🔒 Privacy Policy

Toggl Widget

← Back to Home

Last Updated: December 2025

This Privacy Policy describes how Toggl Widget ("we", "our", or "us") collects, uses, and protects your information when you use our mobile application.

Information We Collect

1. Toggl Track Credentials

To provide time tracking functionality, we collect and store:

  • Toggl API Token - Encrypted and stored securely on our servers
  • Email and Password (if using email login) - Password is hashed before storage

This information is required to authenticate with Toggl Track's API and fetch your time entries.

2. Device Information

  • Device Token - Provided by Apple's Push Notification service to deliver real-time widget updates
  • User ID - A randomly generated unique identifier for your account in our system

3. Usage Data

  • Workspace ID - Your Toggl Track workspace identifier
  • Webhook Data - Information needed to receive real-time updates from Toggl Track

How We Use Your Information

We use the collected information solely for:

  • Widget Functionality - Fetching and displaying your active time entries
  • Real-Time Updates - Sending push notifications to update your widget when timers start or stop
  • Account Management - Linking your devices to your account for push notification delivery

We do NOT:

  • Use your data for advertising or marketing
  • Share your data with third parties for tracking
  • Sell your data to anyone
  • Use analytics or tracking services

Data Storage and Security

On Your Device

  • Your Toggl API token is stored securely using iOS Keychain
  • No credentials are stored in plain text

On Our Servers

  • All data is stored in Supabase (our database provider) with encryption at rest
  • Toggl API tokens are encrypted before storage using industry-standard encryption
  • Passwords are hashed using SHA-256 (one-way hashing, cannot be reversed)
  • Device tokens and user IDs are stored securely and only used for push notification delivery

Third-Party Services

We use the following third-party services:

1. Supabase

Database hosting service. Your data is stored on Supabase's infrastructure. See their privacy policy: supabase.com/privacy

2. Vercel

Backend hosting service. Our server code runs on Vercel's infrastructure. See their privacy policy: vercel.com/legal/privacy-policy

3. Apple Push Notification Service (APNs)

Used to deliver push notifications to your device. Device tokens are managed by Apple. See Apple's privacy policy: apple.com/privacy

4. Toggl Track API

We access your time tracking data through Toggl Track's official API. We only fetch data necessary for widget functionality. See Toggl's privacy policy: toggl.com/legal/privacy

Important: We do not use any analytics, tracking, advertising, or data collection services. Your data is only used for app functionality.

Data Retention

We retain your data as long as your account is active. You can delete your account and all associated data at any time by:

  • Logging out of the app (removes local data)
  • Contacting us to request account deletion

When you delete your account, we will remove all stored data including encrypted tokens, device tokens, and webhook information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: chibernard321@gmail.com

Support Page: View Support