Leantime Privacy Policy
Date of Last Revision: [Insert publication date]
Welcome to Leantime!
Hyve5, Inc., d/b/a Leantime (“Leantime“, “we“, “us“, or “our“) provides open-source project and work management software for individuals, teams, and organizations. Our platform is available as a cloud-hosted service and as a self-hosted application, and includes web and mobile interfaces. We understand and appreciate your concerns about privacy and want you to be familiar with how we collect, use and disclose Personal Information (as defined below). This Privacy Policy explains what Personal Information we collect, how we use and share that information, and your choices concerning our information practices.
This Privacy Policy governs your (“you” or “Users“) use of leantime.io and any other Leantime owned or operated websites (including mobile sites) (collectively, the “Site“), mobile applications, widgets and/or any interactive features and other online services controlled by Leantime that post a link to this Privacy Policy or otherwise reference that this Privacy Policy applies to information collected through the site, application or other features or services (all of the foregoing collectively referred to as the “Service“).
This Privacy Policy does not apply to our handling of information collected from other Users, such as companies, educational institutions or other third-parties (collectively, “Businesses“). Data and information collected through such activities are governed by the Businesses’ privacy policies as well as Leantime’s agreement(s) with such Businesses. If you have questions about a Business’ privacy practices, please reach out to them directly.
Before using the Service or submitting any Personal Information to Leantime, please review this Privacy Policy carefully and contact us if you have any questions. By using the Service, you agree to the practices and specifically the collection, disclosure, use and retention of Personal Information described in this Privacy Policy. If you do not agree to this Privacy Policy, please do not access the Site or otherwise use the Service.
Contents
- Personal Information We Collect
- How We Use Personal Information
- Sharing and Disclosure of Personal Information
- Users Outside of the United States
- State Privacy Rights
- Children
- Links to Other Websites
- Security
- Leantime Mobile Application
- Your Choices
- Changes to the Privacy Policy
- Contact Us
1. Personal Information We Collect
When you interact with us through the Service, we collect and combine information and data from you, including information that may identify you or otherwise be considered to be “personal information”, “personal data” or “personally identifiable information” under laws that regulate privacy and data protection (“Personal Information“) as follows:
Personal Information You Provide: We collect the following categories of Personal Information from you when you visit the Site, create a Leantime account, subscribe to the Service, or otherwise provide such information to us:
- Identification Information: We collect your name, phone number, email address, mailing address, job title, username, password, contact preferences, contact or authentication data.
- Financial Information: Our payment processor(s) will collect and store the financial information necessary to process your payments for our software services, such as your payment card number and authentication details. We do not process payments for Users in the United States.
- Communication Information: We may collect information when you contact us with questions or concerns and when you voluntarily respond to questionnaires, surveys or requests for market research seeking your opinion and feedback. Providing communication information is optional to you.
- Location Information: Our Service may use location-based services in order to locate you, such as using your zip or postal code, IP address or other geolocation information, so that we may verify your location and/or deliver you relevant content based on your location.
- Commercial Information: We may retain a history of the products and services you browse and/or purchase using the Service.
- Social Media Information: We have pages on social media sites like Instagram, Facebook, and Twitter (“Social Media Pages“). When you interact with our Social Media Pages, we will collect Personal Information that you elect to provide to us, such as your contact details. In addition, the companies that host our Social Media Pages may provide us with aggregate information and analytics regarding the use of our Social Media Pages. Your posts, comments, replies to and mentions of Leantime may be publicly visible, depending on privacy settings. We do not have control over the privacy and retention of your Personal Information on Social Media Pages, which are governed by the privacy policies of the parties that operate the platforms that host the Social Media Pages. We have no responsibility or liability for the manner in which the operators of the Social Media Pages collect, use, disclose, secure or otherwise treat your Personal Information.
Internet Activity Information: When you visit, use, and interact with the Service, we may receive certain information about your visit, use, or interactions. For example, we may monitor the number of people that visit the Service, peak hours of visits, which page(s) are visited, the domains our visitors come from, and which browsers people use to access the Service, broad geographical information, and navigation pattern. In particular, the following information is created and automatically logged in our systems:
- Geolocation Information: When browsing our website, we may collect general information regarding your geographic location.
- Cookies Information: Please see the “Cookies” section below to learn more about how we use cookies.
- Usage Information: We collect information about how you use our Service, such as the types of content that you view or engage with, the features you use, the actions you take, and the time, frequency, and duration of your activities.
Personal Information Collected from Other Sources: We may receive Personal Information, such as contact information and marketing preferences, from other sources, such as third-party partners and publicly available information.
Derived Information: We may infer your preferences for certain products and services based on the Personal Information we collect about you.
Cookies: We use cookies to operate and administer our Site, gather usage data on our Site, and improve your experience on it. A “cookie” is a piece of information sent to your browser by a website you visit. Cookies can be stored on your computer for different periods of time. Some cookies expire after a certain amount of time, or upon logging out (session cookies); others survive after your browser is closed until a defined expiration date set in the cookie (persistent cookies).
On most web browsers, you will find a “help” section on the toolbar. Please refer to this section for information on how to receive a notification when you are receiving a new cookie and how to turn cookies off. If you limit the ability of websites to set cookies, you may be unable to access certain parts of the Site.
Analytics: We use different analytics services scoped to different parts of the Service.
- Google Analytics — for the Leantime marketing website (leantime.io). We use Google Analytics, a web analytics service provided by Google, Inc., to analyze how visitors use our marketing website. This is scoped to the marketing website and uses cookies. For more information on how Google uses this data, see Google’s privacy policy.
- PostHog — for the Leantime mobile application. We use PostHog (hosted in the European Union) to collect pseudonymous product-usage analytics from the Leantime mobile application. Full details, including your ability to opt out, are provided in Section 9 (Leantime Mobile Application) below.
Online Tracking and Do Not Track Signals: Our Site currently does not respond to “Do Not Track” (“DNT”) signals and operates as described in this Privacy Policy whether or not a DNT signal is received. If we do respond to DNT signals in the future, we will update this Privacy Policy to describe how we do so.
2. How We Use Personal Information
We may use Personal Information for the following purposes:
- To provide, operate, and improve the Service and our business;
- To respond to your inquiries, comments, feedback, or questions;
- To send administrative information to you, for example, information regarding the Service and changes to our terms, conditions, and policies;
- To analyze how you interact with our Service;
- To develop new products and services;
- To prevent fraud, criminal activity, or misuses of our Service, and to ensure the security of our IT systems, architecture, and networks; and
- To comply with legal obligations and legal process and to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or other third parties.
Research and Development: We may aggregate Personal Information and use the aggregated and de-identified information to analyze the effectiveness of the Service, to improve and add features to the Service, gain anonymous insights into product and brand performance on the Service, and for other similar purposes. In addition, from time to time, we may analyze the general behavior and characteristics of Users and share aggregated information like general user statistics with prospective business partners.
Communications and Marketing: We may use your Personal Information, such as your email address, to contact you to provide the Service and communicate related information. If you provide your telephone number, you acknowledge and agree that we may contact you, including for promotional, informational and other purposes, using SMS text messages, cellular or telephone calls, and push notifications (if applicable). If you would like to opt out of receiving certain communications, see the “Your Choices” section below.
How Long We Keep Your Information: We keep your workspace and account data for as long as your Leantime workspace is active.
If your workspace becomes inactive — for example, following the end of a trial period without conversion, or upon cancellation of a paid plan — we move the workspace and its data to a separate archive database, where it is retained. If the workspace, once moved to the archive database, remains inactive for a further 180 days without moving to a paid plan, it is permanently deleted. Workspaces on active paid plans are retained for as long as the paid plan remains active.
You can delete your workspace at any time from Settings in the app, or by emailing support@leantime.io. When you do, we remove your data from our active systems. Billing records held by our payment processor are also removed from our account with the processor; the processor may retain limited records where required by applicable tax, accounting, or anti-fraud law, subject to its own privacy policy. We keep rolling 7-day snapshots of our active database for disaster-recovery purposes only; these are automatically overwritten, so any residual copies of deleted data age out within 7 days and are not recoverable afterward.
To reactivate or permanently delete an archived workspace before the 180-day window ends, contact us at support@leantime.io.
3. Sharing and Disclosure of Personal Information
In certain circumstances we may share the categories of Personal Information described above without further notice to you, unless required by law, with the following categories of third parties:
- Vendors and Service Providers: To assist us in meeting business operations needs and to perform certain services and functions, we may share Personal Information with vendors and service providers, including providers of hosting services, cloud services, and other information technology services providers, email communication software and email newsletter services, advertising and marketing services, payment processors, customer relationship management and customer support services, and analytics services. Pursuant to our instructions, these parties will access, process, or store Personal Information in the course of performing their duties to us.
- Business Transfers: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, dissolution, sale of all or a portion of our assets, or transition of service to another provider, your Personal Information and other information may be shared in the diligence process with counterparties and others assisting with the transaction and transferred to a successor or affiliate as part of or following that transaction along with other assets.
- Legal Requirements: If required to do so by law or in the good faith belief that such action is necessary to (a) comply with a legal obligation, including to meet national security or law enforcement requirements, (b) protect and defend our rights or property, (c) prevent fraud, (d) act in urgent circumstances to protect the personal safety of users of the Service, or the public, or (e) protect against legal liability.
- Affiliates: We may share Personal Information with our current and future affiliates, meaning an entity that controls, is controlled by, or is under common control with Leantime. Our affiliates may use the Personal Information we share in a manner consistent with this Privacy Policy. Affiliates may be located outside the United States of America.
- Other Users: The Service may contain community forums and other collaborative surfaces where Users create profiles, writings, comments, images or other content, including Personal Information (“User Content“). Others may have access to this User Content and may have the ability to share it.
Sub-Processors: In delivering the Service, we use the following categories of sub-processors:
- Payment processing: Stripe, Inc. (United States).
- Cloud infrastructure: Providers of hosting and cloud services for the Leantime cloud product.
- Website analytics: Google, Inc. (United States) via Google Analytics, scoped to our marketing website.
- Mobile application analytics: PostHog Inc., processing on European Union servers, scoped to the Leantime mobile application.
- Mobile application platform: Expo (Exponent, Inc.) for over-the-air updates and mobile application platform services.
Each sub-processor accesses Personal Information only as necessary to perform services for us, under contract.
4. Users Outside of the United States
For the purposes described in this Privacy Policy, we may transfer your Personal Information from the European Economic Area (EU Member States, Iceland, Liechtenstein and Norway) and/or the United Kingdom to our U.S. office or a third party outside of the EEA or the UK. When we transfer your Personal Information to other third parties outside of the EEA or the UK, for example service providers, we will do this in accordance with applicable data protection laws and will take appropriate safeguards to ensure the integrity and protection of your Personal Information wherever processed, including through the use of Standard Contractual Clauses and/or the EU-U.S. Data Privacy Framework where applicable. If you are a resident in the European Economic Area (EEA) or United Kingdom (UK), these countries may not necessarily have data protection laws or other similar laws as comprehensive as those in your country. However, we will take all necessary measures to protect your Personal Information in accordance with this Privacy Policy and applicable law.
Your Rights in Relation to Your Personal Data Under GDPR and/or UK GDPR
Subject to the applicable provisions of the GDPR and/or UK GDPR, you have the following rights with respect to your Personal Information:
- Right of access (commonly known as a “data subject access request”): If you ask us, we will confirm whether we are processing your Personal Information and, if so, provide you with a copy of that Personal Information along with certain other details.
- Right to rectification: If your Personal Information is inaccurate or incomplete, you are entitled to ask that we correct or complete it.
- Right to erasure: You may ask us to erase your Personal Information in some circumstances, such as where we no longer need it and there is no other legal basis for processing.
- Right to restrict processing: You may ask us to restrict or ‘block’ the processing of your Personal Information in certain circumstances, such as if you contest its accuracy or object to us processing it.
- Right to data portability: You have the right to obtain your Personal Information from us that was provided to us as necessary in connection with our contract with you, if the processing is carried out by automated means.
- Right to object: You may ask us at any time to stop processing your Personal Information where we are relying on a legitimate interest to process it, unless we demonstrate compelling legitimate grounds for the processing or your information is needed to establish, exercise, or defend legal claims. In particular, you may exercise this right to object to product-usage analytics in the Leantime mobile application at any time using the in-app toggle described in Section 9 (Leantime Mobile Application).
- Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we handled your Personal Information, you can report it to the data protection authority that is authorized to hear those concerns.
Legal Bases: We may rely on the following legal bases to process your Personal Information:
- Performance of a Contract. We may process your Personal Information when we believe it is necessary to fulfill our contractual obligations to you, including providing our Service or at your request prior to entering into a contract with you.
- Legitimate Interests. We may process your Personal Information where we have a legitimate interest in doing so — for example, in maintaining and improving the Service, in securing the Service against fraud and abuse, and in the operation of pseudonymous product-usage analytics in the Leantime mobile application, subject to your right to object as described in Section 9.
- Legal Obligations. We may process your Personal Information when we believe it is necessary for compliance with our legal obligations.
- Vital Interests. We may process your Personal Information where we believe it is necessary to protect your vital interests or the vital interests of a third party.
To exercise your rights under the GDPR and/or the UK GDPR, please send us your request as set forth in the “Contact Us” section below.
Your Rights in Relation to Your Personal Data if You Are a Resident of Canada
We may process your information if you have given us specific permission (i.e., express consent) to use your Personal Information for a specific purpose, or in situations where your permission can be inferred (i.e., implied consent). You can withdraw your consent at any time. In some exceptional cases, we may be legally permitted under applicable law to process your information without your consent.
To exercise your rights as a Canadian resident, please send us your request as set forth in the “Contact Us” section below.
5. State Privacy Rights
Where provided for by law and subject to any applicable exceptions, residents of certain states may have additional rights. Please see below for the rights associated with certain states.
California Residents. This section of the Privacy Policy applies to “personal information,” as defined in the California Consumer Privacy Act of 2018 (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”), that we collect as a “business” as defined in the CCPA. You may have the right to:
- Request information about the categories of personal information we have collected about you during the past twelve months, the categories of sources, the business or commercial purposes for collecting or selling personal information, and the categories of third parties with whom we share personal information;
- Access a copy of the personal information we have collected about you during the past 12 months;
- Request deletion of the personal information we have collected from you; and
- Be free from discrimination for exercising the rights described above.
You may submit a request to exercise these rights by contacting us as set forth in the “Contact Us” section below. We will need to verify your identity to process your request.
Virginia, Connecticut, and Colorado Residents. If you are a resident of Virginia (under the VCDPA), Connecticut (under the CTDPA), or Colorado (under the CPA), you may have the following rights with respect to your personal data, subject to applicable exceptions:
- Right to confirm whether we are processing your personal data;
- Right to access your personal data;
- Right to correct inaccuracies in your personal data;
- Right to request deletion of your personal data;
- Right to obtain a copy of your personal data in a portable and readily usable format; and
- Right to opt out of certain processing, including for the purposes of targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects.
We have not sold personal data to third parties for business or commercial purposes and do not intend to. You may contact us to exercise your rights as set forth in the “Contact Us” section below.
6. Children
We do not intentionally collect Personal Information from individuals in the U.S. who are under the age of 13. If a child under 13 submits Personal Information to Leantime and we learn that the Personal Information is the information of a child under the age of 13, we will attempt to delete the information as soon as possible. If you believe that we might have any Personal Information from a child under the age of 13, please contact us as set forth in the “Contact Us” section below.
7. Links to Other Websites
The Service may contain links to other websites and services not operated or controlled by Leantime, including social media services (“Third Party Services“). The information that you share with Third Party Services will be governed by the specific privacy policies and terms of service of the Third Party Services and not by this Privacy Policy. By providing these links we do not imply that we endorse or have reviewed these Third Party Services. Please contact the Third Party Services directly for information on their privacy practices and policies.
8. Security
You use the Service at your own risk. We implement commercially reasonable technical, administrative, and organizational measures to protect Personal Information both online and offline from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or e-mail transmission is ever fully secure or error free. In particular, e-mail sent to or from us may not be secure. Therefore, you should take special care in deciding what information you send to us via the Service or e-mail.
9. Leantime Mobile Application
This section describes practices specific to the Leantime mobile application (“Mobile App“). The Mobile App is part of the Service and is subject to this entire Privacy Policy; this section adds application-specific detail.
9.1 Data sent between your device and your Leantime instance
When you sign in to the Mobile App and use it, the following information is transmitted between your device and the Leantime instance you connect to (Leantime Cloud, or a self-hosted Leantime instance operated by you or your organization):
- Account information: your name, email address, Leantime user ID, and role within your workspace.
- Workspace content you create or interact with: tasks, notes, comments, time entries, and project data.
- Authentication credentials: a bearer token issued by your Leantime instance.
When you connect to Leantime Cloud, Hyve5, Inc. (d/b/a Leantime) is the data controller for workspace data, subject to this Privacy Policy. When you connect to a self-hosted Leantime instance, the operator of that instance (your organization or the individual who deployed it) is the controller of workspace data; Hyve5, Inc. is not. Data flowing to a self-hosted instance is governed by the operator’s own policies.
9.2 On-device storage
The Mobile App stores the following on your device using the operating system’s secure storage (iOS Keychain) and a local database:
- Your authentication token and the URL of the Leantime instance you signed in to.
- A cached copy of your account profile and recently viewed workspace content, to support offline use and faster loading.
- Your app preferences, including your analytics opt-out choice.
Signing out of the Mobile App removes the authentication token and clears cached data from your device.
9.3 Data transmission
Connections to Leantime Cloud always use HTTPS/TLS. For connections to self-hosted Leantime instances, the Mobile App relies on the TLS configuration of the user-configured server.
9.4 Operating-system permissions
The Mobile App may request the following permissions:
- Local Network — used only when you connect to a self-hosted Leantime instance on your local network. Not used for Leantime Cloud connections.
- Face ID / Touch ID — optional. When enabled in Settings, your device’s biometric system unlocks the app. Biometric data is processed on-device by your operating system and is never received or stored by the Mobile App.
- Notifications — optional, requested after sign-in. Used for on-device daily reminders and focus-session alerts that the user turns on in Settings. All notifications in this release are generated on-device; no remote push. Not requested in Demo Mode.
The Mobile App does not request Location, Contacts, Microphone, or Photo Library access.
9.5 Product analytics
The Mobile App uses PostHog (hosted in the European Union) to collect pseudonymous product-usage analytics — for example, which screens and features you use — to understand how the Mobile App is used and to improve it.
- Analytics events are tied to your Leantime user ID, a pseudonymous identifier, and are not tagged with your name or email address.
- We collect events only. We do not record your screen and do not capture session replays.
- We do not collect the content of your tasks, comments, or notes.
- We do not collect crash logs or diagnostic data, do not collect your IP-derived location, and do not collect any advertising identifier such as IDFA.
- We do not use this data for advertising and do not link it with data from other companies’ apps or websites.
Your control. Product-usage analytics are on by default under our legitimate interest in maintaining and improving the Mobile App (GDPR Article 6(1)(f)). You can turn them off at any time at Settings → Privacy & Security → “Share Usage Data”. Turning this setting off exercises your right to object under Article 21 of the GDPR and stops collection going forward. It does not affect your access to or use of the Service.
9.6 Account deletion
Leantime accounts belong to a workspace. How you delete your account depends on your role.
If you are the workspace owner, you can delete your workspace and all associated accounts:
- In the Leantime mobile app, go to You → Settings → Delete Account. This opens the workspace deletion page in your browser.
- Confirm the deletion.
- Your workspace, all user accounts within it, and all workspace content are marked for deletion.
Once confirmed, your workspace and its data are removed from our active systems. Billing records held by our payment processor are also removed from our account with the processor; the processor may retain limited records where required by applicable tax, accounting, or anti-fraud law, subject to its own privacy policy. Rolling 7-day database snapshots retain data for disaster-recovery purposes only and age out within 7 days.
If you are a workspace member (not the owner), member accounts are managed by the workspace owner — similar to how a work account is managed by an employer. To have your account deleted:
- Contact your workspace owner (the person who invited you or set up the workspace) and ask them to remove your account from the workspace.
- Alternatively, you can stop using Leantime and sign out of the mobile app. Signing out clears all locally stored data from your device.
If your workspace owner is unresponsive or you need assistance for another reason, contact us at support@leantime.io. We will help you exercise your rights under applicable data-protection law, including the right to erasure under GDPR Article 17.
Product analytics data. To request deletion of pseudonymous product-analytics data associated with your prior use of the Mobile App, contact support@leantime.io. We will submit a deletion request to PostHog within 30 days.
10. Your Choices
In certain circumstances providing Personal Information is optional. However, if you choose not to provide Personal Information that is needed to use some features of our Service, you may be unable to use those features. You can contact us to request updates or corrections to your Personal Information. If you have questions or concerns about other Personal Information collected by us, or are unable to use your Leantime account and would like assistance accessing that information, please contact us as set forth in the “Contact Us” section below.
You may opt out of marketing-related communications by following the opt out or unsubscribe instructions contained in the marketing communication we send you, or by updating your settings through your account. If you unsubscribe from our marketing lists, you will no longer receive marketing communications from us but we will continue to contact you to provide the Service, regarding management of your account, other administrative matters, and to respond to your requests.
You may opt out of product-usage analytics in the Leantime mobile application at any time by turning off Settings → Privacy & Security → “Share Usage Data” in the app, as described in Section 9.
11. Changes to the Privacy Policy
The Service and our business may change from time to time. As a result, we may change this Privacy Policy at any time. When we do, we will post an updated version on this page, unless another type of notice is required by applicable law. By continuing to use our Service or providing us with Personal Information after we have posted an updated Privacy Policy, you consent to the revised Privacy Policy and practices described in it.
12. Contact Us
If you have any questions or complaints about our Privacy Policy or information practices, would like to request a version of this notice in an accessible format, or would like to contact us in regards to any of the topics discussed above, please contact us:
- Email: support@leantime.io
- Data Controller: Hyve5, Inc., d/b/a Leantime
- Mailing address: 8735 DUNWOODY PLACE #6668
ATLANTA, GA, 30350, USA
For questions specific to the Leantime mobile application, you may also contact mobile@leantime.io.