Privacy Statement

Last updated June 2026

← Back to Sign In

Your Organization is committed to protecting the personal information of its staff. This statement explains how TimeSheet 365 collects, stores, protects, and handles your data — in full compliance with applicable privacy legislation.

Who Holds the Database

The database is managed by Supabase, hosted on Amazon Web Services (AWS) in the ap-southeast-2 region (Sydney). Your Organization retains full ownership of all data. Supabase acts solely as a data processor and cannot use your data for any other purpose.

What Information Is Collected

  • Full name and work email address
  • Role and site location within Your Organization
  • Hours worked per day, week, and pay period
  • Timesheet submission and approval timestamps
  • Payroll category per row (regular, sick, vacation, etc.)

No financial account details, personal addresses, or sensitive identifiers are stored in this system.

How Your Data Is Protected

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for all data at rest
  • Row-Level Security (RLS) — each user can only access their own data
  • Role-Based Access Control — Staff, Supervisor, Director, Accountant, Admin
  • Passwords stored as bcrypt hashes — never in plain text

Data Retention

Timesheet records are retained for a minimum of 7 years in accordance with employment and payroll record-keeping requirements.

Contact

For privacy enquiries or to exercise your data rights:

support@codefounder.ai · Codefounder.ai

© 2026 Codefounder.ai · All rights reserved · TimeSheet 365