Privacy Policy

Intellibyte Software Solutions LLC d/b/a TimeX (“TimeX”, “we”, “us”) provides time-tracking, expense, and payroll-sync software for businesses. This Privacy Policy explains what information we collect, how we use it, and the choices available to you.

1. Scope and roles

TimeX is a business-to-business (“B2B”) service. Organizations that subscribe to TimeX (each an “Organization” or “Customer”) are the data controllers of the personal information they and their personnel enter into the Software. TimeX acts as a data processor on behalf of the Organization, processing information according to the Organization’s instructions and this Policy.

This Policy applies to our public marketing website at gotimex.app, the TimeX administrator portal, the TimeX employee mobile application, and the underlying APIs (collectively, the “Service”).

2. Information we collect

2.1 Account and identity data

Name, mobile phone number (in E.164 format), business email (if provided), and role (administrator or employee).
Authentication records, including sign-in timestamps, device metadata, and one-time passcode delivery logs.

2.2 Work and payroll data

Clock-in and clock-out times, shift details, notes, client associations, and approval status.
Pay-period configurations, paid-time-off flags, and holiday-pay attributes configured by the Organization.

2.3 Expense and receipt data

Amount, merchant, date, category, and free-text description of each expense.
Photographs of receipts uploaded by Users for expense documentation.
AI-generated text extracted from receipt images for auto-fill purposes.

2.4 Client and program data (entered by the Organization)

Client names, addresses, phone numbers, and geographic coordinates.
Client program identifiers including alternate IDs, payer identifiers, jurisdiction codes, and service programs.

2.5 Device and technical data

Device type, operating system, and application version.
IP address, user-agent string, and standard server log entries.

2.6 Support and correspondence

Content of support tickets, emails, and in-app messages you send to us.

We do not knowingly collect information from children under the age of 13. The Service is intended for business use by adults (18+).

3. How we use information

Deliver the Service: authenticate Users, render timesheets and expenses, compute hours, and present data to approvers.
Sync to third-party systems: with Customer authorization, transmit approved timesheets, employees, and clients to QuickBooks Online.
Security and fraud prevention: detect and respond to suspicious activity, enforce rate limits, and safeguard accounts.
Support and communications: respond to inquiries, send transactional emails and SMS, and notify Users of Service changes.
Product improvement: aggregate, de-identified analysis of feature usage. We do not use Customer data to train AI models.
Legal compliance: comply with applicable laws, subpoenas, and lawful government requests.

4. Legal bases (EEA/UK/other applicable regions)

Contract: processing necessary to deliver the Service to the Organization and its Users.
Legitimate interests: security, fraud prevention, product analytics.
Consent: where required by law, including SMS messaging consent described in §6.
Legal obligation: where required by applicable law.

Organizations subject to the GDPR, CCPA, or other applicable data-protection laws may request a Data Processing Agreement (DPA) by contacting [email protected].

5. Sub-processors

TimeX uses the following sub-processors to deliver the Service. Each sub-processor is subject to contractual data-protection commitments. The list may change; material changes will be communicated to administrators.

Sub-processor	Purpose	Data processed	Region
Intuit, Inc. (QuickBooks Online)	Accounting sync (Customer-authorized)	Timesheet summaries; opaque employee + client codes	United States
Logto	Identity and authentication; SMS OTP delivery	Name, phone number, auth events	Multi-region
Microsoft Azure (Blob Storage)	Storage of receipt images	Receipt image files	United States
Microsoft Azure OpenAI / OpenAI	Optical character recognition of receipts	Receipt image content	United States
New Relic	Application logs and monitoring	Technical logs, redacted	United States

6. SMS messaging data

TimeX sends SMS messages for authentication (one-time passcodes) and transactional notifications (such as timesheet status changes and approval reminders).

Identifiers we maintain in connection with SMS: your mobile phone number (in E.164 format), tied to your TimeX account.
Purpose: deliver authentication codes and deliver transactional Service notifications.
Evidence of consent: During the registration flow, you are presented with a dedicated ‘Enable SMS sign-in and account alerts’ screen. You must affirmatively check a consent box that reads: ‘I agree to receive SMS messages from TimeX by Intellibyte Software Solutions LLC, including one-time passcodes and account notifications such as timesheet reminders and approval updates, at the mobile number I provide. Message frequency varies; typical users receive no more than 10 messages per week. Message and data rates may apply. Reply STOP to opt out at any time or HELP for assistance.’ Checking this box and clicking ‘Continue to sign in’ constitutes your express written consent. Our identity provider (Logto) records the resulting sign-in event, including a timestamp, the IP address used at sign-in, and basic device metadata. We do not maintain a separate consent ledger beyond these authentication records and your account’s stored phone number.
Retention: your phone number and the associated authentication records are retained for the life of the account; see §7 below for what happens after account closure.
Delivery partners: SMS messages are delivered through Logto and its upstream carriers-of-record.
Message frequency: Message frequency varies with account activity; typical users receive no more than 10 messages per week. Frequency may be higher during onboarding or during active approval cycles.
Message and data rates: Message and data rates may apply. Check with your mobile carrier for details.
Mobile opt-in data, phone numbers, and SMS consent records are never shared with, sold to, or transferred to third parties or affiliates for marketing, promotional, or lead-generation purposes of any kind.
For SMS help, reply HELP to any TimeX message or contact [email protected].
See the SMS consent disclosure in our Terms and Conditions for opt-in mechanics, opt-out keywords (STOP/HELP), and related terms.

7. Data retention

TimeX retains Customer data for the duration of the Customer’s subscription. On termination, data is scheduled for deletion within 90 days, subject to legal-hold exceptions. Anonymized usage data may be retained indefinitely. Organizations may request earlier deletion by contacting [email protected].

8. Security

We employ administrative, technical, and physical safeguards designed to protect information from unauthorized access, disclosure, alteration, or destruction. These include encryption in transit and at rest, least-privilege access, audit logging, application-log scrubbing of sensitive fields, and periodic review of vendors and sub-processors. No system is entirely secure; we cannot guarantee the absolute security of information.

9. International transfers

TimeX processes data primarily in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States or other jurisdictions where our sub-processors operate. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) for cross-border transfers.

10. Your choices and rights

Depending on your location, you may have the right to access, correct, delete, restrict, or object to the processing of your personal information, and to data portability. Because TimeX processes most personal information on behalf of an Organization, please direct requests to your Organization’s administrator in the first instance. You may also contact us at [email protected], and we will route the request to the relevant Organization where applicable.

11. Children’s privacy

The Service is not directed to children under 13, and we do not knowingly collect information from them. If you believe a child has provided us information, please contact [email protected].

12. California and other state privacy rights

For California residents, the categories of personal information we collect are: identifiers, customer records, commercial information (expenses), internet or network activity, professional information, and inferences.

We do not sell personal information, and we do not “share” personal information for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act (“CCPA”).

Residents of California, Colorado, Connecticut, Virginia, Utah, and other states with comparable laws have the rights described in §10. Submit requests to [email protected]; we will verify the request and respond within the timeframe required by applicable law.

13. Cookies and tracking technologies

Our marketing website uses only essential cookies required for its operation. We do not use third-party advertising, tracking, or analytics cookies on the marketing site. The product portal and mobile application use session cookies and similar mechanisms necessary for authentication.

14. Changes to this Policy

We may update this Policy from time to time. Material changes will be communicated to Organization administrators and posted at https://gotimex.app/legal/privacy in advance of the effective date.

15. Contact

Intellibyte Software Solutions LLC Attn: TimeX Privacy 150 Peabody Pl, Lower Level, Memphis, TN 38103 [email protected]

Effective date: 2026-05-16