We take the responsibility of protecting your data seriously. Timecounts is designed to help organizations manage volunteers safely, with practical safeguards that align with modern SaaS security practices.
Infrastructure & Hosting
Timecounts is hosted on trusted cloud infrastructure providers, including Amazon Web Services (AWS) and Heroku, which maintain industry-standard security certifications and physical safeguards.
We also use Cloudflare to help protect against malicious traffic and ensure reliable performance.
Data Protection
We apply standard security practices to protect data both in transit and at rest:
Encryption is used to protect data as it moves between systems
Sensitive data is stored securely within our infrastructure
Access to data is limited to what is necessary to operate and support the platform
We do not sell or use customer data for advertising purposes.
Access Controls
Access to Timecounts is permission-based and controlled at multiple levels:
Organizations control who can access their data
Admin roles and permissions limit access within each organization
Internal access is restricted to authorized personnel only
We are currently implementing two-factor authentication (2FA) for admins to further strengthen account security.
Monitoring, Logging & Backups
We maintain systems to help ensure reliability and detect issues:
Application activity is monitored to identify potential issues
Logging is used to support troubleshooting and security awareness
Regular backups are performed to protect against data loss
Incident Response
We maintain internal processes to identify, respond to, and manage security incidents.
If a security issue were to occur, we will notify affected customers and provide relevant updates as quickly as possible.
Subprocessors
We work with a small number of trusted subprocessors to operate the platform, including providers for hosting, email delivery, payments, and communications.
Each subprocessor is carefully selected and required to meet high standards for security and reliability.
You can view our current list here:
https://help.timecounts.app/en/articles/12956400-list-of-timecounts-subprocessors
Data Ownership & Control
Organizations using Timecounts retain control over their data:
You decide what data to collect and manage
You can export your data at any time
You can request deletion of your data
Timecounts acts as a data processor on behalf of the organizations using the platform.
Compliance & Ongoing Improvements
Timecounts is not currently SOC 2 certified. However, we follow industry-standard security practices and continue to strengthen our systems over time.
We leverage infrastructure providers that maintain SOC 2-compliant environments, and we are actively improving areas such as authentication, monitoring, and operational security.
Related Resources
Privacy Policy: http://timecounts.app/privacy
Terms of Service: http://timecounts.app/terms
Questions
If you have specific questions about security or data handling, feel free to reach out and we’ll do our best to provide clarity.