Data security and GDPR
Trust lies at the center of our software. We want our services to enable people; not cheat or spy on them – and there would be absolutely no substance to our business if it did. Your data belongs to you alone, and we want to keep it that way. This page details the things we do to protect your data.
Your data, your rules
As the owner of your data, you can do any of the following at any point:
- Download and check everything Memory has on file for you;
- Permanently delete all your stored data from Memory;
- Turn the Memory app on or off (and therefore start or stop tracking);
- Grant or revoke Memory's access to integrated apps;
- Contact our dedicated data protection officer.
Only you can see your privately tracked data.
Data sharing in Memory is built on a model of employee consent. Your boss and colleagues can see the final time sheet you approve, but they can never access your tracked Memory data. No screenshots, geo-tagging or weird mouse monitoring – employers can never infringe an employee’s right to data privacy in Timely.
Your Memory data is securely stored.
Data will be processed and stored in the EU by our sub-supplier and sub-processor, Amazon Web Services (AWS). AWS is Privacy Shield-certified, so transfer of data to it will be in compliance with EU law. We are fully compliant with the GDPR, DSGVO and SOC2.
We don’t – and never will – do anything creepy with your data.
We will never use your Memory data to sell you ads, sell your data to third parties or data brokers, or do anything else so unethical and self-destructive. All the data our AI engineers see is fully anonymised; they can’t determine anyone’s identity from the data they use to train Memory's algorithms. Our data protection officer is the only individual theoretically able to see all data, and our Support team will always ask for your consent before accessing your account to fix a problem.
What Memory tracks
Memory’s Memory app doesn’t have full access to everything going on inside your computer. It only records the page titles and timestamps of apps you are actively using. It won’t track this information on “private” or “incognito” browser windows, unless you use Firefox (which is built in a way that unfortunately makes it impossible to block tracking).
It doesn’t track the actual content within those pages. So, it can record how long you spend on a specific website, but not the details of what you actually read, see or write.
We do have a few bespoke integrations for popular work tools like Google Calendar and GitHub, which give you more specific details on elements of your work — like the title of emails you sent, meetings you attended and locations where you worked from. But these integrations are not active by default; you decide whether to grant Memory access to them.
The Memory application never takes screenshots. Users wishing to track idle time on desktop can opt into mouse and keystroke movement tracking. This data is only ever used for idle detection and stays confidential to the individual.