How we handle your personal data at RescueTime

At RescueTime, we think a lot about how we handle and process information.

For the past 10 years, we’ve built a business on helping people better understand their personal data. With hundreds of thousands of active users depending on us to help them optimize their personal efforts, we know the only way this works is if there’s trust that we’re doing our job both ethically and proficiently while protecting your data.

To be clear: from the start, we’ve always had a strict never-share, delete-when-asked, let-you-export data policy for our users. We are a business with a product, and have never had any ad supported business of any kind.

With the new European General Data Protection Regulation (GDPR) going into effect at the end of this month, I thought it would be a good opportunity to talk about just how RescueTime handles your data, our philosophy around data, and some changes we’ve made to give you more control over the data we process for you.

What is the GDPR and why does it matter?

By now, your inbox is probably full of GDPR-related notices, so I’ll keep the overview short. If you would like to read details of the regulation, here is the GDPR Wikipedia page.

The GDPR was created to give users clear visibility into what data is collected and stored, know how it’s being used, to get access to or delete it, as well as more control over who has access to it. It also places more responsibility on businesses like ours who collect, process, and store your data.

We think this is fantastic.

We’ve been working with personal data for 10 years and the GDPR aligns with how we’ve always thought about data rights and management. It has been a badge of pride for us to be able to hold and claim the principles involved—before this was even legislation—when people ask us how we operate.

Honestly, it has sometimes been hard to get this across when people ask, because most are sadly so used to companies playing fast and free to make money off them using their data.

As a data-driven company, many users assume we make money selling your data. But this simply isn’t the case for us.

RescueTime is a “Freemium” subscription-driven business and will never sell your data to anyone, ever. 

Our free product is there to entice users into signing up for a Premium account. That’s all. As a free user, you don’t give up any rights. That means we’re not using your info to help someone sell you something or selling your data to someone else.

New changes to RescueTime to give you more control over your personal data

We’ve improved and updated some features to meet the expectations of the GDPR. These features are for all users, no matter where you are in the world or what your subscription status is.

You can choose what information RescueTime has access to and monitors

RescueTime works best when you personalize it to your work habits and goals. To that end, we’ve always given you control over what sites and apps you want tracked and never record any activity that you’ve flagged to ignore.

We’ve made this feature much more visible so you can quickly select what time of day RescueTime is active and the level of detail it tracks.

You can export ALL your RescueTime historical data whenever you’d like

One of the great new rules in the GDPR is Data Portability and what they call the “Right to be Forgotten.” Basically, this means you should be able to get and keep what we have stored for you, and that you should be able to delete everything whenever you want.

To make this easier for RescueTime users, we’ve built a tool that allows you to roll up your entire data history into one file for download. Free users can also now download data older than 3 months, which is a new feature for them.

We’ve always deleted your information when you close your account

Your data is your data. When you delete your RescueTime account, we delete all your online data with it.

We’ve updated our messaging to make it super clear to free users that their full history is wiped clean when they leave (including what is hidden beyond the 3 months they have access to in the dashboard).

We’ve also created new tools to automatically scrub offline backup tables when you leave. Deleted user data in offline systems has not been used in aggregated statistics and was unreachable by statistics tools, but we have chosen to simply do a pure scrub to have the cleanest result possible.

You can now flag your account to be in “no administrative access” mode

RescueTime offers all users support, and sometimes those requests require an engineer to access your account to troubleshoot it. Our policy has always been to only access individual data in response to support requests.

We now offer the in-app enforcement of that policy. You can explicitly restrict access to your account until you change the setting otherwise. This can be found on your privacy settings page.

Our philosophy around data security and access hasn’t changed

It’s an interesting time to be a company built on personal data collection and analysis. And while things like the GDPR are making it more obvious and clear to users what information is being used, the principles that drove it are just good business.

We’ve been following these same principles for a decade and are glad the rest of the industry is catching up.

Data security is absolutely critical: We hold to the best standards for end-to-end transport encryption, secure authentication practices, and encrypted storage. We attend to all security advisories for the platforms and frameworks we depend on, and make sure that at every level your data (and ours) is protected.

We never share your data with anyone: Anonymous or not, no third parties ever have access to your data.

Your data is your asset to access, control, and destroy as you like: We’ve built tools to help you take action on your digital life. But the asset we use to give you that intelligence (your data) is yours to control and use as you see fit.

Large-scale data analysis can give us clues into how to live a better life

To make the RescueTime experience better, we look at productivity and app use patterns throughout the day. This lets us set baselines for reasonable goals and understand how to categorize tools.

From time-to-time, we also run statistics across very large sets of data. These give us averaged and aggregated results we can use to tell you things like: “Compared to an average of designers, you are spending 30% more time in communication.”

The collected wisdom from the aggregate stats, in white-paper like reports, may be sold as research results. For example, a report comparing average use of Slack to average use of email in communication over time. Or, wisdom from deep data analysis can back the insights we blog about with valid statistics, like our like our analysis of workplace multitasking.

Just to be clear, it is always the aggregate reduced results of our own analysis that is used in these reports–never data that could be connected to an individual.

If you have questions about your data, I’m here to help

Dealing with personal data doesn’t have to be creepy. And I hope this helped clarify just how we live up to that promise at RescueTime.

As RescueTime COO, I’m also now acting as our Data Protection Officer (DPO). If you have any questions about how we handle your data, feel free to get in touch with me directly.