Privacy Policy
Last updated: March 4, 2026
HourProof ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the HourProof mobile application ("App").
1. Information We Collect
1.1 Account Information
When you create an account, we collect the following information depending on your sign-in method:
- Email/Password: Your email address and a securely hashed password.
- Google Sign-In: Your name, email address, and profile photo as provided by Google's OAuth 2.0 API. We receive an authentication token from Google solely for sign-in purposes. We do not request or receive access to your Google Calendar, Google Drive, Gmail, contacts, or any other Google services.
- Apple Sign-In: Your name and email address (or Apple relay email). We receive an authentication token from Apple solely for sign-in purposes.
1.2 Activity Data
Data you voluntarily enter into the App, including:
- Property information (name, address, type, color)
- Property groups and configurations
- Activity logs (category, description, duration, date)
- Evidence attachments (photos, receipts, documents, emails)
- Timer and duration data
1.3 Device Permissions
The App may request access to device features. These permissions are optional and only activated when you use the corresponding feature:
- Camera: Used only to capture photos for evidence attachments. Photos are stored with your activity records and are not shared with third parties.
- Microphone: Used only for voice-to-activity input via on-device or platform speech recognition. Audio is not recorded or stored by HourProof.
- Photo Library: Used only to let you select existing photos as evidence attachments.
- Speech Recognition: Used to convert voice input to text. Processing may occur on-device or via platform speech recognition services (Apple Speech or Google Speech-to-Text).
2. How We Use Your Information
We use your information solely to:
- Provide, maintain, and improve the App
- Authenticate your identity and manage your account
- Store and sync your activity records across devices
- Generate reports and statistics based on your data
- Respond to your support requests
We do not use your data for advertising, profiling, analytics tracking, or any purpose other than providing the service.
3. Third-Party Services
HourProof uses the following third-party services that may process your data:
3.1 Google Sign-In
When you authenticate with Google, we use Google's OAuth 2.0 protocol. We only request the minimal "profile" and "email" scopes. We do not request access to Google Calendar, Google Drive, Gmail, or any other Google service. The authentication token is used solely to verify your identity. Google's use of your data is governed by the Google Privacy Policy.
3.2 Apple Sign-In
When you authenticate with Apple, we receive your name and email (or Apple's private relay email). We do not receive any other Apple account data. Apple's use of your data is governed by the Apple Privacy Policy.
3.3 Firebase (Google Cloud)
We use Google Firebase for authentication, cloud data storage (Firestore), and cloud functions. Your data is stored on Firebase servers in the United States. Firebase's data processing is governed by the Firebase Privacy and Security documentation.
3.4 OpenAI API (Optional)
If you choose to use the AI-assisted activity logging feature, your activity descriptions are sent to OpenAI's API for natural language processing. This feature requires you to provide your own OpenAI API key. We do not store or transmit your API key to our servers. OpenAI's data handling is governed by the OpenAI Privacy Policy.
4. Data Storage and Security
Your data is stored locally on your device using encrypted storage and may be synced to Firebase cloud storage for backup and cross-device access. We implement industry-standard security measures including:
- Encrypted data transmission (TLS/SSL)
- Firebase Authentication security rules
- Firestore security rules limiting data access to authenticated users
- No plain-text storage of sensitive credentials
5. Data Sharing
We do not sell, rent, trade, or otherwise share your personal information with third parties for their marketing or commercial purposes. We may share data only:
- With service providers (Firebase, as described above) solely to operate the App
- If required by law, legal process, or governmental request
- To protect our rights, privacy, safety, or property
6. Data Retention and Deletion
We retain your data for as long as your account is active. You may delete your account and all associated data at any time through the App settings. Upon account deletion:
- Your activity logs, property data, and evidence are permanently deleted from our servers
- Your authentication credentials are removed from Firebase Authentication
- Local data on your device can be removed by uninstalling the App
Deletion is permanent and cannot be undone. We recommend exporting your records before deleting your account.
7. Children's Privacy
HourProof is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will delete that information promptly. If you believe a child has provided us with personal information, please contact us at support@hourproof.app.
8. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
8.1 California Residents (CCPA)
- Right to know what personal information is collected
- Right to delete your personal information
- Right to opt-out of the sale of personal information (we do not sell your data)
- Right to non-discrimination for exercising your privacy rights
8.2 EU/EEA Residents (GDPR)
- Right of access to your personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
To exercise any of these rights, contact us at support@hourproof.app.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy within the App or by email. Your continued use of the App after changes are posted constitutes your acceptance of the revised policy.
10. Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at: