Your data, your work, your choice.

Plain English. No dark patterns. No selling anything to anyone.

Last updated: April 10, 2026

Who we are

Slashtrack (“we,” “us”) is a time tracking tool for developers and AI agents. If you have any question about this policy, email us at privacy@slashtrack.dev. A real person reads every message.

What we collect

Only what we need to run the product:

Account data. Your email address and name, provided when you sign in through our authentication provider.
Work data. The clients you create, sessions you start and stop, notes you log, summaries generated, and durations recorded. This is the product.
Technical data. IP address, user agent, and basic request logs so we can keep the service secure, debug issues, and rate-limit abuse.

We do not use advertising cookies, analytics trackers, or third-party tracking scripts. The only cookies we set are session cookies needed to keep you logged in.

Why we collect it

To provide the service — authenticate you, store your sessions, generate reports.
To keep the service secure and prevent abuse.
To contact you about your account, material service changes, or things you explicitly asked us to contact you about.

We do not use your data to train AI models. We do not sell your data. We do not share it with advertisers. Ever.

Who we share it with

We use a small number of service providers to run the product. Each one only sees what it needs to do its job:

WorkOS — handles user authentication.
Railway — hosts our servers and database.
Postgres (via Railway) — stores your work data.

We may disclose data if legally required — a valid subpoena, court order, or similar legal process. We will push back on overbroad requests and notify you when we are allowed to.

How long we keep it

We keep your account and work data as long as your account is active. If you delete your account, we remove your data from our live systems within 30 days and from encrypted backups within 90 days.

You can export your work data anytime from your dashboard, or by emailing us.

Your rights

No matter where you live, you can:

Access your data — most of it is visible in your dashboard; anything else, email us.
Export your data in a portable format.
Correct mistakes.
Delete your account and data.
Object to how we process your data, and ask us to restrict processing.

If you are in the EU, UK, or California, you have additional rights under GDPR and CCPA. You can exercise any of them by emailing privacy@slashtrack.dev. We aim to respond within 30 days.

Security

Data is encrypted in transit (TLS 1.2+) and at rest. We do not store passwords — authentication runs through OAuth, so your credentials stay with your identity provider. API keys are scoped narrowly and rotated when needed.

No system is perfectly secure. If we ever experience a breach affecting your data, we will notify you without undue delay.

Children

Slashtrack is not intended for anyone under 16. We do not knowingly collect data from minors. If you believe a minor has signed up, email us and we will delete the account.

International users

Our servers are located in the United States. If you are accessing Slashtrack from outside the US, your data will be transferred to and processed in the US. By using Slashtrack, you consent to that transfer.

Changes to this policy

If we change this policy, we will update the “Last updated” date above. For material changes, we will email you or put a notice in the dashboard before the changes take effect.

Contact

Questions, concerns, requests — all go to privacy@slashtrack.dev.