Privacy Policy

Hardly Working ("the App") is a time tracking application developed by Antonio Baltic ("we," "us," or "our"). This Privacy Policy explains how we collect, use, and protect your information when you use our App.

We are committed to protecting your privacy. Your time entries and personal data are treated with the utmost care and are never sold or shared with third parties for advertising purposes.

Before describing what we do collect, a clear statement of what we do not:

• We do not track you across other apps or websites.
• We do not use third-party analytics or advertising attribution SDKs (no AppsFlyer, no Adjust, no Firebase Analytics, no Mixpanel, nothing of the sort).
• We do not display advertising of any kind inside the App.
• We do not collect your advertising identifier (IDFA).
• We do not request permission under Apple's App Tracking Transparency framework, because we have nothing to ask permission for.
• We do not sell your data. We do not share it with data brokers.

Information You Provide

• Account information: When you sign in with Apple, we receive a unique user identifier. We do not receive your name or email unless you choose to share them.
• Profile data: Hourly rate, currency, work schedule (hours per day, days per week), country, industry, achievement level, and display title (used for benchmarking, group leaderboards, and in-app calculations).
• Time entries: Activity categories, start/end times, and durations that you manually record. Stored locally on your device only. These are never sent to our servers as individual rows.
• Friend groups: If you create or join a friend group, your anonymous user ID, group name, description, emoji, invite code, and aggregated daily statistics are stored on our servers and visible to other group members.

Information Collected Automatically

• Subscription status: Managed through RevenueCat, which collects purchase history and anonymous device identifiers to verify your subscription entitlements.
• Aggregated usage statistics: Daily totals (total seconds, session count, top category) synced to our servers for anonymous benchmarking. Individual time entries are never sent to our servers.
• Notifications: We may request permission to send local notifications (timer reminders). Notification content is generated on your device and is not transmitted to our servers.

• To provide core app functionality (timer, dashboards, achievements)
• To calculate and display your personal statistics and reclaimed wages
• To generate anonymous aggregate benchmarks (country, industry, global)
• To power friend group leaderboards with aggregated statistics
• To manage your subscription and in-app purchases
• To improve the App based on aggregate usage patterns

We process your data on the following legal bases:

• Contract performance: To provide the core app functionality you requested — timer, dashboards, subscription management, and friend groups.
• Legitimate interest: To generate anonymous aggregate benchmarks and improve the App. Individual data is never used for profiling or automated decision-making.

We use exactly two third-party services:

• Supabase — Authentication, profile storage, friend groups, and aggregated statistics. Data is stored in the EU (eu-central-1). Privacy policy: supabase.com/privacy
• RevenueCat — Subscription management and purchase verification. Collects purchase history and anonymous device identifiers. Data is processed in the United States. Privacy policy: revenuecat.com/privacy

Apple processes your Sign in with Apple authentication and, if you have iCloud Backup enabled on your device, may include the App's local data in your device's standard iOS backup. This backup is governed by Apple's privacy policy and is not something we integrate with directly.

Your data may be transferred to and processed in countries outside your country of residence, including the United States (RevenueCat) and the European Union (Supabase). These transfers are protected by:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• The service providers' compliance with applicable data protection frameworks
• Encryption in transit and at rest

Your time entries are stored locally on your device. They are not transmitted to our servers as individual rows. If you have iCloud Backup enabled on your iPhone, those local entries may be included in your standard device backup — that's Apple's backup mechanism, not an active sync integration on our side.

Server-side data (your profile, aggregated daily statistics, and friend-group membership) is stored in Supabase (EU region, eu-central-1) with encryption at rest and in transit. We follow industry-standard security practices to protect your data.

You have the right to:

• Access:View all data we hold about you (via the app's Profile section and CSV export feature).
• Delete: Permanently delete your account and all associated data (via Profile → Account → Delete Account).
• Export: Export your complete time entry history as a CSV file (Pro feature).
• Rectification:Update your profile data at any time via the app's Profile → Preferences section.

If you are a California resident, you have additional rights:

• Right to Know: You may request the categories and specific pieces of personal information we have collected about you in the last 12 months.
• Right to Delete: You may request deletion of your personal information.
• Right to Opt Out: We do not sell or share your personal information as defined by the CCPA. No opt-out is necessary.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.

Categories of personal information collected in the last 12 months:

• Identifiers (Apple user ID)
• Commercial information (subscription status, purchase history)
• Internet or network activity (aggregated usage statistics)
• Professional information (industry, self-reported)
• Geolocation (country, self-reported — not GPS)

We retain your data for as long as your account is active. When you delete your account, all server-side data (profile, daily stats, group memberships, and groups you created) is permanently removed. Local data on your device is also erased. Aggregated, anonymized benchmark data that cannot be linked back to you may be retained.

Hardly Working is not intended for users under 17 years of age. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 17, we will delete it promptly.

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. Material changes will be communicated through the App. Your continued use of the App after changes constitutes acceptance of the updated policy.

For privacy inquiries, data requests, or concerns:

Data Controller: Antonio Baltic
Email: antoniobaltic@icloud.com

We aim to respond to all privacy-related requests within 30 days.