Privacy-Minded Collaboration & Productivity Analytics

Data Privacy & Ethics
of our Analysis

Privacy-Minded Analytics for Change Management

Time is Ltd. is the world’s leading employee experience and engagement SaaS platform. We are the interactive interface that enables companies and teams to analyze meetings, instant messaging, emails, and other sources.
Our solutions empower companies to create ideal working environments for teams and employees to drive employee experience, engagement, and productivity.

Our interactive interface provides a unified view of collaboration and the digital landscape that enables better decision-making. A shift to “employee first” focus that truly takes team behavior into account, leads to an empowering environment for employees to achieve their full potential. 

We measure digital collaboration, without ever sacrificing employee privacy. Our service is compliant with various data protection laws and regulations. We only aggregate meta-data from a variety of data sources to show how your teams work with your collaboration tools, so you can get them more productive and motivated.

How we approach data privacy?

  • Analyzing aggregated data at a team or department level
  • Analyzing primarily interaction frequency
  • No software or browser history monitoring
  • Supporting EU and US regions for our data storage
  • Dividing data of each customer

Things we are against

  • Never analyze the content of messages
  • Ensure all individual’s privacy is respected
  • We can remove PII with our open-source data Masking Proxy

How Do We Do It?

We respect the privacy of each person in the company. Time is Ltd. believes wholeheartedly in analyzing collaboration at a team level to better understand the company and team dynamics. We encourage our customers to look at aggregated results, rather than individual analytics. Should you have any questions or comments, pls. feel free to contact us directly at info@timeisltd.com.

Sign Terms & 

Steps: Review and confirm Order, Terms & Conditions, and other legal formalities. Either approve our online terms and DPA, or for enterprise clients, reach out directly with your contract.
Data Sanitization for Personal Information

Agreement on Masking Level

Pseudonymization enhances privacy by replacing most identifying fields within a data record by one or more artificial identifiers, or pseudonyms. Pseudonymization is one of the options to more advance PII security.
Optional Step is to sanitize certain information. Either for regulation or privacy reasons, we can mask Personal Identifiable Information, and remove certain sensitive elements alternatively we can teach you how to mask the personal data on your side and then we only work with the masked data. You launch a piece of our open-source anonymizer code on your private cloud (tokens stays there), and data flows to our servers cleaned from Personal Identifiable Information. Data refreshes automatically and your IT is in full control.
Depending on what data is removed, certain parts of the analysis can be missing due to the inefficient data context.
Data Access

How to Get Data From Platforms

What we need from you
Data from Platforms
IT platform Admin sets the access to the required data loads into the Time is Ltd. platform. One-click Token is almost for all platforms. For more information, click on your platform below.
HR Org. Structure
HR uploads or sends standard HR encrypted export (name, email, position…) in order to correctly categorize into teams.

Our Data Aggregation Procedure

Aggregating data at the department level protects individuals and their managers from misinterpreting unnecessary details, while allowing them to view the issue of collaboration with perspective. Data aggregation takes place in the EU or US region according to data residency.

The Analytics We Provide To You

Time is Ltd. generates analytics and helps you onboard. For our enterprise customers. we provide platform and data interpretation. Login the "Client Zone" button on the top right of our website.

We are GDPR and SOC 2 Type 2 Compliant

All the data are aggregated on a team level unless there is an opt-in for individual analysis. Masking on the client-side is recommended for regulated industries (Banking, Telco).Time is Ltd. is subject by the General Data Protection Regulation (GDPR) Directive which is effective from May 25, 2018.
Because data privacy is at the core of what we do, we take our privacy principles seriously and Time is Ltd. has been working continuously to enhance its products, processes, and safety procedures.For more information on our GDPR compliance, please click on the link here.


All the data are aggregated on a team level unless there is an opt-in for individual Clients rely on us to protect the data that drive their business decisions. Their trust in our security system is the cornerstone of our operations, so we are constantly working to enhance our security standards.analysis. Masking on the client-side is recommended for regulated industries (Banking, Telco).Time is Ltd. is subject by the General Data Protection Regulation (GDPR) Directive which is effective from May 25, 2018.
Time is Ltd. services have infrastructure hosted in Cloud Service Provider (CSP) environments. The data are stored within EU or US borders. The data are transferred through a secure HTTPS channel, encrypted over 256-bit SSL and stored at EU or US compliant server clusters in the Google Cloud Provider.  Separate databases, namespaces or indexes for each customer is encrypted at rest using AES-256 encryption.
Time is Ltd. follows a branching strategy workflow for source control and uses the principles outlined in the OWASP Secure Coding Practices to defend against the OWASP Top 10 security vulnerabilities. The workflow follows these steps: Submitted, Open, In progress, In review, To test, Ready to deploy, Closed and automated security testing throughout the whole flow. Software patches are released as part of our continuous integration process.
On all Time is Ltd. services, we run automated security testing on a regular basis. We also conduct penetration testing annually with a third-party company based on the contract.
Time is Ltd. uses multiple security services and industry standards to secure customers' data from unauthorized access, disclosure, use, and loss.
All Time is Ltd. personnel annually undergo security and privacy awareness training.

Data Protection

Time is Ltd. services are hosted entirely on Google Cloud Platform (GCP), providing built-in end-to-end security and privacy features. Google Cloud Platform (GCP) is certified SOC 2 Type II. GCP maintains a list of reports, certifications, and third-party assessments to ensure complete and ongoing state-of-the-art data center security. Google Cloud Platform stores and manages data cryptography keys in its redundant and globally distributed Key Management Service. So, if an intruder were to access any of the physical storage devices, the Time is Ltd. data contained therein would still be impossible to decrypt without the keys. For more specific details about GCP security, please, refer to the GCP Security whitepaper
Authentication and Access Management
Customers may log in to Time is Ltd. analytics platform using Google or Microsoft SSO. These services will authenticate an individual’s identity.
Data Encryption
All data is already encrypted before transit to Time is Ltd. Encrypted data is protected in transit across public networks. Customer Data is not authorized to leave the Time is Ltd. production service environment, except in limited circumstances such as in support of a customer request.
All data transmitted between Customer infrastructure and Time is Ltd. analytics services are protected using Transport Layer Security (TLS) and Hypertext Transfer Protocol Secure (HTTPS).

Certifications, Attestations and Frameworks

Time is Ltd. has active SOC 2 Type II compliance. We documented our security controls on the Cloud Security Alliance's (CSA) Security, and we are holders of STAR Level One, Trust & Assurance Registry (STAR).Time is Ltd. is governed by the GDPR.
For more information on our SOC 2 compliance, please click on the link here.
For more information on our CSA Star Level, please click on the link here.
For more information on our position on the GDPR, please click on the link here.

Frequently Asked Questions

Time is Ltd. stores only encrypted metadata needed for analysis from meetings, instant messaging, emails, and other sources.

All stored data is encrypted in the Google Cloud.

Customer data are encrypted and stored at dedicated databases, data sets and indexes at EU (GDPR) or US compliant server clusters in the Google Cloud.

The data is stored within EU borders or US borders. The data is transferred through secure HTTPS channel, encrypted and stored at EU (GDPR) or US compliant server clusters in the Google Cloud.

Depending on the services and productivity tools that the client wants to analyze, Time is Ltd. platform will need “Read-only” access to such tools.

Clients can manage by themselves who have access to Time is Ltd. platform and can access the company dashboards (sociomapping, and descriptive statistics.)

Read our article

Data privacy at Time is Ltd.

We provide the first privacy-minded people analytics in the world. Data privacy is at the core of what we do.
Read more