Privacy Policy

Hardly Working ("the App") is a time tracking application developed by Antonio Baltic ("we," "us," or "our"). This Privacy Policy explains how we collect, use, and protect your information when you use our App.

We are committed to protecting your privacy. Your time entries and personal data are treated with the utmost care and are never sold or shared with third parties for advertising purposes.

Information You Provide

• Account information: When you sign in with Apple, we receive a unique user identifier. We do not receive your name or email unless you choose to share them.
• Profile data: Hourly rate, currency, work schedule (hours per day, days per week), country, industry, achievement level, and display title (used for benchmarking, group leaderboards, and in-app calculations).
• Time entries: Activity categories, start/end times, and durations that you manually record. Stored locally on your device.
• Friend groups: If you create or join a friend group, your anonymous user ID, group name, description, emoji, invite code, and aggregated daily statistics are stored on our servers and visible to other group members.

Information Collected Automatically

• Device identifiers: With your ATT consent, AppsFlyer collects your advertising identifier (IDFA), install events, and IP address for attribution. Without consent, limited data (IDFV, install timestamp) may still be collected for basic analytics.
• Subscription status: Managed through RevenueCat, which collects purchase history and anonymous device identifiers to verify your subscription entitlements.
• Aggregated usage statistics: Daily totals (total seconds, session count, top category) synced to our servers for anonymous benchmarking. Individual time entries are never sent to our servers.
• Notifications: We may request permission to send local notifications (timer reminders). Notification content is generated on your device and is not transmitted to our servers.

• To provide core app functionality (timer, dashboards, achievements)
• To calculate and display your personal statistics and reclaimed wages
• To generate anonymous aggregate benchmarks (country, industry, global)
• To power friend group leaderboards with aggregated statistics
• To manage your subscription and in-app purchases
• To measure advertising attribution (with your consent)
• To improve the App based on aggregate usage patterns

We process your data on the following legal bases:

• Contract performance: To provide the core app functionality you requested — timer, dashboards, subscription management, and friend groups.
• Consent:For advertising attribution via App Tracking Transparency. You can withdraw consent at any time via Settings → Privacy & Security → Tracking.
• Legitimate interest: To generate anonymous aggregate benchmarks and improve the App. Individual data is never used for profiling or automated decision-making.

We use the following third-party services:

• Supabase — Authentication, profile storage, friend groups, and aggregated statistics. Data is stored in the EU (eu-central-1). Privacy policy: supabase.com/privacy
• RevenueCat — Subscription management and purchase verification. Collects purchase history and anonymous device identifiers. Data is processed in the United States. Privacy policy: revenuecat.com/privacy
• AppsFlyer — Mobile attribution analytics. With your ATT consent, collects advertising identifier (IDFA), install events, and IP address. Without consent, limited data (IDFV, install timestamp) may still be collected. Data is processed in the United States and EU. Privacy policy: appsflyer.com/privacy-policy
• Apple (iCloud/CloudKit) — Device-to-device sync of your time entries, achievements, and custom categories. Governed by Apple's privacy policy.

Your data may be transferred to and processed in countries outside your country of residence, including the United States (RevenueCat, AppsFlyer) and the European Union (Supabase). These transfers are protected by:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• The service providers' compliance with applicable data protection frameworks
• Encryption in transit and at rest

Your time entries are stored locally on your device and synced via iCloud to your other Apple devices. Only aggregated daily statistics (not individual entries) are sent to our servers.

Server-side data is stored in Supabase (EU region, eu-central-1) with encryption at rest and in transit. We follow industry-standard security practices to protect your data.

You have the right to:

• Access:View all data we hold about you (via the app's Profile section and CSV export feature).
• Delete: Permanently delete your account and all associated data (via Profile → Account → Delete Account).
• Export: Export your complete time entry history as a CSV file (Pro feature).
• Rectification:Update your profile data at any time via the app's Profile → Preferences section.
• Opt out of tracking:Decline the App Tracking Transparency prompt or revoke consent via Settings → Privacy & Security → Tracking.

If you are a California resident, you have additional rights:

• Right to Know: You may request the categories and specific pieces of personal information we have collected about you in the last 12 months.
• Right to Delete: You may request deletion of your personal information.
• Right to Opt Out: We do not sell or share your personal information as defined by the CCPA. No opt-out is necessary.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.

Categories of personal information collected in the last 12 months:

• Identifiers (Apple user ID, device identifiers with consent)
• Commercial information (subscription status, purchase history)
• Internet or network activity (aggregated usage statistics)
• Professional information (industry, self-reported)
• Geolocation (country, self-reported — not GPS)

We retain your data for as long as your account is active. When you delete your account, all server-side data (profile, daily stats, group memberships, and groups you created) is permanently removed. Local data on your device is also erased. Aggregated, anonymized benchmark data that cannot be linked back to you may be retained.

Hardly Working is not intended for users under 17 years of age. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 17, we will delete it promptly.

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. Material changes will be communicated through the App. Your continued use of the App after changes constitutes acceptance of the updated policy.

For privacy inquiries, data requests, or concerns:

Data Controller: Antonio Baltic
Email: antoniobaltic@icloud.com

We aim to respond to all privacy-related requests within 30 days.