Protecting customer and volunteer data is a core responsibility at Timecounts. We use a combination of technical, organizational, and operational safeguards designed to protect the confidentiality, integrity, and availability of information stored within the platform.
Infrastructure and hosting
Timecounts is hosted on trusted cloud infrastructure providers, including Amazon Web Services (AWS) and Heroku.
We also use Cloudflare to help protect against malicious traffic, improve performance, and support platform availability.
Data protection
We apply industry-standard practices to protect data throughout the platform, including:
Encryption in transit
Secure storage of customer data
Restricted access to systems and information
Regular software and security updates
Timecounts does not sell customer data or use customer information for advertising purposes.
Access controls
Access to Timecounts is controlled through permissions and role-based access management.
Organizations determine who can access their data, and administrators can assign permissions based on each person's responsibilities.
Internal access to customer data is restricted to authorized personnel who require access to support, maintain, or improve the service.
We are currently implementing two-factor authentication (2FA) for administrators to further strengthen account security.
Monitoring, logging, and backups
To support platform reliability and security, we maintain:
Application monitoring
System and error logging
Security awareness processes
Regular backups and recovery procedures
These measures help us identify issues, investigate incidents, and protect against data loss.
Incident response
Timecounts maintains internal procedures for identifying, responding to, and managing security incidents.
If a security incident affects customer data, we will investigate promptly and notify affected customers as required by applicable laws and contractual obligations.
Subprocessors
We work with a limited number of trusted subprocessors to provide services such as hosting, payments, communications, customer support, and document storage.
All subprocessors are reviewed before use and are expected to maintain appropriate privacy and security safeguards.
Related article: List of Timecounts subprocessors
Data ownership and control
Organizations using Timecounts retain control of the data they collect and manage.
Organizations can:
Export their data
Update volunteer information
Delete records
Request organization deletion
Timecounts acts as a Data Processor on behalf of the organizations using the platform.
Compliance and ongoing improvements
Timecounts is not currently SOC 2 certified.
However, we follow industry-standard security practices and continue to strengthen our systems, processes, and controls over time.
Our infrastructure providers maintain independently audited security programs, and we regularly review opportunities to improve authentication, monitoring, operational security, and privacy protections.
Related resources
Privacy Policy
https://timecounts.app/privacy
Terms of Service
https://timecounts.app/terms
Timecounts subprocessors
List of Timecounts subprocessors
Questions?
If you have questions about security, privacy, or data handling, contact: