Privacy Policy

Let's get this privacy sorted.

Privacy Policy for What Have You Done?!

Effective Date: May 12, 2026

Last Updated: May 12, 2026

What Have You Done?!, also known as WHYD, is a time tracking service designed to help users record, organize, review, and report their work time. This Privacy Policy explains what information we collect, how we use it, how we protect it, and what choices you have.

The short version: we collect the information needed to run WHYD, keep your account working, help you track your time, provide support, improve the service, and keep things secure. We do not sell your personal information. We do not track you across other companies’ apps or websites for advertising. We are not interested in becoming a tiny surveillance goblin. We just want the time entries to go where they are supposed to go.

1. Who We Are

This Privacy Policy applies to the WHYD website, web application, iOS application, and related services, collectively referred to as the “Service.”

2. Information We Collect

We collect information in a few main ways:

  1. Information you provide directly.
  2. Information created when you use the Service.
  3. Technical information collected automatically, primarily crash and performance data.
  4. Information from third-party service providers we use to operate WHYD.

2.1 Account Information

When you create or use a WHYD account, we may collect:

  • Name
  • Email address
  • Username or account identifier
  • Password authentication information
  • Account settings and preferences
  • Subscription or plan status
  • Organization, company, or team information, if applicable

We use this information to create your account, let you log in, identify you within the Service, provide customer support, and manage your access.

Passwords are stored using appropriate security protections. We do not store your password in plain text.

2.2 Time Tracking Data

Because WHYD is a time tracking service, we collect and store the information you enter into the Service, which may include:

  • Time entries
  • Dates and times worked
  • Duration of work
  • Client names
  • Project names
  • Task names
  • Work descriptions or notes
  • Billable or non-billable status
  • Hourly rates or billing-related settings, if you enter them
  • Invoice-related data, if invoice features are used
  • Tags, categories, or other organizational labels

This data is used to provide the core functionality of WHYD: tracking, organizing, reporting, and reviewing work time.

Please avoid entering sensitive personal information into time entry notes unless it is necessary. WHYD is for time tracking, not for storing secrets, medical records, nuclear launch codes, or your nemesis list.

2.3 Client and Project Information

If you use WHYD to organize work by client or project, we may collect:

  • Client names
  • Client contact details, if you enter them
  • Project names
  • Project descriptions
  • Billing configuration
  • Notes or metadata related to clients and projects

This information is used to organize your time entries and support reporting, billing, and invoicing workflows.

2.4 Billing and Payment Information

If WHYD offers paid plans or paid services, billing may be handled by a third-party payment processor. Depending on how you subscribe or pay, we may collect or receive:

  • Billing name
  • Billing email
  • Billing address
  • Subscription plan
  • Payment status
  • Transaction history
  • Last four digits of a payment card, if provided by the processor
  • Tax-related information, if required

We do not store full credit card numbers. Payment card information is typically handled directly by our payment processor, Stripe.

Payment processor: Stripe

2.5 iOS App Information

When you use the WHYD iOS app, we may collect information necessary for the app to function, such as:

  • Your account login information
  • Time entries submitted through the app
  • Client and project selections
  • App settings
  • Device type
  • Operating system version
  • App version
  • Crash logs or diagnostic information, if enabled or provided through Apple or another crash reporting service

We use this information to provide the mobile app, troubleshoot issues, improve performance, and keep the Service working properly.

2.6 Technical and Usage Information

When you use WHYD, we may automatically collect technical information such as:

  • IP address
  • Browser type
  • Device type
  • Operating system
  • Pages or screens viewed
  • Dates and times of access
  • Referring URLs
  • App version
  • Error logs
  • Server logs
  • Security-related events
  • Approximate location inferred from IP address

We use this information to operate, secure, debug, and improve the Service.

We do not use this information to track you across unrelated apps or websites for advertising.

2.7 Cookies and Similar Technologies

The WHYD website or web application may use cookies or similar technologies for purposes such as:

  • Keeping you logged in
  • Remembering preferences
  • Securing your session
  • Understanding basic usage of the Service
  • Diagnosing technical issues

We may use both session cookies and persistent cookies.

You can control cookies through your browser settings, but disabling certain cookies may prevent parts of WHYD from working correctly. In other words, the cookie jar is functional, not decorative.

2.8 Support Communications

If you contact us for support, we may collect:

  • Your name
  • Email address
  • Message content
  • Screenshots or files you provide
  • Account details needed to troubleshoot the issue
  • Any other information you choose to send us

We use this information to respond to your request, troubleshoot problems, and improve the Service.

3. How We Use Information

We use the information we collect to:

  • Provide and operate the Service
  • Create and manage user accounts
  • Let users submit and manage time entries
  • Organize time by client, project, task, or category
  • Generate reports or invoice-related data, if applicable
  • Authenticate users
  • Provide customer support
  • Communicate service-related information
  • Process payments and subscriptions
  • Monitor performance and diagnose bugs
  • Improve the Service
  • Protect the security and integrity of WHYD
  • Prevent abuse, fraud, or unauthorized access
  • Comply with legal obligations

We do not use your personal information for cross-app or cross-site advertising tracking.

4. How We Share Information

We do not sell your personal information.

We may share information only in the limited ways described below.

4.1 Service Providers

We may share information with vendors and service providers who help us operate WHYD. These may include providers for:

  • Hosting
  • Database storage
  • Email delivery
  • Payment processing
  • Analytics
  • Error monitoring
  • Customer support
  • Security monitoring
  • App distribution or crash reporting

These providers may process information only as needed to provide services to us.

Examples may include:

  • [Hosting provider]
  • [Database provider]
  • [Email provider]
  • [Payment processor]
  • [Analytics provider, if any]
  • [Crash reporting provider, if any]

Replace this section with your actual vendors. This is the part where the privacy policy stops being poetry and becomes inventory management. Tiny clipboard time.

4.2 Within Your Account, Team, or Organization

If WHYD supports teams, organizations, shared clients, or shared projects, information may be visible to other authorized users in your account or organization, depending on your settings and permissions.

For example, a team administrator may be able to view time entries, projects, users, billing settings, or reports associated with that team.

4.3 Legal Requirements

We may disclose information if we believe it is reasonably necessary to:

  • Comply with applicable law
  • Respond to legal process
  • Enforce our terms or agreements
  • Protect the rights, property, or safety of WHYD, our users, or others
  • Investigate fraud, abuse, or security issues

4.4 Business Transfers

If WHYD is involved in a merger, acquisition, financing, reorganization, bankruptcy, sale of assets, or similar transaction, user information may be transferred as part of that transaction.

If that happens, we will take reasonable steps to ensure your information remains protected.

5. We Do Not Sell Personal Information

We do not sell your personal information.

We also do not share your personal information for cross-context behavioral advertising.

If our practices change in the future, we will update this Privacy Policy and provide any required notices or choices.

6. Tracking and Advertising

WHYD does not track users across third-party apps or websites for advertising purposes.

We do not use your time entries, client names, project names, or account data to build advertising profiles.

We may use privacy-respecting analytics or diagnostic tools to understand how the Service is performing, find bugs, and improve the user experience. If we use analytics, it is for product improvement, not for selling ads based on your work habits.

7. Data Retention

We keep your information for as long as reasonably necessary to provide the Service, comply with legal obligations, resolve disputes, enforce agreements, and maintain business records.

In general:

  • Account information is retained while your account is active.
  • Time entries and project data are retained while your account is active unless you delete them or request deletion.
  • Billing records may be retained as required for accounting, tax, and legal purposes.
  • Server logs and diagnostic data are retained for a limited period unless needed for security, fraud prevention, debugging, or legal reasons.
  • Support messages may be retained to provide ongoing support and improve the Service.

When information is no longer needed, we delete it or anonymize it when reasonably possible.

Server logs are generally retained for up to 90 days unless needed for security, debugging, or legal purposes.

8. Data Security

We use reasonable technical, administrative, and organizational measures to protect your information.

These may include:

  • HTTPS encryption in transit
  • Access controls
  • Authentication protections
  • Password hashing
  • Database security controls
  • Limited access to production systems
  • Monitoring and logging
  • Backups
  • Security updates
  • Vendor security review where appropriate

No system is perfectly secure. We cannot guarantee absolute security, but we work to protect your information from unauthorized access, loss, misuse, or alteration.

9. Your Choices and Rights

Depending on where you live, you may have rights regarding your personal information. These may include the right to:

  • Access the personal information we have about you
  • Request correction of inaccurate information
  • Request deletion of your information
  • Request a copy of your information
  • Object to or restrict certain processing
  • Withdraw consent where processing is based on consent
  • Opt out of sale or sharing of personal information, where applicable

Because WHYD does not sell personal information or share it for cross-context behavioral advertising, there may be no sale or sharing to opt out of. Still, you can contact us with privacy requests.

To make a request, contact us at: privacy@whyd.io.

We may need to verify your identity before fulfilling certain requests.

10. Account Deletion

You may request deletion of your account by contacting us at: privacy@whyd.io.

When an account is deleted, we will delete or anonymize personal information associated with the account, except where we need to retain information for legal, tax, security, backup, or legitimate business purposes.

Some deleted information may remain in backups for a limited period before being permanently removed.

11. Children’s Privacy

WHYD is not intended for children under 13, and we do not knowingly collect personal information from children under 13.

If we learn that we have collected personal information from a child under 13 without appropriate consent, we will take steps to delete that information.

WHYD is intended for use by adults and business users. It is not directed to children.

12. International Users

WHYD may be operated from the United States or other locations where we or our service providers maintain systems.

If you access the Service from outside the United States, your information may be processed in the United States or other countries. These countries may have data protection laws that differ from those in your location.

Where required, we take steps to protect personal information transferred internationally.

13. Third-Party Links and Services

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties.

If you interact with third-party services, their privacy policies apply.

Examples may include:

  • Payment processors
  • App stores
  • OAuth/login providers, if used
  • Support tools
  • Analytics or diagnostics providers

14. Email Communications

We may send you service-related emails, such as:

  • Account notifications
  • Login or security alerts
  • Password reset messages
  • Billing notices
  • Product updates
  • Support replies

You may be able to unsubscribe from marketing emails, but we may still send essential service-related messages.

15. App Store and Apple Services

If you download WHYD from Apple’s App Store or use Apple services with the app, Apple may collect and process information according to Apple’s own privacy practices.

Apple’s App Store privacy disclosures are separate from this Privacy Policy and are intended to summarize the data collection practices of the app on the App Store product page.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

If we make material changes, we will update the “Last Updated” date and may provide additional notice, such as through the Service or by email.

Your continued use of WHYD after the updated Privacy Policy becomes effective means you accept the updated policy.

17. Contact Us

If you have questions, concerns, or requests about this Privacy Policy or your personal information, contact us at: