Privacy Policy

Last updated: March 9, 2026 · Effective immediately

This Privacy Policy describes how Ruwad Connect ("we", "us", or "the Service") collects, uses, stores, and protects information when you use the Ruwad Connect web platform, desktop application, and related services. By using our services, you acknowledge the practices described in this policy.

1. Information We Collect

1.1 Account Information

When you register, we collect your name, email address, organization name, and password (stored in hashed form). Organization administrators may also provide team member details.

1.2 Usage & Activity Data

We collect time tracking entries, project/task associations, activity levels (keyboard and mouse metrics as percentages only), and active application window titles to provide productivity insights to your organization.

1.3 Screenshots

When enabled by your organization, the desktop application captures periodic screenshots during tracked work sessions. Screenshots are taken at configurable intervals set by your organization administrator. You will always see a visible indicator when tracking is active.

1.4 Verification Images

If your organization enables identity verification, webcam images may be captured at random intervals during work sessions to confirm identity. Camera access requires explicit operating system permission and is clearly indicated.

1.5 Device Information

We collect basic device metadata including hostname, operating system, and local IP address to help identify device sessions.

1.6 Payment Information

Payment processing is handled by Stripe. We do not store credit card numbers. Stripe's privacy policy governs payment data handling.

2. How We Use Information

  • Provide and operate the time tracking, activity monitoring, and team management services
  • Generate reports and analytics for organization administrators
  • Process billing and subscription management
  • Send transactional emails (invitations, password resets, billing notices)
  • Maintain security and prevent unauthorized access
  • Improve the service based on aggregated, anonymized usage patterns

3. Data Storage & Security

Account data is stored in MongoDB Atlas with encryption at rest. Screenshots and media files are stored in encrypted object storage (Hetzner Cloud, EU region). All data in transit is protected by TLS 1.2+.

We implement industry-standard security measures including:

  • Bcrypt password hashing with salt
  • JWT-based authentication with short-lived access tokens
  • Role-based access control (RBAC)
  • Rate limiting on authentication endpoints
  • HTTPS enforcement on all endpoints

4. Data Retention

We retain your data for as long as your organization's account is active. Data retention periods for screenshots and activity data are configurable by your organization administrator (default: 90 days).

Upon account deletion, we will remove your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., billing records).

5. Data Sharing

We do not sell your personal data. We share data only in these circumstances:

  • Within your organization: Administrators and managers can view time entries, screenshots, and activity data for members they manage.
  • Service providers: We use Stripe for payments, MongoDB Atlas for database hosting, and Hetzner for file storage and server infrastructure. These providers process data on our behalf under data processing agreements.
  • Legal requirements: We may disclose data when required by law or to protect our legal rights.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Object to or restrict certain data processing
  • Withdraw consent for optional data collection (e.g., verification images)

To exercise these rights, contact your organization administrator or email us at cs@ruwadconnect.com.

7. Cookies & Local Storage

We use essential browser storage (localStorage) to maintain your authentication session. We do not use third-party tracking cookies or advertising trackers.

8. Desktop Application

The Ruwad Connect desktop application runs locally on your device and communicates with our servers over encrypted connections. The desktop app:

  • Only captures data when you actively start a tracking session
  • Shows a visible system tray indicator when tracking is active
  • Stores temporary data locally in an encrypted SQLite database
  • Syncs data to the server when an internet connection is available
  • Can be fully uninstalled, which removes all local data

9. Children's Privacy

Ruwad Connect is designed for business use and is not intended for children under 16. We do not knowingly collect personal data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact Us

For privacy-related inquiries, contact us at cs@ruwadconnect.com.

← Back to registerView Terms of Service →