Tempolio Get early access

Privacy Policy

Last updated: June 29, 2026

Introduction

This Privacy Policy explains how Tempolio ("we", "us", "our") collects, uses, and protects your information when you use our time tracking, project management, and invoicing platform. We built Tempolio to make your work easier, not to harvest your data — this document is here to show you exactly what we do and don't do with it.

Information we collect

To provide the service, we collect:

  • Account information — your name and email address, used to create and manage your account.
  • Project data — the projects, tasks, and deadlines you create inside Tempolio.
  • Client data — information you enter about your clients, such as names and contact details, so you can manage and invoice them.
  • Time entries — the hours and activities you log.
  • Invoices — invoice details, amounts, and payment status.
  • Business settings — your rates, currency, tax details, and other preferences you configure.
  • Usage data — basic technical information such as your browser type, device type, IP address, and general location (country level), collected automatically when you access the service. We use this solely to maintain security, diagnose issues, and improve the product.

Legal basis for processing your data

We process your personal data under the following legal bases, as required by the General Data Protection Regulation (GDPR):

  • Contractual necessity — most of the data we collect (account information, project data, client data, time entries, invoices, and business settings) is processed because it is necessary to provide you with the Tempolio service under our Terms of Service. Without this data, we cannot operate the platform for you.
  • Legitimate interest — we process basic usage data (browser type, device type, IP address) to maintain the security and reliability of the service, prevent abuse, and diagnose technical problems. We have assessed that these interests do not override your rights and freedoms.
  • Legal obligation — we may process and retain certain data when required by law, such as for tax compliance or in response to valid legal requests.
  • Consent — if we ever introduce optional features that require additional data processing beyond what is described here, we will ask for your explicit consent before collecting or using that data.

How we use your information

We use the information above strictly to:

  • Provide and operate the Tempolio service.
  • Process payments for your subscription and, where applicable, payments from your clients.
  • Send transactional emails, such as invoice notifications, payment confirmations, and account-related messages.
  • Maintain the security and integrity of the platform.
  • Diagnose and fix technical issues.

We do not use your data for profiling, automated decision-making, or targeted advertising.

Third parties with access to your data

We rely on a small set of trusted infrastructure providers to run Tempolio. Each only receives the data it needs to perform its function:

  • Clerk — handles authentication and account login.
  • Supabase — hosts and stores your account, project, client, and invoice data.
  • Paddle — processes subscription payments and acts as merchant of record for your Tempolio subscription.
  • Resend — delivers transactional emails on our behalf.
  • Vercel — hosts our website and application infrastructure.

We do not sell your data to third parties, and we do not use tracking for advertising purposes. These providers process your data solely to deliver the service to you.

We have verified that each of these providers maintains appropriate data protection practices. Where required under GDPR, we rely on their data processing agreements and Standard Contractual Clauses (see International Data Transfers below).

International data transfers

Tempolio is operated from Uruguay. Our infrastructure providers — Clerk, Supabase, Paddle, Resend, and Vercel — are based in the United States and may process your data in the United States or other countries outside your jurisdiction.

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, this means your personal data may be transferred to countries that do not provide the same level of data protection as your home country.

To protect your data during these transfers, we rely on the following safeguards:

  • Standard Contractual Clauses (SCCs) approved by the European Commission, which are incorporated into our agreements with our infrastructure providers.
  • Adequacy decisions where applicable — Uruguay has been recognized by the European Commission as providing an adequate level of data protection.
  • The data protection and security commitments maintained by each provider under their own privacy policies and data processing agreements.

Cookies

Tempolio uses only essential cookies required for authentication and payment processing. We do not use advertising or analytics tracking cookies.

Data retention

We retain your data for as long as your account remains active. If you delete your account, we keep your data for 30 additional days in case you change your mind, after which it is permanently and irrecoverably deleted.

We may retain certain limited data beyond this period only if required by law (for example, transaction records for tax compliance).

Data security

We take reasonable technical and organizational measures to protect your data, including encryption in transit (TLS/HTTPS), secure authentication through Clerk, and access controls that limit who can access production systems. No system is perfectly secure, but we are committed to maintaining protections appropriate to the sensitivity of the data we handle.

Data breach notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify affected users by email without undue delay, and in any case within 72 hours of becoming aware of the breach.
  • Notify the relevant supervisory authority within 72 hours, as required by GDPR.
  • Provide a clear description of the nature of the breach, the data involved, the likely consequences, and the measures we are taking to address it.

If the breach is unlikely to result in a risk to your rights and freedoms, we may not notify you individually, but we will still document the breach internally and notify the relevant authority if required.

Your rights

You can access, export, or delete your data at any time directly from your account settings. If you need help with any of this, reach out and we will take care of it.

For users in the European Union (GDPR)

If you are located in the EEA, the United Kingdom, or Switzerland, you have the right to:

  • Access the personal data we hold about you.
  • Rectification — request correction of inaccurate data.
  • Erasure — request deletion of your data.
  • Portability — receive your data in a structured, commonly used, machine-readable format.
  • Restriction — restrict how we process your data in certain circumstances.
  • Object — object to processing based on legitimate interest.
  • Lodge a complaint — you have the right to lodge a complaint with your local data protection supervisory authority if you believe we are not handling your data in compliance with the law.

To exercise any of these rights, contact us at support@tempolio.com. We will respond to your request within 30 days.

For users in California (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it is used.
  • Request deletion of your personal information.
  • Opt out of the sale of personal information. We do not sell personal information, so there is nothing to opt out of.
  • Non-discrimination — we will not treat you differently for exercising your privacy rights.

Note on payments. Paddle acts as the merchant of record for all subscription transactions on Tempolio. This means Paddle handles billing, taxes, and payment data directly, and maintains its own privacy policy governing how it processes that information.

Automated decision-making

Tempolio does not use your personal data for automated decision-making or profiling that produces legal effects or similarly significant effects on you. Features like the Pulse Score and revenue projections are calculated from data you enter and are provided as informational estimates only — they do not affect your access to the service or any rights under these terms.

Children's privacy

Tempolio is not directed at, and should not be used by, anyone under the age of 16. We do not knowingly collect personal data from anyone under 16. If we become aware that we have collected data from a person under 16, we will delete it promptly.

Changes to this policy

If we make material changes to this Privacy Policy, we will notify you by email at least 30 days before the changes take effect. We will also update the "Last updated" date at the top of this page. Your continued use of Tempolio after the changes take effect constitutes acceptance of the updated policy.

Contact us

If you have any questions about this Privacy Policy, how we handle your data, or if you wish to exercise any of your rights described above, contact us at:

Email: support@tempolio.com

For GDPR-related inquiries, you may also contact us at the same email address. As a small, independently operated service, we do not have a dedicated Data Protection Officer, but we take every privacy inquiry seriously and will respond within 30 days.

Tempolio
Privacy Policy Terms of Service Refund Policy © 2026 Tempolio · Made in Uruguay
We use essential cookies for authentication and payments only. No tracking.