Last updated: March 13, 2026
RF Time Tracker ("the App") is operated by Rootforce ("we", "us", "our"). This privacy policy explains how we collect, use, store, and protect your personal data when you use our mobile and web application in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws.
The App operates under a B2B model. Your employer or organization ("the Tenant") is the data controller for the time tracking data collected through the App. Rootforce acts as the data processor on behalf of the Tenant.
For questions about how your employer uses your data, please contact your organization's administrator.
| Data | Purpose | Legal Basis |
|---|---|---|
| Email address | Authentication and account identification | Contract performance (Art. 6(1)(b) GDPR) |
| Name | Display within the app to identify users | Contract performance |
| Password | Authentication (stored as bcrypt hash, never in plain text) | Contract performance |
| Data | Purpose | Legal Basis |
|---|---|---|
| Time entry descriptions | Record of work performed | Contract performance |
| Start and end times | Working hours tracking | Contract performance |
| Project names and tags | Work categorization | Contract performance |
| Break durations | Accurate working time calculation | Contract performance |
| Data | Purpose | Legal Basis |
|---|---|---|
| Tenant membership | Associate users with their organization | Contract performance |
| User role (user/admin) | Access control | Contract performance |
| Payroll information (hourly rate, salary) | Timesheet calculations (if configured by admin) | Contract performance |
We use your data exclusively to:
We do not:
All application data is stored on Google Cloud Platform (Firestore) in the Europe (europe-west1) region. Google provides encryption at rest and in transit. See Google Cloud Privacy.
The App offers sign-in via:
We only use the email and name provided by these services for authentication. We do not access your contacts, calendar, or other account data.
We use Sentry (sentry.io) to monitor application errors. When an error occurs, Sentry may receive:
We have configured Sentry to strip personal data (emails, passwords, authentication tokens) from error reports before they are sent. Sentry data is used solely to identify and fix bugs. See Sentry's Privacy Policy.
| Service | Purpose | Data Location |
|---|---|---|
| Google Cloud Platform (Firestore) | Data storage | Europe (europe-west1) |
| Google Cloud Run | Application hosting | Europe (europe-west1) |
| Sentry (Functional Software Inc.) | Error monitoring | EU |
| Data Type | Retention Period |
|---|---|
| Active user accounts | As long as the account is active |
| Time tracking entries | As long as the tenant account is active (minimum 10 years for business records per German tax law, AO §147) |
| Deleted user accounts | Account data is anonymized immediately upon deletion. Anonymized records are purged after 90 days. |
| Invite codes | Automatically expire after the configured period (default: 7 days) |
| Audit logs | Retained for 1 year, then automatically deleted |
| Error reports (Sentry) | 90 days (Sentry default retention) |
As a data subject, you have the following rights:
To exercise any of these rights beyond what is available in the app, contact us at the address below.
Note: As your employer is the data controller, some requests may need to be directed to your organization's administrator.
All data is stored and processed within the European Union (Google Cloud europe-west1 region). We do not transfer personal data outside the EU/EEA. Sentry processes error data within the EU.
The App is a workplace tool not intended for use by children under 16 years of age. We do not knowingly collect personal data from children.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours (Art. 33 GDPR) and affected individuals without undue delay (Art. 34 GDPR).
We may update this privacy policy from time to time. We will notify users of significant changes through the app or via email. The "Last updated" date at the top of this page indicates when this policy was last revised.
If you have questions about this privacy policy, your data, or wish to exercise your rights, contact us at:
Rootforce
Email: privacy@rootforce.com
For our Data Processing Agreement, see: Data Processing Agreement (DPA)