Security by design

WiseTime was designed and developed with the principle of individual privacy at the forefront. We believe that individual privacy is paramount, especially as our digital landscapes continue to change and grow. We believe that the software should be designed with privacy and security guiding the way, not as an afterthought.

We take the privacy and security of our customer data very seriously, making continual reviews and updates to ensure that we deliver the highest possible protection. We securely manage data at all touchpoints, protecting your privacy and your data, ensuring proper security regulations, and mitigating risk, which is essential to delivering a high level of service.

After analysing industry best practices, we identified additional measures that we could adopt to further safeguard our users, by:

• allowing users to determine what activity data is posted to which teams;
• storing user activity data in a quasi-anonymized form; and
• utilizing an independent federated identity provider.

With our commitment to customer security and privacy, you can be assured that you and your company are protected with the best practices in privacy and security while using WiseTime.

Infrastructure

WiseTime utilizes an industry-leading Equinix data center to house our private servers (not shared) containing all WiseTime activity data. Equinix is one of the largest data center providers in the world and their security features an award-winning environment design and is certified in SSAE16/ISAE3402 SOC-1 Type II, ISO 27001 and PCI-DSS. This is the same data center used by Amazon Web Services and the like, which also allows WiseTime to connect to their compute resources privately, shielding their backend processing loads from exposure to any shared public network.

Identity Management

WiseTime uses the OAuth and SAML Identity management industry standards to provide both secure and flexible mechanisms to prove their identity to the WiseTime service. WiseTime uses Google Firebase for management of identity, which follows industry best practices, such as never storing any user passwords (storing instead a salted hash of it, and that salted hash being stored with a trusted third-party identity provider), and by using revocable device tokens in place of password-based authentication.

To provide an additional safeguard, WiseTime takes the additional step of storing all activity data (individual and team) in a quasi-anonymous form. That is, the identifying information, such as a user’s name or email address, team names and the like are stored in an independent store to the activity storage.

Our teams and users are instead represented as a large/random number. In the unlikely event of a data breach, any would-be intruders would additionally have to engineer a concurrent heist of our independent federated identity provider, or the data is otherwise unidentifiable. We believe this additional precaution gives our users the strongest safeguards available in the realm of activity analytics.

Our teams and users are instead represented as a large/random number. In the unlikely event of a data breach, any would-be intruders would additionally have to engineer a concurrent heist of our independent federated identity provider, or the data is otherwise unidentifiable. We believe this additional precaution gives our users the strongest safeguards available in the realm of activity analytics.

Encryption

We also take measures to ensure we protect data-in-transit between the desktop app and WiseTime servers. For any data transfer to and from the servers, WiseTime uses enforced Transport Layer Security (TLS), to ensure that all communications are sent via a private and secure communications channel.

File data in transit between WiseTime (currently desktop, mobile, API, or web) and the hosted service is always encrypted via SSL/TLS. For all WiseTime edge points, WiseTime uses current ciphers and certificate standards and forces any unencrypted requests to seamlessly switch to an encrypted channel. Additionally, WiseTime uses token-based authentication cookies to ensure that identifying information connected to the user is never stored on client devices. WiseTime also digitally signs all of their outbound email communications via the DKIM signature standard.

WiseTime offers an easy-to-use application to help teams collaborate effectively while providing the security measures and compliance certifications organizations require.

Individual privacy

The users right to privacy and full control of their data has always been the driving force behind the way WiseTime was designed and developed. Many other tools openly promote their time tracking software as a way for employers to view exactly what employees are doing at any given time, however, WiseTime is the first of its kind to break this mould.

We place your data, in your hands, completely and wholly. Nobody can access your data until you choose to share it, and you have the right to amend any time entries, remove or manually add, prior to sharing.

We have also built preferences into the software that allow you to specify things that you never want WiseTime to track – such as whenever you are on Facebook, Amazon or reading the news. You can change and update these settings easily and instantly at any time.

Conclusion

WiseTime’s developer, Practice Insight, takes advantage of their unique capabilities in big data, analytics, and machine learning. Their guiding philosophy has always been to provide transparency, and now even more so than when the company was founded in 2010, this is more important than ever. With our ever-growing individual digital footprints, we need to be informed about the use and storage of the data we share.

Most time tracking solutions may offer some data protection, however, none have been developed with individual privacy and data security at the forefront. WiseTime is the first of its kind to boast individual privacy features, without the ability to be overridden by administrators or managers. Users time logs and data will always be in the control of their hands. We strive to create a solution that makes it easier for users to track their attentions and handle their daily billing and administration, not software that allows others to monitor your activities in real-time or compromise freedoms.

WiseTime offers the ultimate solution for anyone that values privacy, security, and transparency.