Collabio Privacy Policy
We build tools to empower teams, not to compromise individuals. This policy outlines exactly what telemetry our desktop and backend systems gather, how your data is handled, and your fundamental privacy rights.
1. Overview & Privacy Commitments
Collabio is designed as a hybrid time-tracking, project management, and transparency portal. In order to provide organization managers and employees with accurate insights into concentrations, focus zones, and payroll hours, we process specific usage telemetry.
Bounded Collection
Collabio only logs activity signals, window focused contexts, and screenshots when your time-tracking timer is actively running. Stopping the timer ceases all background trackers immediately.
Employee Ownership
We advocate for transparency. Employees have full access to inspect all time entries, screenshot assets, app lists, and activity percentages mapped to their profile.
2. Telemetry and Data Collection
When the time-tracker is toggled, Collabio syncs specific system triggers to calculate concentration metrics and document project hours:
Keyboard & Mouse Activity Metrics
We log whether input events occur (mouse clicks, mouse cursor displacements, and keyboard presses) during each 1-second interval. This compiles into an average "Activity Percentage" to measure focus patterns.
Focused Applications & Browsed URLs
We log the titles of active window applications and active browser tab URLs while working. We do **not** monitor background application operations or private system files.
Periodic Screen Captures
If configured by your organization, our background scheduler captures periodic screenshots (typically once per 10-minute block). Managers can also configure options to blur these captures automatically to safeguard sensitive data.
3. No-Keylogging Guarantee
We believe keyloggers are intrusive and compromise security. Collabio holds a **strict zero-keystroke logging policy**:
What We Log
The total count of keyboard presses and mouse events per minute to score relative focus activity levels.
What We Never Log
We never capture the content of what you type, passwords, text entries, or credit card details.
4. How the Desktop Client Interacts with Your OS
Our desktop time-tracking client (`collabio-desktop-v2`) is built using a decoupled worker-thread architecture to separate operations:
Multi-Platform Hooks
We hook into low-level OS inputs safely depending on your environment. On macOS, this leverages user-granted Accessibility APIs. On Linux, specialized Wayland and X11 bridge workers capture focused app metadata without excessive overhead.
Local Offline Buffering
If your internet connection drops, our system automatically caches all tracked active sessions, keystroke frequency graphs, and window metadata securely on your local storage drive. All buffered events synchronize immediately upon connection restoration.
5. Focus, Automation, & Suspicious App Analytics
To guarantee payroll integrity and protect honest workspace hours, Collabio executes server-side metrics engines to flag non-human activity signatures:
Automated Activity & Jiggler Detection
Our backend rules-engine parses activity logs for mechanical or simulated activity. The system executes heuristics to flag automated clicks or artificial cursor cycles:
- Consistent Activity Checks: Flags continuous zero-variance activity sequences (typical of physical jigglers or scripts).
- High Activity Checks: Flags continuous keystroke frequencies simulating human-impossible speeds.
Organization-Configured Suspicious Applications
Organization administrators can declare a specialized "Suspicious Apps" list (such as jigglers, games, unauthorized streaming tools, or key scripts). Collabio checks active window titles against this blacklist to flag metrics, helping maintain focus standards without reading internal content.
6. Advanced Encryption & Cloud Security
We employ banking-grade security architectures to guarantee that your activity signals, metadata, and screenshots are fully protected at every stage:
Encrypted in Transit (TLS 1.3)
All traffic flowing between the desktop client (`collabio-desktop-v2`), the web application, and our API gateways is strictly encrypted in transit using industry-standard TLS 1.3 (Transport Layer Security) over secure HTTPS/WSS channels.
Encrypted at Rest (AES-256)
All core database systems and structural metrics are protected via AES-256 transparent data encryption (TDE). All screenshot media and recordings are hosted inside isolated private Amazon S3 buckets utilizing AWS-managed Server-Side Encryption (SSE-S3).
Temporal Signed URLs
Your screen capture media is never exposed publicly. Access is gated behind short-lived temporal AWS signed URLs generated dynamically on our backend after validating active session roles, preventing asset leaking.
Data Minimization
To protect personal workspaces, active application window tracking automatically strips local system home path folders (e.g. replacing local system usernames with normalized workspace indicators) prior to transmission.
Absolute Zero-Selling Commitment
Your focus metrics, logs, and screenshots are stored strictly to deliver analytics to your team. We maintain a zero-compromise guarantee: we never license, aggregate, or sell your operational time data to third-party ad networks, tracking indices, or external profiling platforms.
7. GDPR & Global Data Subject Rights
We align our services with leading data protection frameworks, including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Users hold the following fundamental rights:
Right to Access & Portability
Request a structured export of all your time tracking, screenshot, and focus app telemetry logged in our systems at any time.
Right to Rectification
Correct or adjust manual time entry records directly from your dashboard to maintain accurate and fair hours logs.
Right to Restriction
Opt-out of specific optional tracking parameters (such as screenshots or app lists) through your organization's compliance coordinator.
8. Employee Control & Permanent Account Erasure
We empower employees with native controls to govern their workspace data:
Screenshot Deletion
If organization policies permit (configured by managers), employees can delete their screenshot records. Deleting a screenshot subtracts the corresponding 10-minute block from their active work duration.
Permanent Data Deletion
If a user deletes their profile or an organization terminates their workspace, all associated keystroke metrics, application headers, timesheets, and Amazon S3 screenshots are permanently purged from all production servers and secure S3 buckets within 30 days.
Have questions about our tracking systems?
Our engineering and compliance teams are ready to assist you.