C
ClokrBack to home

Clokr — Privacy Policy

Last updated: 16 March 2026

1. Who we are

Clokr is a web-based time tracking application for freelancers and small teams, operated by a sole proprietor based in South Africa.

Privacy contact: privacy@clokr.app

2. What data we collect

Information you provide directly

  • Account information: Your name, email address, and a hashed version of your password (if you sign up with email). If you use Google sign-in, we receive your name, email, and Google profile ID.
  • Time tracking data: Time entries, projects, tasks, tags, notes, and any rates you configure.
  • Team data: Team membership, roles, timesheet submissions, and approval records.
  • Leave requests: Time-off requests, approval status, and leave balances.
  • Notification preferences: Your choices about which notifications you want to receive.
  • Feedback: Any feedback, bug reports, or support messages you submit through the app.

Information collected automatically

  • Usage data: How you interact with Clokr — pages visited, features used, and general usage patterns. This helps us understand which parts of the app work well and which need improvement.
  • Technical data: Your browser type, operating system, IP address, and device information. This is collected through standard server logs and helps us maintain security and diagnose issues.

Information we do NOT collect

  • Payment or banking details (payment processing is not yet implemented).
  • Precise geolocation data.
  • Data from your device's contacts, camera, or microphone.

3. How we use your data

We use your data for the following purposes:

  • Providing the service: Running Clokr, managing your account, tracking time, generating reports, and processing leave requests.
  • Improving the product: Understanding usage patterns to fix bugs, improve features, and build new ones.
  • Sending notifications: Transactional emails (e.g., password resets, approval requests) and, where you've opted in, product updates.
  • Security: Detecting and preventing fraud, abuse, and unauthorised access.
  • Legal compliance: Meeting our obligations under South African law, including POPIA.

We do not use your data for advertising or sell it to third parties.

4. Our legal basis for processing

Under POPIA, we process your personal information based on the following grounds:

  • Contract: Processing is necessary to provide you with the Clokr service you signed up for (Section 11(1)(b) of POPIA).
  • Legitimate interest: We have a legitimate interest in improving our service, maintaining security, and understanding how Clokr is used, provided this doesn't override your rights (Section 11(1)(f) of POPIA).
  • Consent: Where required, such as for optional marketing communications, we'll ask for your explicit consent.

5. Who we share your data with

We share data with the following third-party service providers, only to the extent necessary to operate Clokr:

ProviderWhat they doData they may access
VercelHosts the Clokr web applicationServer logs, IP addresses, request data
NeonHosts our PostgreSQL databaseAll stored application data (encrypted)
InngestRuns background jobs (e.g., sending notifications)Data relevant to the specific job being processed
GoogleProvides sign-in via Google OAuthYour name, email, and Google profile ID (only if you choose Google sign-in)
CloudflareBot prevention via Turnstile on login and signupIP address, browser metadata

We do not sell your data to anyone. We only share data with providers who need it to help us run the service, and we choose providers with strong security practices.

6. Cookies and local storage

Cookies

We use session cookies to keep you logged in. These are essential for the service to function and are not used for tracking or advertising.

Local storage

We use your browser's local storage to save UI preferences such as view toggles, notification settings, and display options. This data stays in your browser and is not sent to our servers.

We do not use third-party advertising or analytics cookies.

7. Your rights under POPIA

As a data subject under the Protection of Personal Information Act (POPIA), you have the right to:

  • Access your data: Request a copy of the personal information we hold about you.
  • Correct your data: Ask us to update or correct inaccurate information.
  • Delete your data: Request that we delete your personal information. We'll do so unless we have a legal obligation to retain it.
  • Object to processing: Object to how we process your data in certain circumstances.
  • Data portability: Export your time tracking data. CSV and Excel exports are available on paid plans. On the Free plan, you can contact us to request an export.

To exercise any of these rights, email us at privacy@clokr.app. We'll respond within 30 days.

If you're not satisfied with our response, you have the right to lodge a complaint with the Information Regulator (South Africa):

8. Data storage and security

Where your data is stored

Your data is stored on servers operated by Vercel and Neon. These servers may be located in the United States or European Union. See Section 9 for details on international data transfers.

How we protect your data

  • All data in transit is encrypted using HTTPS/TLS.
  • Database data is encrypted at rest.
  • Passwords are hashed — we never store your password in plain text.
  • We use Cloudflare Turnstile to prevent automated attacks on login and signup.
  • Access to production systems is restricted.

While we take reasonable steps to protect your data, no system is 100% secure. If we become aware of a data breach affecting your personal information, we'll notify you and the Information Regulator as required by POPIA.

9. International data transfers

Because we use cloud infrastructure providers (Vercel, Neon) whose servers may be located outside South Africa, your data may be processed in the United States or European Union.

We take the following safeguards:

  • We only use reputable providers with strong security and privacy practices.
  • Data is encrypted both in transit and at rest.
  • Where possible, we choose hosting regions that offer strong data protection standards (the EU's GDPR is generally considered to meet POPIA's adequacy requirements).

10. Data retention

  • Active accounts: We keep your data for as long as your account is active.
  • Deleted accounts: When you delete your account, we retain your data for 30 days (in case you change your mind), then permanently delete it.
  • Server logs: Automatically generated server logs are retained for up to 90 days for security and debugging purposes, then deleted.
  • Feedback and support messages: Retained for as long as needed to address the issue, then deleted within 12 months.

11. Children

Clokr is not intended for anyone under the age of 18. We do not knowingly collect personal information from children. If we discover that a user is under 18, we will delete their account and data promptly.

If you believe a child under 18 has created an account, please contact us at privacy@clokr.app.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we do:

  • We'll update the "Last updated" date at the top.
  • For significant changes, we'll notify you via email or an in-app notification.
  • We'll keep previous versions available on request.

13. Contact us

For any privacy-related questions or to exercise your POPIA rights:

Email: privacy@clokr.app

For general support:

Email: support@clokr.app

© 2026 Clokr. All rights reserved. Terms · Privacy