Skip to content
English
  • There are no suggestions because the search field is empty.

How Time Doctor Supports Security and Compliance

TL;DR: 

Time Doctor supports security and compliance through GDPR and UK GDPR privacy coverage, ISO/IEC 27001:2022 certification, encrypted data transfer, encrypted screenshot storage, restricted employee access, regular external security testing, secure payment processing through Stripe, and a documented incident disclosure process.

Time Doctor maintains security and compliance measures designed to help protect customer data and support organizational security reviews. This article summarizes Time Doctor’s certifications, data protection practices, access controls, payment security, and practical account security steps.

 

Security and compliance overview

Time Doctor provides security and compliance documentation covering privacy, data protection, and operational safeguards. Public legal and compliance resources include the Privacy Policy, Customer DPA, Sub-processors list, Security and Compliance page, and certification pages such as ISO 27001 & ISO 27701.

 

Certifications and regulatory coverage

Time Doctor’s legal and privacy documentation references support for the General Data Protection Regulation (GDPR) and the UK GDPR.

Time Doctor is ISO/IEC 27001:2022 certified, and the certification page also references ISO/IEC 27701:2019.

 

Encryption and data protection

Time Doctor uses encrypted data transfer over HTTPS.

When screenshots are enabled, communication to the server is secured by SSL encryption, and files on the server are encrypted to add another layer of protection for company data.

Time Doctor also performs regular external penetration testing, patching, and security audits to identify and address potential issues.

 

Access controls and internal security practices

Time Doctor’s documented security practices include:

  • Encrypted data transfer
  • Strong password management policies
  • Internal system logging
  • Network and infrastructure security
  • Physical security
  • Two-factor authentication (2FA)

Employee access to customer accounts and stored data is restricted. Access is limited to troubleshooting or support scenarios when needed to resolve an issue.

 

Payment data handling

Time Doctor does not store customer credit card information.

Payment transactions are processed through Paddle (Stripe for older accounts), and card information is transmitted, stored, and processed on a PCI-compliant network.

 

Incident response and disclosure

Time Doctor documents an incident management process for data breaches, with the first communication to affected parties occurring within 72 hours of becoming aware of the incident.

 

Recommended account security practices

Apply the following practices to strengthen account security:

  1. Enable two-factor authentication for all users.
  2. Enforce strong password standards across the organization.
  3. Assign access based on role requirements and review user permissions regularly.
  4. Review Time Doctor’s public compliance and security documentation for current details and legal references, including the Security and Compliance, Privacy Policy, and Customer DPA pages.

 

Additional notes

Screenshots are optional. If used, they are stored securely, and organizations remain responsible for determining whether feature use is appropriate under applicable laws and internal policies.

 

Conclusion

Time Doctor supports security and compliance through documented privacy coverage, ISO/IEC 27001:2022 certification, encrypted data transfer, encrypted screenshot storage, restricted employee access, regular external security testing, secure payment processing, and a defined breach disclosure process.

 

 

 

 

Should there be any inconsistencies or concerns regarding the article, contact support@timedoctor.com for prompt assistance.