Introduction

Timeluxego.com (“Timeluxego Inc.”, “we”, “our”, “us”) is a Canadian software-as-a-service platform that enables independent consultants and small firms to track billable hours, generate client invoices, and produce automated financial reports.

This Privacy Policy explains how we collect, use, store, and disclose personal information when subscribers, their clients, or site visitors interact with our service.

Privacy Policy

We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and substantially similar provincial statutes.

  • Collection – We obtain:
    • Account credentials (name, business email, province, multi-factor secret, IP logs)
    • Work-time records and project tags entered or imported
    • Client billing data (contact info, contract terms, tax numbers, payment history)
    • Financial identifiers (tokenised card reference, billing address, last 4 digits)
    • Support interactions (chat transcripts, call recordings)
    • Telemetry (device type, browser version, feature metrics)
  • Use – To calculate billable totals, prepare invoices, compile summaries, issue reminders, deliver updates, detect fraud, and improve forecasting through aggregated data.
  • Retention – Records retained for 7 years or the CRA audit window. Logs rotate every 12 months; backups expire on a 35-day cycle.
  • Access & Accuracy – Admins can review/export via Settings → Data Management or email privacy@timeluxego.com.
  • Consent – Captured at sign-up and per integration. Withdrawing may limit features; we will advise before acting.
  • Accountability – Privacy Officer responds within 30 days and oversees annual compliance.

GDPR

If consultants or clients reside in the EEA, GDPR applies. Timeluxego is:

  • Controller – for account profiles and billing
  • Processor – for uploaded work-time data
  • Legal Bases – Contract necessity (Art. 6(1)(b)), Legitimate interest (Art. 6(1)(f)), Legal obligation (Art. 6(1)(c))

To exercise your rights (access, rectification, erasure, etc.), email dpo@timeluxego.com or file a complaint with your supervisory authority.

Cookie Policy

4.1. Types of Cookies

  • Essential – Session tokens, CSRF guards, load-balancer cookies
  • Preference – Dashboard layout, time-zone, dark mode
  • Analytics – Matomo cookies (IP truncated)
  • Marketing – Optional; showcase new modules or offers; not shared with ad networks

4.2. How to Disable Cookies

Modern browsers allow you to refuse or delete cookies. Blocking essential cookies disables login. Others can be declined via banner or “Do Not Track.”

Transfer to Third Parties

We do not sell personal information. Limited disclosure to:

  • Canadian cloud hosts (Toronto, Vancouver)
  • PCI-DSS Level 1 payment processors
  • CPAs for compliance review (anonymized samples only)
  • Legal counsel or regulators if required
  • Law enforcement in fraud/public safety cases

All vendors sign DPAs with PIPEDA and EU SCC compliance where applicable.

Data Security Measures

  • AES-256-GCM encryption at rest with tenant keys in FIPS 140-2 Level 3 HSMs
  • TLS 1.3 with Perfect Forward Secrecy
  • Zero-trust segmentation per workspace
  • WebAuthn multi-factor authentication
  • Hourly incremental & nightly full backups (15-min RPO)
  • Vulnerability scanning, quarterly pen tests, annual SOC 2 Type II audit
  • 72-hour breach notification plan

Effective Date

This Privacy Policy is effective as of 13 June 2025 and supersedes previous versions. We will notify users by email and in-app banner at least 30 days before material changes take effect.

Privacy Policy
Terms and Conditions
Business Model
Copyright 2025. All rights reserved.