Security by design
WiseTime was designed and developed with the principle of individual privacy at the forefront. We believe that individual privacy is paramount, especially as our digital landscapes continue to change and grow. We believe that the software should be designed with privacy and security guiding the way, not as an afterthought.
We take the privacy and security of our customer data very seriously, making continual reviews and updates to ensure that we deliver the highest possible protection. We securely manage data at all touchpoints, protecting your privacy and your data, ensuring proper security regulations, and mitigating risk, which is essential to delivering a high level of service.
After analysing industry best practices, we identified additional measures that we could adopt to further safeguard our users, by:
- allowing users to determine what activity data is posted to which teams;
- storing user activity data in a quasi-anonymized form; and
- utilizing an independent federated identity provider.
With our commitment to customer security and privacy, you can be assured that you and your company are protected with the best practices in privacy and security while using WiseTime.
WiseTime utilizes an industry leading cloud data platform to house our servers containing all WiseTime activity data. The cloud platform is one of the largest data center providers in the world and their security features an award-winning environment design and is certified in SSAE16/ISAE3402 SOC-1 Type II, ISO 27001 and PCI-DSS. This allows WiseTime to connect to their compute resources privately, shielding backend processing loads from exposure to any shared public network. Since January 2022, WiseTime is ISO 27001 certified, which is an internationally recognised specification for information security management.
WiseTime uses the OAuth and SAML Identity management industry standards to provide both secure and flexible mechanisms to prove their identity to the WiseTime service. WiseTime uses Google Firebase for management of identity, which follows industry best practices, such as never storing any user passwords (storing instead a salted hash of it, and that salted hash being stored with a trusted third-party identity provider), and by using revocable device tokens in place of password-based authentication.
To provide an additional safeguard, WiseTime takes the additional step of storing all activity data (individual and team) in a quasi-anonymous form. That is, the identifying information, such as a user’s name or email address, team names and the like are stored in an independent store to the activity storage.
Our teams and users are represented as a large/random number. In the unlikely event of a data breach, any would be intruders would additionally have to engineer a concurrent heist of our independent federated identity provider, or the data is otherwise unidentifiable. We believe this additional precaution gives our users the strongest safeguards available.
We also take measures to ensure we protect data-in-transit between the desktop app and WiseTime servers. For any data transfer to and from the servers, WiseTime uses enforced Transport Layer Security (TLS), to ensure that all communications are sent via a private and secure communications channel.
File data in transit between WiseTime (currently desktop, mobile, API, or web) and the hosted service is always encrypted via SSL/TLS. For all WiseTime edge points, WiseTime uses current ciphers and certificate standards, and forces any unencrypted requests to seamlessly switch to an encrypted channel. Additionally, WiseTime uses token-based authentication cookies to ensure that identifying information connected to the user is never stored on client devices. WiseTime also digitally signs all of their outbound email communications via the DKIM signature standard.
WiseTime offers an easy-to-use application to help teams collaborate effectively, while providing the security measures and compliance certifications organizations require.
The users right to privacy and full control of their data has always been the driving force behind the way WiseTime was designed and developed. Many other tools openly promote their time tracking software as a way for employers to view exactly what employees are doing at any given time, however WiseTime is the first of its kind to break this mould.
We place your data, in your hands, completely and wholly. Nobody can access your data until you choose to share it, and you have the right to amend any time entries, remove or manually add, prior to sharing. WiseTime has a strong commitment to user privacy and is General Data Protection Regulation (GDPR) compliant.
We have also built preferences into the software that allow you to specify things that you never want WiseTime to track – such as whenever you are on Facebook or reading the news. You can change and update these settings easily and instantly at any time.
WiseTime’s developer, Practice Insight, takes advantage of their unique capabilities in big data, analytics and machine learning. Their guiding philosophy has always been to provide transparency, and now even more so than when the company was founded in 2010, this is more important than ever. With our ever-growing individual digital footprints, we need to be informed about the use and storage of the data we share.
Most time tracking solutions may offer some data protection, however none have been developed with individual privacy and data security at the forefront. WiseTime is the first of its kind to boast individual privacy features, without the ability to be overridden by administrators or managers. Users time logs and data will always been in the control of their hands. We strive to create a solution that makes it easier for users to track their attentions and handle their daily billing and administration, not software that allows others to monitor your activities in real time or compromise freedoms.
WiseTime offers the ultimate solution for anyone that values privacy, security and transparency.