Privacy Policy

Last updated: 2025-04-27

At Rememless, we are committed to protecting your privacy and ensuring the ethical handling of your data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

We designed Rememless as an ethical time tracking solution that respects user privacy and autonomy. Our approach differs from traditional time tracking by focusing on user-initiated check-ins rather than continuous monitoring.

Please read this Privacy Policy carefully. By using Rememless, you agree to the practices described in this policy.

1. Information We Collect

1.1 Information You Provide

• Minimal account information (email address, company name if applicable)
• User-provided time tracking check-ins and descriptions (encrypted and secured)
• Basic profile preferences
• Communications with our support team
• Payment information (processed entirely through Paddle, not stored by us)

1.2 Information Automatically Collected

• Minimal usage data necessary for service functionality
• Basic device information (browser type, anonymized IP address)
• Limited log data required for security and troubleshooting
• Essential cookies only (with opt-out options)

2. How We Use Your Information

We use the information we collect strictly for the following purposes:

• Provide and maintain the core service functionality
• Process and complete transactions through Paddle
• Transform your check-in descriptions into time tracking entries (via external AI processing)
• Generate insights for team administrators while strictly protecting individual privacy
• Send essential technical notices and administrative messages
• Respond to your direct support requests
• Ensure platform security and prevent abuse

What we do NOT use your data for:

• Training AI models or improving AI algorithms
• Marketing or advertising purposes
• Selling or sharing with third parties for their purposes
• Building user profiles or tracking beyond service functionality

3. Ethical Data Principles

Rememless follows these core ethical principles in data handling:

• User-initiated tracking: We only collect time data when users actively provide check-ins, not through continuous monitoring
• Privacy by design: Personal/private time is distinguished from work time, with detailed information about personal time kept private
• Transparency: Users can see all data collected about them and how it's used
• Data minimization: We collect only what's necessary to provide our service
• Neurodiversity support: Our service is designed to accommodate different cognitive styles
• Strict domain isolation: Personal and work data exist in completely separate technical domains, ensuring structural protection of private information beyond just policy-based protection

4. How Information is Shared

4.1 Within Teams

For team accounts, we enforce strict technical and operational separation of data:

• Work-related data: Team administrators can see aggregated time allocations across categories and projects that are explicitly tagged as work-related
• Personal/private time: Personal/private time is completely isolated from team accounts:
  • Personal/private time data is stored in entirely separate database structures with no connection to team data
  • Team administrators have zero access to any personal/private time data - not the content, timing, frequency, or even existence
  • When a check-in contains both work and personal items, our system automatically separates these
  • The separation occurs at the storage level, making it technically impossible to access personal data through team accounts
  • Users can freely mention personal matters within check-ins without concern of workplace visibility

Users can freely mix personal and work topics in a single check-in (e.g., "Worked on project X for 2 hours, then took a personal break to handle some family matters"). Our system intelligently parses these descriptions to separate work content (visible to teams) from personal content (strictly private).

4.2 With Third Parties

We may share information with:

• Service providers: Companies that perform services on our behalf (payment processing, cloud hosting, customer support)
• Business transfers: In connection with a merger, acquisition, or sale of assets
• Legal requirements: When required by law or to protect rights and safety

We do not sell your personal information to third parties.

5. AI Processing and Zero-Knowledge Design

Rememless uses AI to process natural language descriptions of time spent. Here's our strict approach to data privacy:

• Your check-in descriptions are processed through external AI services (Anthropic/OpenAI) to extract time allocations
• Your data is never used for AI training or model improvement
• We implement a zero-knowledge approach where even we cannot access your data content
• AI processing occurs only for the specific purpose of transforming your descriptions into time entries

6. Data Storage and Security

We implement exceptional security measures to ensure your data remains private:

• End-to-end encryption for all data at rest and in transit
• Data salting that prevents even us from reading your actual data
• Row Level Security in our Supabase database infrastructure
• Strict access controls and security auditing

Our database architecture implements a strict domain separation model that physically isolates personal and work data. Personal data is stored in encrypted containers that can only be accessed with the individual user's credentials, not with team administrator credentials, making cross-access technically impossible rather than just policy-restricted.

While no method of transmission over the Internet or electronic storage is 100% secure, our technical architecture is specifically designed to maximize privacy and minimize data access.

7. Norwegian Consumer Rights

As a Norwegian sole proprietorship (enkeltpersonsforetak), we comply with Norwegian consumer protection laws, including the Norwegian Consumer Purchases Act (Forbrukerkjøpsloven) and the Norwegian Marketing Control Act (Markedsføringsloven). These laws may provide you with additional rights not outlined in this policy.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

When you delete your account, we will delete or anonymize your personal information within 30 days, except for information we need to:

• Comply with legal obligations
• Resolve disputes
• Enforce our agreements

9. Your Privacy Rights

As a Norwegian business, we comply with European data protection laws. You have the following rights:

• Access and receive a copy of your personal data
• Rectify inaccurate or incomplete data
• Request deletion of your personal data
• Restrict or object to processing of your data
• Request transfer of your data to another controller
• Withdraw consent at any time (where processing is based on consent)

To exercise these rights, please contact us using the information in the "Contact Us" section.

10. International Data Transfers

Your information may be transferred to and processed in countries other than the one in which you reside. These countries may have data protection laws different from those in your country.

When we transfer data internationally, we implement appropriate safeguards in accordance with applicable law to ensure your data remains protected.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

support@forbordinventions.com
Forbord Inventions
Gladbakkgutua 3A
2070, Råholt, Norway