solidtime is a service of the solidtime GesbR which is a joint partnership of the sole proprietorships of Gregor Vostrak and Constantin Graf. Further information about the companies can be found in the imprint.
This privacy policy will explain how this company uses the personal data we collect from you when you use our services.
What data do we collect?
solidtime collects the following data:
- Request/Access logs (IP address, user agent, request time, request path, response status code)
- If an error occurs, the error message and the stack trace are sent to our error-monitoring tooling.
- Anonymized activity on the site (which sites were visited, outbound link clicks, duration of visit, origin of visit) with Plausible. Read more about Plausible here.
After/During the registration we collect the following data:
- Name
- Email address
- Timezone
- Profile picture
- Organization membership
If a user subscribes to our newsletter we collect the following data:
- Name
- Email address
If you subscribe to a paid plan, your payment is handled by Paddle as our Merchant of Record. Paddle collects your checkout and payment data, and solidtime never receives or stores your card details. From Paddle we receive only the limited order and billing information we need to provide and support your subscription and to meet our tax and accounting obligations — broadly, your name, contact and billing details, any business VAT ID, and your order and subscription records.
How do we collect your data?
You directly provide solidtime with most of the data we collect. We collect data and process data when you:
- Use or view our website
- Register to our service
- Subscribe to our newsletter
How will we use your data?
solidtime collects your data so that we can:
- Provide the service
- Understand how you use our product
- Improve our product
- Fix bugs and problems
How solidtime uses personal data as a controller
When you and your team use solidtime, most personal data is processed on your organization’s instructions, with your organization as the controller. For a limited and specific set of purposes, however, solidtime (solidtime GesbR) determines the purposes and means of processing itself and so acts as an independent controller. Those purposes, the data involved, and our lawful basis are set out below.
This section covers only the activities where solidtime decides the “why” itself and therefore acts as a controller. Where solidtime instead processes customer data purely on a customer’s instructions to provide and improve the time-tracking service, it acts as a processor, and that processing is governed by our Data Processing Agreement, not this section.
Purposes for which solidtime acts as a controller
1. Billing, payments, and account administration
- Data used: account and contact details, billing contact, subscription and invoice records, payment-related data.
- Lawful basis: performance of our contract with you (Art. 6(1)(b) GDPR); compliance with legal obligations such as tax and accounting (Art. 6(1)(c)).
- Note on payments: card payments are handled by Paddle, which acts as our Merchant of Record. Under that model Paddle is the reseller of record and an independent controller of the payment data you provide at checkout; its handling of that data is governed by Paddle’s own terms and privacy notice. solidtime receives only limited order and billing information from Paddle.
2. Securing and monitoring the service
- Data used: access logs, IP addresses, device and session information, error and security event data.
- Purpose: detecting, preventing, and investigating abuse, fraud, and security threats, and keeping the service available and reliable.
- Lawful basis: our legitimate interests in protecting the service, our users, and our infrastructure (Art. 6(1)(f)). We have weighed these interests against your rights and freedoms before relying on this basis.
3. Website analytics
- Data used: aggregated, cookieless analytics about how visitors use our website, via Plausible — this does not track you across sites or build a profile of you.
- Purpose: understanding how our website is used so we can maintain and improve it.
- Lawful basis: our legitimate interests in operating and improving our website (Art. 6(1)(f)). Where data is fully anonymized it falls outside data-protection law.
We may also create fully anonymized or aggregated data that cannot be linked to any individual and use it for any purpose; once anonymized, it is no longer personal data.
4. Service and product communications (including newsletters)
- Data used: name and email address of registered users.
- Purpose: sending service (transactional) messages, and sending product news and newsletters to users who have opted in.
- Lawful basis: for service messages necessary to operate your account, performance of our contract / our legitimate interests; for newsletters and product marketing, your consent (Art. 6(1)(a) GDPR), which we obtain on an opt-in basis. You can withdraw consent at any time, and every marketing message includes an easy way to unsubscribe; withdrawing does not affect your use of the service.
Your rights for this processing
For processing based on legitimate interests, you have the right to object at any time on grounds relating to your situation; we will stop unless we have compelling legitimate grounds that override your interests. For marketing communications, you can withdraw consent or opt out at any time. To exercise any right, contact us at our email: hello@solidtime.io
Retention of this data
We keep this data only as long as needed for the purpose it was collected for, or as required by law (for example, tax and accounting records).
How do we store your data?
solidtime is securely hosted within the European Economic Area (EEA), primarily in France with our cloud provider Scaleway. The full list of providers we use, and where they are located, is on our Sub-processor page. Read more about the data security of our main cloud provider here.
solidtime keeps access logs and error logs only for as long as they are needed to operate, secure, and troubleshoot the service, and deletes them when they are no longer needed.
What are your data protection rights?
solidtime would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
The right to access – You have the right to request solidtime for copies of your personal data.
The right to rectification – You have the right to request that solidtime correct any information you believe is inaccurate. You also have the right to request solidtime to complete the information you believe is incomplete.
The right to erasure – You have the right to request that solidtime erase your personal data, under certain conditions.
The right to restrict processing – You have the right to request that solidtime restrict the processing of your personal data, under certain conditions.
The right to object to processing – You have the right to object to solidtime’s processing of your personal data, under certain conditions.
The right to data portability – You have the right to request that solidtime transfer the data that we have collected to another organization, or directly to you, under certain conditions.
The right to withdraw consent – Where we process your personal data on the basis of your consent (for example for our newsletter), you have the right to withdraw that consent at any time. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.
The right to lodge a complaint – You have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, place of work, or the place of the alleged infringement. Our lead supervisory authority is the Austrian Data Protection Authority (Österreichische Datenschutzbehörde, Barichgasse 40-42, 1030 Wien, Austria; dsb@dsb.gv.at; www.dsb.gv.at).
If you make a request, we will respond within the period the law allows (generally one month, which may be extended for complex or numerous requests). If you would like to exercise any of these rights, please contact us at our email: hello@solidtime.io
You can also write a letter to address from the imprint page.
Cookies
Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology
For further information, visit allaboutcookies.org.
How do we use cookies?
solidtime only uses cookies that are technically necessary for the use of the websites (e.g. to be logged into the service). We do not use cookies to measure reach or analyze usage. We do not use your usage data collected by technically necessary cookies to create usage profiles.
Privacy policies of other websites
The solidtime website contains links to other websites. Our privacy policy applies only to our website, so if you click on a link to another website, you should read their privacy policy.
Changes to our privacy policy
solidtime keeps its privacy policy under regular review and places any updates on this web page. This privacy policy was last updated on 18.6.2026.
How to contact us
If you have any questions about solidtime’s privacy policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us.
Email us at: hello@solidtime.io