your account; copies held in backups are removed within one week.

Security of the ManicTime Infrastructure

Infrastructure and Platform: Secure Foundations

We’ve built ManicTime with security in mind, from hardware and networks to how we deploy our services.

ManicTime is made up of two main parts:

  • The Client: This runs on your device (Windows, Mac, Linux, Android, iOS) and automatically tracks how you use your device.
  • The Cloud Service: This processes the data from the client and provides analytics.

The Client Application Platform

For desktop systems (Windows, OS X, and Linux), the ManicTime client is built with cross-platform tools. It securely communicates with our servers, manages settings, and tracks time. We keep the client up to date and apply security fixes regularly.

The ManicTime client keeps your device, account, and data secure with features like:

  • Secure connections: All data sent between the client and server is encrypted using HTTPS.
  • Privacy controls: You control what data is tracked and can adjust settings to meet your privacy needs.
  • Frequent updates: We regularly update the client and notify you when an update is needed.

The Cloud Service Platform

ManicTime’s data processing, reporting, and account management run on Microsoft Azure, which provides strong security for both physical infrastructure and network protection.

We use secure, open-source software to keep the platform safe, constantly updated, and resilient. Azure’s data centers and compliance certifications help keep your data safe, backed up, and available.

All interactions with our platform are done securely using HTTPS or SSH, and our testing environments are similarly protected.

ManicTime’s cloud service manages user settings, processes, and reports your data. Key security features include:

  • Secure connections: All communication with the cloud service is encrypted via HTTPS.
  • Login options: Users can create a ManicTime-specific password and enable two-factor authentication.
  • Data control: Users can delete their accounts and remove all their history at any time.
  • Data separation: Each user’s data is isolated and protected, ensuring no unauthorized access.
  • Audit logs: All important activities are logged and tracked to provide accountability.

Sensitive health information (HIPAA)

Some customers work under regulations such as HIPAA, which govern the handling of sensitive health information.

Is it needed?

You can configure ManicTime to avoid tracking any windows, URLs, or taking screenshots of applications that contain patient data or other sensitive health information. By adjusting these settings, you can reduce the risk of ManicTime inadvertently capturing protected health information (PHI). Meeting HIPAA or other regulatory obligations remains your responsibility as the customer.

Security measures relevant to sensitive data

ManicTime provides security measures that can support your own compliance efforts, including:

  • Secure transmission: All data between the client and the service is encrypted.
  • Physical security: Azure data centers are monitored and access-controlled.
  • Access control: Access is limited to authorized personnel and relevant activity is logged.
  • Disaster recovery: Azure provides disaster recovery and backup capabilities.
  • Breach notification: We notify affected customers without undue delay after becoming aware of a confirmed data breach affecting their data, as described in our Data Processing Agreement.

ManicTime provides several layers of security, but you must configure the application to prevent the capture of protected health information (PHI) when tracking data, such as by excluding applications that contain patient data.

Date: July 1, 2026