Privacy Policy

Last updated: March 4, 2026

1. Overview

FastLog ("we", "our", "the Service") is a web-based time tracking tool that integrates with Atlassian Jira. We are committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights regarding that data.

2. Data We Collect

Account data

When you sign up, we store your email address and a profile record (subscription status, trial expiry date). Authentication is handled via one-time passcode (OTP) — we never store passwords.

Jira credentials

When you connect your Jira instance, we store your Jira site URL, email, and API token. Your API token is encrypted at rest using AES-256-GCM with a server-side key. The plaintext token is never logged, stored in the browser, or exposed in API responses.

Worklog cache

We temporarily cache worklog data fetched from your Jira instance to improve performance. This cache is associated with your account and is refreshed on each request. We do not use cached worklog data for any purpose other than serving it back to you.

Presets

Saved logging presets (issue key, label, duration, color) are stored in our database and associated with your account.

Feedback

If you submit feedback through the in-app widget, we store the message, category, and your user ID. Feedback may be forwarded to our team via Slack webhook for notification purposes.

Billing data

Payment processing is handled entirely by Stripe. We store your Stripe customer ID and subscription status in our database. We do not store credit card numbers, CVVs, or other payment card details.

Usage and audit logs

We maintain an audit log of billing events (subscription changes, webhook deliveries) for idempotency and debugging purposes. We do not track page views, clicks, or browsing behavior beyond what is necessary for the Service to function.

3. How We Use Your Data

We use your data solely to:

Authenticate you and manage your session.
Connect to your Jira instance and execute worklog operations on your behalf.
Process payments and manage your subscription.
Respond to feedback you submit.
Maintain and improve the Service.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Third-Party Services

The Service relies on the following third-party processors:

Supabase — database hosting, authentication, and row-level security. Data stored in the US. Supabase Privacy Policy
Stripe — payment processing and subscription management. Stripe Privacy Policy
Vercel — application hosting and edge network. Vercel Privacy Policy
Atlassian Jira — worklog and issue data accessed via your credentials. Atlassian Privacy Policy
Upstash — rate limiting via Redis. No personal data is stored; only anonymous request counters. Upstash Privacy Policy

5. Data Security

Jira API tokens are encrypted at rest using AES-256-GCM.
All communication is encrypted in transit via HTTPS/TLS.
Database access is protected by row-level security — users can only access their own data.
API routes are protected by session-based authentication.
We do not require or request Jira admin permissions.

6. Data Retention

Account data — retained for the lifetime of your account.
Jira credentials — deleted immediately when you disconnect from Settings, or when your account is deleted.
Worklog cache — short-lived and refreshed on each request. Deleted when your account is deleted.
Presets — retained until you delete them or your account is deleted.
Feedback — retained indefinitely for product improvement. You may request deletion.
Billing records — retained as required for legal and accounting obligations.

7. Your Rights

You have the right to:

Access your data — most of your data is visible directly in the app (Settings, Billing).
Delete your Jira credentials at any time from the Settings page.
Delete your account and all associated data by contacting us.
Export your data upon request.
Object to data processing — contact us and we will address your concern.

If you are in the EU/EEA, you may also have additional rights under the GDPR. Contact us to exercise them.

8. Cookies

FastLog uses only essential cookies required for authentication (Supabase session cookies). We do not use analytics cookies, advertising cookies, or third-party tracking scripts. The Team Logs feature uses localStorage to save teammate names locally in your browser — this data never leaves your device.

9. Children

FastLog is not intended for use by anyone under the age of 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or an in-app notice. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact

If you have questions about this Privacy Policy or want to exercise your data rights, contact us at privacy@fastlog.app.

← Back to FastLog