Privacy Policy

OS TrueTime is designed with privacy-first engineering at its core. We enforce strict data minimization: we do not collect telemetry, window titles, or activity records outside of configured employee shift schedules. Telemetry collection only starts when the desktop client is actively connected and running during user-initiated shift hours.

Our screenshot capture architecture ensures that unblurred, plain-text screen logs are never saved locally or transmitted over the network. The desktop tracking client executes hardware-accelerated Gaussian blurring directly in local machine memory. This ensures that sensitive information, personal messages, or private credentials are fully redacted before files leave the employee's machine.

We collect only high-level activity telemetry to measure focus distribution: • Process names and active window headers (e.g. 'vscode', 'documentation'). • Aggregated mouse click and keystroke frequency rates (we do NOT record actual keystrokes, characters, or text inputs to prevent password leaks). • Network application usage and geofencing login records.

We fully comply with the Digital Personal Data Protection (DPDP) Act 2023 and the Information Technology Act 2000 in India. Employers using the platform must obtain explicit, informed consent from all employees before activating tracking. Employees retain rights to access their telemetry history, request corrections to manual timesheets, and view blurred screenshots logged under their name.

All data transfers use secure TLS encryption. Screenshots are uploaded directly to dedicated S3 compatible buckets (MinIO, Spaces) using short-lived presigned PUT URLs, bypassing the application API server. Postgres databases handle admin auth details with Row-Level Security, and time-series telemetry is isolated inside ClickHouse.

Workspace administrators configure dynamic data retention limits (starter templates default to 30 days storage). Telemetry records and S3 screenshot files are automatically purged by database cron schedules when their age exceeds the selected retention threshold. Employees also have the right to request support-assisted GDPR data purging.