← Back to ClockMe

Privacy Policy

Effective date: 18 May 2026 · Last updated: 18 May 2026

ClockMe (“we”, “our”, “us”) is operated by SimulateCX. This policy explains what data we collect when you use ClockMe (the web app, Chrome extension, and API), how we use it, and your rights regarding that data.

1. Data we collect

Account information

When you create an account we collect your email address and, if you sign in with Google, your display name and profile photo URL. This is used solely for authentication.

Time tracking data

We store the projects, tasks, and time entries you create: project names, client names, hourly rates, entry descriptions, start/end times, and durations. This is the core data of the service.

API keys

When you generate an API key we store only its SHA-256 hash — the plaintext key is shown once and never stored. We record the creation date and when the key was last used.

Chrome extension — local storage only

The ClockMe Chrome extension stores your API key, your Focus Mode blocklist, and cached timer state in your browser's local storage (chrome.storage.local). This data never leaves your device except as part of standard API requests to ClockMe.

Chrome extension — browsing activity

When Focus Mode is active, the extension uses Chrome's declarativeNetRequest API to redirect requests to domains on your blocklist to the Focus page. We do not log, transmit, or store any record of which websites you visit. The redirect rules run entirely within Chrome on your device.

2. How we use your data

  • To provide the ClockMe time tracking service
  • To authenticate you and protect your account
  • To generate reports and invoices within the app
  • To allow third-party integrations you explicitly configure (Claude AI via MCP, Jira)
  • To improve the service (aggregated, anonymised usage patterns only)

We do not sell your data. We do not use your data for advertising.

3. Third-party services

Firebase (Google)

We use Firebase Authentication and Cloud Firestore (both Google products) to store your account and time tracking data. Data is stored in the us-central1 region. Google's privacy policy applies to Firebase: policies.google.com/privacy.

Anthropic / Claude (optional)

If you configure ClockMe as an MCP server in Claude, your ClockMe API key is stored in your local Claude configuration. API calls from Claude to ClockMe are authenticated with that key. Anthropic's privacy policy governs the Claude side of that integration.

4. Data retention

Your data is retained for as long as your account is active. You may request deletion of your account and all associated data at any time by contacting us at the address below.

5. Your rights

Depending on your jurisdiction you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data (CSV export is available in the Reports page)
  • Withdraw consent at any time

To exercise any of these rights, contact us at admin@simulatecx.com.

6. Security

API keys are stored as SHA-256 hashes — not reversible to plaintext. All data is transmitted over HTTPS. Firebase security rules enforce that users can only access their own data.

7. Changes to this policy

We will update the “Last updated” date at the top of this page when we make changes. Continued use of ClockMe after changes constitutes acceptance of the updated policy.

8. Contact

SimulateCX
admin@simulatecx.com