Back to home

Privacy Policy

Last updated: 14 March 2026

What LexTime does

LexTime is a time-tracking tool. You start and stop timers, assign them to clients and projects, and generate reports. That is the single purpose of the service and its browser extension.

Data we collect

  • Account information — email address and hashed password, managed by Supabase Auth.
  • Time entries — start/end timestamps, descriptions, and project assignments you create.
  • Organisation data — client names, project names, billing rates, and organisation settings you configure.

We do not collect health information, financial or payment information, personal communications, location data, web browsing history, or user activity such as keystrokes or clicks.

Browser extension

The LexTime Chrome extension requests the following permissions, each tied to a specific feature:

  • storage — persists your authentication session locally so you stay logged in.
  • alarms — updates the toolbar badge every 30 seconds and fires a reminder after 8 hours of continuous tracking.
  • idle — detects when you go idle while a timer is running and notifies you on return.
  • notifications — shows idle-return and long-timer reminders. No marketing notifications.
  • contextMenus — adds a right-click option to log the current page title as a time entry.
  • Host access (lextime.app) — a content script reads your auth session from the web app so the extension can log you in automatically. It reads one localStorage key and does nothing else.

The extension contains no remote code. All JavaScript is bundled at build time.

How we use your data

Your data is used exclusively to provide the time-tracking features you interact with: running timers, displaying history, and generating reports. We do not use your data for advertising, analytics profiling, or any purpose unrelated to time tracking.

Third parties

We do not sell or transfer user data to third parties. The only third-party service involved is Supabase, which hosts the database and authentication layer.

Data storage & security

Data is stored in a Supabase-managed PostgreSQL database with row-level security enforced — users can only access their own organisation's data. Authentication tokens are JWTs with expiration. Passwords are hashed and never stored in plain text.

Data deletion

You can delete individual time entries, clients, and projects from the app at any time. To delete your account and all associated data, contact us at the email below.

Contact

Questions about this policy? Email privacy@lextime.app .